200-201 Exam Dumps : Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

The exhibit shows a Stealthwatch dashboard displaying information on alarming hosts, alarms by type, and today’s alarms. On the left side under “Top Alarming Hosts,” there are five host IP addresses listed with their respective categories indicating different types of alerts including ‘Data Hoarding’ and ‘Exfiltration.’ In “Alarms by Type” section at center top part of image shows bar graphs representing various alarm types including ‘Crypto Violation’ with their respective counts. On right side under “Today’s Alarms,” there’s a table showing the details of each alarm such as the host IP, the alarm type, the severity, and the time. The potential threat identified in this dashboard is that host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91, which is a sign of data exfiltration. Data exfiltration is the unauthorized transfer of data from a compromised system to an external destination, such as a command and control server or a malicious actor. This can result in data loss, breach of confidentiality, and damage to the organization’s reputation and assets. References := Cisco Cybersecurity Operations Fundamentals - Module 7: Network and Host Forensics

Indirect evidence is evidence that does not directly prove a fact, but rather implies or infers it from other facts or circumstances. Indirect evidence is also known as circumstantial evidence or corroborating evidence. A video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor is an example of indirect evidence, because it does not directly show that the suspect was involved in the file transfer, but rather suggests a possible connection or correlation between the two events. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.3: Digital Forensics, Topic 5.3.1: Evidence, page 5-24.

 The discrepancy described suggests that the system had a Host Intrusion Detection System (HIDS) installed. HIDS are designed to monitor and analyze the internals of a computing system for signs of intrusion and policy violations. While they can detect unauthorized activities, they do not take direct action to stop an attack; this is typically the role of an intrusion prevention system. Therefore, the alert was generated, but no mitigation action was taken because the HIDS does not have the capability to intervene.

References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the functions and limitations of various security systems, including HIDS, and their role within a Security Operations Center (SOC)1.