CompTIA Security+ (SY0-601) — Question 753

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

Answer options

• A. Chain of custody
• B. Legal hold
• C. Event log
• D. Artifacts

Correct answer: A

Explanation

The correct answer is A, Chain of custody, as it refers to the documentation that tracks the handling of evidence to ensure its integrity and admissibility in court. Options B, Legal hold, is related to preserving data from deletion but does not specifically address evidence handling. Option C, Event log, records events but does not ensure legal admissibility, and D, Artifacts, are digital remnants but do not encompass the process required for evidence to be legally accepted.