200-201 Online Dumps Boost Your Career

Category:

Comments:

0 Comments

Post Date:

January 9, 2024

The 200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) certification exam is challenging, and it's natural to feel anxious and nervous before taking the exam. Practicing with 200-201 dumps questions can help alleviate this anxiety by boosting your confidence. As you practice and become more familiar with the exam format and content, you'll feel more confident in your abilities, which can help you perform better on the actual 200-201 exam. Practicing with 200-201 questions can increase your chances of success in the certification exam. Practice free Cisco 200-201 exam dumps below.

Page 1 of 10

1. An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data.

Which two types of data must be identified'? (Choose two.)

SOX

PII

PHI

PCI

2. Refer to the exhibit.

Which field contains DNS header information if the payload is a query or a response?

3. Refer to the exhibit.

What does the message indicate?

an access attempt was made from the Mosaic web browser

a successful access attempt was made to retrieve the password file

a successful access attempt was made to retrieve the root of the website

a denied access attempt was made to retrieve the password file

4. Which of these describes SOC metrics in relation to security incidents?

time it takes to detect the incident

time it takes to assess the risks of the incident

probability of outage caused by the incident

probability of compromise and impact caused by the incident

5. Which attack represents the evasion technique of resource exhaustion?

SQL injection

man-in-the-middle

bluesnarfing

denial-of-service

6. What is the purpose of command and control for network-aware malware?

It contacts a remote server for commands and updates

It takes over the user account for analysis

It controls and shuts down services on the infected host.

It helps the malware to profile the host

7. According to CVSS, what is a description of the attack vector score?

The metric score will be larger when it is easier to physically touch or manipulate the vulnerable component

It depends on how many physical and logical manipulations are possible on a vulnerable component

The metric score will be larger when a remote attack is more likely.

It depends on how far away the attacker is located and the vulnerable component

8. Refer to the exhibit.

A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted.

What is occurring?

indicators of denial-of-service attack due to the frequency of requests

garbage flood attack attacker is sending garbage binary data to open ports

indicators of data exfiltration HTTP requests must be plain text

cache bypassing attack: attacker is sending requests for noncacheable content

9. What is vulnerability management?

A security practice focused on clarifying and narrowing intrusion points.

A security practice of performing actions rather than acknowledging the threats.

A process to identify and remediate existing weaknesses.

A process to recover from service interruptions and restore business-critical applications

10. Which regular expression is needed to capture the IP address 192.168.20.232?

^ (?:[0-9]{1,3}.){3}[0-9]{1,3}

^ (?:[0-9]f1,3}.){1,4}

^ (?:[0-9]{1,3}.)'

^ ([0-9]-{3})

Page 2 of 10

11. An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load.

What is the next step the engineer should take to investigate this resource usage?

Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.

Run "ps -u" to find out who executed additional processes that caused a high load on a server.

Run "ps -ef" to understand which processes are taking a high amount of resources.

Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.

12. Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

Modify the settings of the intrusion detection system.

Design criteria for reviewing alerts.

Redefine signature rules.

Adjust the alerts schedule.

13. What do host-based firewalls protect workstations from?

zero-day vulnerabilities

unwanted traffic

malicious web scripts

viruses

14. DRAG DROP

Drag and drop the element names from the left onto the corresponding pieces of the PCAP file on the right.

15. An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data. An engineer must ensure confidentiality while preserving the integrity of the communication.

Which technology must the engineer implement in this scenario'?

X 509 certificates

RADIUS server

CA server

web application firewall

16. Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

Hypertext Transfer Protocol

SSL Certificate

Tunneling

VPN

17. An investigator is examining a copy of an ISO file that is stored in CDFS format.

What type of evidence is this file?

data from a CD copied using Mac-based system

data from a CD copied using Linux system

data from a DVD copied using Windows system

data from a CD copied using Windows

18. What is the relationship between a vulnerability and a threat?

A threat exploits a vulnerability

A vulnerability is a calculation of the potential loss caused by a threat

A vulnerability exploits a threat

A threat is a calculation of the potential loss caused by a vulnerability

19. An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

queries Linux devices that have Microsoft Services for Linux installed

deploys Windows Operating Systems in an automated fashion

is an efficient tool for working with Active Directory

has a Common Information Model, which describes installed hardware and software

20. Which HTTP header field is used in forensics to identify the type of browser used?

referrer

host

user-agent

accept-language

Page 3 of 10

21. An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

social engineering

eavesdropping

piggybacking

tailgating

22. 1.Which event is user interaction?

gaining root access

executing remote code

reading and writing file permission

opening a malicious file

23. What is the difference between deep packet inspection and stateful inspection?

Stateful inspection verifies contents at Layer 4. and deep packet inspection verifies connection at Layer 7.

Stateful inspection is more secure than deep packet inspection on Layer 7.

Deep packet inspection is more secure than stateful inspection on Layer 4.

Deep packet inspection allows visibility on Layer 7, and stateful inspection allows visibility on Layer 4.

24. A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.

Which identifier tracks an active program?

application identification number

active process identification number

runtime identification number

process identification number

25. Which technology on a host is used to isolate a running application from other applications?

sandbox

application allow list

application block list

host-based firewall

26. Refer to the exhibit.

An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis.

What should an engineer interpret from the provided Cuckoo report?

Win32.polip.a.exe is an executable file and should be flagged as malicious.

The file is clean and does not represent a risk.

Cuckoo cleaned the malicious file and prepared it for usage.

MD5 of the file was not identified as malicious.

27. Refer to the exhibit.

An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server.

Which display filters should the analyst use to filter the FTP traffic?

dstport == FTP

tcp.port==21

tcpport = FTP

dstport = 21

28. DRAG DROP

Drag and drop the event term from the left onto the description on the right.

29. How does statistical detection differ from rule-based detection?

Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.

Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules

Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function Rule-based detection defines

legitimate data over a period of time, and statistical detection works on a predefined set of rules

30. Refer to the exhibit.

Which event is occurring?

A binary named "submit" is running on VM cuckoo1.

A binary is being submitted to run on VM cuckoo1

A binary on VM cuckoo1 is being submitted for evaluation

A URL is being evaluated to see if it has a malicious binary

Page 4 of 10

31. What describes the defense-m-depth principle?

defining precise guidelines for new workstation installations

categorizing critical assets within the organization

isolating guest Wi-Fi from the focal network

implementing alerts for unexpected asset malfunctions

32. What describes a buffer overflow attack?

injecting new commands into existing buffers

fetching data from memory buffer registers

overloading a predefined amount of memory

suppressing the buffers in a process

33. What are two denial-of-service (DoS) attacks? (Choose two)

port scan

SYN flood

man-in-the-middle

phishing

teardrop

34. An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap.

Which command will accomplish this goal?

nmap --top-ports 192.168.1.0/24

nmap CsP 192.168.1.0/24

nmap -sL 192.168.1.0/24

nmap -sV 192.168.1.0/24

35. What matches the regular expression c(rgr)+e?

crgrrgre

np+e

c(rgr)e

36. An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning.

How should the analyst collect the traffic to isolate the suspicious host?

by most active source IP

by most used ports

based on the protocols used

based on the most used applications

37. What is the difference between the ACK flag and the RST flag?

The RST flag approves the connection, and the ACK flag terminates spontaneous connections.

The ACK flag confirms the received segment, and the RST flag terminates the connection.

The RST flag approves the connection, and the ACK flag indicates that a packet needs to be resent

The ACK flag marks the connection as reliable, and the RST flag indicates the failure within TCP Handshake

38. Refer to the exhibit.

What must be interpreted from this packet capture?

IP address 192.168.88 12 is communicating with 192 168 88 149 with a source port 74 to destination port 49098 using TCP protocol

IP address 192.168.88.12 is communicating with 192 168 88 149 with a source port 49098 to destination port 80 using TCP protocol.

IP address 192.168.88.149 is communicating with 192.168 88.12 with a source port 80 to destination port 49098 using TCP protocol.

IP address 192.168.88.149 is communicating with 192.168.88.12 with a source port 49098 to destination port 80 using TCP protocol.

39. What are two denial of service attacks? (Choose two.)

MITM

TCP connections

ping of death

UDP flooding

code red

40. Which event artifact is used to identify HTTP GET requests for a specific file?

destination IP address

TCP ACK

HTTP status code

URI

Page 5 of 10

41. What is the difference between a threat and a risk?

Threat represents a potential danger that could take advantage of a weakness in a system

Risk represents the known and identified loss or danger in the system

Risk represents the nonintentional interaction with uncertainty in the system

Threat represents a state of being exposed to an attack or a compromise, either physically or logically.

42. What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

Tapping interrogation replicates signals to a separate port for analyzing traffic

Tapping interrogations detect and block malicious traffic

Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

Inline interrogation detects malicious traffic but does not block the traffic

43. What is the function of a command and control server?

It enumerates open ports on a network device

It drops secondary payload into malware

It is used to regain control of the network after a compromise

It sends instruction to a compromised system

44. DRAG DROP

Drag and drop the elements from the left into the correct order for incident handling on the right.

45. During which phase of the forensic process are tools and techniques used to extract information from the collected data?

investigation

examination

reporting

collection

46. What is a description of a social engineering attack?

fake offer for free music download to trick the user into providing sensitive data

package deliberately sent to the wrong receiver to advertise a new product

mistakenly received valuable order destined for another person and hidden on purpose

email offering last-minute deals on various vacations around the world with a due date and a counter

47. Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

CSIRT

PSIRT

public affairs

management

48. Refer to the exhibit.

Which frame numbers contain a file that is extractable via TCP stream within Wireshark?

