Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Questions and Answers

Questions 4

Which HTTP header field is used in forensics to identify the type of browser used?

Options:

A.

referrer

B.

host

C.

user-agent

D.

accept-language

Buy Now
Questions 5

Refer to the exhibit.

Which type of log is displayed?

Options:

A.

IDS

B.

proxy

C.

NetFlow

D.

sys

Buy Now
Questions 6

What is the impact of false positive alerts on business compared to true positive?

Options:

A.

True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.

B.

True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks Identified as harmless.

C.

False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.

D.

False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.

Buy Now
Questions 7

Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

Options:

A.

syslog messages

B.

full packet capture

C.

NetFlow

D.

firewall event logs

Buy Now
Questions 8

Refer to the exhibit.

200-201 Question 8

An engineer is analyzing a PCAP file after a recent breach An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access How did the attacker gain access?

Options:

A.

by using the buffer overflow in the URL catcher feature for SSH

B.

by using an SSH Tectia Server vulnerability to enable host-based authentication

C.

by using an SSH vulnerability to silently redirect connections to the local host

D.

by using brute force on the SSH service to gain access

Buy Now
Questions 9

What are two denial-of-service (DoS) attacks? (Choose two)

Options:

A.

port scan

B.

SYN flood

C.

man-in-the-middle

D.

phishing

E.

teardrop

Buy Now
Questions 10

Refer to the exhibit.

Which application protocol is in this PCAP file?

Options:

A.

SSH

B.

TCP

C.

TLS

D.

HTTP

Buy Now
Questions 11

What is the difference between deep packet inspection and stateful inspection?

Options:

A.

Stateful inspection verifies contents at Layer 4. and deep packet inspection verifies connection at Layer 7.

B.

Stateful inspection is more secure than deep packet inspection on Layer 7.

C.

Deep packet inspection is more secure than stateful inspection on Layer 4.

D.

Deep packet inspection allows visibility on Layer 7, and stateful inspection allows visibility on Layer 4.

Buy Now
Questions 12

Refer to the exhibit.

Which kind of attack method is depicted in this string?

Options:

A.

cross-site scripting

B.

man-in-the-middle

C.

SQL injection

D.

denial of service

Buy Now
Questions 13

Which items is an end-point application greylist used?

Options:

A.

Items that have been established as malicious

B.

Items that have been established as authorized

C.

Items that have been installed with a baseline

D.

Items before being established as harmful or malicious

Buy Now
Questions 14

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

Options:

A.

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

B.

MAC is the strictest of all levels of control and DAC is object-based access

C.

DAC is controlled by the operating system and MAC is controlled by an administrator

D.

DAC is the strictest of all levels of control and MAC is object-based access

Buy Now
Questions 15

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Options:

A.

reconnaissance

B.

delivery

C.

action on objectives

D.

weaponization

Buy Now
Questions 16

Drag and drop the elements from the left into the correct order for incident handling on the right.

Options:

Buy Now
Questions 17

A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?

Options:

A.

the intellectual property that was stolen

B.

the defense contractor who stored the intellectual property

C.

the method used to conduct the attack

D.

the foreign government that conducted the attack

Buy Now
Questions 18

Refer to the exhibit.

Which technology produced the log?

Options:

A.

antivirus

B.

IPS/IDS

C.

proxy

D.

firewall

Buy Now
Questions 19

Refer to the exhibit.

200-201 Question 19

An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

Options:

A.

indirect

B.

circumstantial

C.

corroborative

D.

best

Buy Now
Questions 20

What is sliding window anomaly detection?

Options:

A.

Detect changes in operations and management processes.

B.

Identify uncommon patterns that do not fit usual behavior.

C.

Define response times for requests for owned applications.

D.

Apply lowest privilege/permission level to software

Buy Now
Questions 21

What is a comparison between rule-based and statistical detection?

Options:

A.

Statistical is based on measured data while rule-based uses the evaluated probability approach.

B.

Rule-based Is based on assumptions and statistical uses data Known beforehand.

C.

Rule-based uses data known beforehand and statistical is based on assumptions.

D.

Statistical uses the probability approach while rule-based Is based on measured data.

Buy Now
Questions 22

Which of these describes SOC metrics in relation to security incidents?

Options:

A.

time it takes to detect the incident

B.

time it takes to assess the risks of the incident

C.

probability of outage caused by the incident

D.

probability of compromise and impact caused by the incident

Buy Now
Questions 23

What is the difference between indicator of attack (loA) and indicators of compromise (loC)?

