CISSP-ISSMP · Question #86
CISSP-ISSMP Question #86: Real Exam Question with Answer & Explanation
The correct answer is D: Chain of custody. A chain of custody should be documented to preserve evidences for presentation in court. A chain of custody is a documentation that shows who has collected and accessed each piece of evidence. The documentation must be meticulously prepared including the minutest details (such as
Question
Which of the following needs to be documented to preserve evidences for presentation in court?
Options
- ASeparation of duties
- BAccount lockout policy
- CIncident response policy
- DChain of custody
Explanation
A chain of custody should be documented to preserve evidences for presentation in court. A chain of custody is a documentation that shows who has collected and accessed each piece of evidence. The documentation must be meticulously prepared including the minutest details (such as the date, time, location, and the verified identity of every person handling the evidence) so that the documentation is verifiable. It includes the time of accessing the evidence and the valid reason for doing so. A chain of custody must be maintained for all evidences in order to maintain the validity of the evidences. Answer option A is incorrect. Separation of duties is the concept and a part of an organization's policy of having more than one person required to complete a task. It implements an appropriate level of checks and balances upon the activities of individuals. With the concept of SoD, business critical duties can be categorized into four types of functions: authorization, custody, record keeping, and reconciliation. In a perfect system, no person should handle more than one type of function. Separation of duties helps reduce the potential damage from the actions of one person. As an organization's policy it also helps to prevent collusion. Answer option C is incorrect. Incident response policy is a document that defines an incident and helps people to respond appropriately to that incident. It provides information about people who are responsible for handling security incidents and how they can be contacted. The incident response policy also provides instructions to deal with documenting and disseminating incident- related information. Answer option B is incorrect. Account Lockout policy locks out a user after a specified number of failed logon attempts. It prevents potential intruders from repeatedly trying different passwords to guess the correct password for accessing a user account. The following are policies under Account Lockout: 1.Account Lockout duration 2.Account Lockout threshold 3.Reset Account Lockout counter after
Topics
Community Discussion
No community discussion yet for this question.