- Home
- Cisco
- Understanding Cisco Cybersecurity Operations Fundamentals
- Cisco.200-201.v2024-07-19.q136
- Question 51
Valid 200-201 Dumps shared by ExamDiscuss.com for Helping Passing 200-201 Exam! ExamDiscuss.com now offer the newest 200-201 exam dumps, the ExamDiscuss.com 200-201 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 200-201 dumps with Test Engine here:
Access 200-201 Dumps Premium Version
(452 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 51/136
A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
Correct Answer: C
The event described falls under the 'action on objectives' category of the Cyber Kill Chain. This stage occurs after the attacker has established a foothold within the network and begins to execute their intended actions, such as data exfiltration. References: The Cyber Kill Chain framework outlines the stages of a cyberattack, with 'action on objectives' being the final step where attackers achieve their primary goal, such as data theft
- Question List (136q)
- Question 1: One of the objectives of information security is to protect ...
- Question 2: What are two denial-of-service (DoS) attacks? (Choose two)...
- Question 3: An analyst is investigating a host in the network that appea...
- Question 4: Which tool provides a full packet capture from network traff...
- Question 5: What is the communication channel established from a comprom...
- Question 6: Drag and drop the technology on the left onto the data type ...
- Question 7: Which piece of information is needed for attribution in an i...
- Question 8: Why is encryption challenging to security monitoring?...
- Question 9: Which type of attack occurs when an attacker is successful i...
- Question 10: Which event artifact is used to identify HTTP GET requests f...
- Question 11: Which type of data collection requires the largest amount of...
- Question 12: Refer to the exhibit. (Exhibit) Which type of attack is bein...
- Question 13: Which two pieces of information are collected from the IPv4 ...
- Question 14: Refer to the exhibit. (Exhibit) Which alert is identified fr...
- Question 15: What is the function of a command and control server?...
- Question 16: What is a purpose of a vulnerability management framework?...
- Question 17: What is the difference between a threat and a risk?...
- Question 18: An engineer needs to discover alive hosts within the 192.168...
- Question 19: Which security technology allows only a set of pre-approved ...
- Question 20: Why should an engineer use a full packet capture to investig...
- Question 21: When communicating via TLS, the client initiates the handsha...
- Question 22: Which process represents the application-level allow list?...
- Question 23: How does an attack surface differ from an attack vector?...
- Question 24: What is a difference between SOAR and SIEM?...
- Question 25: When an event is investigated, which type of data provides t...
- Question 26: What is a difference between SIEM and SOAR?...
- Question 27: What are the two differences between stateful and deep packe...
- Question 28: What is the difference between an attack vector and attack s...
- Question 29: An analyst discovers that a legitimate security alert has be...
- Question 30: What is the difference between vulnerability and risk?...
- Question 31: Which type of verification consists of using tools to comput...
- Question 32: Which principle is being followed when an analyst gathers in...
- Question 33: Which attack represents the evasion technique of resource ex...
- Question 34: An engineer needs to configure network systems to detect com...
- Question 35: Which metric in CVSS indicates an attack that takes a destin...
- Question 36: Drag and drop the definition from the left onto the phase on...
- Question 37: Refer to the exhibit. (Exhibit) An engineer received a ticke...
- Question 38: An analyst is investigating an incident in a SOC environment...
- Question 39: The security team has detected an ongoing spam campaign targ...
- Question 40: What is the impact of false positive alerts on business comp...
- Question 41: What describes the defense-m-depth principle?...
- Question 42: An employee reports that someone has logged into their syste...
- Question 43: What is sliding window anomaly detection?...
- Question 44: Why is HTTPS traffic difficult to screen?...
- Question 45: What is rule-based detection when compared to statistical de...
- Question 46: Refer to the exhibit. (Exhibit) This request was sent to a w...
- Question 47: Drag and drop the definition from the left onto the phase on...
- Question 48: What does an attacker use to determine which network ports a...
- Question 49: Which security technology guarantees the integrity and authe...
- Question 50: What is the difference between discretionary access control ...
- Question 51: A security engineer notices confidential data being exfiltra...
- Question 52: A company receptionist received a threatening call referenci...
- Question 53: What is a difference between data obtained from Tap and SPAN...
- Question 54: Which metric is used to capture the level of access needed t...
- Question 55: What is the practice of giving an employee access to only th...
- Question 56: (Exhibit) Refer to the exhibit. An employee received an emai...
- Question 57: An organization that develops high-end technology is going t...
- Question 58: Which technique is a low-bandwidth attack?...
- Question 59: (Exhibit) Refer to the exhibit. An attacker scanned the serv...
- Question 60: An analyst received an alert on their desktop computer showi...
- Question 61: Which artifact is used to uniquely identify a detected file?...
- Question 62: (Exhibit) Refer to the exhibit. Where is the executable file...
- Question 63: Refer to the exhibit. (Exhibit) A company's user HTTP connec...
