CompTIA Security+ (SY0-701) — Question 598

Which of the following incident response activities ensures evidence is properly handled?

Answer options

• A. E-discovery
• B. Chain of custody
• C. Legal hold
• D. Preservation

Correct answer: B

Explanation

The correct answer is B, Chain of custody, as it refers to the process of maintaining and documenting the handling of evidence to prevent tampering or loss. A, E-discovery, involves identifying and producing electronically stored information but does not focus specifically on evidence handling. C, Legal hold, is about preserving evidence when litigation is anticipated, and D, Preservation, refers to the act of maintaining evidence but does not include the complete process of documentation and accountability that Chain of custody ensures.