7,14, and 21

7 and 21

14,16,18, and 19

7 to 21

49. Refer to the exhibit.

What is occurring within the exhibit?

regular GET requests

XML External Entities attack

insecure deserialization

cross-site scripting attack

50. Refer to the exhibit.

Where is the executable file?

info

tags

MIME

name

Page 6 of 10

51. Which type of data must an engineer capture to analyze payload and header information?

frame check sequence

alert data

full packet

session logs

52. Refer to the exhibit.

Which component is identifiable in this exhibit?

Trusted Root Certificate store on the local machine

Windows PowerShell verb

Windows Registry hive

local service in the Windows Services Manager

53. Which option describes indicators of attack?

spam emails on an employee workstation

virus detection by the AV software

blocked phishing attempt on a company

malware reinfection within a few minutes of removal

54. Which type of evidence supports a theory or an assumption that results from initial evidence?

probabilistic

indirect

best

corroborative

55. A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:

✑ If the process is unsuccessful, a negative value is returned.

✑ If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.

Which component results from this operation?

parent directory name of a file pathname

process spawn scheduled

macros for managing CPU sets

new process created by parent process

56. Refer to the exhibit.

An engineer is reviewing a Cuckoo report of a file.

What must the engineer interpret from the report?

The file will appear legitimate by evading signature-based detection.

The file will not execute its behavior in a sandbox environment to avoid detection.

The file will insert itself into an application and execute when the application is run.

The file will monitor user activity and send the information to an outside source.

57. Which technique is a low-bandwidth attack?

social engineering

session hijacking

evasion

phishing

58. Refer to the exhibit.

A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account.

Which stakeholder is responsible for the incident response detection step?

employee 5

employee 3

employee 4

employee 2

59. When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

full packet capture

NetFlow data

session data

firewall logs

60. After a large influx of network traffic to externally facing devices, a security engineer begins investigating what appears to be a denial of service attack When the packet capture data is reviewed, the engineer notices that the traffic is a single SYN packet to each port.

Which type of attack is occurring?

traffic fragmentation

port scanning

host profiling

SYN flood

Page 7 of 10

61. Which utility blocks a host portscan?

HIDS

sandboxing

host-based firewall

antimalware

62. What is the difference between the rule-based detection when compared to behavioral detection?

Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.

Rule-Based systems have established patterns that do not change with new data, while behavioral changes.

Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.

Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.

63. What are the two characteristics of the full packet captures? (Choose two.)

Identifying network loops and collision domains.

Troubleshooting the cause of security and performance issues.

Reassembling fragmented traffic from raw data.

Detecting common hardware faults and identify faulty assets.

Providing a historical record of a network transaction.

64. What is a difference between SI EM and SOAR security systems?

SOAR ingests numerous types of logs and event data infrastructure components and SIEM can fetch data from endpoint security software and external threat intelligence feeds

SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks

SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts

SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data antivirus logs, firewall logs, and hashes of downloaded files

65. The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family.

According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

Isolate the infected endpoint from the network.

Perform forensics analysis on the infected endpoint.

Collect public information on the malware behavior.

Prioritize incident handling based on the impact.

66. Which incidence response step includes identifying all hosts affected by an attack?

detection and analysis

post-incident activity

preparation

containment, eradication, and recovery

67. What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

MAC is the strictest of all levels of control and DAC is object-based access

DAC is controlled by the operating system and MAC is controlled by an administrator

DAC is the strictest of all levels of control and MAC is object-based access

68. Refer to the exhibit.

An engineer is analyzing a PCAP file after a recent breach. An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access.

How did the attacker gain access?

by using the buffer overflow in the URL catcher feature for SSH

by using an SSH Tectia Server vulnerability to enable host-based authentication

by using an SSH vulnerability to silently redirect connections to the local host

by using brute force on the SSH service to gain access

69. How does certificate authority impact a security system?

It authenticates client identity when requesting SSL certificate

It validates domain identity of a SSL certificate

It authenticates domain identity when requesting SSL certificate

It validates client identity when communicating with the server

70. Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

detection and analysis

post-incident activity

vulnerability management

risk assessment

vulnerability scoring

Page 8 of 10

71. At which layer is deep packet inspection investigated on a firewall?

internet

transport

application

data link

72. A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.

Which technology should be used to accomplish this task?

application whitelisting/blacklisting

network NGFW

host-based IDS

antivirus/antispyware software

73. A security incident occurred with the potential of impacting business services.

Who performs the attack?

malware author

threat actor

bug bounty hunter

direct competitor

74. Refer to the exhibit.

This request was sent to a web application server driven by a database.

