I'm pretty sure it should be:
-C2 Log = Best
-Firewall Log = Corroborative
-Netflow = Indirect
The C2 log seems to be direct evidence of a crime, while the firewall log seems to be corroborating that 'something' is happening, while the netflow spike is only circumstantial (could be indicative of something else happening, could not be).
Overall, the combination of these three pieces of evidence could be used to build a stronger case that there is malware present on the system and that it is communicating with a command and control server. The direct evidence of the malware check-in is supported by the corroborative evidence of the successful communication with a known malware-hosting IP address, while the indirect evidence of the netflow-based spike in DNS traffic provides additional context that further supports the presence of suspicious activity on the network.
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Mevijil
Highly Voted 1 year, 9 months agobn1234
1 year, 8 months agodrdecker100
Most Recent 9 months, 3 weeks agoEng_ahmedyoussef
1 year, 2 months agoDLukynskyy
1 year, 8 months ago