CompTIA Security Plus Mock Test Q309

Which of the following is the LEAST volatile when performing incident response procedures?

A. Registers
B. RAID cache
D. Hard drive

Correct Answer: D
Section: Compliance and Operational Security

An example of OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. Of the options stated in the question the hard drive would be the least volatile.

Incorrect Answers:
A: The registers are part of the CPU cache and ranks quite high in OOV incident response procedure.
B: The RAID cache is more volatile than the RAM in an OOV incident response procedure.
C: A hard drive ranks lower than RAM in an OOV incident response procedure.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 453