CompTIA CySA+ (CS0-003) — Question 22

A security analyst must preserve a system hard drive that was involved in a litigation request. Which of the following is the best method to ensure the data on the device is not modified?

Answer options

• A. Generate a hash value and make a backup image.
• B. Encrypt the device to ensure confidentiality of the data.
• C. Protect the device with a complex password.
• D. Perform a memory scan dump to collect residual data

Correct answer: A

Explanation

Generating a hash value and creating a backup image ensures that the original data remains unchanged while providing a verifiable fingerprint of the data. Encrypting the device protects confidentiality but does not prevent data modification. A complex password safeguards access but does not address data integrity. Performing a memory scan dump retrieves transient data but does not preserve the hard drive's state.