ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 537 discussion

Actual exam question from CompTIA's CAS-004
Question #: 537
Topic #: 1
[All CAS-004 Questions]

A security manager discovers that a system's log files contain evidence of potential criminal activity. Which of the following actions should be done next?

  • A. Power off all systems immediately to block any further actions.
  • B. Perform a thorough investigation with law enforcement.
  • C. Contact the user who appears in the log files.
  • D. Take a system snapshot to preserve any evidence.
  • E. Reach out to the human resources department.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bright07 at Oct. 1, 2024, 10:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
grelaman
6 months, 3 weeks ago
Selected Answer: D
The immediate action should be to preserve all relevant evidence to ensure it remains intact for any potential investigations. Taking a system snapshot involves creating a forensic image of the system, capturing the current state of all data, including log files, system configurations, and potentially volatile data. This action ensures that the evidence is collected in a manner that is admissible in court, maintaining the integrity and chain of custody of the data. By taking a snapshot, the security manager minimizes the risk of data being altered, overwritten, or lost due to ongoing system processes. The process should be thoroughly documented, including timestamps and the methods used to collect the data, to establish credibility.
upvoted 2 times
...
Bright07
7 months, 1 week ago
Ans. D. Take a system snapshot to preserve any evidence. Preserving evidence is crucial in cases involving potential criminal activity. A system snapshot allows you to capture the current state of the system, including all log files and relevant data, ensuring that you have a reliable record to refer to later. This step is essential before taking any other actions that might alter or compromise the data.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago