Certified Information Systems Security Professional (CISSP) — Question 88

What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?

Answer options

• A. Maintaining the chain of custody
• B. Capturing an image of the system
• C. Outlining all actions taken during the investigation
• D. Complying with the organization's security policy

Correct answer: A

Explanation

Maintaining the chain of custody is crucial as it ensures that the collected evidence is admissible in court and has not been tampered with. While capturing an image, outlining actions, and complying with security policies are important, they do not hold the same level of criticality in ensuring the integrity of evidence during an investigation.