200-201 Dumps

200-201 Braindumps

200-201 Real Questions

200-201 Practice Test

200-201 Actual Questions


killexams.com


Cisco


200-201


Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)


https://killexams.com/pass4sure/exam-detail/200-201


Question: 252


Which regular expression matches "color" and "colour"?

  1. colo?ur

  2. col[0 − 8]+our

  3. colou?r

  4. col[0 − 9]+our


Answer: C Question: 253 Refer to the exhibit.


Which type of log is displayed?

  1. proxy

  2. NetFlow

  3. IDS

  4. sys


Answer: B


Question: 254

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

  1. sequence numbers

  2. IP identifier

  3. 5-tuple

  4. timestamps


Answer: C


Question: 255


Which type of evidence supports a theory or an assumption that results from initial evidence?

  1. probabilistic

  2. indirect

  3. best

  4. corroborative


Answer: D


Question: 256

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

  1. context

  2. session

  3. laptop

  4. firewall logs

  5. threat actor


Answer: AE


Question: 257


Which piece of information is needed for attribution in an investigation?

  1. proxy logs showing the source RFC 1918 IP addresses

  2. RDP allowed from the Internet

  3. known threat actor behavior

  4. 802.1x RADIUS authentication pass arid fail logs


Answer: C


Question: 258

An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?

  1. true negative

  2. false negative

  3. false positive

  4. true positive


Answer: B


Question: 259


Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

  1. detection and analysis

  2. post-incident activity

  3. vulnerability management

  4. risk assessment

  5. vulnerability scoring


Answer: AB Explanation:

Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf


Question: 260


What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

  1. Tapping interrogation replicates signals to a separate port for analyzing traffic

  2. Tapping interrogations detect and block malicious traffic

  3. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

  4. Inline interrogation detects malicious traffic but does not block the traffic


Answer: A


Question: 261

What is the difference between the ACK flag and the RST flag in the NetFlow log session?

  1. The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

  2. The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

  3. The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

  4. The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection


Answer: D


Question: 262


Which event is user interaction?

  1. gaining root access

  2. executing remote code

  3. reading and writing file permission

  4. opening a malicious file


Answer: D


Question: 263


An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.


Which testing method did the intruder use?

  1. social engineering

  2. eavesdropping

  3. piggybacking

  4. tailgating


Answer: A


Question: 264


Which security principle requires more than one person is required to perform a critical task?

  1. least privilege

  2. need to know

  3. separation of duties

  4. due diligence


Answer: C


Question: 265


What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

  1. Untampered images are used in the security investigation process

  2. Tampered images are used in the security investigation process

  3. The image is tampered if the stored hash and the computed hash match

  4. Tampered images are used in the incident recovery process

  5. The image is untampered if the stored hash and the computed hash match


Answer: BE Question: 266 DRAG DROP


Answer:


Question: 267

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

  1. data from a CD copied using Mac-based system

  2. data from a CD copied using Linux system

  3. data from a DVD copied using Windows system

  4. data from a CD copied using Windows


Answer: B


Question: 268


A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.


Which type of evidence is this?

  1. best evidence

  2. prima facie evidence

  3. indirect evidence

  4. physical evidence


Answer: C


Question: 269


Which artifact is used to uniquely identify a detected file?

  1. file timestamp

  2. file extension

  3. file size

  4. file hash


Answer: D

Which two components reduce the attack surface on an endpoint? (Choose two.)

  1. secure boot

  2. load balancing

  3. increased audit log levels

  4. restricting USB ports

  5. full packet captures at the endpoint


Answer: AD Question: 271 DRAG DROP

Refer to the exhibit.



Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.



Answer: