Which piece of information is needed for attribution in an investigation?

• A.proxy logs showing the source RFC 1918 IP addresses
• B.RDP allowed from the Internet
• C.known threat actor behavior
• D.802.1x RADIUS authentication pass arid fail logs

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

• A.direct evidence
• B.corroborative evidence
• C.best evidence
• D.indirect evidence

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

Which application protocol is in this PCAP file?

• A.SSH
• B.TCP
• C.TLS
• D.HTTP

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

What information is depicted?

• A.NetFlow data
• B.network discovery event
• C.IIS data
• D.IPS event data

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

• A.indirect
• B.circumstantial
• C.corroborative
• D.best

Comment: *

Name: *

Email: *

Verification: *