Summer Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1271b8m643

200-201 Exam Dumps - Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS)

Question # 4

During which phase of the forensic process are tools and techniques used to extract information from the collected data?

A.

investigation

B.

examination

C.

reporting

D.

collection

Full Access
Question # 5

A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

A.

post-incident activity

B.

detection and analysis

C.

preparation

D.

containment, eradication, and recovery

Full Access
Question # 6

An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data. Which two types of data must be identified'? (Choose two.)

A.

SOX

B.

PII

C.

PHI

D.

PCI

E.

copyright

Full Access
Question # 7

Which security principle is violated by running all processes as root or administrator?

A.

principle of least privilege

B.

role-based access control

C.

separation of duties

D.

trusted computing base

Full Access
Question # 8

Refer to the exhibit.

Which stakeholders must be involved when a company workstation is compromised?

A.

Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7

B.

Employee 1, Employee 2, Employee 4, Employee 5

C.

Employee 4, Employee 6, Employee 7

D.

Employee 2, Employee 3, Employee 4, Employee 5

Full Access
Question # 9

Which category relates to improper use or disclosure of PII data?

A.

legal

B.

compliance

C.

regulated

D.

contractual

Full Access
Question # 10

Refer to the exhibit.

An engineer is analyzing a PCAP file after a recent breach An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access How did the attacker gain access?

A.

by using the buffer overflow in the URL catcher feature for SSH

B.

by using an SSH Tectia Server vulnerability to enable host-based authentication

C.

by using an SSH vulnerability to silently redirect connections to the local host

D.

by using brute force on the SSH service to gain access

Full Access
Question # 11

Refer to the exhibit.

During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?

A.

antivirus

B.

proxy

C.

IDS/IPS

D.

firewall

Full Access
Question # 12

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

A.

encapsulation

B.

TOR

C.

tunneling

D.

NAT

Full Access
Question # 13

Which signature impacts network traffic by causing legitimate traffic to be blocked?

A.

false negative

B.

true positive

C.

true negative

D.

false positive

Full Access
Question # 14

Which attack method intercepts traffic on a switched network?

A.

denial of service

B.

ARP cache poisoning

C.

DHCP snooping

D.

command and control

Full Access
Question # 15

Refer to the exhibit.

Which type of attack is being executed?

A.

SQL injection

B.

cross-site scripting

C.

cross-site request forgery

D.

command injection

Full Access
Question # 16

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

A.

Modify the settings of the intrusion detection system.

B.

Design criteria for reviewing alerts.

C.

Redefine signature rules.

D.

Adjust the alerts schedule.

Full Access
Question # 17

What is the impact of false positive alerts on business compared to true positive?

A.

True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

B.

True positive alerts are blocked by mistake as potential attacks affecting application availability.

C.

False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

D.

False positive alerts are blocked by mistake as potential attacks affecting application availability.

Full Access
Question # 18

Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

A.

open ports of a web server

B.

open port of an FTP server

C.

open ports of an email server

D.

running processes of the server

Full Access
Question # 19

Refer to the exhibit.

Which event is occurring?

A.

A binary named "submit" is running on VM cuckoo1.

B.

A binary is being submitted to run on VM cuckoo1

C.

A binary on VM cuckoo1 is being submitted for evaluation

D.

A URL is being evaluated to see if it has a malicious binary

Full Access
Question # 20

What is the virtual address space for a Windows process?

A.

physical location of an object in memory

B.

set of pages that reside in the physical memory

C.

system-level memory protection feature built into the operating system

D.

set of virtual memory addresses that can be used

Full Access
Question # 21

Which security monitoring data type requires the largest storage space?

A.

transaction data

B.

statistical data

C.

session data

D.

full packet capture

Full Access
Question # 22

Refer to the exhibit.

Which type of log is displayed?

A.

IDS

B.

proxy

C.

NetFlow

D.

sys

Full Access
Question # 23

A company encountered a breach on its web servers using IIS 7 5 Dunng the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1 2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters. Which action does the engineer recommend?

A.

Upgrade to TLS v1 3.

B.

Install the latest IIS version.

C.

Downgrade to TLS 1.1.

D.

Deploy an intrusion detection system

Full Access
Question # 24

What is a sandbox interprocess communication service?

A.

A collection of rules within the sandbox that prevent the communication between sandboxes.

B.

A collection of network services that are activated on an interface, allowing for inter-port communication.

C.

A collection of interfaces that allow for coordination of activities among processes.

D.

A collection of host services that allow for communication between sandboxes.

Full Access
Question # 25

Refer to the exhibit.

What should be interpreted from this packet capture?

A.

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

B.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

C.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

D.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Full Access
Question # 26

An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario'?

A.

X 509 certificates

B.

RADIUS server

C.

CA server

D.

web application firewall

Full Access
Question # 27

How does an attack surface differ from an attack vector?

A.

An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.

B.

An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.

C.

An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.

D.

An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation

Full Access
Question # 28

Which regular expression is needed to capture the IP address 192.168.20.232?

A.

^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}

B.

^ (?:[0-9]f1,3}\.){1,4}

C.

^ (?:[0-9]{1,3}\.)'

D.

^ ([0-9]-{3})

Full Access
Question # 29

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

A.

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

B.

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

C.

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

D.

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Full Access
Question # 30

At a company party a guest asks questions about the company’s user account format and password complexity. How is this type of conversation classified?

A.

Phishing attack

B.

Password Revelation Strategy

C.

Piggybacking

D.

Social Engineering

Full Access
Question # 31

Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

A.

The file has an embedded executable and was matched by PEiD threat signatures for further analysis.

B.

The file has an embedded non-Windows executable but no suspicious features are identified.

C.

The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.

D.

The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

Full Access
Question # 32

When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

A.

server name, trusted subordinate CA, and private key

B.

trusted subordinate CA, public key, and cipher suites

C.

trusted CA name, cipher suites, and private key

D.

server name, trusted CA, and public key

Full Access
Question # 33

Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

A.

A policy violation is active for host 10.10.101.24.

B.

A host on the network is sending a DDoS attack to another inside host.

C.

There are two active data exfiltration alerts.

D.

A policy violation is active for host 10.201.3.149.

Full Access
Question # 34

A user received a malicious attachment but did not run it. Which category classifies the intrusion?

A.

weaponization

B.

reconnaissance

C.

installation

D.

delivery

Full Access
Question # 35

Which two elements of the incident response process are stated in NIST SP 800-61 r2? (Choose two.)

A.

detection and analysis

B.

post-incident activity

C.

vulnerability scoring

D.

vulnerability management

E.

risk assessment

Full Access
Question # 36

Refer to the exhibit.

What is shown in this PCAP file?

A.

Timestamps are indicated with error.

B.

The protocol is TCP.

C.

The User-Agent is Mozilla/5.0.

D.

The HTTP GET is encoded.

Full Access
Question # 37

What is a purpose of a vulnerability management framework?

A.

identifies, removes, and mitigates system vulnerabilities

B.

detects and removes vulnerabilities in source code

C.

conducts vulnerability scans on the network

D.

manages a list of reported vulnerabilities

Full Access
Question # 38

Which are two denial-of-service attacks? (Choose two.)

A.

TCP connections

B.

ping of death

C.

man-in-the-middle

D.

code-red

E.

UDP flooding

Full Access
Question # 39

Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

A.

2317

B.

1986

C.

2318

D.

2542

Full Access