ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 114 discussion

Actual exam question from Cisco's 200-201
Question #: 114
Topic #: 1
[All 200-201 Questions]

Which piece of information is needed for attribution in an investigation?

  • A. proxy logs showing the source RFC 1918 IP addresses
  • B. RDP allowed from the Internet
  • C. known threat actor behavior
  • D. 802.1x RADIUS authentication pass arid fail logs
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by [deleted] at Sept. 28, 2021, 9:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SecurityGuy
12 months ago
Selected Answer: C
Attribution - The action of regarding something as being caused by a person or thing; identifies a source or cause of something. - Synonym: Attribute, Characteristic, Feature, Trait, Quality
upvoted 2 times
...
Eng_ahmedyoussef
1 year, 10 months ago
Selected Answer: C
C is the best answer
upvoted 1 times
...
kyle942
1 year, 10 months ago
The private IP address of the attacker is what you want for the police, to map the attack to your device on the internet.
upvoted 1 times
...
1z
2 years, 9 months ago
RFC1918 is for Address Allocation for Private Internets so I doubt that it would serve to any attribution...
upvoted 4 times
tsabee
2 years, 9 months ago
Sure! Correct answer is C. Actually this is the most important thing: know who, what, how, why, etc.. attack the network.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel