CompTIA CySA+ (CS0-003) — Question 61

An organization receives a legal hold request from an attorney. The request pertains to emails related to a disputed vendor contract. Which of the following is the best step for the security team to take to ensure compliance with the request?

Answer options

• A. Publicly disclose the request to other vendors
• B. Notify the departments involved to preserve potentially relevant information
• C. Establish a chain of custody starting with the attorney's request
• D. Back up the mailboxes on the server and provide the attorney with a copy

Correct answer: B

Explanation

The correct answer is B because notifying the involved departments ensures that they preserve any information that may be relevant to the legal hold. Option A is incorrect as disclosing the request could compromise confidentiality. Option C, while important, is not the immediate step to ensure compliance, and option D is inadequate since merely backing up mailboxes does not guarantee the preservation of relevant emails.