nerdexam
ExamsSY0-301Questions#531
CompTIA

SY0-301 · Question #531

SY0-301 Question #531: Real Exam Question with Answer & Explanation

The correct answer is C: Chain of custody. Chain of custody is the documented, unbroken record of who accessed or handled evidence, when, and how. When the workstation was left unattended for several hours before imaging, there is no way to prove that the evidence was not tampered with during that window. In court, opposi

Question

A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?

Options

  • AEye Witness
  • BData Analysis of the hard drive
  • CChain of custody
  • DExpert Witness

Explanation

Chain of custody is the documented, unbroken record of who accessed or handled evidence, when, and how. When the workstation was left unattended for several hours before imaging, there is no way to prove that the evidence was not tampered with during that window. In court, opposing counsel can argue that the evidence was compromised or altered while unattended, making it inadmissible or unreliable. Maintaining chain of custody requires continuous accountability of evidence from collection through presentation. The other options - eye witness, data analysis, and expert witness - are evidentiary tools that can still be used; it is the custody gap that is the critical legal problem here.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice