CiscoCisco
200-201 · Question #37
200-201 Question #37: Real Exam Question with Answer & Explanation
Sign in or unlock 200-201 to reveal the answer and full explanation for question #37. The question stem and answer options stay visible for context.
Submitted by miguelv· Mar 6, 2026Security Monitoring
Question
Which piece of information is needed for attribution in an investigation?
Options
- Aproxy logs showing the source RFC 1918 IP addresses
- BRDP allowed from the Internet
- Cknown threat actor behavior
- D802.1x RADIUS authentication pass arid fail logs
Unlock 200-201 to see the answer
You've previewed enough free 200-201 questions. Unlock 200-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#attribution#threat actor#incident investigation