Options:

A.

loA is the evidence that a security breach has occurred, and loC allows organizations to act before the vulnerability can be exploited.

B.

loA refers to the individual responsible for the security breach, and loC refers to the resulting loss.

C.

loC is the evidence that a security breach has occurred, and loA allows organizations to act before the vulnerability can be exploited.

D.

loC refers to the individual responsible for the security breach, and loA refers to the resulting loss.

Buy Now
Questions 24

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

Options:

A.

weaponization

B.

delivery

C.

exploitation

D.

reconnaissance

Buy Now
Questions 25

Drag and drop the data source from the left onto the data type on the right.

Options:

Buy Now
Questions 26

What is a difference between tampered and untampered disk images?

Options:

A.

Tampered images have the same stored and computed hash.

B.

Tampered images are used as evidence.

C.

Untampered images are used for forensic investigations.

D.

Untampered images are deliberately altered to preserve as evidence

Buy Now
Questions 27

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

Options:

A.

decision making

B.

rapid response

C.

data mining

D.

due diligence

Buy Now
Questions 28

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

Options:

A.

resource exhaustion

B.

tunneling

C.

traffic fragmentation

D.

timing attack

Buy Now
Questions 29

What makes HTTPS traffic difficult to monitor?

Options:

A.

SSL interception

B.

packet header size

C.

signature detection time

D.

encryption

Buy Now
Questions 30

Which tool provides a full packet capture from network traffic?

Options:

A.

Nagios

B.

CAINE

C.

Hydra

D.

Wireshark

Buy Now
Questions 31

Which type of attack is a blank email with the subject "price deduction" that contains a malicious attachment?

Options:

A.

man-in-the-middle attack

B.

smishing

C.

phishing attack

D.

integrity violation

Buy Now
Questions 32

What is a benefit of agent-based protection when compared to agentless protection?

Options:

A.

It lowers maintenance costs

B.

It provides a centralized platform

C.

It collects and detects all traffic locally

D.

It manages numerous devices simultaneously

Buy Now
Questions 33

Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?

Options:

A.

evidence collection order

B.

data integrity

C.

data preservation

D.

volatile data collection

Buy Now
Questions 34

Refer to the exhibit.

What is occurring within the exhibit?

Options:

A.

regular GET requests

B.

XML External Entities attack

C.

insecure deserialization

D.

cross-site scripting attack

Buy Now
Questions 35

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

200-201 Question 35

Options:

Buy Now
Questions 36

An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

Options:

A.

Recover from the threat.

B.

Analyze the threat.

C.

Identify lessons learned from the threat.

D.

Reduce the probability of similar threats.

Buy Now
Questions 37

Which action matches the weaponization step of the Cyber Kill Chain Model?

Options:

A.

Develop a specific malware to exploit a vulnerable server, i

B.

Match a known script to a vulnerability.

C.

Construct a trojan and deliver l! to the victim.

D.

Scan open services and ports on a server.

Buy Now
Questions 38

An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

Options:

A.

The computer has a HIPS installed on it.

B.

The computer has a NIPS installed on it.

C.

The computer has a HIDS installed on it.

D.

The computer has a NIDS installed on it.

Buy Now
Questions 39

Which type of attack uses a botnet to reflect requests off of an NTP server to overwhelm a target?

Options:

A.

Display

B.

Man-in-the-middle

C.

Distributed denial of service

D.

Denial of service

Buy Now
Questions 40

What is a collection of compromised machines that attackers use to carry out a DDoS attack?

Options:

A.

subnet

B.

botnet

C.

VLAN

D.

command and control

Buy Now
Questions 41

What is a scareware attack?

Options:

A.

using the spoofed email addresses to trick people into providing login credentials

B.

overwhelming a targeted website with fake traffic

C.

gaming access to your computer and encrypting data stored on it

D.

inserting malicious code that causes popup windows with flashing colors

Buy Now
Questions 42

What is rule-based detection when compared to statistical detection?

Options:

A.

proof of a user's identity

B.

proof of a user's action

C.

likelihood of user's action

D.

falsification of a user's identity

Buy Now
Questions 43

Refer to the exhibit.

Which event is occurring?

Options:

A.

A binary named "submit" is running on VM cuckoo1.

B.

A binary is being submitted to run on VM cuckoo1

C.

A binary on VM cuckoo1 is being submitted for evaluation

D.

A URL is being evaluated to see if it has a malicious binary

Buy Now
Questions 44

Refer to the exhibit.

