CompTIA CASP+ (CAS-003) — Question 296

The Chief Information Security Officer (CISO) of an e-retailer, which has an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:

Answer options

• A. creating a forensic image
• B. deploying fraud monitoring
• C. following a chain of custody
• D. analyzing the order of volatility

Correct answer: A

Explanation

The correct answer is A, as creating a forensic image involves capturing a precise copy of data at a specific moment, which is necessary for legal investigations. Options B and C do not directly relate to the action of creating a point-in-time copy, and option D pertains to the sequence in which data should be collected, rather than capturing it.