CompTIA Security+ (SY0-601) — Question 545

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

Answer options

• A. Order of volatility
• B. Preservation of event logs
• C. Chain of custody
• D. Compliance with legal hold

Correct answer: A

Explanation

The correct answer, Order of volatility, is crucial because it dictates the sequence in which data should be preserved based on how quickly it can change or be lost. The other options, while important in the forensic process, do not directly address the urgency and priority of data preservation in the aftermath of an incident.