200-201 Free Practice Test

What is a difference between tampered and untampered disk images?

1. A. Tampered images have the same stored and computed hash.
2. B. Untampered images are deliberately altered to preserve as evidence.
3. C. Tampered images are used as evidence.
4. D. Untampered images are used for forensic investigations.

Correct Answer: D
The disk image must be intact for forensics analysis. As a cybersecurity professional, you may be given the task of capturing an image of a disk in a forensic manner. Imagine a security incident has occurred on a system and you are required to perform some forensic investigation to determine who and what caused the attack. Additionally, you want to ensure the data that was captured is not tampered with or modified during the creation of a disk image process. Ref: Cisco Certified CyberOps Associate 200-201 Certification Guide

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

1. A. confidentiality, identity, and authorization
2. B. confidentiality, integrity, and authorization
3. C. confidentiality, identity, and availability
4. D. confidentiality, integrity, and availability

Correct Answer: D

What makes HTTPS traffic difficult to monitor?

1. A. SSL interception
2. B. packet header size
3. C. signature detection time
4. D. encryption

Correct Answer: D

Refer to the exhibit.

Which kind of attack method is depicted in this string?

1. A. cross-site scripting
2. B. man-in-the-middle
3. C. SQL injection
4. D. denial of service

Correct Answer: A

Which piece of information is needed for attribution in an investigation?

1. A. proxy logs showing the source RFC 1918 IP addresses
2. B. RDP allowed from the Internet
3. C. known threat actor behavior
4. D. 802.1x RADIUS authentication pass arid fail logs

Correct Answer: C
Actually this is the most important thing: know who, what, how, why, etc.. attack the network.