Which piece of information is part of the chain of custody during investigation?
Correct Answer: C
200-201 Exam Question 22
What should an engineer use to aid the trusted exchange of public keys between user tom0411976943 and dan1968754032?
Correct Answer: C
In the context of public key infrastructure (PKI), a trusted certificate authority (CA) is responsible for issuing digital certificates that verify a digital entity's identity on the internet. The CA acts as a trusted third party between the user (in this case, tom0411976943) and the recipient (dan1968754032), ensuring that the public keys are indeed who they claim to be. The CA verifies the identity of the users and then issues a certificate containing the public key and a variety of other identification information. The trusted CA can then vouch for the authenticity of each user to the other. Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
200-201 Exam Question 23
What is a difference between SOAR and SIEM?
Correct Answer: A
200-201 Exam Question 24
What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?
Correct Answer: D
The main difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN) lies in how they handle network traffic for analysis purposes. TAPS, or Test Access Points, are hardware devices that create a copy of the traffic between two network points without altering the data. This means TAPS can transmit both send and receive data streams simultaneously on separate dedicated channels, ensuring all data, including physical layer errors, is received by the monitoring or security device in real-time. On the other hand, SPAN, or Switch Port Analyzer, is a feature that duplicates network packets seen on one port to another port for analysis. However, SPAN ports can filter out physical layer errors, which may limit the types of analyses that can be performed as some errors will not be represented in the mirrored traffic. The distinction between TAPS and SPAN is covered in the Cisco CyberOps Associate CBROPS 200-201 course, which provides foundational knowledge for network monitoring and security analysis1. Additionally, industry resources such as Garland Technology's comparison of TAPS and SPAN highlight the differences in performance and integrity of the traffic being analyzed
200-201 Exam Question 25
What does the SOC metric MTTC provide in incident analysis'?