Cisco 200-201 Practice Test - Questions Answers, Page 18

Vulnerability management is a proactive approach to securing systems by identifying and fixing vulnerabilities before they can be exploited by attackers. It involves scanning systems for known weaknesses, prioritizing and assessing the risks of those vulnerabilities, and applying patches or other remediation measures to mitigate them. Vulnerability management helps reduce the attack surface and prevent potential breaches.Reference:=Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 11.

Delivery is the fourth phase of the cyber kill chain, which is a model to describe the stages of a cyberattack. Delivery refers to the transmission of the weaponized payload to the target system, such as via email attachments, web links, USB drives, or network connections. Delivery does not necessarily imply successful installation or execution of the payload, which are subsequent phases of the kill chain.Reference:=Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 31.

Digital certificates are electronic documents that use public key cryptography to verify the identity and authenticity of the sender and the receiver of encrypted communications. Digital certificates are issued and signed by trusted entities called certificate authorities (CAs), and they contain information such as the public key, the name, and the expiration date of the certificate. Digital certificates enable network security devices to decrypt perimeter traffic and inspect it for command and control communications or other malicious activity.Reference:=Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 51.

Tap and SPAN are two methods of capturing network traffic for analysis. Tap (Test Access Point) is a hardware device that is inserted between two network devices and sends a copy of all traffic to a monitoring device. SPAN (Switched Port Analyzer) is a software feature that allows a network switch to replicate traffic from one or more source ports to a destination port, where a monitoring device is connected. Both methods provide visibility into network traffic, but Tap is more reliable and less intrusive than SPAN, as it does not affect the network performance or introduce errors.Reference:=Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 68.

The integrity metric in CVSS refers to the unauthorized modification or destruction of information. In this case, an attack that changes a destination bank account number with another one directly affects the accuracy and reliability of data, thus compromising its integrity.Reference:=Cisco Cybersecurity

Asymmetric cryptography, also known as public key cryptography, involves two keys: a public key for encryption and a private key for decryption.This method ensures that even if the public key is known, only the holder of the private key can decrypt the message, thus providing a secure way to transfer data.Reference:: Asymmetric encryption is beneficial for secure data transfer because it allows message authentication, non-repudiation, and detects tampering, although it is slower than symmetric encryption

X 509 certificates are used in conjunction with secure data transfer protocols to ensure the confidentiality and integrity of communication.They are part of a public key infrastructure (PKI) that authenticates the identity of entities and encrypts data in transit.Reference:: Implementing X.509 certificates along with secure data transfer protocols like SFTP, HTTPS, FTPS, and IPSec can help secure data sharing with third-party companies

The event described falls under the 'action on objectives' category of the Cyber Kill Chain.This stage occurs after the attacker has established a foothold within the network and begins to execute their intended actions, such as data exfiltration.Reference:: The Cyber Kill Chain framework outlines the stages of a cyberattack, with 'action on objectives' being the final step where attackers achieve their primary goal, such as data theft

Agent-based monitoring: With agent-based monitoring, software agents are installed on the monitored systems or devices. These agents collect data locally, perform filtering or preprocessing of the data, and then transmit the relevant or valuable information to the monitoring system. Agent-based monitoring allows for local processing and filtering, which can reduce network utilization by only transmitting essential data. Agentless monitoring: Agentless monitoring, on the other hand, does not require software agents to be installed on the monitored systems or devices. Instead, it relies on leveraging existing protocols and interfaces, such as APIs (Application Programming Interfaces) or SNMP (Simple Network Management Protocol), to remotely access and retrieve monitoring data from the target systems. Agentless monitoring generally involves higher network utilization as the monitoring system needs to gather data from remote systems over the network.