nerdexam
Exams220-801Questions#1068
CompTIA

220-801 · Question #1068

220-801 Question #1068: Real Exam Question with Answer & Explanation

The correct answer is D: Chain of custody. Chain of custody is the documented record of who has controlled, transferred, or handled evidence at each step of an investigation. The sequential signing-over of the system between the technician, tier-two technician, and case manager is the defining example of this process.

Question

After a system was hacked by an outsider, a technician is dispatched to the system. The technician records the location of the system on a log and then signs the system over to a tier-two technician. The tier-two technician analyzes the system and then signs it over to the case manager. Which of the following is this an example of?

Options

  • AEvidence preservation
  • BProcess documentation
  • CDue process
  • DChain of custody

Explanation

Chain of custody is the documented record of who has controlled, transferred, or handled evidence at each step of an investigation. The sequential signing-over of the system between the technician, tier-two technician, and case manager is the defining example of this process.

Common mistakes.

  • A. Evidence preservation refers to maintaining the integrity and state of evidence (e.g., disk imaging), not the documented transfer process between individuals.
  • B. Process documentation describes recording general procedures and steps taken, not the formal chain of handoffs between accountable parties.
  • C. Due process is a legal right to fair treatment under the law and does not describe the physical transfer and logging of evidence between custodians.

Concept tested. Chain of custody in incident response

Reference. https://csrc.nist.gov/publications/detail/sp/800-86/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-801 Practice