Exam 3: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

A malicious file has been identified in a sandbox analysis tool. Which piece of information is needed to search for additional downloads of this file by other hosts?

What causes events on a Windows system to show Event Code 4625 in the log messages?

Which security principle is violated by running all processes as root or administrator?

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

Which action prevents buffer overflow attacks?

What is the impact of false positive alerts on business compared to true positive?

Refer to the exhibit. What is occurring in this network?

What is the function of a command and control server?

Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

In a SOC environment, what is a vulnerability management metric?

What is a difference between SOAR and SIEM?

An analyst is exploring the functionality of different operating systems. What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

Which system monitors local system operation and local network access for violations of a security policy?

What does cyber attribution identity in an investigation?

What is an attack surface as compared to a vulnerability?

Which event artifact is used to identity HTTP GET requests for a specific file?

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

A system administrator is ensuring that specific registry information is accurate. Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

Which type of data consists of connection level, application-specific records generated from network traffic?