Which type of web server attack is represented?

parameter manipulation

heap memory corruption

command injection

blind SQL injection

75. What is indicated by an increase in IPv4 traffic carrying protocol 41 ?

additional PPTP traffic due to Windows clients

unauthorized peer-to-peer traffic

deployment of a GRE network on top of an existing Layer 3 network

attempts to tunnel IPv6 traffic through an IPv4 network

76. How can TOR impact data visibility inside an organization?

increases data integrity

increases security

decreases visibility

no impact

77. What is a collection of compromised machines that attackers use to carry out a DDoS attack?

subnet

botnet

VLAN

command and control

78. What is a difference between an inline and a tap mode traffic monitoring?

Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.

Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.

Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

79. What is a difference between a threat and a risk?

A threat is a sum of risks and a risk itself represents a specific danger toward the asset

A threat can be people property, or information, and risk is a probability by which these threats may bring harm to the business

A risk is a flaw or hole in security, and a threat is what is being used against that flaw

A risk is an intersection between threat and vulnerabilities, and a threat is what a security engineer is trying to protect against

80. Refer to the exhibit.

A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded.

What would have occurred with stronger data visibility?

The traffic would have been monitored at any segment in the network.

Malicious traffic would have been blocked on multiple devices

An extra level of security would have been in place

Detailed information about the data in real time would have been provided

Page 9 of 10

81. An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow.

Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

management and reporting

traffic filtering

adaptive AVC

metrics collection and exporting

application recognition

82. Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

open ports of a web server

open port of an FTP server

open ports of an email server

running processes of the server

83. An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.

What is the impact of this traffic?

ransomware communicating after infection

users downloading copyrighted content

data exfiltration

user circumvention of the firewall

84. Which vulnerability type is used to read, write, or erase information from a database?

cross-site scripting

cross-site request forgery

buffer overflow

SQL injection

85. Which two elements of the incident response process are stated in NIST SP 800-61 r2? (Choose two.)

detection and analysis

post-incident activity

vulnerability scoring

vulnerability management

risk assessment

86. What is the difference between vulnerability and risk?

A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.

A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself

A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.

A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit

87. Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?

The average time the SOC takes to register and assign the incident.

The total incident escalations per week.

The average time the SOC takes to detect and resolve the incident.

The total incident escalations per month.

88. What is the difference between indicator of attack (loA) and indicators of compromise (loC)?

loA is the evidence that a security breach has occurred, and loC allows organizations to act before the vulnerability can be exploited.

loA refers to the individual responsible for the security breach, and loC refers to the resulting loss.

loC is the evidence that a security breach has occurred, and loA allows organizations to act before the vulnerability can be exploited.

loC refers to the individual responsible for the security breach, and loA refers to the resulting loss.

89. Refer to exhibit.

An analyst performs the analysis of the pcap file to detect the suspicious activity.

What challenges did the analyst face in terms of data visibility?

data encapsulation

IP fragmentation

code obfuscation

data encryption

90. Which type of data consists of connection level, application-specific records generated from network traffic?

transaction data

location data

statistical data

alert data

Page 10 of 10

91. An engineer must compare NIST vs ISO frameworks The engineer deeded to compare as readable documentation and also to watch a comparison video review. Using Windows 10 OS. the engineer started a browser and searched for a NIST document and then opened a new tab in the same browser and searched for an ISO document for comparison

The engineer tried to watch the video, but there 'was an audio problem with OS so the engineer had to troubleshoot it At first the engineer started CMD and looked fee a driver path then locked for a corresponding registry in the registry editor The engineer enabled "Audiosrv" in task manager and put it on auto start and the problem was solved.

Which two components of the OS did the engineer touch? (Choose two)

permissions

PowerShell logs

service

MBR

process and thread

92. Refer to the exhibit.

What is occurring?

ARP flood

DNS amplification

ARP poisoning

DNS tunneling

93. A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it.

Which category of the cyber kill chain should be assigned to this type of event?

installation

reconnaissance

weaponization

delivery

94. A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers A SOC analyst checked the endpoints and discovered that they are infected and became part of the botnet Endpoints are sending multiple DNS requests but with spoofed IP addresses of valid external sources

What kind of attack are infected endpoints involved in1?

DNS hijacking

DNS tunneling

DNS flooding

DNS amplification

TAGS:

200-201, 200-201 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Inline Feedbacks

View all comments

Posts

Cisco Free Dumps

Get 200-201 Dumps Full Version

Q&As: 311
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

200-201 Online Dumps Boost Your Career

Related

Posts

700-250 Exam Dumps – Reliable Way to Pass and Get Certified

700-750 Dumps Questions Increase Your Chance of Success

Online 700-826 Exam Dumps Help You Build Confidence

300-440 Dumps Guarantee You Pass 300-440 Exam Easily

About Us

EMAIL

Services

Opening Hours