nerdexam
Cisco

210-255 · Question #153

Which of the following is true about attribution in a cybersecurity investigation?

The correct answer is B. A suspect-led approach is pejorative and often biased to the disadvantage of those being. In cybersecurity attribution, a suspect-led approach is considered methodologically flawed because it starts with a conclusion and works backward to find supporting evidence, introducing significant bias.

Security Policies and Procedures

Question

Which of the following is true about attribution in a cybersecurity investigation?

Options

  • AA suspect-led approach is often accepted in supreme courts.
  • BA suspect-led approach is pejorative and often biased to the disadvantage of those being
  • CA suspect-led approach is mostly used in corporate investigations.
  • DA suspect-led approach is mostly used in private investigations.

How the community answered

(46 responses)
  • A
    2% (1)
  • B
    91% (42)
  • C
    2% (1)
  • D
    4% (2)

Why each option

In cybersecurity attribution, a suspect-led approach is considered methodologically flawed because it starts with a conclusion and works backward to find supporting evidence, introducing significant bias.

AA suspect-led approach is often accepted in supreme courts.

Suspect-led approaches are generally not accepted in courts at any level precisely because of their inherent bias and lack of objectivity, not accepted.

BA suspect-led approach is pejorative and often biased to the disadvantage of those beingCorrect

A suspect-led approach begins with a predetermined suspect and then selectively gathers evidence to confirm that conclusion, which is inherently pejorative - it disadvantages the accused by deprioritizing exculpatory evidence. This violates the objectivity principles required in sound forensic investigation, making it widely criticized across legal and cybersecurity communities.

CA suspect-led approach is mostly used in corporate investigations.

Corporate investigations are not a domain where suspect-led approaches are a recognized or accepted standard methodology.

DA suspect-led approach is mostly used in private investigations.

Private investigations also require objective evidence-led methodology; a suspect-led approach is not a defining characteristic of private investigations.

Concept tested: Cybersecurity attribution methodology and investigative bias

Topics

#attribution#cybersecurity investigation#suspect-led approach#investigation bias

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice