Cisco 200-201 Practice Test - Questions Answers, Page 5

Untampered images are crucial for security investigations as they provide original evidence that has not been altered or corrupted; their integrity and authenticity can be verified by comparing the stored hash and the computed hash of the image. If they match, the image is untampered and can be used for analysis. Tampered images, on the other hand, are useless for security investigations as they may contain false or misleading information; their integrity and authenticity are compromised by the modification of the image data. Tampered images may be used for incident recovery purposes, such as restoring a system to a previous state, but not for forensic purposes.Reference:=Cisco Cybersecurity Operations Fundamentals - Module 6: Security Incident Investigations

During the collection phase of the forensic process, data related to a specific event is labeled and recorded to preserve its integrity. This step ensures that the data remains unaltered and authentic from the time of collection until it is presented as evidence, maintaining the chain of custody.Reference:= Cisco Cybersecurity Operations Fundamentals - Module 6: Security Incident Investigations

In the incident response process, detection and analysis involve researching an attacking host through logs in a Security Information and Event Management (SIEM) system. This step helps in identifying, validating, and managing potential security incidents.Reference:=Cisco CyberOps Associate - Module 3: Security Monitoring

To search for additional downloads of a malicious file by other hosts, the file hash value is needed. The hash value provides a unique identifier for each specific file version, enabling cybersecurity professionals to track down identical files across networks.Reference:=Cisco Certified CyberOps Associate Overview

The exhibit shows a Stealthwatch dashboard displaying information on alarming hosts, alarms by type, and today's alarms. On the left side under ''Top Alarming Hosts,'' there are five host IP addresses listed with their respective categories indicating different types of alerts including 'Data Hoarding' and 'Exfiltration.' In ''Alarms by Type'' section at center top part of image shows bar graphs representing various alarm types including 'Crypto Violation' with their respective counts. On right side under ''Today's Alarms,'' there's a table showing the details of each alarm such as the host IP, the alarm type, the severity, and the time. The potential threat identified in this dashboard is that host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91, which is a sign of data exfiltration. Data exfiltration is the unauthorized transfer of data from a compromised system to an external destination, such as a command and control server or a malicious actor. This can result in data loss, breach of confidentiality, and damage to the organization's reputation and assets.Reference:= Cisco Cybersecurity Operations Fundamentals - Module 7: Network and Host Forensics

The exhibit shows a Stealthwatch dashboard displaying information on alarming hosts, alarms by type, and today's alarms. On the left side under ''Top Alarming Hosts,'' there are five host IP addresses listed with their respective categories indicating different types of alerts including 'Data Hoarding' and 'Exfiltration.' In ''Alarms by Type'' section at center top part of image shows bar graphs representing various alarm types including 'Crypto Violation' with their respective counts. On right side under ''Today's Alarms,'' there's a table showing the details of each alarm such as the host IP, the alarm type, the severity, and the time. The potential threat identified in this dashboard is that there are two active data exfiltration alerts, one for host 10.201.3.149 and another for host 10.10.101.24. Data exfiltration is the unauthorized transfer of data from a compromised system to an external destination, such as a command and control server or a malicious actor. This can result in data loss, breach of confidentiality, and damage to the organization's reputation and assets.Reference:= Cisco Cybersecurity Operations Fundamentals - Module 7: Network and Host Forensics

Application-level whitelisting is a security technology that allows only a set of pre-approved applications to run on a system, and blocks any other unauthorized or malicious programs. This can prevent malware, ransomware, zero-day exploits, and other threats from compromising the system. Application-level whitelisting is also known as application control or application allowlisting.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Host-Based Analysis, Lesson 3.2: Endpoint Security Technologies, Topic 3.2.3: Application Whitelisting, page 3-20.

CDFS stands for Compact Disc File System, which is a file system used by Mac OS to store data on CDs. CDFS is also known as ISO 9660, which is a standard format for data interchange on optical discs. CDFS allows files to be accessed by different operating systems, such as Windows, Linux, and Mac OS. Therefore, an ISO file that is stored in CDFS format is data from a CD copied using Mac-based system.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 4: Network Intrusion Analysis, Lesson 4.4: File Type Analysis, Topic 4.4.1: File Systems, page 4-40.

Integrity is a metric in CVSS that measures the impact of a vulnerability on the trustworthiness and veracity of the data or information in a system. A vulnerability that affects the integrity of a system can allow an attacker to modify, delete, or corrupt the data or information without authorization. An example of such a vulnerability is a bank account number tampering attack, where an attacker changes the destination bank account number of a transaction to redirect the funds to their own account.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 2-17;200-201 CBROPS - Cisco, exam topic 1.3.c