Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Cisco
  3. CyberOps Associate
  4. 200-201
  5. Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Questions and Answers

Pass the Cisco CyberOps Associate 200-201 Questions and answers with ValidTests

Exam 200-201 All Questions
Exam 200-201 Premium Access

View all detail and faqs for the 200-201 exam

Go to Exam
Viewing page 13 out of 15 pages
Viewing questions 121-130 out of questions
Questions # 121:

What is a collection of compromised machines that attackers use to carry out a DDoS attack?

Options:

A.

subnet

B.

botnet

C.

VLAN

D.

command and control

Questions # 122:

An engineer received a ticket to investigate a potentially malicious file detected by a malware scanner that was trying to execute multiple commands. During the initial review, the engineer discovered that the file was created two days prior. Further analyses show that the file was downloaded from a known malicious domain after a successful phishing attempt on an asset owner. At which phase of the Cyber Kill Chain was this attack mitigated?

Options:

A.

reconnaissance

B.

exploitation

C.

installation

D.

delivery

Questions # 123:

What is the difference between deep packet inspection and stateful inspection?

Options:

A.

Deep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4.

B.

Deep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention.

C.

Stateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention.

D.

Stateful inspection verifies data at the transport layer and deep packet inspection verifies data at the application layer

Questions # 124:

What is the difference between a vulnerability and an attack surface?

Options:

A.

A vulnerability is the risk of exploiting a weakness in the application, and the target application itself is the attack surface

B.

The attack surface is the SQL injection targeted on the database, and the database is the vulnerability that might be exploited.

C.

The attack surface is a sum of measured risks for a particular asset, and the vulnerability is an unmeasured exploitable risk

D.

A vulnerability is unsanitized user input sent to exploit a web application and the browser is the attack surface for the web application

Questions # 125:

What is the difference between antimalware and antivirus solutions?

Options:

A.

Antimalware applications operate proactively to block ransomware before it can encrypt data, and antivirus cannot resist advanced classes of malware.

B.

Antivirus operates using thousands of pieces of threat intelligence information from existing samples, and antimalware can identify patterns of well-known attack types and detect an attack vector before an attack is successful.

C.

Antivirus applications operate proactively to block ransomware before it can encrypt data, and antimalware cannot resist advanced classes of malware.

D.

Antimalware operates using thousands of pieces of threat intelligence information from existing samples, and antivirus can identify patterns of well-known attack types and detect an attack vector before an attack is successful.

Questions # 126:

An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmatware2022-12-22.pcaps file.The engineer is trying to open the tcpdump in the Wireshark tool. What is the expected result?

Options:

A.

The tool does not support Linux.

B.

The file is opened.

C.

The file has an incorrect extension.

D.

The file does not support the"-" character.

Questions # 127:

Exhibit.

Question # 127

An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?

Options:

A.

10.0.0.2 sends GET/ HTTP/1.1 And Post request and the target responds with HTTP/1.1. 200 OC and HTTP/1.1 403 accordingly. This is an HTTP flood attempt.

B.

10.0.0.2 sends HTTP FORBIDDEN /1.1 And Post request, while the target responds with HTTP/1.1 200 Get and HTTP/1.1 403. This is an HTTP GET flood attack.

C.

10.128.0.2 sends POST/1.1 And POST requests, and the target responds with HTTP/1.1 200 Ok and HTTP/1.1 403 accordingly. This is an HTTP Reserve Bandwidth flood.

D.

10.128.0.2 sends HTTP/FORBIDDEN/ 1.1 and Get requests, and the target responds with HTTP/1.1 200 OK and HTTP/1.1 403. This is an HTTP cache bypass attack.

Questions # 128:

Why is encryption challenging to security monitoring?

Options:

A.

Encryption analysis is used by attackers to monitor VPN tunnels.

B.

Encryption is used by threat actors as a method of evasion and obfuscation.

C.

Encryption introduces additional processing requirements by the CPU.

D.

Encryption introduces larger packet sizes to analyze and store.

Questions # 129:

Which system monitors local system operation and local network access for violations of a security policy?

Options:

A.

host-based intrusion detection

B.

systems-based sandboxing

C.

host-based firewall

D.

antivirus

Questions # 130:

Which security monitoring data type is associated with application server logs?

Options:

A.

transaction data

B.

session data

C.

alert data

D.

statistical data

Viewing page 13 out of 15 pages
Viewing questions 121-130 out of questions