Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 81

When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

Answer options

• A. firewall logs
• B. full packet capture
• C. session data
• D. NetFlow data

Correct answer: B

Explanation

Full packet capture is the most effective data type for analyzing events related to data exfiltration, as it records all packets transmitted over the network, allowing for detailed inspection. Firewall logs, session data, and NetFlow data provide useful information but lack the granularity needed to definitively identify exfiltration activities.