What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?

1. A. DAC requires explicit authorization for a given user on a given object, and RBAC requires specific conditions.
2. B. RBAC access is granted when a user meets specific conditions, and in DAC, permissions are applied on user and group levels.
3. C. RBAC is an extended version of DAC where you can add an extra level of authorization based on time.
4. D. DAC administrators pass privileges to users and groups, and in RBAC, permissions are applied to specific groups

Correct Answer: A

Which artifact is used to uniquely identify a detected file?

1. A. file timestamp
2. B. file extension
3. C. file size
4. D. file hash

Correct Answer: D

Refer to the exhibit.

What does the message indicate?

1. A. an access attempt was made from the Mosaic web browser
2. B. a successful access attempt was made to retrieve the password file
3. C. a successful access attempt was made to retrieve the root of the website
4. D. a denied access attempt was made to retrieve the password file

Correct Answer: C

A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

1. A. file header type
2. B. file size
3. C. file name
4. D. file hash value

Correct Answer: D

Which step in the incident response process researches an attacking host through logs in a SIEM?

1. A. detection and analysis
2. B. preparation
3. C. eradication
4. D. containment

Correct Answer: A
Preparation --> Detection and Analysis --> Containment, Erradicaion and Recovery --> Post-Incident Activity Detection and Analysis --> Profile networks and systems, Understand normal behaviors, Create a log retention policy, Perform event correlation. Maintain and use a knowledge base of information.Use Internet search engines for research. Run packet sniffers to collect additional data. Filter the data. Seek assistance from others. Keep all host clocks synchronized. Know the different types of attacks and attack vectors. Develop processes and procedures to recognize the signs of an incident. Understand the sources of precursors and indicators. Create appropriate incident documentation capabilities and processes. Create processes to effectively prioritize security incidents. Create processes to effectively communicate incident information (internal and external communications).
Ref: Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide