Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 300

Which piece of information is needed for attribution in an investigation?

Answer options

• A. proxy logs showing the source RFC 1918 IP addresses
• B. RDP allowed from the Internet
• C. known threat actor behavior
• D. 802.1x RADIUS authentication pass arid fail logs

Correct answer: C

Explanation

The correct answer is C, as understanding known threat actor behavior is crucial for attribution in an investigation. The other options provide technical details or logs that may not directly help in identifying the actor responsible for an incident.