Exam 200-201 topic 1 question 225 discussion

i agree with most, should be A.. attribution=threat actor

I think it's D

receptionist and the actions performed. Knowing the identity of the receptionist and the specific actions they performed, such as connecting an external USB device to bypass security restrictions and steal data, is crucial for attributing the breach to the responsible individual. This information helps identify the threat actor and establish accountability.

Attribution - The action of regarding something as being caused by a person or thing; identifies a source or cause of something. - Synonym: Attribute, Characteristic, Feature, Trait, Quality Cyber Attribution - In an investigation, it is the process of identifying the threat actors who are responsible for an attack. - It involves collecting and analyzing various types of data, including network logs, malware samples, social media activity, and other intelligence sources, to identify the individuals, groups, or nations responsible for the attack. - The process of cyber attribution can help identify the motives, methods, and capabilities of the attackers, which can be useful in preventing future attacks and in pursuing legal action against the perpetrators.

Correct ANS=A

The question is "Which piece of information must an engineer use for attribution in an investigation?" and not who or what. These should be Indirect or Corroborative Evidence. Note that the receptionist and the USB are not available. I think D is correct

A. receptionist and the actions performed. In this scenario, the focus is on the actor who perpetrated the breach, and the engineer has identified the individual responsible for it. The receptionist's actions and motives will be central to the investigation and attribution of the breach, rather than the USB device used to steal the data. While identifying the USB device could potentially provide additional information, it is not as critical as determining who committed the breach and how they did it.

The engineer must focus on identifying the individual responsible for the breach and the actions they performed. In this case, the receptionist connected an external USB device to bypass security restrictions and steal data, which resulted in the breach. Therefore, the key piece of information for attribution in the investigation is the identity of the receptionist and the actions they took. It is important to determine how the receptionist gained access to the confidential documents and if there were any vulnerabilities in the security system that allowed the breach to occur. This information can help prevent similar breaches in the future.

Sure, D is correct, but the most important attribution is "receptionist and the actions performed"