ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 682 discussion

Actual exam question from CompTIA's SY0-501
Question #: 682
Topic #: 1
[All SY0-501 Questions]

A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor.
Which of the following BEST describes this forensic concept?

  • A. Legal hold
  • B. Chain of custody
  • C. Order of volatility
  • D. Data acquisition
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by MagicianRecon at June 25, 2020, 5:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MagicianRecon
Highly Voted 5 years ago
Key word is dispute. Court proceedings etc usually point to a legal hold
upvoted 14 times
...
Eluis007
Most Recent 3 years, 7 months ago
Legal Hold Legal hold refers to the fact that information that may be relevant to a court case must be preserved. Information subject to legal hold might be defined by regulators or industry best practice, or there may be a litigation notice from law enforcement or lawyers pursuing a civil action. This means that computer systems may be taken as evidence, with all the obvious disruption to a network that entails. Chain of Custody Chain of custody documentation reinforces the integrity and proper handling of evidence from collection, to analysis, to storage, and finally to presentation. When security breaches go to trial, the chain of custody protects an organization against accusations that evidence has either been tampered with or is different than it was when it was collected. Every person in the chain who handles evidence must log the methods and tools they used. __ So, the answer is Legal hold
upvoted 1 times
...
simo123456
4 years, 1 month ago
from Daryl Gibson's book: A chain of custody provides assurances that evidence has been controlled and handled properly after collection. It documents who handled the evidence and when they handled it. A legal hold is a court order to preserve data as evidence. I would go with chain of custody.
upvoted 1 times
Figekioki
4 years ago
What? No. This is clearly a legal hold. This is in Gibson's book as well
upvoted 2 times
...
...
hlwo
4 years, 9 months ago
Correct . Key words "preserving emails that are potentially involved "
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel