Special Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Questions and Answers

Questions 4

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

Options:

A.

resource exhaustion

B.

tunneling

C.

traffic fragmentation

D.

timing attack

Buy Now
Questions 5

How does an SSL certificate impact security between the client and the server?

Options:

A.

by enabling an authenticated channel between the client and the server

B.

by creating an integrated channel between the client and the server

C.

by enabling an authorized channel between the client and the server

D.

by creating an encrypted channel between the client and the server

Buy Now
Questions 6

An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

Options:

A.

Recover from the threat.

B.

Analyze the threat.

C.

Identify lessons learned from the threat.

D.

Reduce the probability of similar threats.

Buy Now
Questions 7

Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?

Options:

A.

The average time the SOC takes to register and assign the incident.

B.

The total incident escalations per week.

C.

The average time the SOC takes to detect and resolve the incident.

D.

The total incident escalations per month.

Buy Now
Questions 8

An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?

Options:

A.

IP data

B.

PII data

C.

PSI data

D.

PHI data

Buy Now
Questions 9

An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data. Which two types of data must be identified'? (Choose two.)

Options:

A.

SOX

B.

PII

C.

PHI

D.

PCI

E.

copyright

Buy Now
Questions 10

Which of these is a defense-in-depth strategy principle?

Options:

A.

identify the minimum resource required per employee.

B.

Assign the least network privileges to segment network permissions.

C.

Provide the minimum permissions needed to perform Job functions.

D.

Disable administrative accounts to avoid unauthorized changes.

Buy Now
Questions 11

Refer to the exhibit.

What must be interpreted from this packet capture?

Options:

A.

IP address 192.168.88 12 is communicating with 192 168 88 149 with a source port 74 to destination port 49098 using TCP protocol

B.

IP address 192.168.88.12 is communicating with 192 168 88 149 with a source port 49098 to destination port 80 using TCP protocol.

C.

IP address 192.168.88.149 is communicating with 192.168 88.12 with a source port 80 to destination port 49098 using TCP protocol.

D.

IP address 192.168.88.149 is communicating with 192.168.88.12 with a source port 49098 to destination port 80 using TCP protocol.

Buy Now
Questions 12

Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?

Options:

A.

SQL injection

B.

dictionary

C.

replay

D.

cross-site scripting

Buy Now
Questions 13

What does cyber attribution identify in an investigation?

Options:

A.

cause of an attack

B.

exploit of an attack

C.

vulnerabilities exploited

D.

threat actors of an attack

Buy Now
Questions 14

An employee received an email from a colleague’s address asking for the password for the domain controller. The employee noticed a missing letter within the sender’s address. What does this incident describe?

Options:

A.

brute-force attack

B.

insider attack

C.

shoulder surfing

D.

social engineering

Buy Now
Questions 15

Which incidence response step includes identifying all hosts affected by an attack?

Options:

A.

detection and analysis

B.

post-incident activity

C.

preparation

D.

containment, eradication, and recovery

Buy Now
Questions 16

During which phase of the forensic process are tools and techniques used to extract information from the collected data?

Options:

A.

investigation

B.

examination

C.

reporting

D.

collection

Buy Now
Questions 17

What are the two characteristics of the full packet captures? (Choose two.)

Options:

A.

Identifying network loops and collision domains.

B.

Troubleshooting the cause of security and performance issues.

C.

Reassembling fragmented traffic from raw data.

D.

Detecting common hardware faults and identify faulty assets.

E.

Providing a historical record of a network transaction.

Buy Now
Questions 18

A security incident occurred with the potential of impacting business services. Who performs the attack?

Options:

A.

malware author

B.

threat actor

C.

bug bounty hunter

D.

direct competitor

Buy Now
Questions 19

How does an attack surface differ from an attack vector?

Options:

A.

An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.

B.

An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.

C.

An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.

D.

An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation

Buy Now
Questions 20

An engineer received an alert affecting the degraded performance of a critical server Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

Options:

A.

Run "ps -ef to understand which processes are taking a high amount of resources

B.

Run "ps -u" to find out who executed additional processes that caused a high load on a server

C.

Run "ps -m" to capture the existing state of daemons and map the required processes to find the gap

D.

Run "ps -d" to decrease the priority state of high-load processes to avoid resource exhaustion

Buy Now
Questions 21

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Options:

A.

Untampered images are used in the security investigation process

B.

Tampered images are used in the security investigation process

C.

The image is tampered if the stored hash and the computed hash match

D.

Tampered images are used in the incident recovery process

E.

The image is untampered if the stored hash and the computed hash match

Buy Now
Questions 22

Which security principle is violated by running all processes as root or administrator?

Options:

A.

principle of least privilege

B.

role-based access control

C.

separation of duties

D.

trusted computing base

Buy Now
Questions 23

Which signature impacts network traffic by causing legitimate traffic to be blocked?

Options:

A.

false negative

B.

true positive

C.

true negative

D.

false positive

Buy Now
Questions 24

What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?

Options:

A.

DAC requires explicit authorization for a given user on a given object, and RBAC requires specific conditions.

B.

RBAC access is granted when a user meets specific conditions, and in DAC, permissions are applied on user and group levels.

C.

RBAC is an extended version of DAC where you can add an extra level of authorization based on time.

D.

DAC administrators pass privileges to users and groups, and in RBAC, permissions are applied to specific groups

Buy Now
Questions 25

Drag and drop the uses on the left onto the type of security system on the right.

Options:

Buy Now
Questions 26

A user received a malicious attachment but did not run it. Which category classifies the intrusion?

Options:

A.

weaponization

B.

reconnaissance

C.

installation

D.

delivery

Buy Now
Questions 27

An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

Options:

A.

Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.

B.

Run "ps -u" to find out who executed additional processes that caused a high load on a server.

C.

Run "ps -ef" to understand which processes are taking a high amount of resources.

D.

Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.

Buy Now
Questions 28

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

Options:

A.

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

B.

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

C.

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

D.

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Buy Now
Questions 29

Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

Options:

A.

NetScout

B.

tcpdump

C.

SolarWinds

D.

netsh

Buy Now
Questions 30

Which element is included in an incident response plan as stated m NIST SP800-617

Options:

A.

security of sensitive information

B.

individual approach to incident response

C.

approval of senior management

D.

consistent threat identification

Buy Now
Questions 31

Refer to the exhibit.

A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?

Options:

A.

employee 5

B.

employee 3

C.

employee 4

D.

employee 2

Buy Now
Questions 32

Which action prevents buffer overflow attacks?

Options:

A.

variable randomization

B.

using web based applications

C.

input sanitization

D.

using a Linux operating system

Buy Now
Questions 33

Which event is a vishing attack?

Options:

A.

obtaining disposed documents from an organization

B.

using a vulnerability scanner on a corporate network

C.

setting up a rogue access point near a public hotspot

D.

impersonating a tech support agent during a phone call

Buy Now
Questions 34

Refer to the exhibit.

What information is depicted?

Options:

A.

IIS data

B.

NetFlow data

C.

network discovery event

D.

IPS event data

Buy Now
Questions 35

How can TOR impact data visibility inside an organization?

Options:

A.

increases data integrity

B.

increases security

C.

decreases visibility

D.

no impact

Buy Now
Questions 36

What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?

Options:

A.

TAPS interrogation is more complex because traffic mirroring applies additional tags to data and SPAN does not alter integrity and provides full duplex network.

B.

SPAN results in more efficient traffic analysis, and TAPS is considerably slower due to latency caused by mirroring.

C.

TAPS replicates the traffic to preserve integrity, and SPAN modifies packets before sending them to other analysis tools

D.

SPAN ports filter out physical layer errors, making some types of analyses more difficult, and TAPS receives all packets, including physical errors.

Buy Now
Questions 37

An engineer is working on a ticket for an incident from the incident management team A week ago. an external web application was targeted by a DDoS attack Server resources were exhausted and after two hours it crashed. An engineer was able to identify the attacker and technique used Three hours after the attack, the server was restored and the engineer recommended implementing mitigation by Blackhole filtering and transferred the incident ticket back to the IR team According to NIST SP800-61, at which phase of the incident response did the engineer finish work?

Options:

A.

preparation

B.

post-incident activity

C.

containment eradication and recovery

D.

detection and analysis

Buy Now
Questions 38

What are the two differences between stateful and deep packet inspection? (Choose two )

Options:

A.

Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports

B.

Deep packet inspection is capable of malware blocking, and stateful inspection is not

C.

Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates on Layer 3 of the OSI model

D.

Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.

E.

Stateful inspection is capable of packet data inspections, and deep packet inspection is not

Buy Now
Questions 39

What is the impact of encryption?

Options:

A.

Confidentiality of the data is kept secure and permissions are validated

B.

Data is accessible and available to permitted individuals

C.

Data is unaltered and its integrity is preserved

D.

Data is secure and unreadable without decrypting it

Buy Now
Questions 40

Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

Options:

A.

indirect evidence

B.

best evidence

C.

corroborative evidence

D.

direct evidence

Buy Now
Questions 41

A company encountered a breach on its web servers using IIS 7 5 Dunng the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1 2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters. Which action does the engineer recommend?

Options:

A.

Upgrade to TLS v1 3.

B.

Install the latest IIS version.

C.

Downgrade to TLS 1.1.

D.

Deploy an intrusion detection system

Buy Now
Questions 42

A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?

Options:

A.

total throughput on the interface of the router and NetFlow records

B.

output of routing protocol authentication failures and ports used

C.

running processes on the applications and their total network usage

D.

deep packet captures of each application flow and duration

Buy Now
Questions 43

What is a purpose of a vulnerability management framework?

Options:

A.

identifies, removes, and mitigates system vulnerabilities

B.

detects and removes vulnerabilities in source code

C.

conducts vulnerability scans on the network

D.

manages a list of reported vulnerabilities

Buy Now
Questions 44

What describes the defense-m-depth principle?

Options:

A.

defining precise guidelines for new workstation installations

B.

categorizing critical assets within the organization

C.

isolating guest Wi-Fi from the focal network

D.

implementing alerts for unexpected asset malfunctions

Buy Now
Questions 45

Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

Options:

A.

syslog messages

B.

full packet capture

C.

NetFlow

D.

firewall event logs

Buy Now
Questions 46

What is the function of a command and control server?

Options:

A.

It enumerates open ports on a network device

B.

It drops secondary payload into malware

C.

It is used to regain control of the network after a compromise

D.

It sends instruction to a compromised system

Buy Now
Questions 47

Which system monitors local system operation and local network access for violations of a security policy?

Options:

A.

host-based intrusion detection

B.

systems-based sandboxing

C.

host-based firewall

D.

antivirus

Buy Now
Questions 48

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

Options:

A.

data from a CD copied using Mac-based system

B.

data from a CD copied using Linux system

C.

data from a DVD copied using Windows system

D.

data from a CD copied using Windows

Buy Now
Questions 49

Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

Options:

A.

Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.

B.

Host 152.46.6.91 is being identified as a watchlist country for data transfer.

C.

Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.

D.

Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Buy Now
Questions 50

Which vulnerability type is used to read, write, or erase information from a database?

Options:

A.

cross-site scripting

B.

cross-site request forgery

C.

buffer overflow

D.

SQL injection

Buy Now
Questions 51

What is the impact of false positive alerts on business compared to true positive?

Options:

A.

True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.

B.

True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks Identified as harmless.

C.

False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.

D.

False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.

Buy Now
Questions 52

An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmatware2022-12-22.pcaps file. The engineer is trying to open the tcpdump in the Wireshark tool. What is the expected result?

Options:

A.

The tool does not support Linux.

B.

The file is opened.

C.

The file has an incorrect extension.

D.

The file does not support the"-" character.

Buy Now
Questions 53

Refer to the exhibit.

200-201 Question 53

Which attack is being attempted against a web application?

Options:

A.

SQL injection

B.

man-in-the-middle

C.

command injection

D.

denial of service

Buy Now
Questions 54

An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?

Options:

A.

digital certificates

B.

static IP addresses

C.

signatures

D.

cipher suite

Buy Now
Questions 55

What is the difference between vulnerability and risk?

Options:

A.

A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.

B.

A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself

C.

A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.

D.

A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit

Buy Now
Questions 56

What is sliding window anomaly detection?

Options:

A.

Detect changes in operations and management processes.

B.

Identify uncommon patterns that do not fit usual behavior.

C.

Define response times for requests for owned applications.

D.

Apply lowest privilege/permission level to software

Buy Now
Questions 57

A system administrator is ensuring that specific registry information is accurate.

Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

Options:

A.

file extension associations

B.

hardware, software, and security settings for the system

C.

currently logged in users, including folders and control panel settings

D.

all users on the system, including visual settings

Buy Now
Questions 58

At which layer is deep packet inspection investigated on a firewall?

Options:

A.

internet

B.

transport

C.

application

D.

data link

Buy Now
Questions 59

A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)

Options:

A.

Isolate affected endpoints and take disk images for analysis

B.

Provide security awareness training to HR managers and employees

C.

Block connection to this C&C server on the perimeter next-generation firewall

D.

Update antivirus signature databases on affected endpoints to block connections to C&C

E.

Detect the attack vector and analyze C&C connections

Buy Now
Questions 60

According to CVSS, what is a description of the attack vector score?

Options:

A.

The metric score will be larger when it is easier to physically touch or manipulate the vulnerable component

B.

It depends on how many physical and logical manipulations are possible on a vulnerable component

C.

The metric score will be larger when a remote attack is more likely.

D.

It depends on how far away the attacker is located and the vulnerable component

Buy Now
Questions 61

Drag and drop the security concept from the left onto the example of that concept on the right.

Options:

Buy Now
Questions 62

Which piece of information is needed for attribution in an investigation?

Options:

A.

proxy logs showing the source RFC 1918 IP addresses

B.

RDP allowed from the Internet

C.

known threat actor behavior

D.

802.1x RADIUS authentication pass arid fail logs

Buy Now
Questions 63

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

Options:

A.

weaponization

B.

delivery

C.

exploitation

D.

reconnaissance

Buy Now
Questions 64

How does statistical detection differ from rule-based detection?

Options:

A.

Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.

B.

Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules

C.

Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function Rule-based detection defines

D.

legitimate data over a period of time, and statistical detection works on a predefined set of rules

Buy Now
Questions 65

Drag and drop the elements from the left into the correct order for incident handling on the right.

Options:

Buy Now
Questions 66

A security engineer must protect the company from known issues that trigger adware. Recently new incident has been raised that could harm the system. Which security concepts are present in this scenario?

Options:

A.

exploit and patching

B.

risk and evidence

C.

analysis and remediation

D.

vulnerability and threat

Buy Now
Questions 67

In a SOC environment, what is a vulnerability management metric?

Options:

A.

code signing enforcement

B.

full assets scan

C.

internet exposed devices

D.

single factor authentication

Buy Now
Questions 68

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

Options:

A.

decision making

B.

rapid response

C.

data mining

D.

due diligence

Buy Now
Questions 69

How is SQL injection prevented?

Options:

A.

Address space layout randomization

B.

Validate and sanitize user input

C.

...in the web server as a nonprivileged user

D.

...cost profiling

Buy Now
Questions 70

What is the impact of false positive alerts on business compared to true positive?

Options:

A.

True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

B.

True positive alerts are blocked by mistake as potential attacks affecting application availability.

C.

False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

D.

False positive alerts are blocked by mistake as potential attacks affecting application availability.

Buy Now
Questions 71

What is an attack surface as compared to a vulnerability?

Options:

A.

any potential danger to an asset

B.

the sum of all paths for data into and out of the environment

C.

an exploitable weakness in a system or its design

D.

the individuals who perform an attack

Buy Now
Questions 72

Which evasion technique is a function of ransomware?

Options:

A.

extended sleep calls

B.

encryption

C.

resource exhaustion

D.

encoding

Buy Now
Questions 73

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

Options:

A.

application identification number

B.

active process identification number

C.

runtime identification number

D.

process identification number

Buy Now
Questions 74

Refer to the exhibit.

What should be interpreted from this packet capture?

Options:

A.

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

B.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

C.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

D.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Buy Now
Questions 75

Refer to the exhibit.

Which stakeholders must be involved when a company workstation is compromised?

Options:

A.

Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7

B.

Employee 1, Employee 2, Employee 4, Employee 5

C.

Employee 4, Employee 6, Employee 7

D.

Employee 2, Employee 3, Employee 4, Employee 5

Buy Now
Questions 76

Which two measures are used by the defense-m-depth strategy? (Choose two)

Options:

A.

Bridge the single connection into multiple.

B.

Divide the network into parts

C.

Split packets into pieces.

D.

Reduce the load on network devices.

E.

Implement the patch management process

Buy Now
Questions 77

Drag and drop the access control models from the left onto the correct descriptions on the right.

Options:

Buy Now
Questions 78

What is threat hunting?

Options:

A.

Managing a vulnerability assessment report to mitigate potential threats.

B.

Focusing on proactively detecting possible signs of intrusion and compromise.

C.

Pursuing competitors and adversaries to infiltrate their system to acquire intelligence data.

D.

Attempting to deliberately disrupt servers by altering their availability

Buy Now
Questions 79

Refer to the exhibit.

An attacker gained initial access to the company s network and ran an Nmap scan to advance with the lateral movement technique and to search the sensitive data Which two elements can an attacker identify from the scan? (Choose two.)

Options:

A.

workload and the configuration details

B.

user accounts and SID

C.

number of users and requests that the server is handling

D.

functionality and purpose of the server

E.

running services

Buy Now
Questions 80

A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:

    If the process is unsuccessful, a negative value is returned.

    If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.

Which component results from this operation?

Options:

A.

parent directory name of a file pathname

B.

process spawn scheduled

C.

macros for managing CPU sets

D.

new process created by parent process

Buy Now
Questions 81

Refer to the exhibit.

An engineer received an event log file to review. Which technology generated the log?

Options:

A.

NetFlow

B.

proxy

C.

firewall

D.

IDS/IPS

Buy Now
Questions 82

Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?

Options:

A.

src=10.11.0.0/16 and dst=10.11.0.0/16

B.

ip.src==10.11.0.0/16 and ip.dst==10.11.0.0/16

C.

ip.src=10.11.0.0/16 and ip.dst=10.11.0.0/16

D.

src==10.11.0.0/16 and dst==10.11.0.0/16

Buy Now
Questions 83

Drag and drop the event term from the left onto the description on the right.

Options:

Buy Now
Questions 84

Refer to the exhibit.

A company employee is connecting to mail google.com from an endpoint device. The website is loaded but with an error. What is occurring?

Options:

A.

DNS hijacking attack

B.

Endpoint local time is invalid.

C.

Certificate is not in trusted roots.

D.

man-m-the-middle attack

Buy Now
Questions 85

What are two denial-of-service (DoS) attacks? (Choose two)

Options:

A.

port scan

B.

SYN flood

C.

man-in-the-middle

D.

phishing

E.

teardrop

Buy Now
Questions 86

An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

Options:

A.

The computer has a HIPS installed on it.

B.

The computer has a NIPS installed on it.

C.

The computer has a HIDS installed on it.

D.

The computer has a NIDS installed on it.

Buy Now
Questions 87

Which evasion method involves performing actions slower than normal to prevent detection?

Options:

A.

timing attack

B.

traffic fragmentation

C.

resource exhaustion

D.

tunneling

Buy Now
Questions 88

What is the difference between a threat and an exploit?

Options:

A.

A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.

B.

A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset

C.

An exploit is an attack vector, and a threat is a potential path the attack must go through.

D.

An exploit is an attack path, and a threat represents a potential vulnerability

Buy Now
Questions 89

What is a benefit of using asymmetric cryptography?

Options:

A.

decrypts data with one key

B.

fast data transfer

C.

secure data transfer

D.

encrypts data with one key

Buy Now
Questions 90

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Options:

A.

reconnaissance

B.

delivery

C.

action on objectives

D.

weaponization

Buy Now
Questions 91

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

200-201 Question 91

Options:

Buy Now
Questions 92

What does the Zero Trust security model signify?

Options:

A.

Zero Trust security means that no one is trusted by default from inside or outside the network

B.

Zero Trust states that no users should be given enough privileges to misuse the system on their own

C.

Zero Trust addresses access control and states that an individual should have only the minimum access privileges necessary to perform specific tasks

D.

Zero Trust states that unless a subject is given explicit access to an object, it should be denied access to that object

Buy Now
Questions 93

Which attack represents the evasion technique of resource exhaustion?

Options:

A.

SQL injection

B.

man-in-the-middle

C.

bluesnarfing

D.

denial-of-service

Buy Now
Questions 94

The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

Options:

A.

Isolate the infected endpoint from the network.

B.

Perform forensics analysis on the infected endpoint.

C.

Collect public information on the malware behavior.

D.

Prioritize incident handling based on the impact.

Buy Now
Questions 95

A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?

Options:

A.

the intellectual property that was stolen

B.

the defense contractor who stored the intellectual property

C.

the method used to conduct the attack

D.

the foreign government that conducted the attack

Buy Now
Questions 96

What is the relationship between a vulnerability and a threat?

Options:

A.

A threat exploits a vulnerability

B.

A vulnerability is a calculation of the potential loss caused by a threat

C.

A vulnerability exploits a threat

D.

A threat is a calculation of the potential loss caused by a vulnerability

Buy Now
Questions 97

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options:

A.

Win32.polip.a.exe is an executable file and should be flagged as malicious.

B.

The file is clean and does not represent a risk.

C.

Cuckoo cleaned the malicious file and prepared it for usage.

D.

MD5 of the file was not identified as malicious.

Buy Now
Questions 98

Refer to the exhibit. An attacker scanned the server using Nmap. What did the attacker obtain from this scan?

Options:

A.

Identified a firewall device preventing the pert state from being returned.

B.

Identified open SMB ports on the server

C.

Gathered information on processes running on the server

D.

Gathered a list of Active Directory users

Buy Now
Questions 99

Which two elements are used for profiling a network? (Choose two.)

Options:

A.

session duration

B.

total throughput

C.

running processes

D.

listening ports

E.

OS fingerprint

Buy Now
Exam Code: 200-201
Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Last Update: Mar 29, 2025
Questions: 375

PDF + Testing Engine

$61.25  $174.99

Testing Engine

$47.25  $134.99
buy now 200-201 testing engine

PDF (Q&A)

$40.25  $114.99
buy now 200-201 pdf