200-201 Exam Dumps - Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

 DNS amplification is a type of Distributed Denial of Service (DDoS) attack where an attacker uses publicly accessible open DNS servers to flood a target with DNS response traffic. The goal is to overwhelm the target with traffic, causing a denial of service.

Inline traffic interrogation analyzes traffic in real time and has the ability to prevent certain traffic from being forwarded Traffic mirroring doesn't pass the live traffic instead it copies traffic from one or more source ports and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device

 Behavior-based detection monitors the behavior of programs in real-time. If a piece of software acts similarly to known malware after it’s been executed, behavior-based detection can stop it in its tracks. Signature-based detection involves searching for known patterns of data within executable code; if a pattern matches a “signature” in the system’s database that is considered malicious. References: Cisco Cybersecurity Operations Fundamentals

The analyst is in the detection and analysis phase of the incident response process according to NIST SP800-61. In this phase, events are detected and analyzed to determine whether they constitute incidents that require a response. It involves monitoring security events or data collection, correlation, and analysis of log entries and network flow data, among others. The goal is to identify incidents quickly so that appropriate actions can be taken. References := NIST SP800-61, Computer Security Incident Handling Guide, Section 3.2: Detection and Analysis

The source IP address from an audit log that indicates a session which may have exploited a vulnerability is considered corroborative evidence. This type of evidence supports other evidence that suggests a security breach occurred. In the context of cybersecurity, corroborative evidence can help establish that an attack was carried out and can be used in conjunction with other data points to build a case during an investigation.

References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) training material discusses the types of data needed to investigate security incidents, which includes understanding the role of different types of evidence in building a security incident case1.

A sandbox is a technology on a host that is used to isolate a running application from other applications. A sandbox creates a controlled and restricted environment for the application to execute, limiting its access to system resources and data. A sandbox can prevent the application from spreading malware, stealing information, or causing damage to the host or the network. A sandbox can also be used to test and analyze the behavior of unknown or suspicious applications without risking the security of the host. Application allow list, application block list, and host-based firewall are other technologies on a host that can be used to control or restrict the execution of applications, but they do not isolate them from other applications. References:

How can I best isolate a particular program (game)

App isolation in Windows 10

Types of Endpoint Application Isolation and Containment Technology

 The alert from the Cisco ASA device and the numerous activity logs are examples of circumstantial evidence. Circumstantial evidence is evidence that relies on an inference or deduction to connect it to a conclusion of fact, such as a security incident or an attack. Circumstantial evidence does not directly prove the fact in question, but rather suggests or implies it. In this case, the alert and the logs indicate that a TCP connection attempt was denied by an access group, but they do not directly prove that an attack occurred or who was behind it. There could be other explanations for the denied connection, such as a misconfiguration, a network error, or a legitimate request. Therefore, this type of evidence is circumstantial and requires further investigation and analysis to confirm or rule out the possibility of an attack. References := Circumstantial evidence - Wikipedia; Circumstantial Evidence - Definition, Examples, Cases, Processes; Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 92.