21 Mar Practice Test Question-Evidence Preservation
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Alyssa recently completed an incident investigation and is conducting the cleanup effort before closing out the incident. She has a large quantity of evidence collected during the incident and wishes to use secure disposal techniques to destroy it. What should she do?
A. Follow instructions in her organization’s retention policy
B. Securely destroy the files now
C. Await instructions from law enforcement
D. Preserve the files indefinitely
Correct Answer: A
This is a tricky question, as many of the answers sound reasonable. However, the best answer to this question is that Alyssa should follow the mandates of her organization’s retention policy. That policy should, in turn, take factors such as law enforcement interest into account.