Ask Question
Cisco 200-201 Practice Test - Questions Answers
List of questions
Question 1
Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?
resource exhaustion
tunneling
traffic fragmentation
timing attack
Resource exhaustion is an evasion technique where an attacker overwhelms a system with a high volume of requests from multiple sources. This can cause the system to become overloaded and unable to process legitimate traffic, potentially allowing the attacker to bypass security measures like intrusion detection systems.
Question 2
Refer to the exhibit.
Which application protocol is in this PCAP file?
SSH
TCP
TLS
HTTP
The PCAP file in the exhibit shows a Transmission Control Protocol (TCP) communication between two IP addresses. In the data section of the packet capture, ''pdy/3.1... http/1'' is visible, indicating that HTTP (Hypertext Transfer Protocol) is being used as the application protocol for this communication.
Question 3
Which piece of information is needed for attribution in an investigation?
proxy logs showing the source RFC 1918 IP addresses
RDP allowed from the Internet
known threat actor behavior
802.1x RADIUS authentication pass arid fail logs
Cyber attribution is the process of identifying the source, motive, and methods of a cyberattack. Cyber attribution can help investigators to determine the responsibility, intent, and capability of the threat actors, as well as to prevent, deter, or respond to future attacks. One of the pieces of information that is needed for cyber attribution is known threat actor behavior, which refers to the patterns, techniques, tools, and tactics that are characteristic of a specific threat actor or group. Known threat actor behavior can help investigators to narrow down the suspects, link different incidents, and understand the objectives and strategies of the attackers.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.
Question 4
What does cyber attribution identify in an investigation?
cause of an attack
exploit of an attack
vulnerabilities exploited
threat actors of an attack
Cyber attribution identifies the threat actors of an attack in an investigation. Threat actors are the individuals, groups, organizations, or states that are responsible for conducting or sponsoring a cyberattack. Threat actors can have different motives, such as financial gain, espionage, sabotage, activism, or warfare. Cyber attribution can help investigators to determine the identity, location, affiliation, and motivation of the threat actors, as well as to hold them accountable and impose sanctions or legal actions.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.
Question 5
What is a purpose of a vulnerability management framework?
identifies, removes, and mitigates system vulnerabilities
detects and removes vulnerabilities in source code
conducts vulnerability scans on the network
manages a list of reported vulnerabilities
A vulnerability management framework is a set of processes and tools that helps an organization identify, assess, prioritize, remediate, and mitigate system vulnerabilities. A vulnerability management framework aims to reduce the attack surface and the risk of compromise by applying security patches, hardening configurations, implementing security controls, and monitoring the system status. A vulnerability management framework is an essential component of a security operations center (SOC).Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 2-14;200-201 CBROPS - Cisco, exam topic 1.2.b
Question 6
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
the intellectual property that was stolen
the defense contractor who stored the intellectual property
the method used to conduct the attack
the foreign government that conducted the attack
A threat agent is the entity that is responsible for initiating a threat action that exploits a vulnerability. A threat agent can be a person, a group, an organization, or a system. In this scenario, the threat agent is the foreign government that hacked the defense contractor and stole the intellectual property. The threat agent's motivation, capability, and resources determine the level of threat they pose to the target.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 1-3;200-201 CBROPS - Cisco, exam topic 1.1.b
Question 7
What is the practice of giving an employee access to only the resources needed to accomplish their job?
principle of least privilege
organizational separation
separation of duties
need to know principle
The principle of least privilege is a security best practice that states that an employee should have access to only the minimum amount of resources and permissions needed to perform their job function. This principle reduces the attack surface and the potential damage that can be caused by a compromised account, a malicious insider, or human error. The principle of least privilege can be enforced by using role-based access control (RBAC) and regular audits.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 1-10;200-201 CBROPS - Cisco, exam topic 1.2.a
Question 8
Which metric is used to capture the level of access needed to launch a successful attack?
privileges required
user interaction
attack complexity
attack vector
Privileges required is a metric in the Common Vulnerability Scoring System (CVSS) that measures the level of access needed to launch a successful attack. The higher the privileges required, the lower the severity of the vulnerability. The privileges required metric has three possible values: none, low, and high. None means that the attacker does not need any privileges to exploit the vulnerability. Low means that the attacker needs privileges that provide basic user capabilities. High means that the attacker needs privileges that provide significant or administrative control over the target.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 2-17;200-201 CBROPS - Cisco, exam topic 1.3.c
Question 9
What is the difference between an attack vector and attack surface?
An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.
An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.
An attack vector is the method or technique that an attacker uses to exploit a vulnerability in a system or network. An attack vector can be a software, hardware, or human component that can be manipulated to gain unauthorized access, execute malicious code, or cause damage. An attack surface is the sum of all the possible attack vectors that are exposed by a system or network. An attack surface can be reduced by applying security measures such as patching, hardening, firewalling, and encrypting.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 1-4;200-201 CBROPS - Cisco, exam topic 1.1.c
Question 10
What is the principle of defense-in-depth?
Agentless and agent-based protection for security are used.
Several distinct protective layers are involved.
Access control models are involved.
Authentication, authorization, and accounting mechanisms are used.
Defense-in-depth is a security strategy where multiple layers of defense are placed throughout an information technology (IT) system. It addresses physical, technical, and administrative controls to provide redundancy and ensure that if one layer fails, others will be in place to thwart an attack.Reference:Cisco Tech Roles - CyberOps Engineer
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question