The given information "unusual activity from an unknown IP address" suggests that the evidence in question is indirect evidence, as it does not directly prove who is responsible for the activity, but rather provides a lead for further investigation. Indirect evidence is evidence that requires an inference to connect it to a conclusion, while direct evidence provides clear proof of a fact without requiring an inference.
this question is very tricky . here is my thought - it depends on what have to approve. if we need to prove that one guy accessed a system he has no access, then the exhibit is 'indirect evidence'. if we need to prove that someone is doing unusual activity (trying login continues), then this is direct evidence.
While the IP address is unknown, the log entry directly shows suspicious activity (repeated failed login attempts) from a specific IP address. The key here is that direct evidence refers to evidence that, on its own, directly supports a fact or claim without the need for inference. Even though we don't know who the IP address belongs to, the activity itself (failed login attempts) directly points to potential malicious behavior, which is the core reason it's categorized as direct evidence
Direct Evidence
- It is a general term for any type of evidence that links a defendant directly to a crime.
- Samples: Recorded confession by the defendant, Defendant's fingerprints on a weapon used to commit a crime, Surveillance footage of a defendant committing a crime
On this case, it is an evidence that directly links the user from 218.26.11.11
https://www.indeed.com/career-advice/career-development/different-types-of-evidence
This cannot be direct evidence this is from Cisco:
In legal proceedings, evidence is broadly classified as following:
• Direct Evidence - The evidence that was indisputably in the possession of the
accused, or is eyewitness evidence from someone who directly observed criminal
behavior.
• Indirect evidence - This evidence establishes a hypothesis in combination with
other facts. It is also known as circumstantial evidence.
• Best evidence – This evidence could be storage devices used by an accused, or
archives of files that can be proven to be unaltered.
• Corroborating evidence - This evidence supports an assertion that is developed
from best evidence.
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
drdecker100
Highly Voted 2 years, 3 months agoMaliDong
Highly Voted 2 years, 7 months ago3000bd6
Most Recent 6 months, 2 weeks agoFaio
1 year, 8 months agoSecurityGuy
1 year, 9 months agoCarvalho
1 year, 9 months agoslippery31
2 years agoevaline12
2 years, 4 months agotrigger4848
2 years, 7 months agotrigger4848
2 years, 7 months agotrigger4848
2 years, 7 months ago[Removed]
2 years, 9 months ago