SY0-701
Security Operations
hard
Question 2 of 28

During incident response, a forensic analyst needs to preserve evidence from a compromised server without altering any data on the system. Which action represents the CORRECT approach to evidence collection?

ACopy the files of interest to a USB drive
BCreate a bit-for-bit forensic image of the storage media and verify it with a hash
CReinstall the operating system and document the process
DRun antivirus to remove malware before collecting evidence

More Security Operations Questions

28 questions

Full CompTIA Security+ Practice Test

All topics covered

All CompTIA Security+ Questions

Browse by topic

Related Questions

Which security technology monitors network traffic for known attack signatures and malicious pattern...

easy

Which identity and access management (IAM) technology allows users to authenticate once and gain acc...

easy

A security operations center (SOC) analyst wants to correlate security events from firewalls, server...

medium

A security team needs to control and monitor administrative access to critical servers, including re...

medium

A security analyst receives an alert that a user account has been locked out after multiple failed l...

hard
View all Security Operations questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account