After a security incident, which best practice should the documentation team implement to ensure the credibility and integrity of the evidence gathered during the investigation?
Writing down observations based on memory after the incident
Documenting findings that relate to initial assumptions
Including personal opinions about the event in the documentation
Implementing a systematic approach to evidence handling
The correct answer focuses on the necessity of maintaining a systematic approach to evidence handling, which ensures that its integrity is preserved throughout the investigation. The other options involve methods that compromise the reliability and accuracy of the documentation, such as relying on memory or introducing subjective viewpoints, which can lead to misleading conclusions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does a systematic approach to evidence handling involve?
Open an interactive chat with Bash
Why is it important to avoid writing down observations based on memory?
Open an interactive chat with Bash
What is the chain of custody in evidence handling?
Open an interactive chat with Bash
ISC2 CISSP
Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access