Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 252

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Answer options

• A. Tampered images are used in the security investigation process.
• B. Tampered images are used in the incident recovery process.
• C. The image is tampered if the stored hash and the computed hash match.
• D. Untampered images are used in the security investigation process.
• E. The image is untampered if the stored hash and the computed hash match.

Correct answer: D, E

Explanation

Untampered images are crucial in security investigations as they provide a reliable baseline for analysis, which is why option D is correct. Option E is also correct because an untampered image retains integrity, indicated by matching hashes. In contrast, tampered images compromise the integrity and reliability needed for both investigation and recovery, making options A and B incorrect.