Home Exams
Log In Sign Up
Exams > Cisco > 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Page 8 out of 26 pages Questions 71-80 out of 258 questions
Question#71

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

  • A. Untampered images are used in the security investigation process
  • B. Tampered images are used in the security investigation process
  • C. The image is tampered if the stored hash and the computed hash match
  • D. Tampered images are used in the incident recovery process
  • E. The image is untampered if the stored hash and the computed hash match
Discover Answer Hide Answer

BE

Question#72

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

  • A. examination
  • B. investigation
  • C. collection
  • D. reporting
Discover Answer Hide Answer

C

Question#73

Which step in the incident response process researches an attacking host through logs in a SIEM?

  • A. detection and analysis
  • B. preparation
  • C. eradication
  • D. containment
Discover Answer Hide Answer

A

Question#74

A malicious file has been identified in a sandbox analysis tool.
Which piece of information is needed to search for additional downloads of this file by other hosts?

  • A. file type
  • B. file size
  • C. file name
  • D. file hash value
Discover Answer Hide Answer

D

Question#75


Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

  • A. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
  • B. Host 152.46.6.91 is being identified as a watchlist country for data transfer.
  • C. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
  • D. Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.
Discover Answer Hide Answer

D

Question#76


Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

  • A. A policy violation is active for host 10.10.101.24.
  • B. A host on the network is sending a DDoS attack to another inside host.
  • C. There are two active data exfiltration alerts.
  • D. A policy violation is active for host 10.201.3.149.
Discover Answer Hide Answer

C

Question#77

Which security technology allows only a set of pre-approved applications to run on a system?

  • A. application-level blacklisting
  • B. host-based IPS
  • C. application-level whitelisting
  • D. antivirus
Discover Answer Hide Answer

C

Question#78

An investigator is examining a copy of an ISO file that is stored in CDFS format.
What type of evidence is this file?

  • A. data from a CD copied using Mac-based system
  • B. data from a CD copied using Linux system
  • C. data from a DVD copied using Windows system
  • D. data from a CD copied using Windows
Discover Answer Hide Answer

B

Question#79

Which piece of information is needed for attribution in an investigation?

  • A. proxy logs showing the source RFC 1918 IP addresses
  • B. RDP allowed from the Internet
  • C. known threat actor behavior
  • D. 802.1x RADIUS authentication pass arid fail logs
Discover Answer Hide Answer

C

Question#80

What does cyber attribution identify in an investigation?

  • A. cause of an attack
  • B. exploit of an attack
  • C. vulnerabilities exploited
  • D. threat actors of an attack
Discover Answer Hide Answer

D

chevron rightPrevious Nextchevron right
Email: support@exam-data.com
Copyright © 2024 Exam Data. All rights reserved.
Home Exams
chevron
Public Agreement Privacy Policy Sales and Refunds