CISM Question #476: Real Exam Question with Answer & Explanation

Sign in or unlock CISM to reveal the answer and full explanation for question #476. The question stem and answer options stay visible for context.

Submitted by klara.se· Apr 18, 2026Information Security Incident Management

Question

An employee who denies accusations of downloading inappropriate material to an organizational device has been discharged. In support of the disciplinary action, the collection of legal evidence is required. Which of the following is the information security manager's BEST recommendation?

Options

ACollect evidence from the employee endpoint security logs.
BCollect evidence from firewall logs.
CLog in to the employee's device and create a forensic copy to a USB drive.
DCreate a forensic image of the original file system.

Unlock CISM to see the answer

You've previewed enough free CISM questions. Unlock CISM for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISM - $49.99 / 30 days Sign in

Topics

#Digital Forensics#Evidence Collection#Incident Response#Legal Compliance

Full CISM Practice Browse All CISM Questions