ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
Which security principle is violated by running all processes as root or administrator?
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 1

Report
Export
Collapse

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

A.

resource exhaustion

A.

resource exhaustion

Answers
B.

tunneling

B.

tunneling

Answers
C.

traffic fragmentation

C.

traffic fragmentation

Answers
D.

timing attack

D.

timing attack

Answers
Suggested answer: A

Explanation:

Resource exhaustion is an evasion technique where an attacker overwhelms a system with a high volume of requests from multiple sources. This can cause the system to become overloaded and unable to process legitimate traffic, potentially allowing the attacker to bypass security measures like intrusion detection systems.

Question 2

Report
Export
Collapse

Refer to the exhibit.

Which application protocol is in this PCAP file?

A.

SSH

A.

SSH

Answers
B.

TCP

B.

TCP

Answers
C.

TLS

C.

TLS

Answers
D.

HTTP

D.

HTTP

Answers
Suggested answer: D

Explanation:

The PCAP file in the exhibit shows a Transmission Control Protocol (TCP) communication between two IP addresses. In the data section of the packet capture, ''pdy/3.1... http/1'' is visible, indicating that HTTP (Hypertext Transfer Protocol) is being used as the application protocol for this communication.

Question 3

Report
Export
Collapse

Which piece of information is needed for attribution in an investigation?

A.

proxy logs showing the source RFC 1918 IP addresses

A.

proxy logs showing the source RFC 1918 IP addresses

Answers
B.

RDP allowed from the Internet

B.

RDP allowed from the Internet

Answers
C.

known threat actor behavior

C.

known threat actor behavior

Answers
D.

802.1x RADIUS authentication pass arid fail logs

D.

802.1x RADIUS authentication pass arid fail logs

Answers
Suggested answer: C

Explanation:

Cyber attribution is the process of identifying the source, motive, and methods of a cyberattack. Cyber attribution can help investigators to determine the responsibility, intent, and capability of the threat actors, as well as to prevent, deter, or respond to future attacks. One of the pieces of information that is needed for cyber attribution is known threat actor behavior, which refers to the patterns, techniques, tools, and tactics that are characteristic of a specific threat actor or group. Known threat actor behavior can help investigators to narrow down the suspects, link different incidents, and understand the objectives and strategies of the attackers.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.

Question 4

Report
Export
Collapse

What does cyber attribution identify in an investigation?

A.

cause of an attack

A.

cause of an attack

Answers
B.

exploit of an attack

B.

exploit of an attack

Answers
C.

vulnerabilities exploited

C.

vulnerabilities exploited

Answers
D.

threat actors of an attack

D.

threat actors of an attack

Answers
Suggested answer: D

Explanation:

Cyber attribution identifies the threat actors of an attack in an investigation. Threat actors are the individuals, groups, organizations, or states that are responsible for conducting or sponsoring a cyberattack. Threat actors can have different motives, such as financial gain, espionage, sabotage, activism, or warfare. Cyber attribution can help investigators to determine the identity, location, affiliation, and motivation of the threat actors, as well as to hold them accountable and impose sanctions or legal actions.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.

Question 5

Report
Export
Collapse

What is a purpose of a vulnerability management framework?

A.

identifies, removes, and mitigates system vulnerabilities

A.

identifies, removes, and mitigates system vulnerabilities

Answers
B.

detects and removes vulnerabilities in source code

B.

detects and removes vulnerabilities in source code

Answers
C.

conducts vulnerability scans on the network

C.

conducts vulnerability scans on the network

Answers
D.

manages a list of reported vulnerabilities

D.

manages a list of reported vulnerabilities

Answers
Suggested answer: A

Explanation:

A vulnerability management framework is a set of processes and tools that helps an organization identify, assess, prioritize, remediate, and mitigate system vulnerabilities. A vulnerability management framework aims to reduce the attack surface and the risk of compromise by applying security patches, hardening configurations, implementing security controls, and monitoring the system status. A vulnerability management framework is an essential component of a security operations center (SOC).Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 2-14;200-201 CBROPS - Cisco, exam topic 1.2.b

Question 6

Report
Export
Collapse

A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?

