[Oct-2022] 200-201 Pre-Exam Practice Tests | Exam Questions and Answers for CyberOps Associate Study Guide
Understanding Cisco Cybersecurity Operations Fundamentals Certification Sample Questions
What is the cost of Cisco Cybersecurity Operations Fundamentals v1.0 (200-201 CBROPS)
- Passing Score: 70%
- Number of Questions: 90-105
- Format: Multiple choices, multiple answers
- Length of Examination: 120 minutes
NEW QUESTION 145
Which two elements are used for profiling a network? (Choose two.)
- A. listening ports
- B. total throughput
- C. OS fingerprint
- D. running processes
- E. session duration
Answer: A,C
NEW QUESTION 146
Which incidence response step includes identifying all hosts affected by an attack?
- A. preparation
- B. containment, eradication, and recovery
- C. post-incident activity
- D. detection and analysis
Answer: B
Explanation:
Explanation
3.3.3 Identifying the Attacking Hosts During incident handling, system owners and others sometimes want to or need to identify the attacking host or hosts. Although this information can be important, incident handlers should generally stay focused on containment, eradication, and recovery.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf The response phase, or containment, of incident response, is the point at which the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident.
NEW QUESTION 147
A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?
- A. hardware, software, and security settings for the system
- B. file extension associations
- C. all users on the system, including visual settings
- D. currently logged in users, including folders and control panel settings
Answer: A
Explanation:
Explanation
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users
NEW QUESTION 148
Refer to the exhibit.
What is the potential threat identified in this Stealthwatch dashboard?
- A. A host on the network is sending a DDoS attack to another inside host.
- B. A policy violation is active for host 10.10.101.24.
- C. A policy violation is active for host 10.201.3.149.
- D. There are three active data exfiltration alerts.
Answer: D
NEW QUESTION 149
Refer to the exhibit.
Which type of log is displayed?
- A. IDS
- B. NetFlow
- C. proxy
- D. sys
Answer: B
NEW QUESTION 150
Drag and drop the elements from the left into the correct order for incident handling on the right.
Answer:
Explanation:

NEW QUESTION 151
Refer to the exhibit.
What should be interpreted from this packet capture?
- A. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.
- B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.
- C. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.
- D. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.
Answer: B
NEW QUESTION 152
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Answer:
Explanation:
NEW QUESTION 153
In a SOC environment, what is a vulnerability management metric?
- A. code signing enforcement
- B. single factor authentication
- C. full assets scan
- D. internet exposed devices
Answer: D
Explanation:
Section: Security Policies and Procedures
NEW QUESTION 154
What is a benefit of using asymmetric cryptography?
- A. encrypts data with one key
- B. secure data transfer
- C. fast data transfer
- D. decrypts data with one key
Answer: C
NEW QUESTION 155
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?
- A. transport layer security encryption
- B. ROT13 encryption
- C. Base64 encoding
- D. SHA-256 hashing
Answer: A
NEW QUESTION 156 
Refer to the exhibit. Which application protocol is in this PCAP file?
- A. HTTP
- B. TLS
- C. TCP
- D. SSH
Answer: C
Explanation:
Section: Network Intrusion Analysis
NEW QUESTION 157
Refer to the exhibit.
What does the message indicate?
- A. an access attempt was made from the Mosaic web browser
- B. a successful access attempt was made to retrieve the password file
- C. a successful access attempt was made to retrieve the root of the website
- D. a denied access attempt was made to retrieve the password file
Answer: C
NEW QUESTION 158
What is the difference between a threat and an exploit?
- A. An exploit is an attack path, and a threat represents a potential vulnerability
- B. An exploit is an attack vector, and a threat is a potential path the attack must go through.
- C. A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset
- D. A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.
Answer: C
NEW QUESTION 159
What are two denial-of-service (DoS) attacks? (Choose two)
- A. man-in-the-middle
- B. teardrop
- C. phishing
- D. port scan
- E. SYN flood
Answer: A,E
NEW QUESTION 160
What do the Security Intelligence Events within the FMC allow an administrator to do?
- A. View any malicious files that a host has downloaded.
- B. See if a host is connecting to a known-bad domain.
- C. Check for host-to-server traffic within your network.
- D. Verify host-to-host traffic within your network.
Answer: B
NEW QUESTION 161
Which tool gives the ability to see session data in real time?
- A. trafshow
- B. tcpdstat
- C. tcptrace
- D. trafdump
Answer: C
NEW QUESTION 162
What is the principle of defense-in-depth?
- A. Access control models are involved.
- B. Several distinct protective layers are involved.
- C. Authentication, authorization, and accounting mechanisms are used.
- D. Agentless and agent-based protection for security are used.
Answer: B
NEW QUESTION 163
Which security technology allows only a set of pre-approved applications to run on a system?
- A. antivirus
- B. application-level blacklisting
- C. application-level whitelisting
- D. host-based IPS
Answer: C
NEW QUESTION 164
Which type of evidence supports a theory or an assumption that results from initial evidence?
- A. indirect
- B. corroborative
- C. best
- D. probabilistic
Answer: B
Explanation:
Section: Security Policies and Procedures
NEW QUESTION 165
What is the difference between inline traffic interrogation and traffic mirroring?
- A. Traffic mirroring copies the traffic rather than forwarding it directly to the analysis tools
- B. Inline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.
- C. Inline interrogation is less complex as traffic mirroring applies additional tags to data.
- D. Traffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.
Answer: C
NEW QUESTION 166
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email.
When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?
- A. piggybacking
- B. social engineering
- C. tailgating
- D. eavesdropping
Answer: B
NEW QUESTION 167
How does a certificate authority impact security?
- A. It authenticates domain identity when requesting an SSL certificate.
- B. It validates the domain identity of the SSL certificate.
- C. It authenticates client identity when requesting an SSL certificate.
- D. It validates client identity when communicating with the server.
Answer: B
Explanation:
Explanation
A certificate authority is a computer or entity that creates and issues digital certificates. CA do not
"authenticate" it validates. "D" is wrong because The digital certificate validate a user. CA --> DC --> user, server or whatever.
NEW QUESTION 168
......
With the development of the IT field, the professionals desire to improve their expertise in various subject areas. Those individuals who want to evaluate their skills in cybersecurity can opt for the Cisco Certified CyberOps Associate certificate. Getting this certification inflames your career and proves that you know how to work with cybersecurity services. To obtain it, the applicants are obliged to pass the Cisco 200-201 exam that covers the basics of this field as well as the key methods and skills.
Cisco Exam Practice Test To Gain Brilliante Result: https://www.dumps4pdf.com/200-201-valid-braindumps.html
Tested Material Used To 200-201: https://drive.google.com/open?id=1W8BrREyZr30efy5vuSStSfLUW60eheAr