Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco Exam 200-201 Topic 8 Question 76 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 76
Topic #: 8
[All 200-201 Questions]

Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Lemuel at Nov 25, 2023, 11:38 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jonell
11 days ago
Hold up, what if it's the 'best evidence' option? I mean, if this is the primary documentation of the incident, then couldn't you argue it's the best available proof?
upvoted 0 times
...
Cora
11 days ago
You guys are overthinking this. It's clearly indirect evidence - the file itself isn't the actual activity, it's just a record or representation of it. I feel confident about that one.
upvoted 0 times
...
Erinn
13 days ago
Best evidence? Really? That's a bit of a stretch. This is just one piece of the puzzle, not the be-all and end-all of the investigation.
upvoted 0 times
...
Becky
13 days ago
Haha, yeah, 'best evidence' is a bit of a reach. Although I guess if the analyst didn't have anything else to go on, this could be the 'best' they've got. Still, I'm sticking with direct evidence.
upvoted 0 times
...

Save Cancel