200-201 Dumps 200-201 Braindumps 200-201 Real Questions 200-201 Practice Test 200-201 Actual Questions Cisco 200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) https://killexams.com/pass4sure/exam-detail/200-201 Question: 252 Which regular expression matches "color" and "colour"? A. colo?ur B. col[0 - 8]+our C. colou?r D. col[0 - 9]+our Answer: C Question: 253 Refer to the exhibit. Which type of log is displayed? A. proxy B. NetFlow C. IDS D. sys Answer: B Question: 254 An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs? A. sequence numbers B. IP identifier C. 5-tuple D. timestamps Answer: C Question: 255 Which type of evidence supports a theory or an assumption that results from initial evidence? A. probabilistic B. indirect C. best D. corroborative Answer: D Question: 256 Which two elements are assets in the role of attribution in an investigation? (Choose two.) A. context B. session C. laptop D. firewall logs E. threat actor Answer: AE Question: 257 Which piece of information is needed for attribution in an investigation? A. proxy logs showing the source RFC 1918 IP addresses B. RDP allowed from the Internet C. known threat actor behavior D. 802.1x RADIUS authentication pass arid fail logs Answer: C Question: 258 An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic? A. true negative B. false negative C. false positive D. true positive Answer: B Question: 259 Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.) A. detection and analysis B. post-incident activity C. vulnerability management D. risk assessment E. vulnerability scoring Answer: AB Explanation: Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf Question: 260 What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network? A. Tapping interrogation replicates signals to a separate port for analyzing traffic B. Tapping interrogations detect and block malicious traffic C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies D. Inline interrogation detects malicious traffic but does not block the traffic Answer: A Question: 261 What is the difference between the ACK flag and the RST flag in the NetFlow log session? A. The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete B. The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete C. The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection D. The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection Answer: D Question: 262 Which event is user interaction? A. gaining root access B. executing remote code C. reading and writing file permission D. opening a malicious file Answer: D Question: 263 An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use? A. social engineering B. eavesdropping C. piggybacking D. tailgating Answer: A Question: 264 Which security principle requires more than one person is required to perform a critical task? A. least privilege B. need to know C. separation of duties D. due diligence Answer: C Question: 265 What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.) A. Untampered images are used in the security investigation process B. Tampered images are used in the security investigation process C. The image is tampered if the stored hash and the computed hash match D. Tampered images are used in the incident recovery process E. The image is untampered if the stored hash and the computed hash match Answer: BE Question: 266 DRAG DROP Drag and drop the security concept on the left onto the example of that concept on the right. Answer: Question: 267 An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file? A. data from a CD copied using Mac-based system B. data from a CD copied using Linux system C. data from a DVD copied using Windows system D. data from a CD copied using Windows Answer: B Question: 268 A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this? A. best evidence B. prima facie evidence C. indirect evidence D. physical evidence Answer: C Question: 269 Which artifact is used to uniquely identify a detected file? A. file timestamp B. file extension C. file size D. file hash Answer: D Question: 270 Which two components reduce the attack surface on an endpoint? (Choose two.) A. secure boot B. load balancing C. increased audit log levels D. restricting USB ports E. full packet captures at the endpoint Answer: AD Question: 271 DRAG DROP Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the PCAP file on the right. Answer: 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG