Cisco 200-201 Practice Test - Questions Answers, Page 16

Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?

A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:

If the process is unsuccessful, a negative value is returned.

If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.

Which component results from this operation?

An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

Refer to the exhibit.

What is shown in this PCAP file?

What is a difference between tampered and untampered disk images?

The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

Which technology on a host is used to isolate a running application from other applications?

An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?

Which data type is necessary to get information about source/destination ports?