March Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Questions and Answers

Questions 4

Refer to the exhibit.

200-201 Question 4

An attacker scanned the server using Nmap.

What did the attacker obtain from this scan?

Options:

A.

Identified a firewall device preventing the port state from being returned

B.

Identified open SMB ports on the server

C.

Gathered information on processes running on the server

D.

Gathered a list of Active Directory users.

Buy Now
Questions 5

Refer to the exhibit.

200-201 Question 5

Which field contains DNS header information if the payload is a query or a response?

Options:

A.

Z

B.

ID

C.

TC

D.

QR

Buy Now
Questions 6

During which phase of the forensic process are tools and techniques used to extract information from the collected data?

Options:

A.

investigation

B.

examination

C.

reporting

D.

collection

Buy Now
Questions 7

A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

Options:

A.

installation

B.

reconnaissance

C.

weaponization

D.

delivery

Buy Now
Questions 8

Refer to the exhibit.

200-201 Question 8

What is occurring in this network traffic?

Options:

A.

High rate of SYN packets being sent from a multiple source towards a single destination IP.

B.

High rate of ACK packets being sent from a single source IP towards multiple destination IPs.

C.

Flood of ACK packets coming from a single source IP to multiple destination IPs.

D.

Flood of SYN packets coming from a single source IP to a single destination IP.

Buy Now
Questions 9

What does cyber attribution identify in an investigation?

Options:

A.

cause of an attack

B.

exploit of an attack

C.

vulnerabilities exploited

D.

threat actors of an attack

Buy Now
Questions 10

Drag and drop the security concept on the left onto the example of that concept on the right.

200-201 Question 10

Options:

Buy Now
Questions 11

What is the difference between vulnerability and risk?

Options:

A.

A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.

B.

A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself

C.

A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.

D.

A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit

Buy Now
Questions 12

Which security technology allows only a set of pre-approved applications to run on a system?

Options:

A.

application-level blacklisting

B.

host-based IPS

C.

application-level whitelisting

D.

antivirus

Buy Now
Questions 13

Refer to the exhibit.

200-201 Question 13

What is occurring in this network?

Options:

A.

ARP cache poisoning

B.

DNS cache poisoning

C.

MAC address table overflow

D.

MAC flooding attack

Buy Now
Questions 14

Which data type is necessary to get information about source/destination ports?

Options:

A.

statistical data

B.

session data

C.

connectivity data

D.

alert data

Buy Now
Questions 15

Refer to the exhibit.

200-201 Question 15

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

Options:

A.

The file has an embedded executable and was matched by PEiD threat signatures for further analysis.

B.

The file has an embedded non-Windows executable but no suspicious features are identified.

C.

The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.

D.

The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

Buy Now
Questions 16

After a large influx of network traffic to externally facing devices, a security engineer begins investigating what appears to be a denial of service attack When the packet capture data is reviewed, the engineer notices that the traffic is a single SYN packet to each port Which type of attack is occurring?

Options:

A.

traffic fragmentation

B.

port scanning

C.

host profiling

D.

SYN flood

Buy Now
Questions 17

Which regex matches only on all lowercase letters?

Options:

A.

[a−z]+

B.

[^a−z]+

C.

a−z+

D.

a*z+

Buy Now
Questions 18

Which two elements of the incident response process are stated in NIST SP 800-61 r2? (Choose two.)

Options:

A.

detection and analysis

B.

post-incident activity

C.

vulnerability scoring

D.

vulnerability management

E.

risk assessment

Buy Now
Questions 19

Which process is used when IPS events are removed to improve data integrity?

Options:

A.

data availability

B.

data normalization

C.

data signature

D.

data protection

Buy Now
Questions 20

What is the principle of defense-in-depth?

Options:

A.

Agentless and agent-based protection for security are used.

B.

Several distinct protective layers are involved.

C.

Access control models are involved.

D.

Authentication, authorization, and accounting mechanisms are used.

Buy Now
Questions 21

What is rule-based detection when compared to statistical detection?

Options:

A.

proof of a user's identity

B.

proof of a user's action

C.

likelihood of user's action

D.

falsification of a user's identity

Buy Now
Questions 22

Which vulnerability type is used to read, write, or erase information from a database?

Options:

A.

cross-site scripting

B.

cross-site request forgery

C.

buffer overflow

D.

SQL injection

Buy Now
Questions 23

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

Options:

A.

