CompTIA A+ Question I-42

A user has been reported for storing prohibited material on a company owned PC. The accused user is notified and an investigation is launched. However, no evidence is found and it is believed that the user was able to delete all relevant evidence. Which of the following would prevent this from happening in the future?

A. Change documentation
B. Chain of Custody
C. Automatic notifications for complaints
D. Data preservation

Correct Answer: D

CompTIA A+ Question I-42

Activity logs show a large amount of data downloaded from a company server to an employee’s workstation overnight. Upon further investigation, the technician identifies the data as being outside the scope of the employee’s regular job functions. Which of the following steps should the technician take NEXT?

A. Report through proper channels
B. Document the changes
C. Continue to track more evidence
D. Preserve the chain of custody

Correct Answer: A

Explanation:
This is the breach of security. You need to report through proper channel to the senior management about this breach. You can report to your supervisor and he/she can report to higher authorities for further investigation.