A.

the intellectual property that was stolen

A.

the intellectual property that was stolen

Answers
B.

the defense contractor who stored the intellectual property

B.

the defense contractor who stored the intellectual property

Answers
C.

the method used to conduct the attack

C.

the method used to conduct the attack

Answers
D.

the foreign government that conducted the attack

D.

the foreign government that conducted the attack

Answers
Suggested answer: D

Explanation:

A threat agent is the entity that is responsible for initiating a threat action that exploits a vulnerability. A threat agent can be a person, a group, an organization, or a system. In this scenario, the threat agent is the foreign government that hacked the defense contractor and stole the intellectual property. The threat agent's motivation, capability, and resources determine the level of threat they pose to the target.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 1-3;200-201 CBROPS - Cisco, exam topic 1.1.b

Question 7

Report
Export
Collapse

What is the practice of giving an employee access to only the resources needed to accomplish their job?

A.

principle of least privilege

A.

principle of least privilege

Answers
B.

organizational separation

B.

organizational separation

Answers
C.

separation of duties

C.

separation of duties

Answers
D.

need to know principle

D.

need to know principle

Answers
Suggested answer: A

Explanation:

The principle of least privilege is a security best practice that states that an employee should have access to only the minimum amount of resources and permissions needed to perform their job function. This principle reduces the attack surface and the potential damage that can be caused by a compromised account, a malicious insider, or human error. The principle of least privilege can be enforced by using role-based access control (RBAC) and regular audits.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 1-10;200-201 CBROPS - Cisco, exam topic 1.2.a

Question 8

Report
Export
Collapse

Which metric is used to capture the level of access needed to launch a successful attack?

A.

privileges required

A.

privileges required

Answers
B.

user interaction

B.

user interaction

Answers
C.

attack complexity

C.

attack complexity

Answers
D.

attack vector

D.

attack vector

Answers
Suggested answer: A

Explanation:

Privileges required is a metric in the Common Vulnerability Scoring System (CVSS) that measures the level of access needed to launch a successful attack. The higher the privileges required, the lower the severity of the vulnerability. The privileges required metric has three possible values: none, low, and high. None means that the attacker does not need any privileges to exploit the vulnerability. Low means that the attacker needs privileges that provide basic user capabilities. High means that the attacker needs privileges that provide significant or administrative control over the target.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 2-17;200-201 CBROPS - Cisco, exam topic 1.3.c

Question 9

Report
Export
Collapse

What is the difference between an attack vector and attack surface?

A.

An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.

A.

An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.

Answers
B.

An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.

B.

An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.

Answers
C.

An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.

C.

An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.

Answers
D.

An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

D.

An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Answers
Suggested answer: B

Explanation:

An attack vector is the method or technique that an attacker uses to exploit a vulnerability in a system or network. An attack vector can be a software, hardware, or human component that can be manipulated to gain unauthorized access, execute malicious code, or cause damage. An attack surface is the sum of all the possible attack vectors that are exposed by a system or network. An attack surface can be reduced by applying security measures such as patching, hardening, firewalling, and encrypting.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 1-4;200-201 CBROPS - Cisco, exam topic 1.1.c

Question 10

Report
Export
Collapse

What is the principle of defense-in-depth?

A.

Agentless and agent-based protection for security are used.

A.

Agentless and agent-based protection for security are used.

Answers
B.

Several distinct protective layers are involved.

B.

Several distinct protective layers are involved.

Answers
C.

Access control models are involved.

C.

Access control models are involved.

Answers
D.

Authentication, authorization, and accounting mechanisms are used.

D.

Authentication, authorization, and accounting mechanisms are used.

Answers
Suggested answer: B

Explanation:

Defense-in-depth is a security strategy where multiple layers of defense are placed throughout an information technology (IT) system. It addresses physical, technical, and administrative controls to provide redundancy and ensure that if one layer fails, others will be in place to thwart an attack.Reference:Cisco Tech Roles - CyberOps Engineer

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms