Changed 200-201 Exam Questions

Ransomware is a form of malicious software designed to encrypt a victim’s data and deny access until a ransom is paid. Once executed, ransomware typically encrypts files using strong cryptographic algorithms and displays a ransom note demanding payment, often in cryptocurrency, in exchange for a decryption key.

Unlike spyware, which focuses on data theft, ransomware primarily targets availability and integrity by rendering data unusable. Modern ransomware variants may also exfiltrate data before encryption to apply additional pressure on victims through extortion.

Option A describes command-and-control mechanisms, not ransomware. Option B refers to data-stealing malware such as spyware or trojans. Option D describes a storage issue, not a cyberattack.

Cybersecurity operations fundamentals identify ransomware as one of the most impactful attack types due to its ability to disrupt business operations, cause financial loss, and damage organizational reputation.

Therefore, the correct definition of a ransomware attack is that it encrypts a victim’s data and prevents access, making Option C correct.

When a system is overwhelmed with alerts, designing criteria for reviewing alerts can help prioritize and manage them more effectively. This approach allows for a structured review process that can distinguish between false positives, false negatives, and legitimate alerts, reducing the overall number of alerts that require attention3.

References := The strategy of designing criteria for reviewing alerts is recommended in cybersecurity best practices to manage alert fatigue and improve the efficiency of security operations3.