Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS)
Last Update Mar 29, 2024
Total Questions : 311
We are offering FREE 200-201 Cisco exam questions. All you do is to just go and sign up. Give your details, prepare 200-201 free exam questions and then go for complete pool of Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) test questions that will help you more.
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?
Refer to the exhibit.
An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret from the report?
A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?
Refer to the exhibit.
An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
Refer to the exhibit.
An engineer received an event log file to review. Which technology generated the log?
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
Which evasion method involves performing actions slower than normal to prevent detection?
Refer to the exhibit.
This request was sent to a web application server driven by a database. Which type of web server attack is represented?
An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?
Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?
Refer to the exhibit.
A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?
Which metric is used to capture the level of access needed to launch a successful attack?
Syslog collecting software is installed on the server For the log containment, a disk with FAT type partition is used An engineer determined that log files are being corrupted when the 4 GB tile size is exceeded. Which action resolves the issue?
Refer to the exhibit.
What is the potential threat identified in this Stealthwatch dashboard?
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
A security incident occurred with the potential of impacting business services. Who performs the attack?
An engineer must compare NIST vs ISO frameworks The engineer deeded to compare as readable documentation and also to watch a comparison video review. Using Windows 10 OS. the engineer started a browser and searched for a NIST document and then opened a new tab in the same browser and searched for an ISO document for comparison
The engineer tried to watch the video, but there 'was an audio problem with OS so the engineer had to troubleshoot it At first the engineer started CMD and looked fee a driver path then locked for a corresponding registry in the registry editor The engineer enabled "Audiosrv" in task manager and put it on auto start and the problem was solved Which two components of the OS did the engineer touch? (Choose two)
At a company party a guest asks questions about the company’s user account format and password complexity. How is this type of conversation classified?
A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?
Refer to the exhibit.
An engineer received a ticket about a slowed-down web application. The engineer runs the #netstat -an command. How must the engineer interpret the results?
An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
Which component results from this operation?
An engineer is working on a ticket for an incident from the incident management team A week ago. an external web application was targeted by a DDoS attack Server resources were exhausted and after two hours it crashed. An engineer was able to identify the attacker and technique used Three hours after the attack, the server was restored and the engineer recommended implementing mitigation by Blackhole filtering and transferred the incident ticket back to the IR team According to NIST SP800-61, at which phase of the incident response did the engineer finish work?
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?
What is personally identifiable information that must be safeguarded from unauthorized access?
Which data type is necessary to get information about source/destination ports?
What is the difference between inline traffic interrogation and traffic mirroring?
Drag and drop the event term from the left onto the description on the right.
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
Refer to the exhibit.
What does the output indicate about the server with the IP address 172.18.104.139?
Drag and drop the uses on the left onto the type of security system on the right.
Drag and drop the data source from the left onto the data type on the right.
What is the impact of false positive alerts on business compared to true positive?
Which step in the incident response process researches an attacking host through logs in a SIEM?
Refer to the exhibit.
Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
An engineer is investigating a case of the unauthorized usage of the “Tcpdump” tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?
STION NO: 102
Refer to the exhibit.
What is the potential threat identified in this Stealthwatch dashboard?
What is a collection of compromised machines that attackers use to carry out a DDoS attack?
An engineer must configure network systems to detect command-and-control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology must be used to accomplish this task?
Refer to the exhibit.
Which packet contains a file that is extractable within Wireshark?
Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?
Exhibit.
An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?
An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?
Which regular expression is needed to capture the IP address 192.168.20.232?
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?
A cyberattacker notices a security flaw in a software that a company is using They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software To which category of the Cyber Kill Cham model does this event belong?
Which classification of cross-site scripting attack executes the payload without storing it for repeated use?
A malicious file has been identified in a sandbox analysis tool.
Which piece of information is needed to search for additional downloads of this file by other hosts?
Refer to the exhibit.
Which frame numbers contain a file that is extractable via TCP stream within Wireshark?
Refer to the exhibit.
An engineer is analyzing a PCAP file after a recent breach An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access How did the attacker gain access?