What should be interpreted from this packet capture?

Options:

A.

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

B.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

C.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

D.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Buy Now
Questions 45

What is the communication channel established from a compromised machine back to the attacker?

Options:

A.

man-in-the-middle

B.

IDS evasion

C.

command and control

D.

port scanning

Buy Now
Questions 46

Which security principle requires more than one person is required to perform a critical task?

Options:

A.

least privilege

B.

need to know

C.

separation of duties

D.

due diligence

Buy Now
Questions 47

Which security model assumes an attacker within and outside of the network and enforces strict verification before connecting to any system or resource within the organization?

Options:

A.

Biba

B.

Object-capability

C.

Take-Grant

D.

Zero Trust

Buy Now
Questions 48

Which information must an organization use to understand the threats currently targeting the organization?

Options:

A.

threat intelligence

B.

risk scores

C.

vendor suggestions

D.

vulnerability exposure

Buy Now
Questions 49

An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

Options:

A.

social engineering

B.

eavesdropping

C.

piggybacking

D.

tailgating

Buy Now
Questions 50

What describes the impact of false-positive alerts compared to false-negative alerts?

Options:

A.

A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised

B.

A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring

C.

A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.

D.

A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Buy Now
Questions 51

What is a benefit of using asymmetric cryptography?

Options:

A.

decrypts data with one key

B.

fast data transfer

C.

secure data transfer

D.

encrypts data with one key

Buy Now
Questions 52

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Options:

A.

reconnaissance

B.

delivery

C.

action on objectives

D.

weaponization

Buy Now
Questions 53

Which event is a vishing attack?

Options:

A.

obtaining disposed documents from an organization

B.

using a vulnerability scanner on a corporate network

C.

setting up a rogue access point near a public hotspot

D.

impersonating a tech support agent during a phone call

Buy Now
Questions 54

Which piece of information is needed for attribution in an investigation?

Options:

A.

proxy logs showing the source RFC 1918 IP addresses

B.

RDP allowed from the Internet

C.

known threat actor behavior

D.

802.1x RADIUS authentication pass arid fail logs

Buy Now
Questions 55

Refer to the exhibit.

What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

Options:

A.

insert TCP subdissectors

B.

extract a file from a packet capture

C.

disable TCP streams

D.

unfragment TCP

Buy Now
Questions 56

Exhibit.

200-201 Question 56

An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?

Options:

A.

10.0.0.2 sends GET/ HTTP/1.1 And Post request and the target responds with HTTP/1.1. 200 OC and HTTP/1.1 403 accordingly. This is an HTTP flood attempt.

B.

10.0.0.2 sends HTTP FORBIDDEN /1.1 And Post request, while the target responds with HTTP/1.1 200 Get and HTTP/1.1 403. This is an HTTP GET flood attack.

C.

10.128.0.2 sends POST/1.1 And POST requests, and the target responds with HTTP/1.1 200 Ok and HTTP/1.1 403 accordingly. This is an HTTP Reserve Bandwidth flood.

D.

10.128.0.2 sends HTTP/FORBIDDEN/ 1.1 and Get requests, and the target responds with HTTP/1.1 200 OK and HTTP/1.1 403. This is an HTTP cache bypass attack.

Buy Now
Questions 57

Refer to the exhibit.

During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?

Options:

A.

antivirus

B.

proxy

C.

IDS/IPS

D.

firewall

Buy Now
Questions 58

Which two measures are used by the defense-m-depth strategy? (Choose two)

Options:

A.

Bridge the single connection into multiple.

B.

Divide the network into parts

C.

Split packets into pieces.

D.

Reduce the load on network devices.

E.

Implement the patch management process

Buy Now
Questions 59

When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

Options:

A.

server name, trusted subordinate CA, and private key

B.

trusted subordinate CA, public key, and cipher suites

C.

trusted CA name, cipher suites, and private key

D.

server name, trusted CA, and public key

Buy Now
Questions 60

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

200-201 Question 60

Options:

Buy Now
Questions 61

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

Options:

A.

detection and analysis

B.

post-incident activity

C.

vulnerability management

D.

risk assessment

E.

vulnerability scoring

Buy Now
Questions 62

Refer to the exhibit.

What is shown in this PCAP file?

Options:

A.

Timestamps are indicated with error.

B.

The protocol is TCP.

C.

The User-Agent is Mozilla/5.0.

D.

The HTTP GET is encoded.

