Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 189

An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist. Further analysis shows that the threat actor connected an external USB device to bypass security restrictions and steal data. The engineer could not find an external USB device. Which piece of information must an engineer use for attribution in an investigation?

Answer options

• A. receptionist and the actions performed
• B. stolen data and its criticality assessment
• C. external USB device
• D. list of security restrictions and privileges boundaries bypassed

Correct answer: A

Explanation

The correct answer is A because understanding the actions performed by the receptionist is crucial for attributing the breach to the individual responsible. While the other options provide context, they do not directly link the breach to the person who executed the actions, which is essential for accountability.