Latest 200-201 Practice Tests with Actual Questions

200-201 Dumps

200-201 Braindumps

200-201 Real Questions

200-201 Practice Test

200-201 Actual Questions

killexams.com

Cisco

200-201

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

https://killexams.com/pass4sure/exam-detail/200-201

Question: 252

Which regular expression matches "color" and "colour"?

1. colo?ur

2. col[0 − 8]+our

3. colou?r

4. col[0 − 9]+our

Answer: C
Question: 253 Refer to the exhibit.

Which type of log is displayed?

1. proxy

2. NetFlow

3. IDS

4. sys

Answer: B

Question: 254

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

1. sequence numbers

2. IP identifier

3. 5-tuple

4. timestamps

Answer: C

Question: 255

Which type of evidence supports a theory or an assumption that results from initial evidence?

1. probabilistic

2. indirect

3. best

4. corroborative

Answer: D

Question: 256

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

1. context

2. session

3. laptop

4. firewall logs

5. threat actor

Answer: AE

Question: 257

Which piece of information is needed for attribution in an investigation?

1. proxy logs showing the source RFC 1918 IP addresses

2. RDP allowed from the Internet

3. known threat actor behavior

4. 802.1x RADIUS authentication pass arid fail logs

Answer: C

Question: 258

An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?

1. true negative

2. false negative

3. false positive

4. true positive

Answer: B

Question: 259

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

1. detection and analysis

2. post-incident activity

3. vulnerability management

4. risk assessment

5. vulnerability scoring

Answer: AB
Explanation:

Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Question: 260

What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

1. Tapping interrogation replicates signals to a separate port for analyzing traffic

2. Tapping interrogations detect and block malicious traffic

3. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

4. Inline interrogation detects malicious traffic but does not block the traffic

Answer: A

Question: 261

What is the difference between the ACK flag and the RST flag in the NetFlow log session?

1. The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

2. The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

3. The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

4. The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

Answer: D

Question: 262

Which event is user interaction?

1. gaining root access

2. executing remote code

3. reading and writing file permission

4. opening a malicious file

Answer: D

Question: 263

An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

1. social engineering

2. eavesdropping

3. piggybacking

4. tailgating

Answer: A

Question: 264

Which security principle requires more than one person is required to perform a critical task?

1. least privilege

2. need to know

3. separation of duties

4. due diligence

Answer: C

Question: 265

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

1. Untampered images are used in the security investigation process

2. Tampered images are used in the security investigation process

3. The image is tampered if the stored hash and the computed hash match

4. Tampered images are used in the incident recovery process

5. The image is untampered if the stored hash and the computed hash match

Answer: BE
Question: 266 DRAG DROP

Answer:

Question: 267

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

1. data from a CD copied using Mac-based system

2. data from a CD copied using Linux system

3. data from a DVD copied using Windows system

4. data from a CD copied using Windows

Answer: B

Question: 268

A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.

Which type of evidence is this?

1. best evidence

2. prima facie evidence

3. indirect evidence

4. physical evidence

Answer: C

Question: 269

Which artifact is used to uniquely identify a detected file?

1. file timestamp

2. file extension

3. file size

4. file hash

Answer: D

Which two components reduce the attack surface on an endpoint? (Choose two.)

1. secure boot

2. load balancing

3. increased audit log levels

4. restricting USB ports

5. full packet captures at the endpoint

Answer: AD
Question: 271 DRAG DROP

Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

Answer: