An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist. Further analysis shows that the threat actor connected an external USB device to bypass security restrictions and steal data. The engineer could not find an external USB device. Which piece of information must an engineer use for attribution in an investigation?

A. receptionist and the actions performed

B. stolen data and its criticality assessment

C. external USB device

D. list of security restrictions and privileges boundaries bypassed








 

Suggested Answer: D



This question is in 200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Exam
For getting Cisco Certified CyberOps Associate Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.