What is a benefit of agent-based protection when compared to agentless protection?

1. A. It lowers maintenance costs
2. B. It provides a centralized platform
3. C. It collects and detects all traffic locally
4. D. It manages numerous devices simultaneously

Correct Answer: C
Host-based antivirus protection is also known as agent-based. Agent-based antivirus runs on every protected machine. Agentless antivirus protection performs scans on hosts from a centralized system. Agentless systems have become popular for virtualized environments in which multiple OS instances are running on a host simultaneously. Agent-based antivirus running in each virtualized system can be a serious drain on system resources. Agentless antivirus for virtual hosts involves the use of a special security virtual appliance that performs optimized scanning tasks on the virtual hosts. An example of this is VMware’s vShield.

What is the difference between the rule-based detection when compared to behavioral detection?

1. A. Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.
2. B. Rule-Based systems have established patterns that do not change with new data, while behavioral changes.
3. C. Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
4. D. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.

Correct Answer: D

What is personally identifiable information that must be safeguarded from unauthorized access?

1. A. date of birth
2. B. driver's license number
3. C. gender
4. D. zip code

Correct Answer: B
According to the Executive Office of the President, Office of Management and Budget (OMB), and the U.S. Department of Commerce, Office of the Chief Information Officer, PII refers to “information which can be used to distinguish or trace an individual’s identity.”
The following are a few examples:
- An individual’s name
- Social security number
- Biological or personal characteristics, such as an image of distinguishing features, fingerprints, Xrays, voice signature, retina scan, and the geometry of the face
- Date and place of birth
- Mother’s maiden name
- Credit card numbers
- Bank account numbers
- Driver license number
- Address information, such as email addresses or street addresses, and telephone numbers for businesses or personal use
- Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide Omar Santos

A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

1. A. event name, log source, time, source IP, and host name
2. B. protocol, source IP, source port, destination IP, and destination port
3. C. event name, log source, time, source IP, and username
4. D. protocol, log source, source IP, destination IP, and host name

Correct Answer: B

How does an attacker observe network traffic exchanged between two users?

1. A. port scanning
2. B. man-in-the-middle
3. C. command injection
4. D. denial of service

Correct Answer: B