CompTIA A+ Question K-42

A user has been reported for storing prohibited material on a company owned PC. The accused user is notified and an investigation is launched. However, no evidence is found and it is believed that the user was able to delete all relevant evidence. Which of the following would prevent this from happening in the future?

A. Change documentation
B. Chain of Custody
C. Automatic notifications for complaints
D. Data preservation

Correct Answer: D

CompTIA A+ Question J-19

After identifying illegal activity on a small business computer, a business owner asks the office secretary to log into the system to retrieve various files. Which of the following aspects of procedural forensic analysis were violated in this scenario?

A. Data preservation
B. Proper channel reporting
C. Initial response identification
D. Tracking of documentation

Correct Answer: A

CompTIA A+ Question B-81

Chain of custody needs to be kept intact for which of the following reasons?

A. To ensure data preservation during evidence inspection
B. To ensure that the evidence is not left at the scene
C. To ensure evidence is admissible in legal proceeding
D. To ensure evidence is returned to proper owner