Exam 200-201 topic 1 question 254 discussion

Actual exam question from Cisco's 200-201

Question #: 254
Topic #: 1

[All 200-201 Questions]

What are two differences between tampered disk images and untampered disk images? (Choose two.)

A. The image is tampered if the stored hash and the computed hash are identical.
B. Tampered images are used as an element for the root cause analysis report.
C. Untampered images can be used as law enforcement evidence.
D. Tampered images are used in a security Investigation process.
E. The image is untampered if the existing stored hash matches the computed one.

Show Suggested Answer

Suggested Answer: CE 🗳️

by moali012 at Sept. 27, 2022, 9:46 p.m.

Comments

Submit Cancel

MaliDong

Highly Voted 1 year, 7 months ago

Selected Answer: CE

C and E should be the correct answers.

upvoted 6 times

...

SecurityGuy

Most Recent 9 months, 2 weeks ago

Selected Answer: CE

Same question with Q106. Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide by Omar Santos P570 - You do not use Tampered images in an investigation. They would be useless in Court. We preserve the evidence. - Evidence in cybersecurity investigations that go to court is used to prove (or disprove) facts that are in dispute, as well as to prove the credibility of disputed facts (in particular, circumstantial evidence or indirect evidence). - Digital forensics evidence provides implications and extrapolations that may assist in proving some key fact of the case. - Such evidence helps legal teams and the court develop reliable hypotheses or theories as to the committer of the crime (threat actor). - The reliability of the evidence is vital to supporting or refuting any hypothesis put forward, including the attribution of threat actors.

upvoted 2 times

...