200-201 Free Exam Study Guide! (Updated 182 Questions) [Q74-Q94]

Share

200-201 Free Exam Study Guide! (Updated 182 Questions)

200-201 Dumps for CyberOps Associate Certified Exam Questions & Answer


The Cisco 200-201 exam is sometimes known as Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) and qualifies candidates for the Cisco Certified CyberOps Associate certificate. It is a cybersecurity exam that will prepare candidates for different security roles within a modern IT workspace.


Exam Topics

The Cisco 200-201 exam will validate your skills and knowledge of security monitoring, security concepts, security policies & procedures, host-based analysis, and network intrusion analysis. All in all, its content comes with 5 topics that are listed as follows:

Security Concepts

This domain makes up 20% of the exam content and measures the applicants’ abilities to perform the following tasks:

  • Compare various security concepts – As for this one, it covers the details of risk scoring, assessment, and reduction as well as vulnerability, exploit, and threat;
  • Define the CIA triad;
  • Understand CVSS – You need to have knowledge of the attack vector, privileges required, scope, and user interaction;
  • Explain the policies of the defense-in-depth approach;
  • Differentiate access control models – In this subsection, you are required to learn about discretionary, nondiscretionary, and mandatory access control, as well as authentication, accounting, and authorization;
  • Describe the 5-tuple method to separate a compromised host in a grouped set of logs.
  • Analyze security deployments – It includes the agent-based and agentless protections as well as network, endpoint, and application security systems. You should also know about log management, SOAR & SIEM, and Legacy antivirus & antimalware;
  • Define security terms – The potential candidates have to know about hunting, actor & threat intelligence, and TI platform, malware analysis, run book cybernation, as well as sliding window exception detection;
  • Classify the difficulties of data visibility in detention;
  • Compare rule-based detection vs. behavioral and statistical detection;

 

NEW QUESTION 74
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2?
(Choose two.)

  • A. post-incident activity
  • B. detection and analysis
  • C. risk assessment
  • D. vulnerability management
  • E. vulnerability scoring

Answer: A,B

 

NEW QUESTION 75
What is a benefit of agent-based protection when compared to agentless protection?

  • A. It collects and detects all traffic locally
  • B. It provides a centralized platform
  • C. It lowers maintenance costs
  • D. It manages numerous devices simultaneously

Answer: A

Explanation:
Explanation
Host-based antivirus protection is also known as agent-based. Agent-based antivirus runs on every protected machine. Agentless antivirus protection performs scans on hosts from a centralized system. Agentless systems have become popular for virtualized environments in which multiple OS instances are running on a host simultaneously. Agent-based antivirus running in each virtualized system can be a serious drain on system resources. Agentless antivirus for virtual hosts involves the use of a special security virtual appliance that performs optimized scanning tasks on the virtual hosts. An example of this is VMware's vShield.

 

NEW QUESTION 76
What is an attack surface as compared to a vulnerability?

  • A. the sum of all paths for data into and out of the application
  • B. an exploitable weakness in a system or its design
  • C. the individuals who perform an attack
  • D. any potential danger to an asset

Answer: A

 

NEW QUESTION 77
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?

  • A. total throughput on the interface of the router and NetFlow records
  • B. running processes on the applications and their total network usage
  • C. deep packet captures of each application flow and duration
  • D. output of routing protocol authentication failures and ports used

Answer: B

 

NEW QUESTION 78

Refer to the exhibit. Which application protocol is in this PCAP file?

  • A. TLS
  • B. TCP
  • C. SSH
  • D. HTTP

Answer: B

 

NEW QUESTION 79

Refer to the exhibit. Which two elements in the table are parts of the 5-tuple? (Choose two.)

  • A. Initiator User
  • B. First Packet
  • C. Source Port
  • D. Ingress Security Zone
  • E. Initiator IP

Answer: C,E

 

NEW QUESTION 80
How is NetFlow different from traffic mirroring?

  • A. NetFlow generates more data than traffic mirroring.
  • B. Traffic mirroring costs less to operate than NetFlow.
  • C. Traffic mirroring impacts switch performance and NetFlow does not.
  • D. NetFlow collects metadata and traffic mirroring clones data.

Answer: D

 

NEW QUESTION 81
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

  • A. known-plaintext
  • B. dictionary
  • C. man-in-the-middle
  • D. replay

Answer: C

 

NEW QUESTION 82
Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

 

NEW QUESTION 83
What is the difference between statistical detection and rule-based detection models?

  • A. Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
  • B. Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
  • C. Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis
  • D. Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior

Answer: A

 

NEW QUESTION 84
What is the difference between a threat and a risk?

  • A. Threat represents a potential danger that could take advantage of a weakness in a system
  • B. Threat represents a state of being exposed to an attack or a compromise, either physically or logically.
  • C. Risk represents the nonintentional interaction with uncertainty in the system
  • D. Risk represents the known and identified loss or danger in the system

Answer: A

Explanation:
A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited-or, more importantly, it is not yet publicly known-the threat is latent and not yet realized.

 

NEW QUESTION 85
Which system monitors local system operation and local network access for violations of a security policy?

  • A. host-based intrusion detection
  • B. systems-based sandboxing
  • C. host-based firewall
  • D. antivirus

Answer: A

Explanation:
HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

 

NEW QUESTION 86
Refer to the exhibit.

Which event is occurring?

  • A. A URL is being evaluated to see if it has a malicious binary
  • B. A binary on VM cuckoo1 is being submitted for evaluation
  • C. A binary is being submitted to run on VM cuckoo1
  • D. A binary named "submit" is running on VM cuckoo1.

Answer: C

Explanation:
Explanation
https://cuckoo.readthedocs.io/en/latest/usage/submit/

 

NEW QUESTION 87
Refer to the exhibit.

What should be interpreted from this packet capture?

  • A. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.
  • B. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.
  • C. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.
  • D. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

Answer: A

 

NEW QUESTION 88
How is NetFlow different than traffic mirroring?

  • A. Traffic mirroring costs less to operate than NetFlow
  • B. NetFlow generates more data than traffic mirroring
  • C. Traffic mirroring impacts switch performance and NetFlow does not
  • D. NetFlow collects metadata and traffic mirroring clones data

Answer: D

Explanation:
Section: Security Monitoring

 

NEW QUESTION 89
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?

  • A. by most active source IP
  • B. based on the most used applications
  • C. by most used ports
  • D. based on the protocols used

Answer: D

 

NEW QUESTION 90
Refer to the exhibit.

Which event is occurring?

  • A. A URL is being evaluated to see if it has a malicious binary
  • B. A binary on VM cuckoo1 is being submitted for evaluation
  • C. A binary is being submitted to run on VM cuckoo1
  • D. A binary named "submit" is running on VM cuckoo1.

Answer: C

Explanation:
https://cuckoo.readthedocs.io/en/latest/usage/submit/

 

NEW QUESTION 91
What does cyber attribution identify in an investigation?

  • A. vulnerabilities exploited
  • B. exploit of an attack
  • C. threat actors of an attack
  • D. cause of an attack

Answer: C

 

NEW QUESTION 92

Refer to the exhibit. What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

  • A. disable TCP streams
  • B. insert TCP subdissectors
  • C. unfragment TCP
  • D. extract a file from a packet capture

Answer: C

 

NEW QUESTION 93
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

  • A. has a Common Information Model, which describes installed hardware and software
  • B. queries Linux devices that have Microsoft Services for Linux installed
  • C. deploys Windows Operating Systems in an automated fashion
  • D. is an efficient tool for working with Active Directory

Answer: A

 

NEW QUESTION 94
......

Use Real 200-201 Dumps - 100% Free 200-201 Exam Dumps: https://www.vceprep.com/200-201-latest-vce-prep.html

Realistic Verified 200-201 exam dumps Q&As - 200-201 Free Update : https://drive.google.com/open?id=1zZw2pVuv4pScrnXTtX3SmB2Fpf_2CmSK