New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Questions and Answers

Questions 4

Refer to the exhibit.

Which event is occurring?

Options:

A.

A binary named "submit" is running on VM cuckoo1.

B.

A binary is being submitted to run on VM cuckoo1

C.

A binary on VM cuckoo1 is being submitted for evaluation

D.

A URL is being evaluated to see if it has a malicious binary

Buy Now
Questions 5

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options:

A.

Win32.polip.a.exe is an executable file and should be flagged as malicious.

B.

The file is clean and does not represent a risk.

C.

Cuckoo cleaned the malicious file and prepared it for usage.

D.

MD5 of the file was not identified as malicious.

Buy Now
Questions 6

Refer to the exhibit.

An attacker scanned the server using Nmap.

What did the attacker obtain from this scan?

Options:

A.

Identified a firewall device preventing the port state from being returned

B.

Identified open SMB ports on the server

C.

Gathered information on processes running on the server

D.

Gathered a list of Active Directory users.

Buy Now
Questions 7

A system administrator is ensuring that specific registry information is accurate.

Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

Options:

A.

file extension associations

B.

hardware, software, and security settings for the system

C.

currently logged in users, including folders and control panel settings

D.

all users on the system, including visual settings

Buy Now
Questions 8

Which type of data must an engineer capture to analyze payload and header information?

Options:

A.

frame check sequence

B.

alert data

C.

full packet

D.

session logs

Buy Now
Questions 9

The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

Options:

A.

Isolate the infected endpoint from the network.

B.

Perform forensics analysis on the infected endpoint.

C.

Collect public information on the malware behavior.

D.

Prioritize incident handling based on the impact.

Buy Now
Questions 10

Which regular expression is needed to capture the IP address 192.168.20.232?

Options:

A.

^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}

B.

^ (?:[0-9]f1,3}\.){1,4}

C.

^ (?:[0-9]{1,3}\.)'

D.

^ ([0-9]-{3})

Buy Now
Questions 11

Refer to the exhibit.

What is depicted in the exhibit?

Options:

A.

Windows Event logs

B.

Apache logs

C.

IIS logs

D.

UNIX-based syslog

Buy Now
Questions 12

Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?

Options:

A.

AWS

B.

IIS

C.

Load balancer

D.

Proxy server

Buy Now
Questions 13

What is obtained using NetFlow?

Options:

A.

session data

B.

application logs

C.

network downtime report

D.

full packet capture

Buy Now
Questions 14

When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

Options:

A.

full packet capture

B.

NetFlow data

C.

session data

D.

firewall logs

Buy Now
Questions 15

The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

Options:

A.

Isolate the infected endpoint from the network.

B.

Perform forensics analysis on the infected endpoint.

C.

Collect public information on the malware behavior.

D.

Prioritize incident handling based on the impact.

Buy Now
Questions 16

Which attack method intercepts traffic on a switched network?

Options:

A.

denial of service

B.

ARP cache poisoning

C.

DHCP snooping

D.

command and control

Buy Now
Questions 17

Which security model assumes an attacker within and outside of the network and enforces strict verification before connecting to any system or resource within the organization?

Options:

A.

Biba

B.

Object-capability

C.

Take-Grant

D.

Zero Trust

Buy Now
Questions 18

What is a description of a social engineering attack?

Options:

A.

fake offer for free music download to trick the user into providing sensitive data

B.

package deliberately sent to the wrong receiver to advertise a new product

C.

mistakenly received valuable order destined for another person and hidden on purpose

D.

email offering last-minute deals on various vacations around the world with a due date and a counter

Buy Now
Questions 19

A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.

Which technology should be used to accomplish this task?

Options:

A.

application whitelisting/blacklisting

B.

network NGFW

C.

host-based IDS

D.

antivirus/antispyware software

Buy Now
Questions 20

An engineer configured regular expression “.”\.(pd][Oo][Cc)|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1 .[01]" on Cisco ASA firewall. What does this regular expression do?

Options:

A.

It captures documents in an HTTP network session.

B.

It captures .doc, .xls, and .pdf files in HTTP v1.0 and v1.1.

C.

It captures .doc, .xls, and .ppt files extensions in HTTP v1.0.

D.

It captures Word, Excel, and PowerPoint files in HTTPv1.0 and v1.1.

Buy Now
Questions 21

Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

Options:

A.

syslog messages

B.

full packet capture

C.

NetFlow

D.

firewall event logs

Buy Now
Questions 22

What is a difference between signature-based and behavior-based detection?

Options:

A.

Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.

B.

Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.

C.

Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.

D.

Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Buy Now
Questions 23

Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

Options:

A.

Hypertext Transfer Protocol

B.

SSL Certificate

C.

Tunneling

D.

VPN

Buy Now
Questions 24

Which of these describes SOC metrics in relation to security incidents?

Options:

A.

time it takes to detect the incident

B.

time it takes to assess the risks of the incident

C.

probability of outage caused by the incident

D.

probability of compromise and impact caused by the incident

Buy Now
Questions 25

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

Options:

A.

detection and analysis

B.

post-incident activity

C.

vulnerability management

D.

risk assessment

E.

vulnerability scoring

Buy Now
Questions 26

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

Options:

A.

confidentiality, identity, and authorization

B.

confidentiality, integrity, and authorization

C.

confidentiality, identity, and availability

D.

confidentiality, integrity, and availability

Buy Now
Questions 27

What is the virtual address space for a Windows process?

Options:

A.

physical location of an object in memory

B.

set of pages that reside in the physical memory

C.

system-level memory protection feature built into the operating system

D.

set of virtual memory addresses that can be used

Buy Now
Questions 28

What is an attack surface as compared to a vulnerability?

Options:

A.

any potential danger to an asset

B.

the sum of all paths for data into and out of the environment

C.

an exploitable weakness in a system or its design

D.

the individuals who perform an attack

Buy Now
Questions 29

Refer to the exhibit.

What is occurring?

Options:

A.

Cross-Site Scripting attack

B.

XML External Entitles attack

C.

Insecure Deserialization

D.

Regular GET requests

Buy Now
Questions 30

What are two denial-of-service (DoS) attacks? (Choose two)

Options:

A.

port scan

B.

SYN flood

C.

man-in-the-middle

D.

phishing

E.

teardrop

Buy Now
Questions 31

What is a description of a social engineering attack?

Options:

A.

fake offer for free music download to trick the user into providing sensitive data

B.

package deliberately sent to the wrong receiver to advertise a new product

C.

mistakenly received valuable order destined for another person and hidden on purpose

D.

email offering last-minute deals on various vacations around the world with a due date and a counter

Buy Now
Questions 32

Endpoint logs indicate that a machine has obtained an unusual gateway address and unusual DNS servers via DHCP Which type of attack is occurring?

Options:

A.

command injection

B.

man in the middle attack

C.

evasion methods

D.

phishing

Buy Now
Questions 33

Refer to the exhibit.

During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?

Options:

A.

antivirus

B.

proxy

C.

IDS/IPS

D.

firewall

Buy Now
Questions 34

Refer to the exhibit.

An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server Which display filters should the analyst use to filter the FTP traffic?

Options:

A.

dstport == FTP

B.

tcp.port==21

C.

tcpport = FTP

D.

dstport = 21

Buy Now
Questions 35

An engineer is investigating a case of the unauthorized usage of the “Tcpdump” tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?

Options:

A.

tagged protocols being used on the network

B.

all firewall alerts and resulting mitigations

C.

tagged ports being used on the network

D.

all information and data within the datagram

Buy Now
Questions 36

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

Options:

A.

resource exhaustion

B.

tunneling

C.

traffic fragmentation

D.

timing attack

Buy Now
Questions 37

An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

Options:

A.

social engineering

B.

eavesdropping

C.

piggybacking

D.

tailgating

Buy Now
Questions 38

At a company party a guest asks questions about the company’s user account format and password complexity. How is this type of conversation classified?

Options:

A.

Phishing attack

B.

Password Revelation Strategy

C.

Piggybacking

D.

Social Engineering

Buy Now
Questions 39

Which data type is necessary to get information about source/destination ports?

Options:

A.

statistical data

B.

session data

C.

connectivity data

D.

alert data

Buy Now
Questions 40

What is the purpose of command and control for network-aware malware?

Options:

A.

It contacts a remote server for commands and updates

B.

It takes over the user account for analysis

C.

It controls and shuts down services on the infected host.

D.

It helps the malware to profile the host

Buy Now
Questions 41

What is the difference between deep packet inspection and stateful inspection?

Options:

A.

Deep packet inspection is more secure than stateful inspection on Layer 4

B.

Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7

C.

Stateful inspection is more secure than deep packet inspection on Layer 7

D.

Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

Buy Now
Questions 42

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

Options:

A.

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

B.

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

C.

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

D.

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Buy Now
Questions 43

Refer to the exhibit.

A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?

Options:

A.

employee 5

B.

employee 3

C.

employee 4

D.

employee 2

Buy Now
Questions 44

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

Options:

A.

company assets that are threatened

B.

customer assets that are threatened

C.

perpetrators of the attack

D.

victims of the attack

Buy Now
Questions 45

Which event is a vishing attack?

Options:

A.

obtaining disposed documents from an organization

B.

using a vulnerability scanner on a corporate network

C.

setting up a rogue access point near a public hotspot

D.

impersonating a tech support agent during a phone call

Buy Now
Questions 46

What is the difference between vulnerability and risk?

Options:

A.

A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.

B.

A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself

C.

A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.

D.

A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit

Buy Now
Questions 47

How does statistical detection differ from rule-based detection?

Options:

A.

Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.

B.

Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules

C.

Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function Rule-based detection defines

D.

legitimate data over a period of time, and statistical detection works on a predefined set of rules

Buy Now
Questions 48

Which event artifact is used to identify HTTP GET requests for a specific file?

Options:

A.

destination IP address

B.

TCP ACK

C.

HTTP status code

D.

URI

Buy Now
Questions 49

Why is encryption challenging to security monitoring?

Options:

A.

Encryption analysis is used by attackers to monitor VPN tunnels.

B.

Encryption is used by threat actors as a method of evasion and obfuscation.

C.

Encryption introduces additional processing requirements by the CPU.

D.

Encryption introduces larger packet sizes to analyze and store.

Buy Now
Questions 50

Which type of evidence supports a theory or an assumption that results from initial evidence?

Options:

A.

probabilistic

B.

indirect

C.

best

D.

corroborative

Buy Now
Questions 51

What are two denial of service attacks? (Choose two.)

Options:

A.

MITM

B.

TCP connections

C.

ping of death

D.

UDP flooding

E.

code red

Buy Now
Questions 52

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Options:

A.

Untampered images are used in the security investigation process

B.

Tampered images are used in the security investigation process

C.

The image is tampered if the stored hash and the computed hash match

D.

Tampered images are used in the incident recovery process

E.

The image is untampered if the stored hash and the computed hash match

Buy Now
Questions 53

Refer to the exhibit.

Which kind of attack method is depicted in this string?

Options:

A.

cross-site scripting

B.

man-in-the-middle

C.

SQL injection

D.

denial of service

Buy Now
Questions 54

Refer to the exhibit.

What is occurring in this network traffic?

Options:

A.

High rate of SYN packets being sent from a multiple source towards a single destination IP.

B.

High rate of ACK packets being sent from a single source IP towards multiple destination IPs.

C.

Flood of ACK packets coming from a single source IP to multiple destination IPs.

D.

Flood of SYN packets coming from a single source IP to a single destination IP.

Buy Now
Questions 55

Which tool provides a full packet capture from network traffic?

Options:

A.

Nagios

B.

CAINE

C.

Hydra

D.

Wireshark

Buy Now
Questions 56

How is attacking a vulnerability categorized?

Options:

A.

action on objectives

B.

delivery

C.

exploitation

D.

installation

Buy Now
Questions 57

What ate two categories of DDoS attacks? (Choose two.)

Options:

A.

split brain

B.

scanning

C.

phishing

D.

reflected

E.

direct

Buy Now
Questions 58

Refer to the exhibit.

Which component is identifiable in this exhibit?

Options:

A.

Trusted Root Certificate store on the local machine

B.

Windows PowerShell verb

C.

Windows Registry hive

D.

local service in the Windows Services Manager

Buy Now
Questions 59

An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data. Which two types of data must be identified'? (Choose two.)

Options:

A.

SOX

B.

PII

C.

PHI

D.

PCI

E.

copyright

Buy Now
Questions 60

Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

Options:

A.

A policy violation is active for host 10.10.101.24.

B.

A host on the network is sending a DDoS attack to another inside host.

C.

There are two active data exfiltration alerts.

D.

A policy violation is active for host 10.201.3.149.

Buy Now
Questions 61

What is personally identifiable information that must be safeguarded from unauthorized access?

Options:

A.

date of birth

B.

driver's license number

C.

gender

D.

zip code

Buy Now
Questions 62

An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

Options:

A.

management and reporting

B.

traffic filtering

C.

adaptive AVC

D.

metrics collection and exporting

E.

application recognition

Buy Now
Questions 63

What is a difference between inline traffic interrogation and traffic mirroring?

Options:

A.

Inline inspection acts on the original traffic data flow

B.

Traffic mirroring passes live traffic to a tool for blocking

C.

Traffic mirroring inspects live traffic for analysis and mitigation

D.

Inline traffic copies packets for analysis and security

Buy Now
Questions 64

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

Options:

A.

examination

B.

investigation

C.

collection

D.

reporting

Buy Now
Questions 65

Which process is used when IPS events are removed to improve data integrity?

Options:

A.

data availability

B.

data normalization

C.

data signature

D.

data protection

Buy Now
Questions 66

Refer to the exhibit.

An engineer received an event log file to review. Which technology generated the log?

Options:

A.

NetFlow

B.

proxy

C.

firewall

D.

IDS/IPS

Buy Now
Questions 67

What is a collection of compromised machines that attackers use to carry out a DDoS attack?

Options:

A.

subnet

B.

botnet

C.

VLAN

D.

command and control

Buy Now
Questions 68

According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim's workstations using RDP exploits Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?

Options:

A.

malware attack

B.

ransomware attack

C.

whale-phishing

D.

insider threat

Buy Now
Questions 69

Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

Options:

Buy Now
Questions 70

What are the two characteristics of the full packet captures? (Choose two.)

Options:

A.

Identifying network loops and collision domains.

B.

Troubleshooting the cause of security and performance issues.

C.

Reassembling fragmented traffic from raw data.

D.

Detecting common hardware faults and identify faulty assets.

E.

Providing a historical record of a network transaction.

Buy Now
Questions 71

A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

Options:

A.

installation

B.

reconnaissance

C.

weaponization

D.

delivery

Buy Now
Questions 72

What is a sandbox interprocess communication service?

Options:

A.

A collection of rules within the sandbox that prevent the communication between sandboxes.

B.

A collection of network services that are activated on an interface, allowing for inter-port communication.

C.

A collection of interfaces that allow for coordination of activities among processes.

D.

A collection of host services that allow for communication between sandboxes.

Buy Now
Questions 73

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?

Options:

A.

TCP injection

B.

misconfiguration of a web filter

C.

Failure of the full packet capture solution

D.

insufficient network resources

Buy Now
Questions 74

How does certificate authority impact a security system?

Options:

A.

It authenticates client identity when requesting SSL certificate

B.

It validates domain identity of a SSL certificate

C.

It authenticates domain identity when requesting SSL certificate

D.

It validates client identity when communicating with the server

Buy Now
Questions 75

Which type of data is used to detect anomalies in the network?

Options:

A.

statistical data

B.

alert data

C.

transaction data

D.

metadata

Buy Now
Questions 76

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

Options:

A.

The threat actor used a dictionary-based password attack to obtain credentials.

B.

The threat actor gained access to the system by known credentials.

C.

The threat actor used the teardrop technique to confuse and crash login services.

D.

The threat actor used an unknown vulnerability of the operating system that went undetected.

Buy Now
Questions 77

An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

Options:

A.

Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.

B.

Run "ps -u" to find out who executed additional processes that caused a high load on a server.

C.

Run "ps -ef" to understand which processes are taking a high amount of resources.

D.

Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.

Buy Now
Questions 78

Why should an engineer use a full packet capture to investigate a security breach?

Options:

A.

It captures the TCP flags set within each packet for the engineer to focus on suspicious packets to identify malicious activity

B.

It collects metadata for the engineer to analyze, including IP traffic packet data that is sorted, parsed, and indexed.

C.

It provides the full TCP streams for the engineer to follow the metadata to identify the incoming threat.

D.

It reconstructs the event allowing the engineer to identify the root cause by seeing what took place during the breach

Buy Now
Questions 79

Refer to the exhibit. Where is the executable file?

Options:

A.

info

B.

tags

C.

MIME

D.

name

Buy Now
Questions 80

What is the communication channel established from a compromised machine back to the attacker?

Options:

A.

man-in-the-middle

B.

IDS evasion

C.

command and control

D.

port scanning

Buy Now
Questions 81

Which action prevents buffer overflow attacks?

Options:

A.

variable randomization

B.

using web based applications

C.

input sanitization

D.

using a Linux operating system

Buy Now
Questions 82

A cyberattacker notices a security flaw in a software that a company is using They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software To which category of the Cyber Kill Cham model does this event belong?

Options:

A.

reconnaissance

B.

delivery

C.

weaponization

D.

exploitation

Buy Now
Questions 83

A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

Options:

A.

post-incident activity

B.

detection and analysis

C.

preparation

D.

containment, eradication, and recovery

Buy Now
Questions 84

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

Options:

A.

context

B.

session

C.

laptop

D.

firewall logs

E.

threat actor

Buy Now
Questions 85

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

Options:

A.

reconnaissance

B.

action on objectives

C.

installation

D.

exploitation

Buy Now
Questions 86

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

Options:

A.

detection and analysis

B.

post-incident activity

C.

vulnerability management

D.

risk assessment

E.

vulnerability scoring

Buy Now
Questions 87

Refer to the exhibit.

Which stakeholders must be involved when a company workstation is compromised?

Options:

A.

Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7

B.

Employee 1, Employee 2, Employee 4, Employee 5

C.

Employee 4, Employee 6, Employee 7

D.

Employee 2, Employee 3, Employee 4, Employee 5

Buy Now
Questions 88

What are two social engineering techniques? (Choose two.)

Options:

A.

privilege escalation

B.

DDoS attack

C.

phishing

D.

man-in-the-middle

E.

pharming

Buy Now
Questions 89

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

Options:

A.

application identification number

B.

active process identification number

C.

runtime identification number

D.

process identification number

Buy Now
Questions 90

Which action matches the weaponization step of the Cyber Kill Chain model?

Options:

A.

Scan a host to find open ports and vulnerabilities

B.

Construct the appropriate malware and deliver it to the victim.

C.

Test and construct the appropriate malware to launch the attack

D.

Research data on a specific vulnerability

Buy Now
Questions 91

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

Options:

A.

decision making

B.

rapid response

C.

data mining

D.

due diligence

Buy Now
Questions 92

An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

Options:

A.

queries Linux devices that have Microsoft Services for Linux installed

B.

deploys Windows Operating Systems in an automated fashion

C.

is an efficient tool for working with Active Directory

D.

has a Common Information Model, which describes installed hardware and software

Buy Now
Questions 93

What is the difference between a threat and an exploit?

Options:

A.

A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.

B.

A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset

C.

An exploit is an attack vector, and a threat is a potential path the attack must go through.

D.

An exploit is an attack path, and a threat represents a potential vulnerability

Buy Now
Questions 94

Which information must an organization use to understand the threats currently targeting the organization?

Options:

A.

threat intelligence

B.

risk scores

C.

vendor suggestions

D.

vulnerability exposure

Buy Now
Questions 95

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

Options:

Buy Now
Questions 96

What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?

Options:

A.

DAC requires explicit authorization for a given user on a given object, and RBAC requires specific conditions.

B.

RBAC access is granted when a user meets specific conditions, and in DAC, permissions are applied on user and group levels.

C.

RBAC is an extended version of DAC where you can add an extra level of authorization based on time.

D.

DAC administrators pass privileges to users and groups, and in RBAC, permissions are applied to specific groups

Buy Now
Questions 97

An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario'?

Options:

A.

X 509 certificates

B.

RADIUS server

C.

CA server

D.

web application firewall

Buy Now
Questions 98

What is the difference between the ACK flag and the RST flag?

Options:

A.

The RST flag approves the connection, and the ACK flag terminates spontaneous connections.

B.

The ACK flag confirms the received segment, and the RST flag terminates the connection.

C.

The RST flag approves the connection, and the ACK flag indicates that a packet needs to be resent

D.

The ACK flag marks the connection as reliable, and the RST flag indicates the failure within TCP Handshake

Buy Now
Questions 99

Refer to exhibit.

An analyst performs the analysis of the pcap file to detect the suspicious activity. What challenges did the analyst face in terms of data visibility?

Options:

A.

data encapsulation

B.

IP fragmentation

C.

code obfuscation

D.

data encryption

Buy Now
Exam Code: 200-201
Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Last Update: Dec 22, 2024
Questions: 331

PDF + Testing Engine

$144.99

Testing Engine

$109.99

PDF (Q&A)

$94.99