Buy Now
Questions 63

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

Options:

A.

encapsulation

B.

TOR

C.

tunneling

D.

NAT

Buy Now
Questions 64

According to CVSS, what is a description of the attack vector score?

Options:

A.

The metric score will be larger when it is easier to physically touch or manipulate the vulnerable component

B.

It depends on how many physical and logical manipulations are possible on a vulnerable component

C.

The metric score will be larger when a remote attack is more likely.

D.

It depends on how far away the attacker is located and the vulnerable component

Buy Now
Questions 65

Which type of data consists of connection level, application-specific records generated from network traffic?

Options:

A.

transaction data

B.

location data

C.

statistical data

D.

alert data

Buy Now
Questions 66

Which action prevents buffer overflow attacks?

Options:

A.

variable randomization

B.

using web based applications

C.

input sanitization

D.

using a Linux operating system

Buy Now
Questions 67

An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap. Which command will accomplish this goal?

Options:

A.

nmap --top-ports 192.168.1.0/24

B.

nmap –sP 192.168.1.0/24

C.

nmap -sL 192.168.1.0/24

D.

nmap -sV 192.168.1.0/24

Buy Now
Questions 68

What is a difference between SI EM and SOAR security systems?

Options:

A.

SOAR ingests numerous types of logs and event data infrastructure components and SIEM can fetch data from endpoint security software and external threat intelligence feeds

B.

SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks

C.

SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts

D.

SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data antivirus logs, firewall logs, and hashes of downloaded files

Buy Now
Questions 69

What is a description of a social engineering attack?

Options:

A.

fake offer for free music download to trick the user into providing sensitive data

B.

package deliberately sent to the wrong receiver to advertise a new product

C.

mistakenly received valuable order destined for another person and hidden on purpose

D.

email offering last-minute deals on various vacations around the world with a due date and a counter

Buy Now
Questions 70

Refer to the exhibit.

200-201 Question 70

What is the outcome of the command?

Options:

A.

TCP rule that detects TCP packets with the SYN flag in an external FTP server

B.

TCP rule that detects TCP packets with a SYN flag in the internal network

C.

TCP rule that detects TCP packets with a ACK flag in the internal network

D.

TCP rule that detects TCP packets with the ACK flag in an external FTP server

Buy Now
Questions 71

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

Options:

A.

Modify the settings of the intrusion detection system.

B.

Design criteria for reviewing alerts.

C.

Redefine signature rules.

D.

Adjust the alerts schedule.

Buy Now
Questions 72

Which security technology allows only a set of pre-approved applications to run on a system?

Options:

A.

application-level blacklisting

B.

host-based IPS

C.

application-level whitelisting

D.

antivirus

Buy Now
Questions 73

What is the principle of defense-in-depth?

Options:

A.

Agentless and agent-based protection for security are used.

B.

Several distinct protective layers are involved.

C.

Access control models are involved.

D.

Authentication, authorization, and accounting mechanisms are used.

Buy Now
Questions 74

What matches the regular expression c(rgr)+e?

Options:

A.

crgrrgre

B.

np+e

C.

c(rgr)e

D.

ce

Buy Now
Questions 75

How does agentless monitoring differ from agent-based monitoring?

Options:

A.

Agentless can access the data via API. While agent-base uses a less efficient method and accesses log data through WMI.

B.

Agent-based monitoring is less intrusive in gathering log data, while agentless requires open ports to fetch the logs

C.

Agent-based monitoring has a lower initial cost for deployment, while agentless monitoring requires resource-intensive deployment.

D.

Agent-based has a possibility to locally filter and transmit only valuable data, while agentless has much higher network utilization

Buy Now
Questions 76

Which incidence response step includes identifying all hosts affected by an attack?

Options:

A.

detection and analysis

B.

post-incident activity

C.

preparation

D.

containment, eradication, and recovery

Buy Now
Questions 77

Drag and drop the type of evidence from the left onto the description of that evidence on the right.

Options:

Buy Now
Questions 78

Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?

Options:

A.

The average time the SOC takes to register and assign the incident.

B.

The total incident escalations per week.

C.

The average time the SOC takes to detect and resolve the incident.

D.

The total incident escalations per month.

Buy Now
Questions 79

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options:

A.

Win32.polip.a.exe is an executable file and should be flagged as malicious.

B.

The file is clean and does not represent a risk.

C.

Cuckoo cleaned the malicious file and prepared it for usage.

D.

MD5 of the file was not identified as malicious.

