Winter Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) Question and Answers

Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS)

Last Update Jan 29, 2023
Total Questions : 263

We are offering FREE 200-201 Cisco exam questions. All you do is to just go and sign up. Give your details, prepare 200-201 free exam questions and then go for complete pool of Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) test questions that will help you more.

200-201 pdf

200-201 PDF

$44  $109.99
200-201 Engine

200-201 Testing Engine

$52  $129.99
200-201 PDF + Engine

200-201 PDF + Testing Engine

$68  $169.99
Questions 1

What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

Options:

A.  

least privilege

B.  

need to know

C.  

integrity validation

D.  

due diligence

Discussion 0
Questions 2

Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

Options:

A.  

indirect evidence

B.  

best evidence

C.  

corroborative evidence

D.  

direct evidence

Discussion 0
Questions 3

Refer to the exhibit.

Which kind of attack method is depicted in this string?

Options:

A.  

cross-site scripting

B.  

man-in-the-middle

C.  

SQL injection

D.  

denial of service

Discussion 0
Questions 4

Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

Options:

A.  

NetScout

B.  

tcpdump

C.  

SolarWinds

D.  

netsh

Discussion 0
Questions 5

Which category relates to improper use or disclosure of PII data?

Options:

A.  

legal

B.  

compliance

C.  

regulated

D.  

contractual

Discussion 0
Questions 6

Which signature impacts network traffic by causing legitimate traffic to be blocked?

Options:

A.  

false negative

B.  

true positive

C.  

true negative

D.  

false positive

Discussion 0
Questions 7

An employee received an email from a colleague’s address asking for the password for the domain controller. The employee noticed a missing letter within the sender’s address. What does this incident describe?

Options:

A.  

brute-force attack

B.  

insider attack

C.  

shoulder surfing

D.  

social engineering

Discussion 0
Questions 8

Drag and drop the security concept on the left onto the example of that concept on the right.

Options:

Discussion 0
Questions 9

How does TOR alter data content during transit?

Options:

A.  

It spoofs the destination and source information protecting both sides.

B.  

It encrypts content and destination information over multiple layers.

C.  

It redirects destination traffic through multiple sources avoiding traceability.

D.  

It traverses source traffic through multiple destinations before reaching the receiver

Discussion 0
Questions 10

Which HTTP header field is used in forensics to identify the type of browser used?

Options:

A.  

referrer

B.  

host

C.  

user-agent

D.  

accept-language

Discussion 0
Questions 11

Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

Options:

Discussion 0
Questions 12

A security incident occurred with the potential of impacting business services. Who performs the attack?

Options:

A.  

malware author

B.  

threat actor

C.  

bug bounty hunter

D.  

direct competitor

Discussion 0
Questions 13

What is personally identifiable information that must be safeguarded from unauthorized access?

Options:

A.  

date of birth

B.  

driver's license number

C.  

gender

D.  

zip code

Discussion 0
Questions 14

An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom. What is the threat actor in this scenario?

Options:

A.  

phishing email

B.  

sender

C.  

HR

D.  

receiver

Discussion 0
Questions 15

The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?

Options:

A.  

actions

B.  

delivery

C.  

reconnaissance

D.  

installation

Discussion 0
Questions 16

An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

Options:

A.  

queries Linux devices that have Microsoft Services for Linux installed

B.  

deploys Windows Operating Systems in an automated fashion

C.  

is an efficient tool for working with Active Directory

D.  

has a Common Information Model, which describes installed hardware and software

Discussion 0
Questions 17

Drag and drop the type of evidence from the left onto the description of that evidence on the right.

Options:

Discussion 0
Questions 18

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?

Options:

A.  

by most active source IP

B.  

by most used ports

C.  

based on the protocols used

D.  

based on the most used applications

Discussion 0
Questions 19

Refer to the exhibit. Where is the executable file?

Options:

A.  

info

B.  

tags

C.  

MIME

D.  

name

Discussion 0
Questions 20

Which two components reduce the attack surface on an endpoint? (Choose two.)

Options:

A.  

secure boot

B.  

load balancing

C.  

increased audit log levels

D.  

restricting USB ports

E.  

full packet captures at the endpoint

Discussion 0
Questions 21

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

Options:

A.  

reconnaissance

B.  

action on objectives

C.  

installation

D.  

exploitation

Discussion 0
Questions 22

Refer to the exhibit.

An engineer received an event log file to review. Which technology generated the log?

Options:

A.  

NetFlow

B.  

proxy

C.  

firewall

D.  

IDS/IPS

Discussion 0
Questions 23

What is a benefit of agent-based protection when compared to agentless protection?

Options:

A.  

It lowers maintenance costs

B.  

It provides a centralized platform

C.  

It collects and detects all traffic locally

D.  

It manages numerous devices simultaneously

Discussion 0
Questions 24

What is the difference between inline traffic interrogation and traffic mirroring?

Options:

A.  

Inline interrogation is less complex as traffic mirroring applies additional tags to data.

B.  

Traffic mirroring copies the traffic rather than forwarding it directly to the analysis tools

C.  

Inline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.

D.  

Traffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.

Discussion 0
Questions 25

Which event artifact is used to identify HTTP GET requests for a specific file?

Options:

A.  

destination IP address

B.  

TCP ACK

C.  

HTTP status code

D.  

URI

Discussion 0
Questions 26

Refer to the exhibit.

What information is depicted?

Options:

A.  

IIS data

B.  

NetFlow data

C.  

network discovery event

D.  

IPS event data

Discussion 0
Questions 27

What is obtained using NetFlow?

Options:

A.  

session data

B.  

application logs

C.  

network downtime report

D.  

full packet capture

Discussion 0
Questions 28

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

Options:

A.  

weaponization

B.  

delivery

C.  

exploitation

D.  

reconnaissance

Discussion 0
Questions 29

What is the difference between the ACK flag and the RST flag?

Options:

A.  

The RST flag approves the connection, and the ACK flag terminates spontaneous connections.

B.  

The ACK flag confirms the received segment, and the RST flag terminates the connection.

C.  

The RST flag approves the connection, and the ACK flag indicates that a packet needs to be resent

D.  

The ACK flag marks the connection as reliable, and the RST flag indicates the failure within TCP Handshake

Discussion 0
Questions 30

What is a difference between an inline and a tap mode traffic monitoring?

Options:

A.  

Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.

B.  

Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

C.  

Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.

D.  

Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

Discussion 0
Questions 31

An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

Options:

A.  

The computer has a HIPS installed on it.

B.  

The computer has a NIPS installed on it.

C.  

The computer has a HIDS installed on it.

D.  

The computer has a NIDS installed on it.

Discussion 0
Questions 32

What are the two differences between stateful and deep packet inspection? (Choose two )

Options:

A.  

Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports

B.  

Deep packet inspection is capable of malware blocking, and stateful inspection is not

C.  

Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates on Layer 3 of the OSI model

D.  

Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.

E.  

Stateful inspection is capable of packet data inspections, and deep packet inspection is not

Discussion 0
Questions 33

An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data. Which two types of data must be identified'? (Choose two.)

Options:

A.  

SOX

B.  

PII

C.  

PHI

D.  

PCI

E.  

copyright

Discussion 0
Questions 34

Refer to the exhibit.

Which technology generates this log?

Options:

A.  

NetFlow

B.  

IDS

C.  

web proxy

D.  

firewall

Discussion 0
Questions 35

An engineer must compare NIST vs ISO frameworks The engineer deeded to compare as readable documentation and also to watch a comparison video review. Using Windows 10 OS. the engineer started a browser and searched for a NIST document and then opened a new tab in the same browser and searched for an ISO document for comparison

The engineer tried to watch the video, but there 'was an audio problem with OS so the engineer had to troubleshoot it At first the engineer started CMD and looked fee a driver path then locked for a corresponding registry in the registry editor The engineer enabled "Audiosrv" in task manager and put it on auto start and the problem was solved Which two components of the OS did the engineer touch? (Choose two)

Options:

A.  

permissions

B.  

PowerShell logs

C.  

service

D.  

MBR

E.  

process and thread

Discussion 0
Questions 36

Which attack method intercepts traffic on a switched network?

Options:

A.  

denial of service

B.  

ARP cache poisoning

C.  

DHCP snooping

D.  

command and control

Discussion 0
Questions 37

According to the NIST SP 800-86. which two types of data are considered volatile? (Choose two.)

Options:

A.  

swap files

B.  

temporary files

C.  

login sessions

D.  

dump files

E.  

free space

Discussion 0
Questions 38

What is the difference between statistical detection and rule-based detection models?

Options:

A.  

Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time

B.  

Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis

C.  

Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior

D.  

Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis

Discussion 0
Questions 39

In a SOC environment, what is a vulnerability management metric?

Options:

A.  

code signing enforcement

B.  

full assets scan

C.  

internet exposed devices

D.  

single factor authentication

Discussion 0