Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?
According to the study guide - Best Evidence is one can be presented in court in original form. As a log, it will satisfy this condition, especially that it is a DENY so there is no successful connection and as the question is not presenting what other logs refer to, we cannot elaborate further
The question doesn't mentioned an existing evidence, corroborative evidence supports another evidence. The other logs is "probably" same as this log.
The log counts as a single evidence, we might be overthinking this so I'll choose the simplest answer which is D.
not sure how this is best evidence for attribution.. A & B are the same thing indirect = circumstantial so they have to eliminated. That leaves answer C for corroborative.
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Silexis
10 months, 1 week agoSecurityGuy
1 year, 3 months agoMack279
1 year, 6 months agoLenon
1 year, 7 months agoStutiKandpal
1 year, 11 months agotrigger4848
2 years agocy_analyst
2 years, 1 month agomoali012
2 years, 1 month agoEng_ahmedyoussef
2 years, 1 month agoOzair
2 years, 2 months ago