When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?
A. firewall logs
B. full packet capture
C. session data
D. NetFlow data
When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?
The right way, the wrong way and the CISCO way.
it is netflow because you can map the IP/host and how much traffic has generated
If you follow your own link of Cisco it’s clear the answer is D. NetFlow data.
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/white-paper-c11-736595.html
IMHO: B. full packet capture
But in the link provided indicates Network data.