CompTIA CySA+ (CS0-003) — Question 349

Which of the following is the practice of controlling how evidence is handled to ensure its integrity during an investigation?

Answer options

• A. Chain of custody
• B. Root cause analysis
• C. Incident response
• D. Evidence collection

Correct answer: A

Explanation

The correct answer is A, Chain of custody, which refers specifically to the process that ensures evidence is preserved and tracked properly to maintain its integrity. The other options, while related to investigations, do not focus on the preservation and tracking of evidence; Root cause analysis deals with identifying underlying issues, Incident response pertains to managing incidents, and Evidence collection refers to gathering evidence, not its handling.