Exam Name: | Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) | ||
Exam Code: | 200-201 Dumps | ||
Vendor: | Cisco | Certification: | CyberOps Associate |
Questions: | 311 Q&A's | Shared By: | chase |
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?
A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?