Cisco Updated 200-201 Exam Questions and Answers by zayyan

A phishing attack often involves sending emails that appear to be from reputable sources with the goal of inducing individuals to reveal personal information, such as passwords and credit card numbers. In this case, the email with the subject “price deduction” containing a malicious attachment is designed to trick the recipient into opening the attachment, which can then execute harmful software on their device

 Protected data refers to any information that is legally guarded or sensitive due to its nature. In the context of the organization described, the main database contains Intellectual Property (IP), which includes patents that are legally protected forms of inventions and designs. The secondary database holds Personally Identifiable Information (PII), which comprises data that can be used to identify individuals, such as names and contact details. Both IP and PII are considered protected data and should be identified during an internal audit to ensure they are handled according to legal and regulatory standards. References: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

In the Common Vulnerability Scoring System (CVSS), attack complexity refers to the conditions beyond the attacker’s control that must exist for the vulnerability to be successfully exploited.

This includes factors such as the need for user interaction, the presence of specific configurations, or network conditions that are not easily controlled by the attacker.

A high attack complexity means that these external factors make exploitation more difficult, while a low attack complexity indicates that fewer such conditions are required.

References

CVSS v3.1 Specifications Document

Understanding Attack Complexity in Vulnerability Assessments

Cybersecurity Frameworks and Metrics