CompTIA Security Plus Mock Test Q309

Which of the following is the LEAST volatile when performing incident response procedures?

A. Registers
B. RAID cache
C. RAM
D. Hard drive

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
An example of OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. Of the options stated in the question the hard drive would be the least volatile.

Incorrect Answers:
A: The registers are part of the CPU cache and ranks quite high in OOV incident response procedure.
B: The RAID cache is more volatile than the RAM in an OOV incident response procedure.
C: A hard drive ranks lower than RAM in an OOV incident response procedure.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 453