Free Access to Cisco.200-201.v2024-05-09.q156 with Valid Practice Test (Page 28)

Question 131

The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

A.Prioritize incident handling based on the impact.
B.Collect public information on the malware behavior.
C.Perform forensics analysis on the infected endpoint.
D.Isolate the infected endpoint from the network.

Question 132

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

A.exploitation
B.reconnaissance
C.delivery
D.weaponization

Question 133

What is the difference between indicator of attack (loA) and indicators of compromise (loC)?

A.loA is the evidence that a security breach has occurred, and loC allows organizations to act before the vulnerability can be exploited.
B.loA refers to the individual responsible for the security breach, and loC refers to the resulting loss.
C.loC is the evidence that a security breach has occurred, and loA allows organizations to act before the vulnerability can be exploited.
D.loC refers to the individual responsible for the security breach, and loA refers to the resulting loss.

Question 134

Which piece of information is needed for attribution in an investigation?

A.proxy logs showing the source RFC 1918 IP addresses
B.RDP allowed from the Internet
C.known threat actor behavior
D.802.1x RADIUS authentication pass arid fail logs

Question 135

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?

A.online assault
B.precursor
C.trigger
D.instigator

Question 131

Question 132

Question 133

Question 134

Question 135

Download PDF File