The threat actor used a dictionary-based password attack to obtain credentials.

B.

The threat actor gained access to the system by known credentials.

C.

The threat actor used the teardrop technique to confuse and crash login services.

D.

The threat actor used an unknown vulnerability of the operating system that went undetected.

Buy Now
Questions 24

Refer to the exhibit.

200-201 Question 24

Which type of attack is being executed?

Options:

A.

SQL injection

B.

cross-site scripting

C.

cross-site request forgery

D.

command injection

Buy Now
Questions 25

Which attack represents the evasion technique of resource exhaustion?

Options:

A.

SQL injection

B.

man-in-the-middle

C.

bluesnarfing

D.

denial-of-service

Buy Now
Questions 26

200-201 Question 26

Refer to the exhibit. An attacker scanned the server using Nmap. What did the attacker obtain from this scan?

Options:

A.

Identified a firewall device preventing the pert state from being returned.

B.

Identified open SMB ports on the server

C.

Gathered information on processes running on the server

D.

Gathered a list of Active Directory users

Buy Now
Questions 27

Refer to the exhibit.

200-201 Question 27

Which type of log is displayed?

Options:

A.

proxy

B.

NetFlow

C.

IDS

D.

sys

Buy Now
Questions 28

What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

Options:

A.

Tapping interrogation replicates signals to a separate port for analyzing traffic

B.

Tapping interrogations detect and block malicious traffic

C.

Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

D.

Inline interrogation detects malicious traffic but does not block the traffic

Buy Now
Questions 29

Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

Options:

A.

Hypertext Transfer Protocol

B.

SSL Certificate

C.

Tunneling

D.

VPN

Buy Now
Questions 30

Which two components reduce the attack surface on an endpoint? (Choose two.)

Options:

A.

secure boot

B.

load balancing

C.

increased audit log levels

D.

restricting USB ports

E.

full packet captures at the endpoint

Buy Now
Questions 31

Refer to the exhibit.

200-201 Question 31

Which event is occurring?

Options:

A.

A binary named "submit" is running on VM cuckoo1.

B.

A binary is being submitted to run on VM cuckoo1

C.

A binary on VM cuckoo1 is being submitted for evaluation

D.

A URL is being evaluated to see if it has a malicious binary

Buy Now
Questions 32

Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?

Options:

A.

evidence collection order

B.

data integrity

C.

data preservation

D.

volatile data collection

Buy Now
Questions 33

What is the impact of false positive alerts on business compared to true positive?

Options:

A.

True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.

B.

True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks Identified as harmless.

C.

False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.

D.

False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.

Buy Now
Questions 34

Refer to the exhibit.

200-201 Question 34

An engineer received a ticket about a slowed-down web application. The engineer runs the #netstat -an command. How must the engineer interpret the results?

Options:

A.

The web application is receiving a common, legitimate traffic

B.

The engineer must gather more data.

C.

The web application server is under a denial-of-service attack.

D.

The server is under a man-in-the-middle attack between the web application and its database

Buy Now
Questions 35

Refer to the exhibit.

200-201 Question 35

Which tool was used to generate this data?

Options:

A.

NetFlow

B.

dnstools

C.

firewall

D.

tcpdump

Buy Now
Questions 36

Refer to the exhibit.

200-201 Question 36

Which technology produced the log?

Options:

A.

antivirus

B.

IPS/IDS

C.

proxy

D.

firewall

Buy Now
Questions 37

How does an attacker observe network traffic exchanged between two users?

Options:

A.

port scanning

B.

man-in-the-middle

C.

command injection

D.

denial of service

Buy Now
Questions 38

An engineer received an alert affecting the degraded performance of a critical server Analysis showed a heavy CPU and memory load What is the next step the engineer should take to investigate this resource usage7

Options:

A.

Run "ps -ef to understand which processes are taking a high amount of resources

B.

Run "ps -u" to find out who executed additional processes that caused a high load on a server

C.

Run "ps -m" to capture the existing state of daemons and map the required processes to find the gap

D.

Run "ps -d" to decrease the priority state of high-load processes to avoid resource exhaustion

Buy Now
Questions 39

In a SOC environment, what is a vulnerability management metric?

Options:

A.

code signing enforcement

B.

full assets scan

C.

internet exposed devices

D.

single factor authentication

Buy Now
Questions 40

An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?

Options:

A.

incorrect TCP handshake

B.

incorrect UDP handshake

C.

incorrect OSI configuration

D.

incorrect snaplen configuration

Buy Now
Questions 41

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

Options:

A.

encapsulation

B.

TOR

C.

tunneling

D.

NAT

Buy Now
Questions 42

What is a difference between tampered and untampered disk images?

Options:

A.

Tampered images have the same stored and computed hash.

B.

Untampered images are deliberately altered to preserve as evidence.

C.

Tampered images are used as evidence.

D.

Untampered images are used for forensic investigations.

Buy Now
Questions 43

Which technology prevents end-device to end-device IP traceability?

Options:

A.

encryption

B.

load balancing

C.

NAT/PAT

D.

tunneling

Buy Now
Questions 44

Which evasion method involves performing actions slower than normal to prevent detection?

Options:

A.

timing attack

B.

traffic fragmentation

C.

resource exhaustion

D.

tunneling

Buy Now
Questions 45

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

Options:

A.

sequence numbers

B.

IP identifier

C.

5-tuple

D.

timestamps

Buy Now
Questions 46

An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap. Which command will accomplish this goal?

Options:

A.

nmap --top-ports 192.168.1.0/24

B.

nmap –sP 192.168.1.0/24

C.

nmap -sL 192.168.1.0/24

D.

nmap -sV 192.168.1.0/24

Buy Now
Questions 47

Refer to the exhibit.

200-201 Question 47

What should be interpreted from this packet capture?

Options:

A.

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

B.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

C.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

D.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Buy Now
Questions 48

A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)

Options:

A.

Isolate affected endpoints and take disk images for analysis

B.

Provide security awareness training to HR managers and employees

C.

Block connection to this C&C server on the perimeter next-generation firewall

D.

Update antivirus signature databases on affected endpoints to block connections to C&C

E.

Detect the attack vector and analyze C&C connections

Buy Now
Questions 49

An engineer received an alert affecting the degraded performance of a critical server Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

Options:

A.

Run "ps -ef to understand which processes are taking a high amount of resources

B.

Run "ps -u" to find out who executed additional processes that caused a high load on a server

C.

Run "ps -m" to capture the existing state of daemons and map the required processes to find the gap

D.

Run "ps -d" to decrease the priority state of high-load processes to avoid resource exhaustion

Buy Now
Questions 50

Why is HTTPS traffic difficult to screen?

Options:

A.

HTTPS is used internally and screening traffic (or external parties is hard due to isolation.

B.

The communication is encrypted and the data in transit is secured.

C.

Digital certificates secure the session, and the data is sent at random intervals.

D.

Traffic is tunneled to a specific destination and is inaccessible to others except for the receiver.

Buy Now
Questions 51

Which signature impacts network traffic by causing legitimate traffic to be blocked?

Options:

A.

false negative

B.

true positive

C.

true negative

D.

false positive

Buy Now
Questions 52

What is the difference between deep packet inspection and stateful inspection?

Options:

A.

Stateful inspection verifies contents at Layer 4. and deep packet inspection verifies connection at Layer 7.

B.

Stateful inspection is more secure than deep packet inspection on Layer 7.

C.

Deep packet inspection is more secure than stateful inspection on Layer 4.

D.

Deep packet inspection allows visibility on Layer 7, and stateful inspection allows visibility on Layer 4.

Buy Now
Questions 53

Which piece of information is needed for attribution in an investigation?

Options:

A.

proxy logs showing the source RFC 1918 IP addresses

B.

RDP allowed from the Internet

C.

known threat actor behavior

D.

802.1x RADIUS authentication pass arid fail logs

Buy Now
Questions 54

Refer to the exhibit.

200-201 Question 54

An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret from the report?

Options:

A.

The file will appear legitimate by evading signature-based detection.

B.

The file will not execute its behavior in a sandbox environment to avoid detection.

C.

The file will insert itself into an application and execute when the application is run.

D.

The file will monitor user activity and send the information to an outside source.

Buy Now
Questions 55

200-201 Question 55

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options:

A.

Win32.polip.a.exe is an executable file and should be flagged as malicious.

B.

The file is clean and does not represent a risk.

C.

Cuckoo cleaned the malicious file and prepared it for usage.

D.

MD5 of the file was not identified as malicious.

Buy Now
Questions 56

Refer to the exhibit.

200-201 Question 56

An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

Options:

A.

indirect

B.

circumstantial

C.

corroborative

D.

best

Buy Now
Questions 57

What ate two categories of DDoS attacks? (Choose two.)

