- Home
- Cisco
- Understanding Cisco Cybersecurity Operations Fundamentals
- Cisco.200-201.v2025-12-12.q208
- Question 160
Valid 200-201 Dumps shared by EduDump.com for Helping Passing 200-201 Exam! EduDump.com now offer the newest 200-201 exam dumps, the EduDump.com 200-201 exam questions have been updated and answers have been corrected get the newest EduDump.com 200-201 dumps with Test Engine here:
Access 200-201 Dumps Premium Version
(478 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 160/208
A security engineer must investigate a recent breach within the organization. An engineer noticed that a breached workstation is trying to connect to the domain "Ranso4730-mware92-647". which is known as malicious. In which step of the Cyber Kill Chain is this event?
Correct Answer: D
The event where a breached workstation is trying to connect to a known malicious domain suggests that the attacker is moving towards their end goals, which typically involves actions on objectives.
In the Cyber Kill Chain framework, "Action on objectives" refers to the steps taken by an attacker to achieve their intended outcomes, such as data exfiltration, destruction, or ransom demands.
This phase involves the attacker executing their final mission within the target environment, leveraging access gained in earlier stages of the attack.
Reference
Lockheed Martin Cyber Kill Chain
Understanding the Stages of Cyber Attacks
Incident Response and the Cyber Kill Chain
In the Cyber Kill Chain framework, "Action on objectives" refers to the steps taken by an attacker to achieve their intended outcomes, such as data exfiltration, destruction, or ransom demands.
This phase involves the attacker executing their final mission within the target environment, leveraging access gained in earlier stages of the attack.
Reference
Lockheed Martin Cyber Kill Chain
Understanding the Stages of Cyber Attacks
Incident Response and the Cyber Kill Chain
- Question List (208q)
- Question 1: What is the purpose of command and control for network-aware...
- Question 2: Refer to the exhibit. (Exhibit) A security analyst is invest...
- Question 3: A security specialist notices 100 HTTP GET and POST requests...
- Question 4: Which option describes indicators of attack?...
- Question 5: A company had a recent breach and lost confidential data to ...
- Question 6: A security expert is working on a copy of the evidence, an I...
- Question 7: The security team has detected an ongoing spam campaign targ...
- Question 8: Which two components reduce the attack surface on an endpoin...
- Question 9: Which information must an organization use to understand the...
- Question 10: Which type of data is used to detect anomalies in the networ...
- Question 11: What is a description of a social engineering attack?...
- Question 12: Which security principle is violated by running all processe...
- Question 13: The SOC team has confirmed a potential indicator of compromi...
- Question 14: Refer to the exhibit. (Exhibit) What is depicted in the exhi...
- Question 15: Refer to the exhibit. (Exhibit) What is the potential threat...
- Question 16: A CMS plugin creates two files that are accessible from the ...
- Question 17: An engineer needs to discover alive hosts within the 192.168...
- Question 18: Which regular expression matches "color" and "colour"?...
- Question 19: Which NIST IR category stakeholder is responsible for coordi...
- Question 20: Refer to the exhibit. (Exhibit) What is the outcome of the c...
- Question 21: What is the virtual address space for a Windows process?...
- Question 22: What are the two differences between vulnerability and explo...
- Question 23: Refer to the exhibit. (Exhibit) Which type of evidence is th...
- Question 24: What is an advantage of symmetric over asymmetric encryption...
- Question 25: What describes the impact of false-positive alerts compared ...
- Question 26: Refer to the exhibit. (Exhibit) A workstation downloads a ma...
- Question 27: Why is HTTPS traffic difficult to screen?...
- Question 28: Which vulnerability type is used to read, write, or erase in...
- Question 29: What is the difference between a threat and an exploit?...
- Question 30: Which action prevents buffer overflow attacks?...
- Question 31: Refer to the exhibit. (Exhibit) What is the expected result ...
- Question 32: What is a sandbox interprocess communication service?...
