ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 99 discussion

Actual exam question from Cisco's 200-201
Question #: 99
Topic #: 1
[All 200-201 Questions]

An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?

  • A. best evidence
  • B. corroborative evidence
  • C. indirect evidence
  • D. forensic evidence
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by qz999 at Aug. 25, 2021, 1:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
anonymous1966
Highly Voted 2 years, 3 months ago
"B is correct. There are 3 types of evidences: Best: Do not need anything else. Corroborating: evidence that tends to support a theory or an assumption deduced by some initial evidence. Indirect: extrapolation to a conclusion of fact (such as fingerprints, DNA evidence, and so on) In this case the IP address would corroborate to some other evidence.
upvoted 8 times
...
qz999
Highly Voted 2 years, 3 months ago
Corroborative evidence supports some other evidence, yet the question does not state that their is any other evidence than this log entry and a suspicion. Seems more like this would be circumstantial evidence at the very most and may not even be 'evidence' at all - its just a log entry.
upvoted 5 times
...
SecurityGuy
Most Recent 9 months ago
Selected Answer: B
Three types of Evidence: Best Evidence - Original, unaltered evidence. In court, this is preferred over secondary evidence. - The best evidence rule is a legal principle that holds an original copy of a document as superior evidence. Corroborative Evidence - It is an evidence that strengthens or confirms already existing evidence. Indirect Evidence (Circumstantial Evidence) - It is an evidence that relies on an inference to connect it to a conclusion of fact. Like a fingerprint, DNA etc. at the scene of a crime. https://vwannabe.com/2018/01/02/ccna-cyber-ops-secops-1-0/#:~:text=Corroborative%20evidence%3A%20(or%20corroboration),therefore%20confirming%20the%20original%20proposition.
upvoted 1 times
...
Eng_ahmedyoussef
1 year, 2 months ago
Selected Answer: B
i think B. is correct answer. Corroborating evidence ==> is evidence that strengthens or confirms already existing evidence. ** in this case ==> ip address would corroborate the current evidence.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel