Which piece of information is needed for attribution in an investigation?

Which piece of information is needed for attribution in an investigation?
A . proxy logs showing the source RFC 1918 IP addresses
B . RDP allowed from the Internet
C . known threat actor behavior
D . 802.1x RADIUS authentication pass arid fail logs

View Answer

Answer: C

Explanation:

Cyber attribution is the process of identifying the source, motive, and methods of a cyberattack. Cyber attribution can help investigators to determine the responsibility, intent, and capability of the threat actors, as well as to prevent, deter, or respond to future attacks. One of the pieces of information that is needed for cyber attribution is known threat actor behavior, which refers to the patterns, techniques, tools, and tactics that are characteristic of a specific threat actor or group. Known threat actor behavior can help investigators to narrow down the suspects, link different incidents, and understand the objectives and strategies of the attackers.

Reference: = Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.