The newly updated Lead4Pass 200-201 dumps contain 264 exam questions and answers, as well as provide difficult analysis, in line with the Cisco 200-201 CBROPS certification exam conditions!
Because Lead4Pass 200-201 dumps are actually verified by a professional team, it is real and effective! And provide two learning types: 200-201 dumps PDF, and 200-201 dumps VCE, both types contain the latest 200-201 exam questions!
So, get the latest 200-201 dumps in PDF or VCE format from Lead4Pass: https://www.leads4pass.com/200-201.html, to ensure you pass the exam easily.
Two free surprises:
- Get some Lead4Pass 200-201 dumps in PDF format
- Online practice section Lead4Pass 200-201 dumps
First Surprise: Online Download Section Lead4Pass 200-201 dumps:https://drive.google.com/file/d/1cK4ha35Hi3v8NNZ2k2t0H7N4rK5lrozB/
The second surprise: online practice part Lead4Pass 200-201 dumps
Type | Number of exam questions | Exam name | Exam code |
Free | 15 | Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) | 200-201 |
Question 1:
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?
A. ransomware communicating after infection
B. users downloading copyrighted content
C. data exfiltration
D. user circumvention of the firewall
Correct Answer: D
Question 2:
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?
A. Base64 encoding
B. TLS encryption
C. SHA-256 hashing
D. ROT13 encryption
Correct Answer: B
ROT13 is considered weak encryption and is not used with TLS (HTTPS:443). Source: https://en.wikipedia.org/wiki/ROT13
Question 3:
Which technology on a host is used to isolate a running application from other applications?
A. sandbox
B. application allow a list
C. application block list
D. host-based firewall
Correct Answer: A
Question 4:
How does an attack surface differ from an attack vector?
A. An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of attack.
B. An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.
C. An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.
D. An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation
Correct Answer: B
Question 5:
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
A. The computer has HIPS installed on it.
B. The computer has a NIPS installed on it.
C. The computer has HIDS installed on it.
D. The computer has a NIDS installed on it.
Correct Answer: C
Question 6:
A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?
A. weaponization
B. delivery
C. exploitation
D. reconnaissance
Correct Answer: B
Question 7:
What is the difference between tampered and untampered disk images?
A. Tampered images have the same stored and computed hash.
B. Untampered images are deliberately altered to preserve as evidence.
C. Tampered images are used as evidence.
D. Untampered images are used for forensic investigations.
Correct Answer: D
The disk image must be intact for forensics analysis. As a cybersecurity professional, you may be given the task of capturing an image of a disk in a forensic manner. Imagine a security incident has occurred on a system and you are required to perform some forensic investigation to determine who and what caused the attack. Additionally, you want to ensure the data that was captured is not tampered with or modified during the creation of a disk image process. Ref: Cisco Certified CyberOps Associate 200-201 Certification Guide
Question 8:
What is the difference between an attack vector and an attack surface?
A. An attack surface identifies vulnerabilities that require user input or validation, and an attack vector identifies vulnerabilities that are independent of user actions.
B. An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.
C. An attack surface recognizes which network parts are vulnerable to an attack, and an attack vector identifies which attacks are possible with these vulnerabilities.
D. An attack vector identifies the potential outcomes of an attack, and an attack surface launches an attack using several methods against the identified vulnerabilities.
Correct Answer: C
Question 9:
Which process is used when IPS events are removed to improve data integrity?
A. data availability
B. data normalization
C. data signature
D. data protection
Correct Answer: B
Question 10:
Refer to the exhibit.
Which stakeholders must be involved when a company workstation is compromised?
A. Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7
B. Employee 1, Employee 2, Employee 4, Employee 5
C. Employee 4, Employee 6, Employee 7
D. Employee 2, Employee 3, Employee 4, Employee 5
Correct Answer: D
Question 11:
At which layer is deep packet inspection investigated on a firewall?
A. internet
B. transport
C. application
D. data link
Correct Answer: C
Deep packet inspection is a form of packet filtering usually carried out as a function of your firewall. It is applied at the Open Systems Interconnection\’s application layer. Deep packet inspection evaluates the contents of a packet that is going through a checkpoint.
Question 12:
Refer to the exhibit.
An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
B. The file has an embedded non-Windows executable but no suspicious features are identified.
C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
Correct Answer: C
Question 13:
Refer to the exhibit.
What is occurring?
A. Cross-Site Scripting attack
B. XML External Entitles attack
C. Insecure Deserialization
D. Regular GET requests
Correct Answer: B
Question 14:
Refer to the exhibit.
What is the potential threat identified in this Stealthwatch dashboard?
A. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
B. Host 152.46.6.91 is being identified as a watchlist country for data transfer.
C. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
D. Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.
Correct Answer: D
Question 15:
An analyst received a ticket regarding a degraded processing capability for one of the HR department\’s servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
A. Recovery
B. Detection
C. Eradication
D. Analysis
Correct Answer: B
Reference: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
Enjoy two premium benefits for free! Although they are only part of the Lead4Pass 200-201 dumps!
Now, use PDF or VCE to practice Lead4Pass 200-201 dumps: https://www.leads4pass.com/200-201.html (264 Q&A), assisting you to pass the Cisco 200-201 CBROPS certification exam 100% successfully.