A cloud administrator has received a physical disk that was analyzed by the incident response team. Which of the following documents should the cloud administrator update?
Correct Answer: A
Explanation
answer: A. Chain of custody
A chain of custody is a document that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence. A chain of custody is important to ensure the integrity and admissibility of evidence in legal cases. A cloud administrator who receives a physical disk that was analyzed by the incident response team should update the chain of custody to document when, how, and by whom the disk was handled, and what actions were performed on it12.
An incident taxonomy is a classification system that provides additional information about an incident, such as the nature, impact, intent, root cause, and data exposed. An incident taxonomy is useful for identifying trends and patterns, but it does not track the movement or manipulation of evidence3.
A risk register is a document that identifies, records, and assesses potential risks in a project or an organization. A risk register helps to prioritize and mitigate risks, and to develop contingency plans. A risk register is not directly related to the analysis of a physical disk by the incident response team4.
An incident playbook is a document that provides a series of prescriptive steps and guidance for responding and resolving incidents. An incident playbook helps to simplify and standardize the response process, and to reduce human error. An incident playbook does not record the details or outcomes of the response actions5.