Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 73

An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?

Answer options

• A. best evidence
• B. corroborative evidence
• C. indirect evidence
• D. forensic evidence

Correct answer: B

Explanation

The source IP address serves as corroborative evidence because it supports the investigation by linking the session to the vulnerability exploitation. Best evidence refers to original documents or data, while indirect evidence may not directly support the conclusion. Forensic evidence typically involves more tangible items that can be analyzed in-depth.