ExamGecko
Search Search Login
Home Home / Cisco / 200-201
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
Which security principle is violated by running all processes as root or administrator?
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What describes the impact of false-positive alerts compared to false-negative alerts?
What is a difference between SIEM and SOAR?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 3 - 200-201 discussion

Report
Export

Which piece of information is needed for attribution in an investigation?

A.

proxy logs showing the source RFC 1918 IP addresses

Answers
A.

proxy logs showing the source RFC 1918 IP addresses

B.

RDP allowed from the Internet

Answers
B.

RDP allowed from the Internet

C.

known threat actor behavior

Answers
C.

known threat actor behavior

D.

802.1x RADIUS authentication pass arid fail logs

Answers
D.

802.1x RADIUS authentication pass arid fail logs

Suggested answer: C

Explanation:

Cyber attribution is the process of identifying the source, motive, and methods of a cyberattack. Cyber attribution can help investigators to determine the responsibility, intent, and capability of the threat actors, as well as to prevent, deter, or respond to future attacks. One of the pieces of information that is needed for cyber attribution is known threat actor behavior, which refers to the patterns, techniques, tools, and tactics that are characteristic of a specific threat actor or group. Known threat actor behavior can help investigators to narrow down the suspects, link different incidents, and understand the objectives and strategies of the attackers.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.

Show Answer
asked 07/10/2024
Rua Tebas
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms