Happy Black Friday Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

200-201 Exam Dumps - Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS)

Question # 4

Drag and drop the event term from the left onto the description on the right.

Full Access
Question # 5

An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

A.

Base64 encoding

B.

transport layer security encryption

C.

SHA-256 hashing

D.

ROT13 encryption

Full Access
Question # 6

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

A.

company assets that are threatened

B.

customer assets that are threatened

C.

perpetrators of the attack

D.

victims of the attack

Full Access
Question # 7

What is a difference between tampered and untampered disk images?

A.

Tampered images have the same stored and computed hash.

B.

Tampered images are used as evidence.

C.

Untampered images are used for forensic investigations.

D.

Untampered images are deliberately altered to preserve as evidence

Full Access
Question # 8

What is a difference between SIEM and SOAR?

A.

SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.

B.

SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.

C.

SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.

D.

SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.

Full Access
Question # 9

An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?

A.

Firepower

B.

Email Security Appliance

C.

Web Security Appliance

D.

Stealthwatch

Full Access
Question # 10

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

A.

examination

B.

investigation

C.

collection

D.

reporting

Full Access
Question # 11

At a company party a guest asks QUESTION NO:s about the company’s user account format and password complexity. How is this type of conversation classified?

A.

Phishing attack

B.

Password Revelation Strategy

C.

Piggybacking

D.

Social Engineering

Full Access
Question # 12

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

A.

detection and analysis

B.

post-incident activity

C.

vulnerability management

D.

risk assessment

E.

vulnerability scoring

Full Access
Question # 13

Which technology on a host is used to isolate a running application from other applications?

A.

sandbox

B.

application allow list

C.

application block list

D.

host-based firewall

Full Access
Question # 14

Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

A.

availability

B.

confidentiality

C.

scope

D.

integrity

Full Access
Question # 15

Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

A.

parameter manipulation

B.

heap memory corruption

C.

command injection

D.

blind SQL injection

Full Access
Question # 16

Which action prevents buffer overflow attacks?

A.

variable randomization

B.

using web based applications

C.

input sanitization

D.

using a Linux operating system

Full Access
Question # 17

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

A.

resource exhaustion

B.

tunneling

C.

traffic fragmentation

D.

timing attack

Full Access
Question # 18

Refer to the exhibit.

What should be interpreted from this packet capture?

A.

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

B.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

C.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

D.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Full Access
Question # 19

What is a difference between SOAR and SIEM?

A.

SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

B.

SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

C.

SOAR receives information from a single platform and delivers it to a SIEM

D.

SIEM receives information from a single platform and delivers it to a SOAR

Full Access
Question # 20

Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

A.

The file has an embedded executable and was matched by PEiD threat signatures for further analysis.

B.

The file has an embedded non-Windows executable but no suspicious features are identified.

C.

The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.

D.

The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

Full Access
Question # 21

What does an attacker use to determine which network ports are listening on a potential target device?

A.

man-in-the-middle

B.

port scanning

C.

SQL injection

D.

ping sweep

Full Access
Question # 22

What is a sandbox interprocess communication service?

A.

A collection of rules within the sandbox that prevent the communication between sandboxes.

B.

A collection of network services that are activated on an interface, allowing for inter-port communication.

C.

A collection of interfaces that allow for coordination of activities among processes.

D.

A collection of host services that allow for communication between sandboxes.

Full Access
Question # 23

Refer to the exhibit.

Which type of log is displayed?

A.

IDS

B.

proxy

C.

NetFlow

D.

sys

Full Access
Question # 24

An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?

A.

incorrect TCP handshake

B.

incorrect UDP handshake

C.

incorrect OSI configuration

D.

incorrect snaplen configuration

Full Access
Question # 25

A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.

Which technology should be used to accomplish this task?

A.

application whitelisting/blacklisting

B.

network NGFW

C.

host-based IDS

D.

antivirus/antispyware software

Full Access
Question # 26

What is the difference between deep packet inspection and stateful inspection?

A.

Deep packet inspection is more secure than stateful inspection on Layer 4

B.

Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7

C.

Stateful inspection is more secure than deep packet inspection on Layer 7

D.

Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

Full Access
Question # 27

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

A.

application identification number

B.

active process identification number

C.

runtime identification number

D.

process identification number

Full Access