Free 200-201 Exam Braindumps (page: 35)

Page 35 of 66

Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

  1. CSIRT
  2. PSIRT
  3. public affairs
  4. management

Answer(s): D



Which incidence response step includes identifying all hosts affected by an attack?

  1. detection and analysis
  2. post-incident activity
  3. preparation
  4. containment, eradication, and recovery

Answer(s): D

Explanation:

3.3.3 Identifying the Attacking Hosts During incident handling, system owners and others sometimes want to or need to identify the attacking host or hosts. Although this information can be important, incident handlers should generally stay focused on containment, eradication, and recovery. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf The response phase, or containment, of incident response, is the point at which the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident.



Which two elements are used for profiling a network? (Choose two.)

  1. session duration
  2. total throughput
  3. running processes
  4. listening ports
  5. OS fingerprint

Answer(s): A,B

Explanation:

A network profile should include some important elements, such as the following:

Total throughput ­ the amount of data passing from a given source to a given destination in a given period of time.
Session duration ­ the time between the establishment of a data flow and its termination Ports used ­ a list of TCP or UDP processes that are available to accept data Critical asset address space ­ the IP addresses or the logical location of essential systems or data Profiling data are data that system has gathered, these data helps for incident response and to detect incident Network profiling = throughput, sessions duration, port used, Critical Asset Address Space Host profiling = Listening ports, logged in accounts, running processes, running tasks,applications



Which category relates to improper use or disclosure of PII data?

  1. legal
  2. compliance
  3. regulated
  4. contractual

Answer(s): C



Page 35 of 66



Post your Comments and Discuss Cisco® 200-201 exam with other Community members:

AEB commented on December 11, 2024
The breadth of knowledge for this exam is large. It doesn't seem possible to learn everything on it for an associate level exam.
UNITED STATES
upvote

Bio commented on September 05, 2023
200-201 CBROPS 092023 - Exam still 75% to 80% valid. Suggest to those who wants to pass to study this, along with netacads, and review quizlets to ensure you pass.
GERMANY
upvote

AB commented on August 21, 2023
200-201 is still good. passed Aug 14
UNITED STATES
upvote