Cisco Exam 200-201 Topic 8 Question 76 Discussion

Actual exam question for Cisco's 200-201 exam

Question #: 76
Topic #: 8

[All 200-201 Questions]

Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

Aindirect evidence

Bbest evidence

Ccorroborative evidence

Ddirect evidence

Show Suggested Answer

Suggested Answer: A

by Lemuel at Nov 25, 2023, 11:38 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jonell

6 months ago

Hold up, what if it's the 'best evidence' option? I mean, if this is the primary documentation of the incident, then couldn't you argue it's the best available proof?

upvoted 0 times

...

Cora

6 months ago

You guys are overthinking this. It's clearly indirect evidence - the file itself isn't the actual activity, it's just a record or representation of it. I feel confident about that one.

upvoted 0 times

Wade

5 months ago

Yeah, indirect evidence makes sense in this scenario.

upvoted 0 times

...

Oretha

5 months ago

So, indirect evidence is the correct answer here.

upvoted 0 times

...

Eleonore

5 months ago

It's definitely not direct evidence.

upvoted 0 times

...

Tanesha

5 months ago

I agree, it's indirect evidence.

upvoted 0 times

...

Teri

5 months ago

No, it's not the best evidence. It's indirect evidence.

upvoted 0 times

...

Shala

5 months ago

I think it's best evidence.

upvoted 0 times

...

Erinn

6 months ago

Best evidence? Really? That's a bit of a stretch. This is just one piece of the puzzle, not the be-all and end-all of the investigation.

upvoted 0 times

...

Becky

6 months ago

Haha, yeah, 'best evidence' is a bit of a reach. Although I guess if the analyst didn't have anything else to go on, this could be the 'best' they've got. Still, I'm sticking with direct evidence.

upvoted 0 times

...