220-1002 Question #205: Real Exam Question with Answer & Explanation

The correct answer is C: Chain of custody. Chain of custody (C) is the most critical documentation practice in forensic investigations. It creates a chronological record of who collected, handled, transferred, and accessed evidence, along with when and why. This documentation ensures that evidence integrity can be verifie

Question

Following an incident, an administrator is gathering forensic evidence from a server for a human resources investigation. Which of the following best practices is MOST important to document throughout the process to maintain integrity of the findings?

Options

AAcceptable use policy violations
BServer configuration
CChain of custody
DData loss incidents

Explanation

Chain of custody (C) is the most critical documentation practice in forensic investigations. It creates a chronological record of who collected, handled, transferred, and accessed evidence, along with when and why. This documentation ensures that evidence integrity can be verified and that the findings will be admissible and credible in HR or legal proceedings. Without a proper chain of custody, evidence can be challenged as tampered with or unreliable. Acceptable use policy violations (A) describe what rules were broken, not how evidence was handled. Server configuration (B) is relevant technical context but not the integrity mechanism. Data loss incidents (D) describe what was affected, not the forensic process itself.

Community Discussion

No community discussion yet for this question.

Full 220-1002 Practice