- Question 64: Which technology prevents end-device to end-device IP tracea...
- Question 65: Endpoint logs indicate that a machine has obtained an unusua...
- Question 66: Which security principle requires more than one person is re...
- Question 67: What should a security analyst consider when comparing inlin...
- Question 68: Which of these describes SOC metrics in relation to security...
- Question 69: Which technology should be used to implement a solution that...
- Question 70: How does a certificate authority impact security?...
- Question 71: An organization's security team has detected network spikes ...
- Question 72: Drag and drop the type of evidence from the left onto the de...
- Question 73: An engineer must compare NIST vs ISO frameworks The engineer...
- Question 74: During which phase of the forensic process is data that is r...
- Question 75: Which type of data must an engineer capture to analyze paylo...
- Question 76: What is the difference between inline traffic interrogation ...
- Question 77: Refer to the exhibit. (Exhibit) What is the expected result ...
- Question 78: Refer to the exhibit. (Exhibit) What information is depicted...
- Question 79: A network engineer noticed in the NetFlow report that intern...
- Question 80: Refer to the exhibit. (Exhibit) A network administrator is i...
- Question 81: Which option describes indicators of attack?...
- Question 82: Which open-sourced packet capture tool uses Linux and Mac OS...
- Question 83: A cyberattacker notices a security flaw in a software that a...
- Question 84: Refer to the exhibit. (Exhibit) What is the potential threat...
- Question 85: What is a difference between tampered and untampered disk im...
- Question 86: Refer to the exhibit. (Exhibit) What does the message indica...
- Question 87: A company is using several network applications that require...
- Question 88: What is the virtual address space for a Windows process?...
- Question 89: What specific type of analysis is assigning values to the sc...
- Question 90: Refer to the exhibit. (Exhibit) A workstation downloads a ma...
- Question 91: What is a difference between tampered and untampered disk im...
- Question 92: What is the dataflow set in the NetFlow flow-record format?...
- Question 93: What matches the regular expression c(rgr)+e?...
- Question 94: Refer to the exhibit. (Exhibit) What should be interpreted f...
- Question 95: What is a difference between a threat and a risk?...
- Question 96: Refer to the exhibit. (Exhibit) An analyst received this ale...
- Question 97: What is threat hunting?
- Question 98: What is the difference between deep packet inspection and st...
- Question 99: What is an incident response plan?...
- Question 100: What is the practice of giving employees only those permissi...
- Question 101: Which two elements of the incident response process are stat...
- Question 102: Refer to the exhibit. (Exhibit) What must be interpreted fro...
- Question 103: A security incident occurred with the potential of impacting...
- Question 104: Refer to the exhibit. (Exhibit) A security analyst is invest...
- Question 105: A company encountered a breach on its web servers using IIS ...
- Question 106: What is a benefit of agent-based protection when compared to...
- Question 107: Refer to the exhibit. (Exhibit) Which stakeholders must be i...
- Question 108: Which statement describes patch management?...
- Question 109: Which step in the incident response process researches an at...
- Question 110: The SOC team has confirmed a potential indicator of compromi...
- Question 111: Which action should be taken if the system is overwhelmed wi...
- Question 112: What is an example of social engineering attacks?...
- Question 113: A security analyst notices a sudden surge of incoming traffi...
- Question 114: Refer to the exhibit. (Exhibit) An engineer received an even...
- Question 115: What describes the impact of false-positive alerts compared ...
- Question 116: A user received an email attachment named "Hr405-report2609-...
- Question 117: What is the difference between indicator of attack (loA) and...
- Question 118: An engineer is analyzing a recent breach where confidential ...
- Question 119: What are two social engineering techniques? (Choose two.)...
- Question 120: Refer to the exhibit. (Exhibit) An analyst was given a PCAP ...
- Question 121: What is a difference between signature-based and behavior-ba...
- Question 122: Refer to the exhibit. (Exhibit) Which packet contains a file...
- Question 123: A user received a malicious attachment but did not run it. W...
- Question 124: Refer to the exhibit. (Exhibit) During the analysis of a sus...
- Question 125: An organization has recently adjusted its security stance in...
- Question 126: What is the difference between statistical detection and rul...
- Question 127: An analyst is using the SIEM platform and must extract a cus...
- Question 128: At which layer is deep packet inspection investigated on a f...
- Question 129: Drag and drop the access control models from the left onto t...
- Question 130: Which filter allows an engineer to filter traffic in Wiresha...
- Question 131: How does TOR alter data content during transit?...
- Question 132: Refer to the exhibit. (Exhibit) A suspicious IP address is t...
- Question 133: An employee received an email from a colleague's address ask...
- Question 134: Refer to the exhibit. (Exhibit) An engineer is analyzing thi...
- Question 135: An organization is cooperating with several third-party comp...
- Question 136: A SOC analyst is investigating an incident that involves a L...
