🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional17 / 124
Question 17 of 124

An investigator at a SaaS customer organization must collect forensic artifacts related to a suspected account compromise. The relevant hypervisor logs, underlying storage snapshots, and network flow data reside entirely within the cloud provider's infrastructure and are not exposed through the customer's tenant console. What is the MOST appropriate first step to lawfully obtain this evidence?

Reviewed for accuracy · Report an issueNext question