Options:

A.

split brain

B.

scanning

C.

phishing

D.

reflected

E.

direct

Buy Now
Questions 58

What is personally identifiable information that must be safeguarded from unauthorized access?

Options:

A.

date of birth

B.

driver's license number

C.

gender

D.

zip code

Buy Now
Questions 59

A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

Options:

A.

event name, log source, time, source IP, and host name

B.

protocol, source IP, source port, destination IP, and destination port

C.

event name, log source, time, source IP, and username

D.

protocol, log source, source IP, destination IP, and host name

Buy Now
Questions 60

When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

Options:

A.

fragmentation

B.

pivoting

C.

encryption

D.

stenography

Buy Now
Questions 61

An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

200-201 Question 61

Which obfuscation technique is the attacker using?

Options:

A.

Base64 encoding

B.

TLS encryption

C.

SHA-256 hashing

D.

ROT13 encryption

Buy Now
Questions 62

What is the difference between a threat and a risk?

Options:

A.

Threat represents a potential danger that could take advantage of a weakness in a system

B.

Risk represents the known and identified loss or danger in the system

C.

Risk represents the nonintentional interaction with uncertainty in the system

D.

Threat represents a state of being exposed to an attack or a compromise, either physically or logically.

Buy Now
Questions 63

How does a certificate authority impact security?

Options:

A.

It validates client identity when communicating with the server.

B.

It authenticates client identity when requesting an SSL certificate.

C.

It authenticates domain identity when requesting an SSL certificate.

D.

It validates the domain identity of the SSL certificate.

Buy Now
Questions 64

Which are two denial-of-service attacks? (Choose two.)

Options:

A.

TCP connections

B.

ping of death

C.

man-in-the-middle

D.

code-red

E.

UDP flooding

Buy Now
Questions 65

Refer to the exhibit.

200-201 Question 65

A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?

Options:

A.

employee 5

B.

employee 3

C.

employee 4

D.

employee 2

Buy Now
Questions 66

Which action matches the weaponization step of the Cyber Kill Chain model?

Options:

A.

Scan a host to find open ports and vulnerabilities

B.

Construct the appropriate malware and deliver it to the victim.

C.

Test and construct the appropriate malware to launch the attack

D.

Research data on a specific vulnerability

Buy Now
Questions 67

Which tool gives the ability to see session data in real time?

Options:

A.

tcpdstat

B.

trafdump

C.

tcptrace

D.

trafshow

Buy Now
Questions 68

Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

Options:

A.

CSIRT

B.

PSIRT

C.

public affairs

D.

management

Buy Now
Questions 69

What is a difference between an inline and a tap mode traffic monitoring?

Options:

A.

Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.

B.

Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

C.

Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.

D.

Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

Buy Now
Questions 70

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

Options:

A.

detection and analysis

B.

post-incident activity

C.

vulnerability management

D.

risk assessment

E.

vulnerability scoring

Buy Now
Questions 71

Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

Options:

A.

integrity

B.

confidentiality

C.

availability

D.

scope

Buy Now
Questions 72

Which HTTP header field is used in forensics to identify the type of browser used?

Options:

A.

referrer

B.

host

C.

user-agent

D.

accept-language

Buy Now
Questions 73

Refer to the exhibit.

200-201 Question 73

Which type of log is displayed?

Options:

A.

IDS

B.

proxy

C.

NetFlow

D.

sys

Buy Now
Questions 74

Which statement describes patch management?

Options:

A.

scanning servers and workstations for missing patches and vulnerabilities

B.

managing and keeping previous patches lists documented for audit purposes

C.

process of appropriate distribution of system or software updates

D.

workflow of distributing mitigations of newly found vulnerabilities

Buy Now
Questions 75

An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

Options:

A.

queries Linux devices that have Microsoft Services for Linux installed

B.

deploys Windows Operating Systems in an automated fashion

C.

is an efficient tool for working with Active Directory

D.

has a Common Information Model, which describes installed hardware and software

Buy Now
Questions 76

Refer to the exhibit.

200-201 Question 76

What is depicted in the exhibit?

Options:

A.

Windows Event logs

B.

Apache logs

C.

IIS logs

D.

UNIX-based syslog

Buy Now
Questions 77

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Options:

A.

Untampered images are used in the security investigation process

B.