Buy Now
Questions 80

A security engineer must investigate a recent breach within the organization. An engineer noticed that a breached workstation is trying to connect to the domain "Ranso4730-mware92-647". which is known as malicious. In which step of the Cyber Kill Chain is this event?

Options:

A.

Vaporization

B.

Delivery

C.

reconnaissance

D.

Action on objectives

Buy Now
Questions 81

What is the difference between inline traffic interrogation and traffic mirroring?

Options:

A.

Inline interrogation is less complex as traffic mirroring applies additional tags to data.

B.

Traffic mirroring copies the traffic rather than forwarding it directly to the analysis tools

C.

Inline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.

D.

Traffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.

Buy Now
Questions 82

A user received a malicious attachment but did not run it. Which category classifies the intrusion?

Options:

A.

weaponization

B.

reconnaissance

C.

installation

D.

delivery

Buy Now
Questions 83

What is the virtual address space for a Windows process?

Options:

A.

physical location of an object in memory

B.

set of pages that reside in the physical memory

C.

system-level memory protection feature built into the operating system

D.

set of virtual memory addresses that can be used

Buy Now
Questions 84

Drag and drop the security concept on the left onto the example of that concept on the right.

200-201 Question 84

Options:

Buy Now
Questions 85

Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

Options:

A.

NetScout

B.

tcpdump

C.

SolarWinds

D.

netsh

Buy Now
Questions 86

An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?

Options:

A.

Recovery

B.

Detection

C.

Eradication

D.

Analysis

Buy Now
Questions 87

What is the difference between vulnerability and risk?

Options:

A.

A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.

B.

A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself

C.

A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.

D.

A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit

Buy Now
Questions 88

Which security model assumes an attacker within and outside of the network and enforces strict verification before connecting to any system or resource within the organization?

Options:

A.

Biba

B.

Object-capability

C.

Take-Grant

D.

Zero Trust

Buy Now
Questions 89

According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim's workstations using RDP exploits Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?

Options:

A.

malware attack

B.

ransomware attack

C.

whale-phishing

D.

insider threat

Buy Now
Questions 90

A company encountered a breach on its web servers using IIS 7 5 Dunng the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1 2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters. Which action does the engineer recommend?

Options:

A.

Upgrade to TLS v1 3.

B.

Install the latest IIS version.

C.

Downgrade to TLS 1.1.

D.

Deploy an intrusion detection system

Buy Now
Questions 91

Which system monitors local system operation and local network access for violations of a security policy?

Options:

A.

host-based intrusion detection

B.

systems-based sandboxing

C.

host-based firewall

D.

antivirus

Buy Now
Questions 92

Refer to the exhibit.

What is occurring?

Options:

A.

ARP flood

B.

DNS amplification

C.

ARP poisoning

D.

DNS tunneling

Buy Now
Questions 93

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Options:

A.

Untampered images are used in the security investigation process

B.

Tampered images are used in the security investigation process

C.

The image is tampered if the stored hash and the computed hash match

D.

Tampered images are used in the incident recovery process

E.

The image is untampered if the stored hash and the computed hash match

Buy Now
Questions 94

At which layer is deep packet inspection investigated on a firewall?

Options:

A.

internet

B.

transport

C.

application

D.

data link

Buy Now
Questions 95

When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

Options:

A.

full packet capture

B.

NetFlow data

C.

session data

D.

firewall logs

Buy Now
Questions 96

An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?

Options:

A.

digital certificates

B.

static IP addresses

C.

signatures

D.

cipher suite

Buy Now
Questions 97

Refer to the exhibit.

A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?

Options:

A.

employee 5

B.

employee 3

C.

employee 4

D.

employee 2

Buy Now
Questions 98

An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

Options:

A.

queries Linux devices that have Microsoft Services for Linux installed

B.

deploys Windows Operating Systems in an automated fashion

C.

is an efficient tool for working with Active Directory

D.

has a Common Information Model, which describes installed hardware and software

Buy Now
Questions 99

Refer to the exhibit.

200-201 Question 99

Which field contains DNS header information if the payload is a query or a response?

Options:

A.

Z

B.

ID

C.

TC

D.

QR

Buy Now
Exam Code: 200-201
Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Last Update: Jul 13, 2024
Questions: 331

PDF + Testing Engine

$59.5  $169.99

Testing Engine

$45.5  $129.99
buy now 200-201 testing engine

PDF (Q&A)

$38.5  $109.99
buy now 200-201 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 20 Jul 2024