Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 207

Which of these describes volatile evidence?

Answer options

• A. logs
• B. registers and cache
• C. disk and removable drives
• D. usernames

Correct answer: B

Explanation

Volatile evidence refers to data that is temporary and can be lost if the system is powered down, which includes registers and cache. Logs, disk and removable drives, and usernames are considered more permanent or non-volatile forms of evidence and are not lost immediately when the system is shut down.