200-201 Actual Exam Questions Are Valid For Cisco Certified CyberOps Associate CBROPS Exam

Regina2021-09-17T06:19:10+00:00

If decided to be a Cisco Certified CyberOps Associate certified, you need to answer 200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam successfully. So you may be preparing for Cisco CBROPS 200-201 exam, we have 200-201 actual exam questions covering security concepts, security monitoring, host-based analysis, network intrusion analysis and security policies and procedures, which have been verified as a valid file to help you complete Cisco 200-201 exam. There are 184 practice exam questions with the actual answers, you need to read all of them to make sure you can answer Cisco CBROPS 200-201 exam smoothly.

If can not make sure 200-201 exam questions are helpful, you can read Cisco CBROPS 200-201 free questions as demo below:

Page 1 of 5

1. Refer to the exhibit.

What should be interpreted from this packet capture?

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

2. A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it .

Which category of the cyber kill chain should be assigned to this type of event?

installation

reconnaissance

weaponization

delivery

3. Refer to the exhibit.

Which type of log is displayed?

proxy

NetFlow

IDS

sys

4. An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack .

What is the reason for this discrepancy?

The computer has a HIPS installed on it.

The computer has a NIPS installed on it.

The computer has a HIDS installed on it.

The computer has a NIDS installed on it.

5. What is the difference between the rule-based detection when compared to behavioral detection?

Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.

Rule-Based systems have established patterns that do not change with new data, while behavioral changes.

Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.

Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.

6. Refer to the exhibit .

What does this output indicate?

HTTPS ports are open on the server.

SMB ports are closed on the server.

FTP ports are open on the server.

Email ports are closed on the server.

7. Refer to the exhibit.

What is occurring in this network?

ARP cache poisoning

DNS cache poisoning

MAC address table overflow

MAC flooding attack

8. Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)

First Packet

Initiator User

Ingress Security Zone

Source Port

Initiator IP

9. How does certificate authority impact a security system?

It authenticates client identity when requesting SSL certificate

It validates domain identity of a SSL certificate

It authenticates domain identity when requesting SSL certificate

It validates client identity when communicating with the server

10. Which event artifact is used to identify HTTP GET requests for a specific file?

destination IP address

TCP ACK

HTTP status code

URI

Page 2 of 5

11. What are two social engineering techniques? (Choose two.)

privilege escalation

DDoS attack

phishing

man-in-the-middle

pharming

12. Which type of data collection requires the largest amount of storage space?

alert data

transaction data

session data

full packet capture

13. Which two components reduce the attack surface on an endpoint? (Choose two.)

secure boot

load balancing

increased audit log levels

restricting USB ports

full packet captures at the endpoint

14. A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver .

Which event category is described?

reconnaissance

action on objectives

installation

exploitation

15. Which regular expression is needed to capture the IP address 192.168.20.232?

^ (?:[0-9]{1,3}.){3}[0-9]{1,3}

^ (?:[0-9]f1,3}.){1,4}

^ (?:[0-9]{1,3}.)'

^ ([0-9]-{3})

16. What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

MAC is the strictest of all levels of control and DAC is object-based access

DAC is controlled by the operating system and MAC is controlled by an administrator

DAC is the strictest of all levels of control and MAC is object-based access

17. Which incidence response step includes identifying all hosts affected by an attack?

detection and analysis

post-incident activity

preparation

containment, eradication, and recovery

18. Refer to the exhibit.

What is shown in this PCAP file?

Timestamps are indicated with error.

The protocol is TC

The User-Agent is Mozilla/5.0.

The HTTP GET is encoded.

19. What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Untampered images are used in the security investigation process

Tampered images are used in the security investigation process

The image is tampered if the stored hash and the computed hash match

Tampered images are used in the incident recovery process

The image is untampered if the stored hash and the computed hash match

20. What is rule-based detection when compared to statistical detection?

proof of a user's identity

proof of a user's action

likelihood of user's action

falsification of a user's identity

Page 3 of 5

21. Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

A policy violation is active for host 10.10.101.24.

A host on the network is sending a DDoS attack to another inside host.

There are three active data exfiltration alerts.

A policy violation is active for host 10.201.3.149.

22. Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

forgery attack

plaintext-only attack

ciphertext-only attack

meet-in-the-middle attack

23. Which type of evidence supports a theory or an assumption that results from initial evidence?

probabilistic

indirect

best

corroborative

24. DRAG DROP

Drag and drop the technology on the left onto the data type the technology provides on the right.

25. Why is encryption challenging to security monitoring?

Encryption analysis is used by attackers to monitor VPN tunnels.

Encryption is used by threat actors as a method of evasion and obfuscation.

Encryption introduces additional processing requirements by the CP

Encryption introduces larger packet sizes to analyze and store.

26. W[^t is vulnerability management?

A security practice focused on clarifying and narrowing intrusion points.

A security practice of performing actions rather than acknowledging the threats.

A process to identify and remediate existing weaknesses.

A process to recover from service interruptions and restore business-critical applications

27. Which action prevents buffer overflow attacks?

variable randomization

using web based applications

input sanitization

using a Linux operating system

28. When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

fragmentation

pivoting

encryption

stenography

29. A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

file type

file size

file name

file hash value

30. What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

Tapping interrogation replicates signals to a separate port for analyzing traffic

Tapping interrogations detect and block malicious traffic

Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

Inline interrogation detects malicious traffic but does not block the traffic

Page 4 of 5

31. What is the difference between a threat and a risk?

Threat represents a potential danger that could take advantage of a weakness in a system

Risk represents the known and identified loss or danger in the system

Risk represents the nonintentional interaction with uncertainty in the system

Threat represents a state of being exposed to an attack or a compromise, either physically or logically.

32. What is the difference between the ACK flag and the RST flag in the NetFlow log session?

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

33. Which HTTP header field is used in forensics to identify the type of browser used?

referrer

host

user-agent

accept-language

34. When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

server name, trusted subordinate CA, and private key

trusted subordinate CA, public key, and cipher suites

trusted CA name, cipher suites, and private key

server name, trusted CA, and public key

35. Which event is user interaction?

gaining root access

executing remote code

reading and writing file permission

opening a malicious file

36. Refer to the exhibit.

Which event is occurring?

A binary named "submit" is running on VM cuckoo1.

A binary is being submitted to run on VM cuckoo1

A binary on VM cuckoo1 is being submitted for evaluation

A URL is being evaluated to see if it has a malicious binary

37. A security incident occurred with the potential of impacting business services.

Who performs the attack?

malware author

threat actor

bug bounty hunter

direct competitor

38. Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

CSIRT

PSIRT

public affairs

management

39. Which security principle requires more than one person is required to perform a critical task?

least privilege

need to know

separation of duties

due diligence

40. What is a difference between inline traffic interrogation and traffic mirroring?

Inline inspection acts on the original traffic data flow

Traffic mirroring passes live traffic to a tool for blocking

Traffic mirroring inspects live traffic for analysis and mitigation

Inline traffic copies packets for analysis and security

Page 5 of 5

41. What is a sandbox interprocess communication service?

A collection of rules within the sandbox that prevent the communication between sandboxes.

A collection of network services that are activated on an interface, allowing for inter-port communication.

A collection of interfaces that allow for coordination of activities among processes.

A collection of host services that allow for communication between sandboxes.

42. What is the principle of defense-in-depth?

Agentless and agent-based protection for security are used.

Several distinct protective layers are involved.

Access control models are involved.

Authentication, authorization, and accounting mechanisms are used.

43. How does an SSL certificate impact security between the client and the server?

by enabling an authenticated channel between the client and the server

by creating an integrated channel between the client and the server

by enabling an authorized channel between the client and the server

by creating an encrypted channel between the client and the server

44. Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

resource exhaustion

tunneling

traffic fragmentation

timing attack

45. What is the function of a command and control server?

It enumerates open ports on a network device

It drops secondary payload into malware

It is used to regain control of the network after a compromise

It sends instruction to a compromised system

46. Refer to the exhibit.

Which component is identifiable in this exhibit?

Trusted Root Certificate store on the local machine

Windows PowerShell verb

Windows Registry hive

local service in the Windows Services Manager

47. What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

least privilege

need to know

integrity validation

due diligence

48. Which metric is used to capture the level of access needed to launch a successful attack?

privileges required

user interaction

attack complexity

attack vector

49. What is a difference between tampered and untampered disk images?

Tampered images have the same stored and computed hash.

Untampered images are deliberately altered to preserve as evidence.

Tampered images are used as evidence.

Untampered images are used for forensic investigations.

50. How does a certificate authority impact security?

It validates client identity when communicating with the server.

It authenticates client identity when requesting an SSL certificate.

It authenticates domain identity when requesting an SSL certificate.

It validates the domain identity of the SSL certificate.

Welcome To Choose Required IT Certification Exams Online

200-201 Actual Exam Questions Are Valid For Cisco Certified CyberOps Associate CBROPS Exam

If can not make sure 200-201 exam questions are helpful, you can read Cisco CBROPS 200-201 free questions as demo below:

Author