Exam 200-201 topic 1 question 172 discussion

NIST, defines the assets used in the role of attribution in a cybersecurity investigation as elements that can help identify the threat actor and understand the background circumstances of the incident. According to NIST, these assets include: Context: This refers to the background information surrounding the incident, such as the time and date of the attack, the type of target, the method of attack, and any other relevant details that can provide insight into the identity of the attacker. Threat actor: This refers to the individual or group responsible for carrying out the attack. Identifying the threat actor is an essential part of attribution and can help determine the motive behind the attack and the level of sophistication of the attacker.

c and d

Correct Answers: D and E D. Firewall Logs Firewall logs contain valuable data about traffic patterns, IP addresses, ports, and protocols used. These logs can help trace malicious activity back to its origin, making them an essential asset in attribution. E. Threat Actor Understanding the threat actor—their tactics, techniques, and procedures (TTPs)—is key to attributing an attack to a specific group or individual. This element connects evidence to known attacker profiles, aiding in attribution

1.8 Describe the role of attribution (“action of bestowing or assigning”) in an investigation. (Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit). This a nice read on the problem of attribution. a. Assets: In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities. b. Threat actor: Responsible for the cyberattack. https://vwannabe.com/2018/01/02/ccna-cyber-ops-secops-1-0/

A and E

keyword.... assets CD

I would answer AE, as the question asks for methods to identify the attacker. You would need the context of the attack, methods used, motivation and so on to get a clue if the attacker is motivated by money, political background or other etc... And Threat actor as this helps narrow down the surface of possible attackers

The correct answer is CD. Role of Attribution in an investigation: Assets, Threat Actor, IOC, Indicator of Attack and Chain of Custody.

Correct ANS= C, D

This is from Google: Assets used in the role of attribution in a cybersecurity investigation as elements that can help identify the threat actor and understand the background circumstances of the incident. which makes me think that A and E are correct.

C & D are the correct answers. asset ==> is anything that has value to an organization. laptop and firewall logs consider an assets in an organization.

C and D

correct answer : C & E

I think C,D should be correct: An asset is any data, device or other component of an organisation’s systems that is valuable – often because it contains sensitive data or can be used to access such information. For example, an employee’s desktop computer, laptop or company phone would be considered an asset, as would applications on those devices. Likewise, critical infrastructure, such as servers and support systems, are assets. An organisation’s most common assets are information assets. These are things such as databases and physical files – i.e. the sensitive data that you store.

I believe that only C may be correct. I understand that the question asks for the definition of "Asset" in the context of attribution in an investigation. The following are some factors that are used during attribution in an investigation: Assets, Threat actor, Indicators of Compromise (IoCs), Indicators of Attack (IoAs), Chain of custody Asset: This factor identifies which assets were compromised by a threat actor or hacker. An example of an asset can be an organization's domain controller (DC) that runs Active Directory Domain Services (AD DS). AD is a service that allows an administrator to manage user accounts, user groups, and policies across a Microsoft Windows environment. Keep in mind that an asset is anything that has value to an organization; it can be something physical, digital, or even people. Cisco Certified CyberOps Associate 200-201 Certification Guide By Glen D. Singh