Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 179

What is the difference between indicator of attack (IoA) and indicators of compromise (IoC)?

Answer options

• A. IoA refers to the individual responsible for the security breach, and IoC refers to the resulting loss.
• B. IoA is the evidence that a security breach has occurred, and IoC allows organizations to act before the vulnerability can be exploited.
• C. IoC refers to the individual responsible for the security breach, and IoA refers to the resulting loss.
• D. IoC is the evidence that a security breach has occurred, and IoA allows organizations to act before the vulnerability can be exploited.

Correct answer: D

Explanation

The correct answer is D because it accurately describes IoC as evidence of a security breach and IoA as a means for organizations to respond before a vulnerability is exploited. Options A and C incorrectly define the roles of IoA and IoC, assigning them to individuals and losses instead of their actual functions. Option B incorrectly swaps the definitions of IoA and IoC.