Which of the following steps of incident handling has been incorrectly performed?

A network technician was tasked to respond to a compromised workstation. The technician
documented the scene, took the machine offline, and left the PC under a cubicle overnight. Which
of the following steps of incident handling has been incorrectly performed?

A network technician was tasked to respond to a compromised workstation. The technician
documented the scene, took the machine offline, and left the PC under a cubicle overnight. Which
of the following steps of incident handling has been incorrectly performed?

A.
Document the scene

B.
Forensics report

C.
Evidence collection

D.
Chain of custody

Explanation:

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Alex

Alex

Why the answer is D.Chain of custody?

Reply

JaxMadHatter

JaxMadHatter

Chain of custody isn’t just a record of who had the asset and when, but also assuring that once an incident occurs the asset is tracked and kept in proper hands at all times.. so the asset should have been locked in a secure location where only the correct IT personnel have access.

Reply

Michael Riordan

Michael Riordan

The PC has been left unattended overnight, therefore chain of custody has not been applied correctly.

Reply