To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)

To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)

• measures used to prevent an incident
• time and date the evidence was collected
• extent of the damage to resources and assets
• vulnerabilities that were exploited in an attack
• serial numbers and hostnames of devices used as evidence
• location of all evidence

Explanation: A chain of custody refers to the proper accounting of evidence collected about an incident that is used as part of an investigation. The chain of custody should include the location of all evidence, the identifying information of all evidence such as serial numbers and hostnames, identifying information about all persons handing the evidence, and the time and date that the evidence was collected.

Exam with this question: CCNA Cyber Ops Chapter 13 Exam Answers
Exam with this question: CyberOps Associate (Version 1.0) - Module 28: Digital Forensics and Incident Analysis and Response Answers
Exam with this question: Cyber Threat Management (CyberTM) Course Final Exam Answers
Exam with this question: Cyber Threat Management: My Knowledge Check Answers