Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 264

A forensic investigator is analyzing a recent breach case. An external USB drive was discovered to be connected and transmitting the data outside of the organization, and the owner of the USB drive could not be identified. Video surveillance shows six people during a two-month period had close contact with the affected asset. How must this type of evidence be categorized?

Answer options

• A. best evidence
• B. indirect evidence
• C. direct evidence
• D. corroborative evidence

Correct answer: B

Explanation

The evidence regarding the USB drive and its usage is categorized as indirect evidence because it does not directly link a specific individual to the act of data transmission. Instead, it suggests a possibility of involvement through the presence of multiple people near the asset. The other options do not apply as they either suggest a direct connection or a higher standard of proof that is not met in this scenario.