Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 298

What are two differences between tampered disk images and untampered disk images? (Choose two.)

Answer options

• A. The image is tampered if the stored hash and the computed hash are identical.
• B. Tampered images are used as an element for the root cause analysis report.
• C. Untampered images can be used as law enforcement evidence.
• D. Tampered images are used in a security Investigation process.
• E. The image is untampered if the existing stored hash matches the computed one.

Correct answer: C, E

Explanation

The correct answers are C and E. Untampered images are reliable for law enforcement evidence because they maintain integrity, while E correctly states that a matching hash indicates an untampered state. Options A and B are incorrect because a matching hash suggests tampering, and tampered images are not typically used for reliable reporting in root cause analysis.