What is the practice of giving an employee access to only the resources needed to accomplish their job?

1. A. principle of least privilege
2. B. organizational separation
3. C. separation of duties
4. D. need to know principle

Correct Answer: A

What is a difference between tampered and untampered disk images?

1. A. Tampered images have the same stored and computed hash.
2. B. Untampered images are deliberately altered to preserve as evidence.
3. C. Tampered images are used as evidence.
4. D. Untampered images are used for forensic investigations.

Correct Answer: D
The disk image must be intact for forensics analysis. As a cybersecurity professional, you may be given the task of capturing an image of a disk in a forensic manner. Imagine a security incident has occurred on a system and you are required to perform some forensic investigation to determine who and what caused the attack. Additionally, you want to ensure the data that was captured is not tampered with or modified during the creation of a disk image process. Ref: Cisco Certified CyberOps Associate 200-201 Certification Guide

Refer to the exhibit.

Which frame numbers contain a file that is extractable via TCP stream within Wireshark?

1. A. 7,14, and 21
2. B. 7 and 21
3. C. 14,16,18, and 19
4. D. 7 to 21

Correct Answer: B

According to the NIST SP 800-86. which two types of data are considered volatile? (Choose two.)

1. A. swap files
2. B. temporary files
3. C. login sessions
4. D. dump files
5. E. free space

Correct Answer: CE

What specific type of analysis is assigning values to the scenario to see expected outcomes?

1. A. deterministic
2. B. exploratory
3. C. probabilistic
4. D. descriptive

Correct Answer: A