CyberOps Associate Security Policies and Procedures Questions

Correct Answer: Cisco AMP Threat Grid
Explanation: AMP Threat Grid analyzes files in a sandbox to detect malicious behavior.

Correct Answer: Whitelist known good activity
Explanation: Whitelisting trusted behavior reduces false positives without ignoring potential real threats.

Correct Answer: Network-based evidence
Explanation: Router configs and firewall logs fall into the category of network-based evidence.

Correct Answer: Proactively searching for undetected threats
Explanation: Threat hunting involves analysts actively looking for signs of compromise not yet detected by automated tools.

Correct Answer: Delivery
Explanation: Delivery is the step where the attacker transmits the weapon to the victim, such as via phishing.

Correct Answer: Authentication logs
Explanation: Authentication logs show failed and successful login attempts, which reveal brute-force attacks.

Correct Answer: Trojan horse
Explanation: A Trojan pretends to be valid software to trick users into installing it, then executes malicious code.

Correct Answer: TLS
Explanation: Syslog over TLS (RFC 5425) ensures messages are both encrypted and authenticated.

Correct Answer: SSL Decryption Proxy
Explanation: SSL decryption proxies terminate TLS, inspect traffic, and then re-encrypt before forwarding.

Correct Answer: Monitors alerts and escalates suspicious events
Explanation: Tier 1 analysts handle initial alert triage and escalate findings if deeper investigation is required.