• Home
  • Articles
  • Prepare 200-201 Question Answers - 200-201 Exam Dumps [Q46-Q66]

Prepare 200-201 Question Answers - 200-201 Exam Dumps [Q46-Q66]

Share

Prepare 200-201 Question Answers - 200-201 Exam Dumps

Real Cisco 200-201 Exam Questions [Updated 2021]


Network Intrusion Analysis

About 20% of the exam content evaluates your understanding of the following operations:

  • Extracting data of a TCP stream when presented a PCAP file & Wireshark;
  • Comparing no impact & impact for false negative & positive, true negative & positive, and benign;
  • Identifying the key details in an intrusion from a presented PCAP file;
  • Mapping the presented events to root technologies – It includes IDS/IPS, Proxy logs, firewall, antivirus, trade data, and network app control;
  • Analyzing the features of data taken from taps or traffic monitoring and NetFlow in the analysis of the network traffic;
  • Interpreting the domains in protocol headers relevant to intrusion analysis;

Main Exam Objectives

The Cisco CBROPS test validates your knowledge of 5 major cybersecurity knowledge areas. These include security concepts, monitoring security, network intrusion analysis, hot-based analysis, and security policies as well as procedures. By verifying your mid-level cybersecurity skills with this certificate, you will be confirming your associate-level mastery of important concepts to help you identify and manage security threats.

 

NEW QUESTION 46
What is the principle of defense-in-depth?

  • A. Several distinct protective layers are involved.
  • B. Agentless and agent-based protection for security are used.
  • C. Access control models are involved.
  • D. Authentication, authorization, and accounting mechanisms are used.

Answer: A

 

NEW QUESTION 47
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

  • A. Reduce the probability of similar threats.
  • B. Analyze the threat.
  • C. Identify lessons learned from the threat.
  • D. Recover from the threat.

Answer: A

 

NEW QUESTION 48
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
* If the process is unsuccessful, a negative value is returned.
* If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.
Which component results from this operation?

  • A. process spawn scheduled
  • B. parent directory name of a file pathname
  • C. macros for managing CPU sets
  • D. new process created by parent process

Answer: D

 

NEW QUESTION 49
What does an attacker use to determine which network ports are listening on a potential target device?

  • A. SQL injection
  • B. port scanning
  • C. man-in-the-middle
  • D. ping sweep

Answer: B

 

NEW QUESTION 50
Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

  • A. running processes of the server
  • B. open ports of a web server
  • C. open ports of an email server
  • D. open port of an FTP server

Answer: C

 

NEW QUESTION 51
Which attack represents the evasion technique of resource exhaustion?

  • A. SQL injection
  • B. man-in-the-middle
  • C. denial-of-service
  • D. bluesnarfing

Answer: C

 

NEW QUESTION 52
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

  • A. has a Common Information Model, which describes installed hardware and software
  • B. queries Linux devices that have Microsoft Services for Linux installed
  • C. deploys Windows Operating Systems in an automated fashion
  • D. is an efficient tool for working with Active Directory

Answer: A

 

NEW QUESTION 53
Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

  • A. A policy violation is active for host 10.201.3.149.
  • B. A policy violation is active for host 10.10.101.24.
  • C. A host on the network is sending a DDoS attack to another inside host.
  • D. There are three active data exfiltration alerts.

Answer: D

 

NEW QUESTION 54
What is a difference between inline traffic interrogation and traffic mirroring?

  • A. Traffic mirroring inspects live traffic for analysis and mitigation
  • B. Traffic mirroring passes live traffic to a tool for blocking
  • C. Inline inspection acts on the original traffic data flow
  • D. Inline traffic copies packets for analysis and security

Answer: C

Explanation:
Inline traffic interrogation analyzes traffic in real time and has the ability to prevent certain traffic from being forwarded Traffic mirroring doesn't pass the live traffic instead it copies traffic from one or more source ports and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device

 

NEW QUESTION 55
Which system monitors local system operation and local network access for violations of a security policy?

  • A. host-based intrusion detection
  • B. systems-based sandboxing
  • C. host-based firewall
  • D. antivirus

Answer: A

Explanation:
HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

 

NEW QUESTION 56
Refer to the exhibit.

Which application protocol is in this PCAP file?

  • A. TCP
  • B. HTTP
  • C. TLS
  • D. SSH

Answer: B

 

NEW QUESTION 57
Why is encryption challenging to security monitoring?

  • A. Encryption is used by threat actors as a method of evasion and obfuscation.
  • B. Encryption introduces larger packet sizes to analyze and store.
  • C. Encryption introduces additional processing requirements by the CPU.
  • D. Encryption analysis is used by attackers to monitor VPN tunnels.

Answer: A

Explanation:
Section: Security Concepts

 

NEW QUESTION 58
What are the two characteristics of the full packet captures? (Choose two.)

  • A. Identifying network loops and collision domains.
  • B. Detecting common hardware faults and identify faulty assets.
  • C. Reassembling fragmented traffic from raw data.
  • D. Troubleshooting the cause of security and performance issues.
  • E. Providing a historical record of a network transaction.

Answer: C,E

Explanation:
Section: Security Monitoring

 

NEW QUESTION 59
Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

  • A. running processes of the server
  • B. open ports of a web server
  • C. open ports of an email server
  • D. open port of an FTP server

Answer: C

 

NEW QUESTION 60
Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

  • A. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
  • B. The file has an embedded non-Windows executable but no suspicious features are identified.
  • C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
  • D. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.

Answer: C

 

NEW QUESTION 61
One of the objectives of information security is to protect the CIA of information and systems.
What does CIA mean in this context?

  • A. confidentiality, identity, and authorization
  • B. confidentiality, integrity, and authorization
  • C. confidentiality, identity, and availability
  • D. confidentiality, integrity, and availability

Answer: D

Explanation:
Section: Security Concepts

 

NEW QUESTION 62
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

  • A. DAC is the strictest of all levels of control and MAC is object-based access
  • B. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
  • C. MAC is the strictest of all levels of control and DAC is object-based access
  • D. DAC is controlled by the operating system and MAC is controlled by an administrator

Answer: C

Explanation:
Section: Security Concepts

 

NEW QUESTION 63
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

  • A. stenography
  • B. encryption
  • C. pivoting
  • D. fragmentation

Answer: B

Explanation:
https://techdifferences.com/difference-between-steganography-and-cryptography.html#:~:text=The%20steganography%20and%20cryptography%20are,the%20structure%20of%20the%20message.

 

NEW QUESTION 64
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?

  • A. social engineering
  • B. tailgating
  • C. piggybacking
  • D. eavesdropping

Answer: A

Explanation:
Section: Security Monitoring

 

NEW QUESTION 65
What is a difference between SOAR and SIEM?

  • A. SIEM receives information from a single platform and delivers it to a SOAR
  • B. SOAR receives information from a single platform and delivers it to a SIEM
  • C. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
  • D. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

Answer: C

Explanation:
Section: Security Concepts
Explanation

 

NEW QUESTION 66
......


Cisco 200-201 Exam Requirements

Even though the vendor doesn't have any specific prerequisites for the CyberOps Associate certificate, applicants should know that the related exam is quite difficult. Therefore, you should have prior knowledge of how Linux and Windows operating systems work. Also, Cisco recommends that exam-takers should be familiar with Ethernet and TCP/IP networking and foundational notions of concepts related to networking security. In case you haven't worked with the mentioned areas before, you can consolidate your expertise by earning the CCNA certificate first.

 

200-201 Exam Dumps Pass with Updated 2021: https://pass4sure.updatedumps.com/Cisco/200-201-updated-exam-dumps.html

Related Articles

more
Cisco 200-201 Certification Practice Exam