CompTIA CySA+ (CS0-003) — Question 77

A security analyst is responding to an incident that involves a malicious attack on a network data closet. Which of the following best explains how the analyst should properly document the incident?

Answer options

• A. Back up the configuration file for all network devices.
• B. Record and validate each connection.
• C. Create a full diagram of the network infrastructure.
• D. Take photos of the impacted items.

Correct answer: D

Explanation

Taking photos of the impacted items is crucial because it provides visual evidence of the incident, which can be used for further analysis and reporting. The other options, while useful in network management or incident response, do not directly capture the immediate effects of the attack or provide the necessary documentation for that specific incident.