CompTIA CASP+ (CAS-003) — Question 268

While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on the network. The security engineer is concerned the investigation may need to continue after the employee returns to work. Given this concern, which of the following should the security engineer recommend to maintain the integrity of the investigation?

Answer options

• A. Create archival copies of all documents and communications related to the employee
• B. Create a forensic image of network infrastructure devices
• C. Create an image file of the employee's network drives and store it with hashes
• D. Install a keylogger to capture the employee's communications and contacts

Correct answer: D

Explanation

The correct answer is D because installing a keylogger ensures that the security engineer can capture any ongoing communications or activities of the employee that may be relevant to the investigation. The other options do not directly monitor or capture real-time data related to the employee's actions, which is critical for maintaining the integrity of the investigation.