200-201 Free Practice Test

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

1. A. context
2. B. session
3. C. laptop
4. D. firewall logs
5. E. threat actor

Correct Answer: CD
The following are some factors that are used during attribution in an investigation: Assets, Threat actor, Indicators of Compromise (IoCs), Indicators of Attack (IoAs), Chain of custody Asset: This factor identifies which assets were compromised by a threat actor or hacker. An example of an asset can be an organization's domain controller (DC) that runs Active Directory Domain Services (AD DS). AD is a service that allows an administrator to manage user accounts, user groups, and policies across a Microsoft Windows environment. Keep in mind that an asset is anything that has value to an organization; it can be something physical, digital, or even people. Cisco Certified CyberOps Associate 200-201 Certification Guide

A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

1. A. installation
2. B. reconnaissance
3. C. weaponization
4. D. delivery

Correct Answer: D

A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
If the process is unsuccessful, a negative value is returned.
If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.
Which component results from this operation?

1. A. parent directory name of a file pathname
2. B. process spawn scheduled
3. C. macros for managing CPU sets
4. D. new process created by parent process

Correct Answer: D
There are two tasks with specially distinguished process IDs: swapper or sched has process ID 0 and is responsible for paging, and is actually part of the kernel rather than a normal user-mode process. Process ID 1 is usually the init process primarily responsible for starting and shutting down the system. Originally, process ID 1 was not specifically reserved for init by any technical measures: it simply had this ID as a natural consequence of being the first process invoked by the kernel. More recent Unix systems typically have additional kernel components visible as 'processes', in which case PID 1 is actively reserved for the init process to maintain consistency with older systems

What is a difference between inline traffic interrogation and traffic mirroring?

1. A. Inline inspection acts on the original traffic data flow
2. B. Traffic mirroring passes live traffic to a tool for blocking
3. C. Traffic mirroring inspects live traffic for analysis and mitigation
4. D. Inline traffic copies packets for analysis and security

Correct Answer: A
Inline traffic interrogation analyzes traffic in real time and has the ability to prevent certain traffic from being forwarded Traffic mirroring doesn't pass the live traffic instead it copies traffic from one or more source ports and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device

Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)

1. A. First Packet
2. B. Initiator User
3. C. Ingress Security Zone
4. D. Source Port
5. E. Initiator IP

Correct Answer: DE