220-1002 Question #830: Real Exam Question with Answer & Explanation

The correct answer is A: Preserving chain of custody. Chain of custody is the documented, chronological record that tracks who collected, handled, transferred, and stored evidence at every stage of an investigation. By documenting the movement of evidence (the portable hard drive containing copied financial data), the administrator

Question

An administrator responded to an incident where an employee copied financial data to a portable hard drive and then left the company with the data. The administrator documented the movement of the evidence. Which of the following concepts did the administrator demonstrate?

Options

APreserving chain of custody
BImplementing data protection policies
CInforming law enforcement
DCreating a summary of the incident

Explanation

Chain of custody is the documented, chronological record that tracks who collected, handled, transferred, and stored evidence at every stage of an investigation. By documenting the movement of evidence (the portable hard drive containing copied financial data), the administrator preserved the chain of custody. This is critical in legal and forensic contexts because it establishes that evidence has not been tampered with and remains admissible. Option B (data protection policies) refers to preventative controls, not evidence handling. Option C (informing law enforcement) was not described. Option D (creating a summary) is too generic - documenting the specific movement of physical evidence specifically describes chain-of-custody maintenance.

Community Discussion

No community discussion yet for this question.

Full 220-1002 Practice