- Home
- Cisco
- Understanding Cisco Cybersecurity Operations Fundamentals
- Cisco.200-201.v2024-08-20.q140
- Question 125
Valid 200-201 Dumps shared by ExamDiscuss.com for Helping Passing 200-201 Exam! ExamDiscuss.com now offer the newest 200-201 exam dumps, the ExamDiscuss.com 200-201 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 200-201 dumps with Test Engine here:
Access 200-201 Dumps Premium Version
(452 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 125/140
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
Correct Answer: D
According to the NIST Incident Handling Guide, the analysis phase is the next phase of this investigation. The analysis phase involves examining the evidence and determining the impact, scope, and cause of the incident. The analyst should also identify the attacker's methods, tools, and objectives, as well as any indicators of compromise or malicious activity. The analysis phase may also involve collecting additional data, such as logs, network traffic, or malware samples, to support the investigation. The analysis phase is crucial for developing an effective response and recovery strategy, as well as preventing or mitigating future incidents. Reference:
NIST Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide, Section 3.2.4, Analysis (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf) Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Incident Response, Lesson 5.2: Incident Response Process, Topic 5.2.3: Analysis Phase (https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html)
NIST Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide, Section 3.2.4, Analysis (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf) Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Incident Response, Lesson 5.2: Incident Response Process, Topic 5.2.3: Analysis Phase (https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html)
- Question List (140q)
- Question 1: What is the practice of giving employees only those permissi...
- Question 2: According to CVSS, what is a description of the attack vecto...
- Question 3: Refer to the exhibit. Which technology generates this log?...
- Question 4: An engineer is working on a ticket for an incident from the ...
- Question 5: Which option describes indicators of attack?...
- Question 6: Refer to exhibit. An analyst performs the analysis of the pc...
- Question 7: Refer to the exhibit. What is occurring within the exhibit?...
- Question 8: An analyst is investigating a host in the network that appea...
- Question 9: Refer to the exhibit. Which type of log is displayed?...
- Question 10: Which type of attack occurs when an attacker is successful i...
- Question 11: What is the purpose of command and control for network-aware...
- Question 12: An engineer needs to have visibility on TCP bandwidth usage,...
- Question 13: A security engineer deploys an enterprise-wide host/endpoint...
- Question 14: Which metric in CVSS indicates an attack that takes a destin...
- Question 15: How is SQL injection prevented?...
- Question 16: How does an attack surface differ from an attack vector?...
- Question 17: An engineer received an alert affecting the degraded perform...
- Question 18: What is an advantage of symmetric over asymmetric encryption...
- Question 19: Which regular expression matches "color" and "colour"?...
- Question 20: Refer to the exhibit. What does this output indicate?...
- Question 21: Which category relates to improper use or disclosure of PII ...
- Question 22: Which security technology guarantees the integrity and authe...
- Question 23: How does an attacker observe network traffic exchanged betwe...
- Question 24: What describes a buffer overflow attack?...
- Question 25: What does cyber attribution identify in an investigation?...
- Question 26: What does the Zero Trust security model signify?...
- Question 27: What is the difference between inline traffic interrogation ...
- Question 28: Refer to the exhibit. What is the potential threat identifie...
- Question 29: What is data encapsulation?
- Question 30: What is a difference between SIEM and SOAR?...
- Question 31: Which event is a vishing attack?...
- Question 32: An analyst is exploring the functionality of different opera...
- Question 33: A SOC analyst is investigating an incident that involves a L...
- Question 34: What is a difference between tampered and untampered disk im...
- Question 35: Which two elements of the incident response process are stat...
- Question 36: What is the impact of encryption?...
- Question 37: How can TOR impact data visibility inside an organization?...
- Question 38: During which phase of the forensic process is data that is r...
- Question 39: What is a benefit of using asymmetric cryptography?...
- Question 40: Which action should be taken if the system is overwhelmed wi...
- Question 41: What is an incident response plan?...
- Question 42: Refer to the exhibit. What information is depicted?...
- Question 43: What is threat hunting?
- Question 44: Why is encryption challenging to security monitoring?...
- Question 45: A network engineer noticed in the NetFlow report that intern...
- Question 46: What is the difference between mandatory access control (MAC...
- Question 47: Which security monitoring data type requires the largest sto...
- Question 48: What specific type of analysis is assigning values to the sc...
- Question 49: Which technology prevents end-device to end-device IP tracea...
- Question 50: Refer to the exhibit. Which event is occurring?...
- Question 51: A user reports difficulties accessing certain external web p...
- Question 52: An employee reports that someone has logged into their syste...
- Question 53: Refer to the exhibit. A network administrator is investigati...
- Question 54: Which of these is a defense-in-depth strategy principle?...
- Question 55: Refer to the exhibit. What does the message indicate?...
- Question 56: What should an engineer use to aid the trusted exchange of p...
- Question 57: Refer to the exhibit. A suspicious IP address is tagged by T...
- Question 58: Refer to the exhibit. Which application-level protocol is be...
- Question 59: Which type of data consists of connection level, application...
- Question 60: What are two differences in how tampered and untampered disk...
- Question 61: What is an attack surface as compared to a vulnerability?...
- Question 62: A security engineer notices confidential data being exfiltra...
- Question 63: Refer to the exhibit. (Exhibit) What is the outcome of the c...
- Question 64: Which type of data must an engineer capture to analyze paylo...
- Question 65: Which classification of cross-site scripting attack executes...
- Question 66: Which two elements are assets in the role of attribution in ...
- Question 67: An analyst received an alert on their desktop computer showi...
- Question 68: Which action prevents buffer overflow attacks?...
- Question 69: What are two denial-of-service (DoS) attacks? (Choose two)...
- Question 70: What is a difference between signature-based and behavior-ba...
- Question 71: Which evasion technique is indicated when an intrusion detec...
- Question 72: How is NetFlow different from traffic mirroring?...
- Question 73: A SOC analyst detected connections to known C&C and port...
- Question 74: The security team has detected an ongoing spam campaign targ...
- Question 75: An engineer needs to configure network systems to detect com...
- Question 76: What is the difference between indicator of attack (loA) and...
- Question 77: How low does rule-based detection differ from behavioral det...
- Question 78: Which technique is a low-bandwidth attack?...
- Question 79: Refer to the exhibit. What is the potential threat identifie...
- Question 80: Which are two denial-of-service attacks? (Choose two.)...
- Question 81: What are two denial of service attacks? (Choose two.)...
- Question 82: Drag and drop the security concept on the left onto the exam...
- Question 83: Which information must an organization use to understand the...
- Question 84: Refer to the exhibit. (Exhibit) An analyst received this ale...
- Question 85: Drag and drop the security concept from the left onto the ex...
- Question 86: Which statement describes patch management?...
- Question 87: Which data format is the most efficient to build a baseline ...
- Question 88: Refer to the exhibit. What is the expected result when the "...
- Question 89: A developer is working on a project using a Linux tool that ...
- Question 90: A network engineer discovers that a foreign government hacke...
- Question 91: Which metric is used to capture the level of access needed t...
- Question 92: A malicious file has been identified in a sandbox analysis t...
- Question 93: During which phase of the forensic process are tools and tec...
- Question 94: What is the difference between discretionary access control ...
- Question 95: Which element is included in an incident response plan as st...
- Question 96: What is rule-based detection when compared to statistical de...
- Question 97: Exhibit. (Exhibit) An engineer received a ticket about a slo...
- Question 98: Which artifact is used to uniquely identify a detected file?...
- Question 99: What is the dataflow set in the NetFlow flow-record format?...
- Question 100: What is a difference between SI EM and SOAR security systems...
- Question 101: Which type of access control depends on the job function of ...
- Question 102: At a company party a guest asks questions about the company'...
- Question 103: Refer to the exhibit. What is shown in this PCAP file?...
- Question 104: Refer to the exhibit. (Exhibit) What is occurring in this ne...
- Question 105: Refer to the exhibit. Where is the executable file?...
- Question 106: An engineer received an alert affecting the degraded perform...
- Question 107: Refer to the exhibit. (Exhibit) A company's user HTTP connec...
- Question 108: An engineer configured regular expression "."\.(pd][Oo][Cc)|...
- Question 109: Drag and drop the type of evidence from the left onto the de...
- Question 110: When communicating via TLS, the client initiates the handsha...
- Question 111: An engineer discovered a breach, identified the threat's ent...
- Question 112: Which two elements are used for profiling a network? (Choose...
- Question 113: A security incident occurred with the potential of impacting...
- Question 114: What matches the regular expression c(rgr)+e?...
- Question 115: Refer to the exhibit. Which type of attack is being executed...
- Question 116: Which attack represents the evasion technique of resource ex...
- Question 117: A user received a malicious attachment but did not run it. W...
- Question 118: Refer to the exhibit. During the analysis of a suspicious sc...
- Question 119: What is the difference between deep packet inspection and st...
- Question 120: Drag and drop the event term from the left onto the descript...
- Question 121: Which two components reduce the attack surface on an endpoin...
- Question 122: How does agentless monitoring differ from agent-based monito...
- Question 123: Which process represents the application-level allow list?...
- Question 124: An engineer is working with the compliance teams to identify...
- Question 125: An analyst received a ticket regarding a degraded processing...
- Question 126: Refer to the exhibit. A security analyst is investigating un...
- Question 127: How does an SSL certificate impact security between the clie...
- Question 128: Refer to the exhibit. Which application protocol is in this ...
- Question 129: Refer to the exhibit. What is occurring?...
- Question 130: Refer to exhibit. (Exhibit) An engineer is Investigating an ...
- Question 131: A system administrator is ensuring that specific registry in...
- Question 132: An engineer is analyzing a recent breach where confidential ...
- Question 133: What are the two characteristics of the full packet captures...
- Question 134: What is the function of a command and control server?...
- Question 135: An offline audit log contains the source IP address of a ses...
- Question 136: Refer to the exhibit. An analyst was given a PCAP file, whic...
- Question 137: Refer to the exhibit. Which tool was used to generate this d...
- Question 138: When communicating via TLS, the client initiates the handsha...
- Question 139: Which step in the incident response process researches an at...
- Question 140: A user received an email attachment named "Hr405-report2609-...
