CompTIA Security+ (SY0-501) — Question 462

A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor.
Which of the following BEST describes this forensic concept?

Answer options

• A. Legal hold
• B. Chain of custody
• C. Order of volatility
• D. Data acquisition

Correct answer: A

Explanation

The correct answer is 'Legal hold' because it refers to the process of preserving evidence, such as emails, to ensure they are not lost or altered during legal proceedings. 'Chain of custody' relates to the documentation of evidence handling, 'Order of volatility' pertains to the preservation of evidence based on its stability, and 'Data acquisition' is the process of collecting data but does not specifically address the preservation in a legal context.