CompTIA exam questions
A technician, Peter, has been told that one of the workers at his company has been using a company laptop for illicit activity. The IT manager assigned Peter the task of retrieving the laptop and bringing it back to the repair center. Which of the following has Peter performed?
A. Maintain chain of custody
B. Gathering evidence
C. Device preservation
D. Use of documentation
Activity logs show a large amount of data downloaded from a company server to an employee’s workstation overnight. Upon further investigation, the technician identifies the data as being outside the scope of the employee’s regular job functions. Which of the following steps should the technician take NEXT?
A. Report through proper channels
B. Document the changes
C. Continue to track more evidence
D. Preserve the chain of custody
Which of the following is the BEST example of the use of chain of custody?
A. Technician uses a third party to hand over the PC to the proper authority.
B. Technician remembers when and who they gave the PC to.
C. Technician calls supervisor after PC has been transferred.
D. Technician notes the date, time and who was given the PC.
Which of the following protocols would be MOST important in preserving digital evidence of criminal activity during an investigation?
A. Change control management
B. Chain of custody
C. Channel escalation
D. MSDS documents
When securing evidence of misconduct or illegal activity, which of the following describes the proper safeguarding of evidence?
A. CAPTCHA
B. Spear phishing
C. Chain of custody
D. Access control
After a system was hacked by an outsider, a technician is dispatched to the system. The technician records the location of the system on a log and then signs the system over to a tier-two technician. The tier-two technician analyzes the system and then signs it over to the case manager. Which of the following is this an example of?
A. Evidence preservation
B. Process documentation
C. Due process
D. Chain of custody
Which of the following is the MOST important aspect of the chain of custody?
A. Reporting
B. Preservation
C. Observation
D. Documentation
Which of the following helps law enforcement show accountability for evidence as it was gathered?
A. Drive hashing
B. Chain of custody
C. Drive image creation
D. Court subpoena
Chain of custody needs to be kept intact for which of the following reasons?
A. To ensure data preservation during evidence inspection
B. To ensure that the evidence is not left at the scene
C. To ensure evidence is admissible in legal proceeding
D. To ensure evidence is returned to proper owner
A customer, Peter, has a corporate laptop that his teenage son used over the weekend. He thinks the laptop now has illegal material because of strange websites on his browser’s home page. Peter brings the laptop to the repair center. Which of the following should the technician do FIRST?
A. Determine chain of custody
B. Report through proper channels
C. Be culturally sensitive
D. Avoid being judgmental