Which action would be supportive of the concept of volatile data collection as describe in SP 800-86?

Last Updated on August 1, 2021 by Admin 2

200-201 : All Parts

200-201 : Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) : All Parts
200-201 Part 01	200-201 Part 04
200-201 Part 02	200-201 Part 05
200-201 Part 03	200-201 Part 06

Which action would be supportive of the concept of volatile data collection as describe in SP 800-86?

collect memory data first
collect volatile data after rebooting
collect malware data
collect hard drive data first

Explanation:
According to the concept of volatile data collection as covered in NIST 800-86, volatile data, meaning data that is gone after rebooting, should be collected first as it is fragile. Memory data should be collected first.

All volatile data should be collected before, not after, rebooting while it still exists. You should not collect hard drive data first. This is not volatile data. The concept of data does not concern itself with data content, such as malware data. It is only concerned with the volatile data.

200-201 : All Parts

200-201 : Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) : All Parts
200-201 Part 01	200-201 Part 04
200-201 Part 02	200-201 Part 05
200-201 Part 03	200-201 Part 06

0 0 votes

Article Rating

0 Comments

Inline Feedbacks

View all comments

Which action would be supportive of the concept of volatile data collection as describe in SP 800-86?

You Might Also Like

Which chown command changes the ownership to dave and the group to staff on a file named data.txt?

Which is the Change Authority role permitted to authorize?

The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram?