Cisco CyberOps Associat CBROPS 200-201 Test Questions

The Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) exam is a 120-minute assessment that is associated with the Cisco Certified CyberOps Associate certification. The CBROPS exam tests a candidate’s knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures.

In order to pass the Cisco 200-201 exam, selecting the appropriate training tools is very necessary. And the Cisco CyberOps Associat CBROPS 200-201 Test Questions is a very important part. PassQuestion can provide valid materials to pass the Cisco 200-201 exam. The IT experts in PassQuestion are all have strength and experience. Their Cisco CyberOps Associat CBROPS 200-201 Test Questions are very similar with the real exam questions. PassQuestion is a site that provide the Cisco CyberOps Associat CBROPS 200-201 Test Questions to the people who want to take the exam. And we can help the candidates to pass the exam effectively.

Cisco CyberOps Associat CBROPS 200-201 Test Questions

1. While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

encapsulation

TOR

tunneling

NAT

2. When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

server name, trusted subordinate CA, and private key

trusted subordinate CA, public key, and cipher suites

trusted CA name, cipher suites, and private key

server name, trusted CA, and public key

3. A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.

Which type of evidence is this?

best evidence

prima facie evidence

indirect evidence

physical evidence

4. Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

detection and analysis

post-incident activity

vulnerability management

risk assessment

vulnerability scoring

5. Which utility blocks a host portscan?

HIDS

sandboxing

host-based firewall

antimalware

6. Which event is user interaction?

gaining root access

executing remote code

reading and writing file permission

opening a malicious file

7. An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

social engineering

eavesdropping

piggybacking

tailgating

8. Refer to the exhibit.

What information is depicted?

IIS data

NetFlow data

network discovery event

IPS event data

9. Which type of evidence supports a theory or an assumption that results from initial evidence?

probabilistic

indirect

best

corroborative

10. Which two elements are assets in the role of attribution in an investigation? (Choose two.)

context

session

laptop

firewall logs

threat actor

11. Which regular expression matches “color” and “colour”?

colo?ur

col[0−8]+our

colou?r

col[0−9]+our

12. A user received a malicious attachment but did not run it.

Which category classifies the intrusion?

weaponization

reconnaissance

installation

delivery

13. Which process is used when IPS events are removed to improve data integrity?

data availability

data normalization

data signature

data protection

14. An investigator is examining a copy of an ISO file that is stored in CDFS format.

What type of evidence is this file?

data from a CD copied using Mac-based system

data from a CD copied using Linux system

data from a DVD copied using Windows system

data from a CD copied using Windows

15. Which piece of information is needed for attribution in an investigation?

proxy logs showing the source RFC 1918 IP addresses

RDP allowed from the Internet

known threat actor behavior

802.1x RADIUS authentication pass arid fail logs

16. Refer to the exhibit.

In which Linux log file is this output found?

/var/log/authorization.log

/var/log/dmesg

var/log/var.log

/var/log/auth.log

17. What is the difference between the ACK flag and the RST flag in the NetFlow log session?

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

18. An analyst is investigating an incident in a SOC environment.

Which method is used to identify a session from a group of logs?

sequence numbers

IP identifier

5-tuple

timestamps

19. Refer to the exhibit.

Which type of log is displayed?

proxy

NetFlow

IDS

sys

20. What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

Tapping interrogation replicates signals to a separate port for analyzing traffic

Tapping interrogations detect and block malicious traffic

Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

Inline interrogation detects malicious traffic but does not block the traffic

21. What are the two characteristics of the full packet captures? (Choose two.)

Identifying network loops and collision domains.

Troubleshooting the cause of security and performance issues.

Reassembling fragmented traffic from raw data.

Detecting common hardware faults and identify faulty assets.

Providing a historical record of a network transaction.

22. A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver.

Which event category is described?

reconnaissance

action on objectives

installation

exploitation

23. How is attacking a vulnerability categorized?

action on objectives

delivery

exploitation

installation

24. What is the difference between the ACK flag and the RST flag in the NetFlow log session?

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

25. Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

syslog messages

full packet capture

NetFlow

firewall event logs

26. An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

social engineering

eavesdropping

piggybacking

tailgating

27. Which security principle is violated by running all processes as root or administrator?

principle of least privilege

role-based access control

separation of duties

trusted computing base

28. Which access control model does SELinux use?

RBAC

DAC

MAC

ABAC

29. Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

open ports of a web server

open port of an FTP server

open ports of an email server

running processes of the server

30. DRAG DROP

Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

31. Refer to the exhibit.

What is occurring in this network traffic?

high rate of SYN packets being sent from a multiple source towards a single destination IP

high rate of SYN packets being sent from a single source IP towards multiple destination IPs

flood of ACK packets coming from a single source IP to multiple destination IPs

flood of SYN packets coming from a single source IP to a single destination IP

32. Why is encryption challenging to security monitoring?

Encryption analysis is used by attackers to monitor VPN tunnels.

Encryption is used by threat actors as a method of evasion and obfuscation.

Encryption introduces additional processing requirements by the CP

Encryption introduces larger packet sizes to analyze and store.

33. How is NetFlow different than traffic mirroring?

NetFlow collects metadata and traffic mirroring clones data

Traffic mirroring impacts switch performance and NetFlow does not

Traffic mirroring costs less to operate than NetFlow

NetFlow generates more data than traffic mirroring

34. Which event artifact is used to identify HTTP GET requests for a specific file?

destination IP address

URI

HTTP status code

TCP ACK

35. What is the difference between deep packet inspection and stateful inspection?

Deep packet inspection is more secure than stateful inspection on Layer 4

Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7

Stateful inspection is more secure than deep packet inspection on Layer 7

Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

36. A system administrator is ensuring that specific registry information is accurate.

Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

file extension associations

hardware, software, and security settings for the system

currently logged in users, including folders and control panel settings

all users on the system, including visual settings

37. Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?

SFlow

NetFlow

NFlow

IPFIX

38. What is a difference between inline traffic interrogation and traffic mirroring?

Inline inspection acts on the original traffic data flow

Traffic mirroring passes live traffic to a tool for blocking

Traffic mirroring inspects live traffic for analysis and mitigation

Inline traffic copies packets for analysis and security

39. Which regular expression matches "color" and "colour"?

colo?ur

col[08]+our

colou?r

col[09]+our

40. Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

decision making

rapid response

data mining

due diligence

41. An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

queries Linux devices that have Microsoft Services for Linux installed

deploys Windows Operating Systems in an automated fashion

is an efficient tool for working with Active Directory

has a Common Information Model, which describes installed hardware and software

42. Which two components reduce the attack surface on an endpoint? (Choose two.)

secure boot

load balancing

increased audit log levels

restricting USB ports

full packet captures at the endpoint

43. At which layer is deep packet inspection investigated on a firewall?

internet

transport

application

data link

44. Which event artifact is used to identity HTTP GET requests for a specific file?

destination IP address

TCP ACK

HTTP status code

URI

45. Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

CSIRT

PSIRT

public affairs

management

46. An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.

Which kind of evidence is this IP address?

best evidence

corroborative evidence

indirect evidence

forensic evidence

47. How does an SSL certificate impact security between the client and the server?

by enabling an authenticated channel between the client and the server

by creating an integrated channel between the client and the server

by enabling an authorized channel between the client and the server

by creating an encrypted channel between the client and the server

48. An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.

What is the initial event called in the NIST SP800-61?

online assault

precursor

trigger

instigator

49. What is the practice of giving an employee access to only the resources needed to accomplish their job?

principle of least privilege

organizational separation

separation of duties

need to know principle

50. DRAG DROP

Drag and drop the technology on the left onto the data type the technology provides on the right.

51. Which artifact is used to uniquely identify a detected file?

file timestamp

file extension

file size

file hash

52. What is an example of social engineering attacks?

receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company

receiving an email from human resources requesting a visit to their secure website to update contact information

sending a verbal request to an administrator who knows how to change an account password

receiving an invitation to the department’s weekly WebEx meeting

53. Refer to the exhibit.

Which type of log is displayed?

IDS

proxy

NetFlow

sys

54. In a SOC environment, what is a vulnerability management metric?

code signing enforcement

full assets scan

internet exposed devices

single factor authentication

55. Refer to the exhibit.

This request was sent to a web application server driven by a database.

Which type of web server attack is represented?

parameter manipulation

heap memory corruption

command injection

blind SQL injection

56. What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

Tapping interrogation replicates signals to a separate port for analyzing traffic

Tapping interrogations detect and block malicious traffic

Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

Inline interrogation detects malicious traffic but does not block the traffic

57. Which HTTP header field is used in forensics to identify the type of browser used?

referrer

host

user-agent

accept-language

58. Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.

Host 152.46.6.91 is being identified as a watchlist country for data transfer.

Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.

Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

59. The target web application server is running as the root user and is vulnerable to command injection.

Which result of a successful attack is true?

cross-site scripting

cross-site scripting request forgery

privilege escalation

buffer overflow

60. You have identified a malicious file in a sandbox analysis tool.

Which piece of file information from the analysis is needed to search for additional downloads of this file by other hosts?

file name

file hash value

file type

file size

Cisco CyberOps Associat CBROPS 200-201 Test Questions

Cisco CyberOps Associat CBROPS 200-201 Test Questions

Leave a Reply Cancel reply