CompTIA Security Plus Mock Test Q1241

A security administrator has been tasked with assisting in the forensic investigation of an incident relating to employee misconduct. The employee’s supervisor believes evidence of this misconduct can be found on the employee’s assigned workstation. Which of the following choices BEST describes what should be done? (Select TWO)

A. Record time as offset as required and conduct a timeline analysis
B. Update antivirus definitions and conduct a full scan for infected files
C. Analyze network traffic, system, and file logs
D. Create an additional local admin account on that workstation to conduct work from
E. Delete other user profiles on the system to help narrow down the search space
F. Patch the system before reconnecting it to the network

Correct Answer: A,C
Section: Mixed Questions