Cisco Exam 200-201 Topic 2 Question 98 Discussion

Actual exam question for Cisco's 200-201 exam

Question #: 98
Topic #: 2

[All 200-201 Questions]

Which statement describes indicators of attack?

Ainternal hosts communicate with countries outside of the business range.

BPhishing attempts on an organization are blocked by mall AV.

CCritical patches are missing.

DA malicious file is detected by the AV software.

Show Suggested Answer

Suggested Answer: A

Indicators of Attack (IoA) refer to observable behaviors or artifacts that suggest a security breach or ongoing attack.

When internal hosts communicate with countries outside the business range, it may indicate data exfiltration or command-and-control communication to an external threat actor.

Unlike Indicators of Compromise (IoC) which indicate that a system has already been compromised, IoAs are often used to identify malicious activity in its early stages.

Monitoring for unusual outbound connections is a crucial aspect of detecting advanced persistent threats (APTs) and other sophisticated attacks.

Difference Between Indicators of Compromise and Indicators of Attack

Cyber Threat Detection Using Indicators of Attack

Network Monitoring for Anomalous Behavior

by Tanja at Sep 14, 2024, 05:51 AM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jina

6 days ago

But what about option C) Critical patches are missing? That could also be a sign of an attack, right?

upvoted 0 times

...

Toshia

13 days ago

Hmm, I'm not sure. I think option A might be the way to go - internal hosts communicating with countries outside the business range seems like a red flag to me.

upvoted 0 times