| Exam 200-201 | Question id=6068 | Security policies and procedures |
Which piece of information is needed for attribution in an investigation?
| A. |
proxy logs showing the source RFC 1918 IP addresses | |
| B. |
RDP allowed from the Internet | |
| C. |
known threat actor behavior | |
| D. |
802.1x RADIUS authentication pass arid fail logs |