Free Practice Questions for Cisco 200-201 Exam

Table Description automatically generated

In a Security Operations Center (SOC) environment, a vulnerability management metric is a quantifiable measure used to assess the effectiveness of the vulnerability management program. A full assets scan is a metric that can be used to determine the coverage and frequency of vulnerability scans across all assets. This helps in identifying unscanned assets and ensuring that all parts of the network are regularly checked for vulnerabilities1.

References :=

SOC Metrics: Security Metrics & KPIs for Measuring SOC Success

Vulnerability Management Metrics: 5 Metrics to Start Measuring in Your Vulnerability Management Program

Top 10 Vulnerability Management Metrics & KPIs To Measure Success

The purpose of command and control (C&C) for network-aware malware is to allow an attacker to remotely control compromised systems. This includes sending commands to the malware, receiving data from the infected host, and updating the malware to evade detection or enhance its capabilities.

Patch management is the process of distributing and managing updates to software and systems. These updates can include patches for security vulnerabilities, bug fixes, andenhancements to improve performance or add new features. It ensures that systems are up-to-date, secure, and performing optimally. References := Cisco Cybersecurity Training

Ransomware is a type of malware that encrypts the victim’s data and demands a ransom for the decryption key. The attacker may also threaten to publish or delete the data if the ransom is not paid. In this case, the Egregor malware is distributed through a Cobalt Strike, which is a penetration testing tool that can be used to deploy payloads on compromised systems. The malware exfiltrates the victim’s data to a command and control server and uses it as leverage to extort money from the victim. References := Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.3: Malware Attacks

The weaponization step in the Cyber Kill Chain Model involves the creation or use of a specific weapon (malware, exploit) designed to leverage a vulnerability.

This phase follows the reconnaissance phase where the attacker gathers information and precedes the delivery phase where the weapon is delivered to the target.

Developing specific malware to exploit a vulnerable server is a precise example of weaponization.

References

Lockheed Martin Cyber Kill Chain Model

Understanding the Weaponization Phase in Cyber Attacks

Steps in the Cyber Kill Chain

A regular expression (regex) is a sequence of characters that defines a search pattern for text. A regex can be used to extract custom properties from log messages or events in a SIEM platform. In this case, the regex that matches the phrase “File: Clean” exactly is ^File: Clean$. The ^ symbol indicates the beginning of the line and the $ symbol indicates the end of the line. The regex ensures that no other characters are before or after the phrase. References:

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, Module 5: Security Policies and Procedures, Lesson 5.3: Data and Event Analysis

200-201 CBROPS - Cisco, Exam Topics, 5.0 Security Policies and Procedures, 5.3 Analyze data as part of security monitoring activities

Cisco Certified CyberOps Associate Overview - Cisco Learning Network, Videos, 5.3 Analyze data as part of security monitoring activities

 A host-based firewall is a utility that can block unauthorized access to a computer system, including port scans. It monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.

 The category of the Cyber Kill Chain model that this event belongs to is weaponization. This stage occurs after reconnaissance has taken place and the attacker has discovered all necessary information about potential targets, such as vulnerabilities. In the weaponization stage, the attacker’s preparatory work culminates in the creation of malware to be used against an identified target, which in this case is a specific worm tailored to exploit a software flaw and extract saved passwords. References: The Cyber Kill Chain framework, developed by Lockheed Martin, explains the weaponization stage as the process where attackers create or modify cyber weapons based on the intelligence gathered during reconnaissance