CompTIA Security Plus Mock Test Q767

After a security incident involving a physical asset, which of the following should be done at the beginning?

A.
Record every person who was in possession of assets, continuing post-incident.
B. Create working images of data in the following order: hard drive then RAM.
C. Back up storage devices so work can be performed on the devices immediately.
D. Write a report detailing the incident and mitigation suggestions.


Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user.

Incorrect Answers:
B: Creating images of the data on the hard drive and RAM addresses concerns about digital assets, not physical assets.
C: Creating a backup of the storage device addresses concerns about digital assets, not physical assets.
D: The writing of a report detailing the incident and mitigation suggestions occurs after an incident has been contained.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 95, 106-108, 238