- Question 33: A network engineer informed a security team of a large amoun...
- Question 34: An organization is cooperating with several third-party comp...
- Question 35: What is a scareware attack?
- Question 36: An organization has recently adjusted its security stance in...
- Question 37: Which utility blocks a host portscan?...
- Question 38: Refer to the exhibit. (Exhibit) An attacker scanned the serv...
- Question 39: What is the practice of giving employees only those permissi...
- Question 40: An engineer received a ticket to investigate a potentially m...
- Question 41: Refer to the exhibit. (Exhibit) Which application-level prot...
- Question 42: Why should an engineer use a full packet capture to investig...
- Question 43: A security incident occurred with the potential of impacting...
- Question 44: Refer to the exhibit. (Exhibit) What does this output indica...
- Question 45: What is the communication channel established from a comprom...
- Question 46: What is the difference between the rule-based detection when...
- Question 47: Refer to the exhibit (Exhibit) An engineer is analyzing DNS ...
- Question 48: What does cyber attribution identify in an investigation?...
- Question 49: Which open-sourced packet capture tool uses Linux and Mac OS...
- Question 50: An analyst received a ticket about degraded processing capab...
- Question 51: What is the difference between attack surface and vulnerabil...
- Question 52: Refer to the exhibit. (Exhibit) Refer to the exhibit. A secu...
- Question 53: Refer to the exhibit. (Exhibit) Refer to the exhibit A penet...
- Question 54: What is a difference between SIEM and SOAR?...
- Question 55: An analyst received a ticket regarding a degraded processing...
- Question 56: Refer to the exhibit. (Exhibit) What must be interpreted fro...
- Question 57: An engineer runs a suspicious file in a sandbox analysis too...
- Question 58: An analyst received an alert on their desktop computer showi...
- Question 59: What makes HTTPS traffic difficult to monitor?...
- Question 60: Refer to the exhibit. (Exhibit) What is occurring within the...
- Question 61: What is sliding window anomaly detection?...
- Question 62: According to the September 2020 threat intelligence feeds a ...
- Question 63: Which list identifies the information that the client sends ...
- Question 64: Refer to the exhibit. (Exhibit) Refer to the exhibit. An eng...
- Question 65: What is a difference between tampered and untampered disk im...
- Question 66: What describes the concept of data consistently and readily ...
- Question 67: What are two differences in how tampered and untampered disk...
- Question 68: What is a disadvantage of the asymmetric encryption system?...
- Question 69: How is NetFlow different from traffic mirroring?...
- Question 70: What technology should be used for the verified and secure e...
- Question 71: Which two elements of the incident response process are stat...
- Question 72: Which statement describes indicators of attack?...
- Question 73: Refer to the exhibit. (Exhibit) Which type of log is display...
- Question 74: Refer to the exhibit. (Exhibit) Which type of attack is bein...
- Question 75: Which evasion technique is a function of ransomware?...
- Question 76: Which incidence response step includes identifying all hosts...
- Question 77: A company receptionist received a threatening call referenci...
- Question 78: A security engineer must protect the company from known issu...
- Question 79: What is a difference between signature-based and behavior-ba...
- Question 80: Which signature impacts network traffic by causing legitimat...
- Question 81: Refer to the exhibit. (Exhibit) During the analysis of a sus...
- Question 82: Which action matches the weaponization step of the Cyber Kil...
- Question 83: Refer to the exhibit. (Exhibit) What is occurring?...
- Question 84: What is the difference between mandatory access control (MAC...
- Question 85: Refer to the exhibit. (Exhibit) Refer to the exhibit Which T...
- Question 86: An analyst discovers that a legitimate security alert has be...
- Question 87: An engineer is addressing a connectivity issue between two s...
- Question 88: What is an attack surface as compared to a vulnerability?...
- Question 89: What are indicators of attack?
- Question 90: Refer to the exhibit. (Exhibit) An engineer received a ticke...
- Question 91: What describes the public key infrastructure (PKI)?...
- Question 92: What is a difference between inline traffic interrogation an...
- Question 93: What is a difference between authorization and authenticatio...
- Question 94: What is indicated by an increase in IPv4 traffic carrying pr...
- Question 95: Which attack represents the evasion technique of resource ex...
- Question 96: Which of these is a defense-in-depth strategy principle?...
- Question 97: What is an incident response plan?...
- Question 98: Syslog collecting software is installed on the server For th...
- Question 99: Refer to the exhibit. (Exhibit) An engineer is analyzing thi...
- Question 100: What are the two characteristics of the full packet captures...
- Question 101: What is obtained using NetFlow?...
- Question 102: Which technology on a host is used to isolate a running appl...
- Question 103: A software development company develops high-end technology ...
- Question 104: What is threat hunting?
- Question 105: What is a difference between tampered and untampered disk im...
- Question 106: What is the functionality of an IDS'?...
- Question 107: A security engineer has a video of a suspect entering a data...
- Question 108: What matches the regular expression c(rgr)+e?...
- Question 109: Which regular expression is needed to capture the IP address...
- Question 110: An engineer needs to fetch logs from a proxy server and gene...
- Question 111: What is the advantage of agent-based protection compared to ...
- Question 112: A user received an email attachment named "Hr405-report2609-...
- Question 113: Refer to the exhibit. (Exhibit) Refer to the exhibit. An eng...
- Question 114: Which event is user interaction?...
- Question 115: A SOC analyst is investigating an incident that involves a L...
- Question 116: Which element is included in an incident response plan as st...
- Question 117: What is session data used for in network security?...
- Question 118: Drag and drop the event term from the left onto the descript...
- Question 119: Refer to the exhibit. (Exhibit) Which application protocol i...
- Question 120: Which technique is a low-bandwidth attack?...
- Question 121: Which regular expression matches loopback IP address (127.0....
- Question 122: Refer to the exhibit. (Exhibit) Refer to the exhibit. The fi...
- Question 123: Which data capture includes payload and header information?...
- Question 124: Which CVSS metric group identifies other components that are...
- Question 125: What is the practice of giving an employee access to only th...
- Question 126: An engineer received an alert affecting the degraded perform...
- Question 127: Refer to the exhibit. (Exhibit) Which two elements in the ta...
- Question 128: An engineer configured regular expression "."\.(pd][Oo][Cc)|...
- Question 129: What is a difference between rule-based and role-based acces...
- Question 130: An organization's security team detected network spikes comi...
- Question 131: How low does rule-based detection differ from behavioral det...
- Question 132: During which phase of the forensic process is data that is r...
- Question 133: What does this regular expression do? 192|172).(168|1[6-9]|2...
- Question 134: Which type of attack involves sending input commands to a we...
- Question 135: What specific type of analysis is assigning values to the sc...
- Question 136: Refer to exhibit. (Exhibit) An analyst performs the analysis...
- Question 137: How does an attacker observe network traffic exchanged betwe...
- Question 138: According to CVSS, what is a description of the attack vecto...
- Question 139: What is the role of indicator of compromise in an investigat...
- Question 140: How does TOR alter data content during transit?...
- Question 141: Refer to the exhibit. (Exhibit) A company employee is connec...
- Question 142: Which difficulty occurs when log messages are compared from ...
- Question 143: Why is encryption challenging to security monitoring?...
- Question 144: When trying to evade IDS/IPS devices, which mechanism allows...
- Question 145: What is the difference between the ACK flag and the RST flag...
- Question 146: Which event artifact is used to identify HTTP GET requests f...
- Question 147: An engineer needs to configure network systems to detect com...
- Question 148: Which data format is the most efficient to build a baseline ...
- Question 149: Drag and drop the data source from the left onto the data ty...
- Question 150: Refer to the exhibit. (Exhibit) Which packet contains a file...
- Question 151: Refer to exhibit. (Exhibit) An engineer is Investigating an ...
- Question 152: Refer to the exhibit. (Exhibit) What is occurring in this ne...
- Question 153: An engineer needs to have visibility on TCP bandwidth usage,...
- Question 154: What is a difference between a threat and a risk?...
- Question 155: An engineer must investigate suspicious connections. Data ha...
- Question 156: How is attacking a vulnerability categorized?...
- Question 157: How does agentless monitoring differ from agent-based monito...
- Question 158: At a company party a guest asks questions about the company'...
- Question 159: How is SQL injection prevented?...
- Question 160: A security engineer must investigate a recent breach within ...
- Question 161: What causes events on a Windows system to show Event Code 46...
- Question 162: Drag and drop the definitions from the left onto the phases ...
- Question 163: When communicating via TLS, the client initiates the handsha...
- Question 164: Which SOC metric represents the time to stop the incident fr...
- Question 165: What is an example of social engineering attacks?...
- Question 166: Refer to the exhibit. (Exhibit) Refer to the exhibit. A SOC ...
- Question 167: An automotive company provides new types of engines and spec...
- Question 168: Refer to the exhibit. (Exhibit) Which stakeholders must be i...
- Question 169: Refer to the exhibit. (Exhibit) Refer to the exhibit. A SOC ...
- Question 170: A system administrator is ensuring that specific registry in...
- Question 171: An investigator is examining a copy of an ISO file that is s...
- Question 172: A security analyst notices a sudden surge of incoming traffi...
- Question 173: Refer to the exhibit. (Exhibit) An analyst received this ale...
- Question 174: Refer to the exhibit. (Exhibit) What does the message indica...
- Question 175: Refer to the exhibit. (Exhibit) Refer to the exhibit. An emp...
- Question 176: What are the two differences between stateful and deep packe...
- Question 177: An analyst is investigating an incident in a SOC environment...
- Question 178: Refer to the exhibit. (Exhibit) A suspicious IP address is t...
- Question 179: Drag and drop the access control models from the left onto t...
- Question 180: How does an SSL certificate impact security between the clie...
- Question 181: Refer to the exhibit. (Exhibit) Which component is identifia...
- Question 182: Refer to the exhibit. (Exhibit) What is the potential threat...
- Question 183: Drag and drop the technology on the left onto the data type ...
- Question 184: Which evasion method is being used when TLS is observed betw...
- Question 185: What is the impact of false positive alerts on business comp...
- Question 186: Which two pieces of information are collected from the IPv4 ...
- Question 187: Refer to the exhibit. (Exhibit) Which event is occurring?...
- Question 188: Which two elements are assets in the role of attribution in ...
- Question 189: What is a purpose of a vulnerability management framework?...
- Question 190: A security engineer deploys an enterprise-wide host/endpoint...
- Question 191: Which principle reduces the risk of attackers gaining access...
- Question 192: Which tool gives the ability to see session data in real tim...
- Question 193: Refer to the exhibit. (Exhibit) Refer to the exhibit. An eng...
- Question 194: What does the SOC metric MTTC provide in incident analysis'?...
- Question 195: How does an attack surface differ from an attack vector?...
- Question 196: How does statistical detection differ from rule-based detect...
- Question 197: Refer to the exhibit. (Exhibit) Refer to the exhibit. Based ...
- Question 198: What is corroborating evidence?...
- Question 199: Which action matches the weaponization step of the Cyber Kil...
- Question 200: Which metric is used to capture the level of access needed t...
- Question 201: What is the impact of encapsulation on the network?...
- Question 202: What are two differences between tampered disk images and un...
- Question 203: Refer to the exhibit. (Exhibit) Refer to the exhibit. What t...
- Question 204: What should a security analyst consider when comparing inlin...
- Question 205: Refer to the exhibit. (Exhibit) An attacker gained initial a...
- Question 206: If a web server accepts input from the user and passes it to...
- Question 207: What is a difference between SI EM and SOAR security systems...
- Question 208: Which of these describes SOC metrics in relation to security...
