Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 200-201 - Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Cisco 200-201 Premium Access     Download Demo    
Page: 4 / 15
Total 476 questions

Refer to exhibit.

An analyst performs the analysis of the pcap file to detect the suspicious activity. What challenges did the analyst face in terms of data visibility?

A.

data encapsulation

B.

IP fragmentation

C.

code obfuscation

D.

data encryption

What is the purpose of a ransomware attack?

A.

to make files inaccessible by encrypting the data

B.

to decrypt encrypted data and disks

C.

to send keystrokes to a threat actor

D.

to escalate privileges

Which statement describes threat hunting?

A.

It is an activity by an entity to deliberately bring down critical internal servers.

B.

It is a prevention activity to detect signs of intrusion, compromise, data theft, abnormalities, or malicious activity.

C.

It includes any activity that might go after competitors and adversaries to infiltrate their systems.

D.

It is a vulnerability assessment conducted by cyber professionals.

What is the role of indicator of compromise in an investigation?

A.

It helps answer the question of why the attack took place.

B.

It identifies potentially malicious activity on a system or network.

C.

It is nonforensic data, which is easy to detect.

D.

It describes what and why something happened.

An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?

A.

Firepower

B.

Email Security Appliance

C.

Web Security Appliance

D.

Stealthwatch

Refer to the exhibit A penetration tester runs the Nmap scan against the company server to uncover possible vulnerabilities and exploit them Which two elements can the penetration tester identity from the scan results? (Choose two.)

A.

UIDs and group identifiers

B.

number of concurrent connections the server can handle

C.

running services and applications

D.

server uptime and internal clock

E.

server purpose and functionality

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

A.

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

B.

MAC is the strictest of all levels of control and DAC is object-based access

C.

DAC is controlled by the operating system and MAC is controlled by an administrator

D.

DAC is the strictest of all levels of control and MAC is object-based access

A company had a recent breach and lost confidential data to a competitor. An internal investigation found out that a new junior accounting specialist logged in to the accounting server with their user ID and stole confidential data. The junior accounting specialist denies the action and claims that the attempt was done by someone else. During court proceedings, the company presents logs and CCTV camera recordings that show the malicious insider in action. Which type of evidence has the company presented?

A.

indirect and corroborative

B.

direct and corroborative

C.

circumstantial and direct

D.

corroborative and substantive

During a quarterly vulnerability scan, a security analyst discovered unused uncommon ports open and in a listening state. Further investigation showed that the unknown application was communicating with an external IP address on an encrypted channel. A deeper analysis revealed a command and control communication on an infected server. At which step of the Cyber Kill Chain was the attack detected?

A.

Delivery

B.

Weaponization

C.

Actions on Objectives

D.

Exploitation

Exhibit.

An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?

A.

10.0.0.2 sends GET/ HTTP/1.1 And Post request and the target responds with HTTP/1.1. 200 OC and HTTP/1.1 403 accordingly. This is an HTTP flood attempt.

B.

10.0.0.2 sends HTTP FORBIDDEN /1.1 And Post request, while the target responds with HTTP/1.1 200 Get and HTTP/1.1 403. This is an HTTP GET flood attack.

C.

10.128.0.2 sends POST/1.1 And POST requests, and the target responds with HTTP/1.1 200 Ok and HTTP/1.1 403 accordingly. This is an HTTP Reserve Bandwidth flood.

D.

10.128.0.2 sends HTTP/FORBIDDEN/ 1.1 and Get requests, and the target responds with HTTP/1.1 200 OK and HTTP/1.1 403. This is an HTTP cache bypass attack.