An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack.
What is the reason for this discrepancy?
A. The computer has a HIPS installed on it. B. The computer has a NIPS installed on it. C. The computer has a HIDS installed on it. D. The computer has a NIDS installed on it.
C. The computer has a HIDS installed on it.
Question 372:
What is the difference between SIEM and SOAR?
A. SOAR generates and prevents security alerts, and SIEM predicts attack patterns and applies the mitigation. B. SOAR is more efficient in event gathering and analysis, and SIEM has an advantage in resource usage and anomaly detection speed. C. The primary function of SIEM is to collect and detect events, and SOAR is more focused on workflows, threat detection, and remediation. D. SIEM analyzes infrastructure and network traffic behavior for anomaly detection, and SOAR detects anomalies in known signatures.
C. The primary function of SIEM is to collect and detect events, and SOAR is more focused on workflows, threat detection, and remediation.
Question 373:
A security specialist is investigating an incident regarding a recent major breach in the organization. The accounting data from a 24-month period is affected due to a trojan detected in a department's critical server. A security analyst investigates the incident and discovers that an incident response team member who detected a trojan during regular AV scans had made an image of the server for evidence purposes. The security analyst made an image again to compare the hashes of the two images, and they appeared to differ and do not match.
Which type of evidence is the security analyst dealing with?
A. checksum violated image B. integrity violated image C. untampered image D. tampered image
D. tampered image
Question 374:
Which type of evidence supports a theory or an assumption that results from initial evidence?
A. probabilistic B. indirect C. best D. corroborative
D. corroborative
Explanation
Corroborating evidence (or corroboration) is evidence that tends to support a theory or an assumption deduced by some initial evidence. This corroborating evidence confirms the proposition. Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide
Question 375:
How does statistical detection differ from rule-based detection?
A. Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function. B. Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules C. Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function Rule-based detection defines D. legitimate data over a period of time, and statistical detection works on a predefined set of rules
B. Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules
Explanation
Statistical detection relies on analyzing data over time to identify patterns and anomalies, without predefined rules. It uses algorithms and statistical models to determine normal behavior and identify deviations. Rule-based detection uses predefined rules or patterns to identify known threats or vulnerabilities, often based on signatures or behaviors associated with specific attacks.
Question 376:
What describes the vulnerability management process?
A. securely observe and supervise devices that access sensitive enterprise data B. systems engineering process for establishing and preserving consistency of a product's performance C. involves the deployment of hotfixes and patches that are released from time to time D. cyclical approach of identifying classifying and mitigating software vulnerabilities
D. cyclical approach of identifying classifying and mitigating software vulnerabilities
Question 377:
A security engineer must protect the company from known issues that trigger adware. Recently a new incident has been raised that could harm the system.
Which security concepts are present in this scenario?
A. vulnerability and threat B. exploit and patching C. risk and evidence D. analysis and remediation
A. vulnerability and threat
Question 378:
What are indicators of attack?
A. large numbers of requests for the same file B. multiple tog ins from different regions C. swells in database read volume D. suspicious registry or system file changes
D. suspicious registry or system file changes
Question 379:
According to CVSS, what is attack complexity?
A. existing exploits available in the wild exploiting the vulnerability B. existing circumstances beyond the attacker's control to exploit the vulnerability C. number of actions an attacker should perform to exploit the vulnerability D. number of patches available for certain attack mitigation and how complex the workarounds are
B. existing circumstances beyond the attacker's control to exploit the vulnerability
Explanation
In the Common Vulnerability Scoring System (CVSS), attack complexity refers to the conditions beyond the attacker's control that must exist for the vulnerability to be successfully exploited. This includes factors such as the need for user interaction, the presence of specific configurations, or network conditions that are not easily controlled by the attacker. A high attack complexity means that these external factors make exploitation more difficult, while a low attack complexity indicates that fewer such conditions are required.
References
CVSS v3.1 Specifications Document
Understanding Attack Complexity in Vulnerability Assessments Cybersecurity Frameworks and Metrics
Question 380:
What does cyber attribution identify in an investigation?
A. cause of an attack B. exploit of an attack C. vulnerabilities exploited D. threat actors of an attack
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 200-201 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.