An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?
A . best evidence
B . corroborative evidence
C . indirect evidence
D . forensic evidence
Answer: B
Explanation:
The source IP address from an audit log that indicates a session which may have exploited a vulnerability is considered corroborative evidence. This type of evidence supports other evidence that suggests a security breach occurred. In the context of cybersecurity, corroborative evidence can help establish that an attack was carried out and can be used in conjunction with other data points to build a case during an investigation.
Reference: = The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) training material discusses the types of data needed to investigate security incidents, which includes understanding the role of different types of evidence in building a security incident case1.
Latest 200-201 Dumps Valid Version with 154 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund