Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 200-201 Topic 8 Question 76 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 76
Topic #: 8
[All 200-201 Questions]

Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

Jonell
8 months ago
Hold up, what if it's the 'best evidence' option? I mean, if this is the primary documentation of the incident, then couldn't you argue it's the best available proof?
upvoted 0 times
...
Cora
8 months ago
You guys are overthinking this. It's clearly indirect evidence - the file itself isn't the actual activity, it's just a record or representation of it. I feel confident about that one.
upvoted 0 times
Wade
8 months ago
Yeah, indirect evidence makes sense in this scenario.
upvoted 0 times
...
Oretha
8 months ago
So, indirect evidence is the correct answer here.
upvoted 0 times
...
Eleonore
8 months ago
It's definitely not direct evidence.
upvoted 0 times
...
Tanesha
8 months ago
I agree, it's indirect evidence.
upvoted 0 times
...
Teri
8 months ago
No, it's not the best evidence. It's indirect evidence.
upvoted 0 times
...
Shala
8 months ago
I think it's best evidence.
upvoted 0 times
...
...
Erinn
8 months ago
Best evidence? Really? That's a bit of a stretch. This is just one piece of the puzzle, not the be-all and end-all of the investigation.
upvoted 0 times
...
Becky
8 months ago
Haha, yeah, 'best evidence' is a bit of a reach. Although I guess if the analyst didn't have anything else to go on, this could be the 'best' they've got. Still, I'm sticking with direct evidence.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77