CompTIA A+ Core 2 (220-1102) — Question 551

A technician receives a high-priority ticket about sensitive information collected from an end user's workstation. Which of the following steps should a technician take to preserve the chain of custody for a forensic investigation?

Answer options

• A. Reimage the workstation
• B. Inform the user of the investigation
• C. Recover and secure the workstation
• D. Back up the workstation

Correct answer: C

Explanation

The correct answer is C, as recovering and securing the workstation ensures that the evidence is preserved in its original state, which is critical for forensic investigations. Options A and D would alter the state of the evidence, potentially compromising the investigation, while B could risk the integrity of the evidence by disclosing details prematurely.