- measures used to prevent an incident
- time and date the evidence was collected
- extent of the damage to resources and assets
- vulnerabilities that were exploited in an attack
- serial numbers and hostnames of devices used as evidence
- location of all evidence
Explanation: A chain of custody refers to the proper accounting of evidence collected about an incident that is used as part of an investigation. The chain of custody should include the location of all evidence, the identifying information of all evidence such as serial numbers and hostnames, identifying information about all persons handing the evidence, and the time and date that the evidence was collected.
More Questions: CCNA Cyber Ops Chapter 13 Exam Answers