• Home
  • ISACA, CISA
  • Which of the following should the system administrator have done FIRST to preserve the evidence?

Which of the following should the system administrator have done FIRST to preserve the evidence?

Posted by: Pdfprep Category: CISA Tags: , , Post Date: November 22, 2020

When following up on a data breach, an IS auditor finds a system administrator may have compromised the chain of custody.

Which of the following should the system administrator have done FIRST to preserve the evidence?
A . Perform forensic discovery
B . Notify key stakeholders
C . Quarantine the system
D . Notify the incident response team

Answer: C

Author

Leave a Reply

Your email address will not be published.