CompTIA CySA+ (CS0-003) — Question 298

A security analyst needs to support an organization’s legal case against a threat actor. Which of the following processes provides the best way to assist in the prosecution of the case?

Answer options

• A. Chain of custody
• B. Evidence gathering
• C. Securing the scene
• D. Forensic analysis

Correct answer: A

Explanation

The Chain of custody is crucial because it ensures the integrity and admissibility of evidence in court by documenting who handled the evidence and when. While evidence gathering, securing the scene, and forensic analysis are important steps in the investigation, they do not provide the same level of legal protection and verification needed for prosecution as maintaining the chain of custody does.