Which event is user interaction?
D
Explanation:
User interaction is any event that requires the user to perform an action that enables or facilitates a
cyberattack. Opening a malicious file is an example of user interaction, as it can trigger the execution
of malicious code or malware that can compromise the system or network. Gaining root access,
executing remote code, and reading and writing file permissions are not user interactions, but rather
actions that can be performed by an attacker after exploiting a vulnerability or bypassing security
controls. Reference:
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) -
Cisco
,
More than 99% of cyberattacks rely on human interaction
Which security principle requires more than one person is required to perform a critical task?
C
Explanation:
Separation of duties is a security principle that requires more than one person to perform a critical
task, such as authorizing a transaction, approving a budget, or granting access to sensitive data.
Separation of duties reduces the risk of fraud, error, abuse, or conflict of interest by preventing any
single person from having too much power or privilege. Least privilege, need to know, and due
diligence are other security principles, but they do not require more than one person to perform a
critical task. Reference:
Separation of Duty (SOD) - Glossary | CSRC - NIST Computer Security
…
,
Separation of Duties | Imperva
How is attacking a vulnerability categorized?
C
Explanation:
Attacking a vulnerability is categorized as exploitation, which is the third phase of the cyberattack
lifecycle. Exploitation is the process of taking advantage of a vulnerability in a system, application, or
network to gain access, escalate privileges, or execute commands. Action on objectives, delivery, and
installation are other phases of the cyberattack lifecycle, but they do not involve attacking a
vulnerability. Action on objectives is the final phase, where the attacker achieves their goal, such as
stealing data, disrupting services, or destroying assets. Delivery is the second phase, where the
attacker delivers the malicious payload, such as malware, phishing email, or malicious link, to the
target. Installation is the fourth phase, where the attacker installs the malicious payload on the
compromised system or network to maintain persistence or spread laterally. Reference:
What is a
Cyberattack? | IBM
,
Recognizing the seven stages of a cyber-attack - DNV
What is a benefit of agent-based protection when compared to agentless protection?
C
Explanation:
Agent-based protection is a type of endpoint security that uses software agents installed on the
devices to monitor and protect them. Agent-based protection can collect and detect all traffic locally,
which means it can operate without relying on a network connection or a centralized server. Agent-
based protection can also provide more granular and comprehensive visibility and control over the
devices. Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html
(Module 2: Security Concepts, Lesson 2.3: Endpoint Security)
Which principle is being followed when an analyst gathers information relevant to a security incident
to determine the appropriate course of action?
A
Explanation:
Decision making is a principle that guides an analyst to gather information relevant to a security
incident to determine the appropriate course of action. Decision making involves identifying the
problem, defining the criteria, analyzing the alternatives, and choosing the best solution. Decision
making helps an analyst to respond to an incident effectively and efficiently, while minimizing the
impact and risk to the organization. Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html(Module3:SecurityMonitoring,Lesson3.1:SecurityOperationsCenter)
One of the objectives of information security is to protect the CIA of information and systems. What
does CIA mean in this context?
D
Explanation:
CIA stands for confidentiality, integrity, and availability, which are the three main objectives of
information security. Confidentiality means protecting the information from unauthorized access or
disclosure. Integrity means ensuring the information is accurate and consistent, and preventing
unauthorized modification or deletion. Availability means ensuring the information and systems are
accessible and usable by authorized users when needed. Reference:
https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html(Module2:Security
Concepts, Lesson 2.1: Security Principles)
What is rule-based detection when compared to statistical detection?
B
Explanation:
Rule-based detection is a type of intrusion detection system (IDS) that uses predefined rules or
signatures to identify malicious or suspicious activity. Rule-based detection can provide proof of a
user’s action, such as an attempt to exploit a known vulnerability or execute a malicious command.
Rule-based detection can also provide a high level of accuracy and specificity, but it requires constant
updates and maintenance of the rules or signatures. Reference:
https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html(Module4:Attack
Methods, Lesson 4.2: Attack Techniques)
A user received a malicious attachment but did not run it. Which category classifies the intrusion?
D
Which process is used when IPS events are removed to improve data integrity?
B
An analyst is investigating an incident in a SOC environment. Which method is used to identify a
session from a group of logs?
C
What is a difference between SOAR and SIEM?
A
What is the difference between mandatory access control (MAC) and discretionary access control
(DAC)?
B
What is the practice of giving employees only those permissions necessary to perform their specific
role within an organization?
A
Explanation:
The principle of least privilege states that users and processes should be granted only the minimum
permissions necessary to perform their specific role or function within an organization. This reduces
the attack surface and limits the potential damage of a compromised account or process. Reference:
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0
, Module 1: Security
Concepts, Lesson 1.2: Security Principles
Cisco Certified CyberOps Associate Overview
, Exam Topics, 1.1 Explain the CIA triad
What is the virtual address space for a Windows process?
D
Explanation:
The virtual address space for a Windows process is the set of virtual memory addresses that can be
used by the process. Each process has its own virtual address space that is isolated from other
processes. The virtual address space is divided into regions that have different attributes, such as
read-only, read-write, execute, and so on. The virtual address space is mapped to the physical
memory by the operating system using a data structure called a page table. Reference:
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0
, Module 4: Host-Based
Analysis, Lesson 4.1: Windows Operating System
Virtual Address Space
Which security principle is violated by running all processes as root or administrator?
A
Explanation:
Running all processes as root or administrator violates the principle of least privilege, which states
that users and processes should be granted only the minimum permissions necessary to perform
their specific role or function within an organization. Running all processes as root or administrator
gives them full access and control over the system, which increases the risk of unauthorized actions,
malicious attacks, and accidental errors. It also makes it easier for attackers to escalate their
privileges and compromise the system. Reference:
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0
, Module 1: Security
Concepts, Lesson 1.2: Security Principles
Cisco Certified CyberOps Associate Overview
, Exam Topics, 1.1 Explain the CIA triad