Cisco Updated 200-201 Exam Questions and Answers by tate

Wireshark is a widely-used network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It provides full packet capture capabilities, enabling detailed analysis of network traffic. References: This is supported by the CBROPS course materials, which discuss security monitoring and the analysis of network traffic, including full packet capture tools like Wireshark

 Tampered images are disk images that have been modified or altered in some way after they were captured from the original source. Tampered images may have different stored and computed hash values, which indicate that the integrity of the image has been compromised. Tampered images are not reliable or valid sources of evidence for forensic investigations, as they may contain false or misleading information. Untampered images are disk images that have not been changed or manipulated after they were acquired from the original source. Untampered images have the same stored and computed hash values, which verify that the image is an exact copy of the original disk. Untampered images are used for forensic investigations, as they preserve the original state and content of the disk and provide accurate and trustworthy evidence. References:

• Contrasting tampered and untampered disk images
• What is a difference between tampered and untampered disk images?

 Application-level whitelisting is a security technology that allows only a set of pre-approved applications to run on a system, and blocks any other unauthorized or malicious programs. This can prevent malware, ransomware, zero-day exploits, and other threats from compromising the system. Application-level whitelisting is also known as application control or application allowlisting. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Host-Based Analysis, Lesson 3.2: Endpoint Security Technologies, Topic 3.2.3: Application Whitelisting, page 3-20.

 Cyber attribution identifies the threat actors of an attack in an investigation. Threat actors are the individuals, groups, organizations, or states that are responsible for conducting or sponsoring a cyberattack. Threat actors can have different motives, such as financial gain, espionage, sabotage, activism, or warfare. Cyber attribution can help investigators to determine the identity, location, affiliation, and motivation of the threat actors, as well as to hold them accountable and impose sanctions or legal actions. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.