Tampered images are used in the security investigation process

C.

The image is tampered if the stored hash and the computed hash match

D.

Tampered images are used in the incident recovery process

E.

The image is untampered if the stored hash and the computed hash match

Buy Now
Questions 78

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

Options:

A.

confidentiality, identity, and authorization

B.

confidentiality, integrity, and authorization

C.

confidentiality, identity, and availability

D.

confidentiality, integrity, and availability

Buy Now
Questions 79

What is the function of a command and control server?

Options:

A.

It enumerates open ports on a network device

B.

It drops secondary payload into malware

C.

It is used to regain control of the network after a compromise

D.

It sends instruction to a compromised system

Buy Now
Questions 80

Which incidence response step includes identifying all hosts affected by an attack?

Options:

A.

detection and analysis

B.

post-incident activity

C.

preparation

D.

containment, eradication, and recovery

Buy Now
Questions 81

What describes the impact of false-positive alerts compared to false-negative alerts?

Options:

A.

A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised

B.

A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring

C.

A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.

D.

A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Buy Now
Questions 82

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

Options:

A.

weaponization

B.

delivery

C.

exploitation

D.

reconnaissance

Buy Now
Questions 83

Which type of evidence supports a theory or an assumption that results from initial evidence?

Options:

A.

probabilistic

B.

indirect

C.

best

D.

corroborative

Buy Now
Questions 84

An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

Options:

A.

The computer has a HIPS installed on it.

B.

The computer has a NIPS installed on it.

C.

The computer has a HIDS installed on it.

D.

The computer has a NIDS installed on it.

Buy Now
Questions 85

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Options:

A.

reconnaissance

B.

delivery

C.

action on objectives

D.

weaponization

Buy Now
Questions 86

What is the communication channel established from a compromised machine back to the attacker?

Options:

A.

man-in-the-middle

B.

IDS evasion

C.

command and control

D.

port scanning

Buy Now
Questions 87

An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

Options:

A.

Recover from the threat.

B.

Analyze the threat.

C.

Identify lessons learned from the threat.

D.

Reduce the probability of similar threats.

Buy Now
Questions 88

An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

Options:

A.

social engineering

B.

eavesdropping

C.

piggybacking

D.

tailgating

Buy Now
Questions 89

Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)

Options:

A.

UDP port to which the traffic is destined

B.

TCP port from which the traffic was sourced

C.

source IP address of the packet

D.

destination IP address of the packet

E.

UDP port from which the traffic is sourced

Buy Now
Questions 90

What is an advantage of symmetric over asymmetric encryption?

Options:

A.

A key is generated on demand according to data type.

B.

A one-time encryption key is generated for data transmission

C.

It is suited for transmitting large amounts of data.

D.

It is a faster encryption mechanism for sessions

Buy Now
Questions 91

What is the difference between the rule-based detection when compared to behavioral detection?

Options:

A.

Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.

B.

Rule-Based systems have established patterns that do not change with new data, while behavioral changes.

C.

Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.

D.

Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.

Buy Now
Questions 92

An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?

Options:

A.

File: Clean

B.

^Parent File Clean$

C.

File: Clean (.*)

D.

^File: Clean$

Buy Now
Questions 93

Exhibit.

200-201 Question 93

An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?

Options:

A.

10.0.0.2 sends GET/ HTTP/1.1 And Post request and the target responds with HTTP/1.1. 200 OC and HTTP/1.1 403 accordingly. This is an HTTP flood attempt.

B.

10.0.0.2 sends HTTP FORBIDDEN /1.1 And Post request, while the target responds with HTTP/1.1 200 Get and HTTP/1.1 403. This is an HTTP GET flood attack.

C.

10.128.0.2 sends POST/1.1 And POST requests, and the target responds with HTTP/1.1 200 Ok and HTTP/1.1 403 accordingly. This is an HTTP Reserve Bandwidth flood.

D.

10.128.0.2 sends HTTP/FORBIDDEN/ 1.1 and Get requests, and the target responds with HTTP/1.1 200 OK and HTTP/1.1 403. This is an HTTP cache bypass attack.

Buy Now
Exam Code: 200-201
Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Last Update: Mar 23, 2024
Questions: 311

PDF + Testing Engine

$82.25  $234.99

Testing Engine

$63  $179.99
buy now 200-201 testing engine

PDF (Q&A)

$55.65  $158.99
buy now 200-201 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 29 Mar 2024