Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

200-201 Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) Questions and Answers

Questions 4

What is obtained using NetFlow?

Options:

A.

session data

B.

application logs

C.

network downtime report

D.

full packet capture

Buy Now
Questions 5

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

Options:

A.

reconnaissance

B.

action on objectives

C.

installation

D.

exploitation

Buy Now
Questions 6

What is vulnerability management?

Options:

A.

A security practice focused on clarifying and narrowing intrusion points.

B.

A security practice of performing actions rather than acknowledging the threats.

C.

A process to identify and remediate existing weaknesses.

D.

A process to recover from service interruptions and restore business-critical applications

Buy Now
Questions 7

Which tool provides a full packet capture from network traffic?

Options:

A.

Nagios

B.

CAINE

C.

Hydra

D.

Wireshark

Buy Now
Questions 8

A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

Options:

A.

installation

B.

reconnaissance

C.

weaponization

D.

delivery

Buy Now
Questions 9

Refer to the exhibit.

Which field contains DNS header information if the payload is a query or a response?

Options:

A.

Z

B.

ID

C.

TC

D.

QR

Buy Now
Questions 10

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Options:

A.

Untampered images are used in the security investigation process

B.

Tampered images are used in the security investigation process

C.

The image is tampered if the stored hash and the computed hash match

D.

Tampered images are used in the incident recovery process

E.

The image is untampered if the stored hash and the computed hash match

Buy Now
Questions 11

Drag and drop the data source from the left onto the data type on the right.

Options:

Buy Now
Questions 12

An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist Further analysis shows that the threat actor connected an externa USB device to bypass security restrictions and steal data The engineer could not find an external USB device Which piece of information must an engineer use for attribution in an investigation?

Options:

A.

list of security restrictions and privileges boundaries bypassed

B.

external USB device

C.

receptionist and the actions performed

D.

stolen data and its criticality assessment

Buy Now
Questions 13

An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?

Options:

A.

Recovery

B.

Detection

C.

Eradication

D.

Analysis

Buy Now
Questions 14

What should an engineer use to aid the trusted exchange of public keys between user tom0411976943 and dan1968754032?

Options:

A.

central key management server

B.

web of trust

C.

trusted certificate authorities

D.

registration authority data

Buy Now
Questions 15

What is a sandbox interprocess communication service?

Options:

A.

A collection of rules within the sandbox that prevent the communication between sandboxes.

B.

A collection of network services that are activated on an interface, allowing for inter-port communication.

C.

A collection of interfaces that allow for coordination of activities among processes.

D.

A collection of host services that allow for communication between sandboxes.

Buy Now
Questions 16

Refer to the exhibit.

Which event is occurring?

Options:

A.

A binary named "submit" is running on VM cuckoo1.

B.

A binary is being submitted to run on VM cuckoo1

C.

A binary on VM cuckoo1 is being submitted for evaluation

D.

A URL is being evaluated to see if it has a malicious binary

Buy Now
Questions 17

Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

Options:

A.

indirect evidence

B.

best evidence

C.

corroborative evidence

D.

direct evidence

Buy Now
Questions 18

Refer to the exhibit.

What does the message indicate?

Options:

A.

an access attempt was made from the Mosaic web browser

B.

a successful access attempt was made to retrieve the password file

C.

a successful access attempt was made to retrieve the root of the website

D.

a denied access attempt was made to retrieve the password file

Buy Now
Questions 19

Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

Options:

A.

parameter manipulation

B.

heap memory corruption

C.

command injection

D.

blind SQL injection

Buy Now
Questions 20

Refer to the exhibit. Where is the executable file?

Options:

A.

info

B.

tags

C.

MIME

D.

name

Buy Now
Questions 21

Why is HTTPS traffic difficult to screen?

Options:

A.

HTTPS is used internally and screening traffic (or external parties is hard due to isolation.

B.

The communication is encrypted and the data in transit is secured.

C.

Digital certificates secure the session, and the data is sent at random intervals.

D.

Traffic is tunneled to a specific destination and is inaccessible to others except for the receiver.

Buy Now
Questions 22

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

Options:

A.

data from a CD copied using Mac-based system

B.

data from a CD copied using Linux system

C.

data from a DVD copied using Windows system

D.

data from a CD copied using Windows

Buy Now
Questions 23

An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data. Which two types of data must be identified'? (Choose two.)

Options:

A.

SOX

B.

PII

C.

PHI

D.

PCI

E.

copyright

Buy Now
Questions 24

What are the two differences between stateful and deep packet inspection? (Choose two )

Options:

A.

Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports

B.

Deep packet inspection is capable of malware blocking, and stateful inspection is not

C.

Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates on Layer 3 of the OSI model

D.

Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.

E.

Stateful inspection is capable of packet data inspections, and deep packet inspection is not

Buy Now
Questions 25

An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

Options:

A.

Recover from the threat.

B.

Analyze the threat.

C.

Identify lessons learned from the threat.

D.

Reduce the probability of similar threats.

Buy Now
Questions 26

What describes the impact of false-positive alerts compared to false-negative alerts?

Options:

A.

A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised

B.

A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring

C.

A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.

D.

A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Buy Now
Questions 27

Which of these describes SOC metrics in relation to security incidents?

Options:

A.

time it takes to detect the incident

B.

time it takes to assess the risks of the incident

C.

probability of outage caused by the incident

D.

probability of compromise and impact caused by the incident

Buy Now
Questions 28

What is the difference between deep packet inspection and stateful inspection?

Options:

A.

Deep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4.

B.

Deep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention.

C.

Stateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention.

D.

Stateful inspection verifies data at the transport layer and deep packet inspection verifies data at the application layer

Buy Now
Questions 29

Which regular expression is needed to capture the IP address 192.168.20.232?

Options:

A.

^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}

B.

^ (?:[0-9]f1,3}\.){1,4}

C.

^ (?:[0-9]{1,3}\.)'

D.

^ ([0-9]-{3})

Buy Now
Questions 30

What is personally identifiable information that must be safeguarded from unauthorized access?

Options:

A.

date of birth

B.

driver's license number

C.

gender

D.

zip code

Buy Now
Questions 31

A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

Options:

A.

event name, log source, time, source IP, and host name

B.

protocol, source IP, source port, destination IP, and destination port

C.

event name, log source, time, source IP, and username

D.

protocol, log source, source IP, destination IP, and host name

Buy Now
Questions 32

What is the difference between statistical detection and rule-based detection models?

Options:

A.

Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time

B.

Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis

C.

Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior

D.

Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis

Buy Now
Questions 33

A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

Options:

A.

CD data copy prepared in Windows

B.

CD data copy prepared in Mac-based system

C.

CD data copy prepared in Linux system

D.

CD data copy prepared in Android-based system

Buy Now
Questions 34

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

Options:

Buy Now
Questions 35

How does an SSL certificate impact security between the client and the server?

Options:

A.

by enabling an authenticated channel between the client and the server

B.

by creating an integrated channel between the client and the server

C.

by enabling an authorized channel between the client and the server

D.

by creating an encrypted channel between the client and the server

Buy Now
Questions 36

Which category relates to improper use or disclosure of PII data?

Options:

A.

legal

B.

compliance

C.

regulated

D.

contractual

Buy Now
Questions 37

What are two social engineering techniques? (Choose two.)

Options:

A.

privilege escalation

B.

DDoS attack

C.

phishing

D.

man-in-the-middle

E.

pharming

Buy Now
Questions 38

Which system monitors local system operation and local network access for violations of a security policy?

Options:

A.

host-based intrusion detection

B.

systems-based sandboxing

C.

host-based firewall

D.

antivirus

Buy Now
Questions 39

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

Options:

A.

resource exhaustion

B.

tunneling

C.

traffic fragmentation

D.

timing attack

Buy Now
Exam Code: 200-201
Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS)
Last Update: Jan 29, 2023
Questions: 263

PDF + Testing Engine

$140

Testing Engine

$105

PDF (Q&A)

$90