CompTIA CySA+ (CS0-002) — Question 88

A company that uses email for all internal and external communications received a legal notice from a vendor that was disputing a contract award.
The company needs to implement ta legal hold on the email of users who were involved in the vendor selection process and the awarding of the contract. Which of the following describes the appropriate steps that should be taken to comply with the legal notice?

Answer options

• A. Notify the security team of the legal hold and remove user access to the email accounts.
• B. Coordinate with legal counsel and then not the security team to ensure the appropriate email accounts are frozen.
• C. Disable the user accounts that are associated with the legal hold and create new user accounts so they can continue doing business.
• D. Encrypt messages that are associated with the legal hold and initiate a chain of custody to ensure admissibility in future legal proceedings.

Correct answer: B

Explanation

The correct answer is B because it ensures that both legal counsel and the security team are involved in the process, which is essential for compliance with legal requirements. Option A is incorrect as removing access could hinder the investigation, while C is not appropriate because deactivating user accounts could disrupt business continuity. Option D, while important for evidence handling, does not directly address the immediate need to secure the email accounts as required by the legal hold.