[Nov 22, 2021] 200-201 Dumps PDF and Test Engine Exam Questions - CertkingdomPDF [Q99-Q119]

[Nov 22, 2021] 200-201 Dumps PDF and Test Engine Exam Questions - CertkingdomPDF

Verified 200-201 exam dumps Q&As with Correct 182 Questions and Answers

Final Thoughts

Passing the Cisco 200-201 exam shows the potential employers what you are capable of achieving if you get the chance. It is more than just a way to demonstrate your technical competence. By understanding all the exam topics, you will be ready to make critical decisions that will give your company guaranteed protection from potentially harmful security threats. So, if you want to turn from an average IT personnel to an in-demand specialist who’s known for reliable solutions in less than a year, clear this 200-201 test. And remember that there’s an ample variety of helpful resources like the official training and study guides from Amazon for you to accomplish this with ease.

Understanding functional and technical aspects of Cisco Cybersecurity Operations Fundamentals v1.0 (200-201 CBROPS) Security Concepts

The following will be discussed in CISCO 200-201 dumps:

• Compare rule-based detection vs. behavioral and statistical detection
• Run book automation (RBA)
• Nondiscretionary access control
• Identify potential data loss from provided traffic profiles
• Legacy antivirus and antimalware
• Threat
• Compare security deployments
• Rule-based access control
• Describe terms as defined in CVSS
• Identify the challenges of data visibility (network, host, and cloud) in detection
• Threat intelligence platform (TIP)
• Threat actor
• Reverse engineering
• Agentless and agent-based protections
• Mandatory access control
• Network, endpoint, and application security systems
• Describe the principles of the defense-in-depth strategy
• Exploit
• Risk (risk scoring/risk weighting, risk reduction, risk assessment)
• Zero trust
• Compare security concepts
• Discretionary access control
• Authentication, authorization, accounting
• Principle of least privilege
• Time-based access control
• Compare access control models
• Threat hunting
• Privileges required
• Attack complexity
• Describe the CIA triad
• SIEM, SOAR, and log management
• Describe security terms
• Sliding window anomaly detection
• User interaction
• Vulnerability
• Role-based access control
• Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs
• Attack vector
• Threat intelligence (TI)
• Scope

 

NEW QUESTION 99
How does an SSL certificate impact security between the client and the server?

• A. by creating an integrated channel between the client and the server
• B. by enabling an authenticated channel between the client and the server
• C. by enabling an authorized channel between the client and the server
• D. by creating an encrypted channel between the client and the server

Answer: D

 

NEW QUESTION 100
Which piece of information is needed for attribution in an investigation?

• A. 802.1x RADIUS authentication pass arid fail logs
• B. RDP allowed from the Internet
• C. proxy logs showing the source RFC 1918 IP addresses
• D. known threat actor behavior

Answer: D

 

NEW QUESTION 101
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

• A. Base64 encoding
• B. transport layer security encryption
• C. SHA-256 hashing
• D. ROT13 encryption

Answer: B

 

NEW QUESTION 102
An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

• A. adaptive AVC
• B. application recognition
• C. traffic filtering
• D. metrics collection and exporting
• E. management and reporting

Answer: B,E

 

NEW QUESTION 103
Refer to the exhibit.

Which technology generates this log?

• A. firewall
• B. IDS
• C. web proxy
• D. NetFlow

Answer: A

 

NEW QUESTION 104
What is the difference between an attack vector and attack surface?

• A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
• B. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network.
• C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
• D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Answer: C

 

NEW QUESTION 105

Refer to the exhibit. Which two elements in the table are parts of the 5-tuple? (Choose two.)

• A. Initiator User
• B. First Packet
• C. Source Port
• D. Ingress Security Zone
• E. Initiator IP

Answer: C,E

 

NEW QUESTION 106
Refer to the exhibit.

What is occurring in this network?

• A. ARP cache poisoning
• B. DNS cache poisoning
• C. MAC flooding attack
• D. MAC address table overflow

Answer: A

 

NEW QUESTION 107
An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?

• A. sequence numbers
• B. 5-tuple
• C. timestamps
• D. IP identifier

Answer: B

Explanation:
Section: Security Concepts

 

NEW QUESTION 108
What are the two characteristics of the full packet captures? (Choose two.)

• A. Identifying network loops and collision domains.
• B. Detecting common hardware faults and identify faulty assets.
• C. Reassembling fragmented traffic from raw data.
• D. Troubleshooting the cause of security and performance issues.
• E. Providing a historical record of a network transaction.

Answer: C,E

 

NEW QUESTION 109
Why is encryption challenging to security monitoring?

• A. Encryption is used by threat actors as a method of evasion and obfuscation.
• B. Encryption introduces larger packet sizes to analyze and store.
• C. Encryption introduces additional processing requirements by the CPU.
• D. Encryption analysis is used by attackers to monitor VPN tunnels.

Answer: A

 

NEW QUESTION 110
Which process is used when IPS events are removed to improve data integrity?

• A. data availability
• B. data protection
• C. data signature
• D. data normalization

Answer: D

Explanation:
Section: Security Concepts

 

NEW QUESTION 111

Refer to the exhibit. Which event is occurring?

• A. A URL is being evaluated to see if it has a malicious binary
• B. A binary on VM cuckoo1 is being submitted for evaluation
• C. A binary is being submitted to run on VM cuckoo1
• D. A binary named "submit" is running on VM cuckoo1.

Answer: B

 

NEW QUESTION 112
Which incidence response step includes identifying all hosts affected by an attack'?

• A. containment eradication and recovery
• B. preparation
• C. post-incident activity
• D. detection and analysis

Answer: C

 

NEW QUESTION 113
What is the difference between an attack vector and attack surface?

• A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
• B. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network.
• C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
• D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Answer: C

Explanation:
Section: Security Concepts

 

NEW QUESTION 114
In a SOC environment, what is a vulnerability management metric?

• A. internet exposed devices
• B. code signing enforcement
• C. single factor authentication
• D. full assets scan

Answer: A

 

NEW QUESTION 115
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

• A. process identification number
• B. active process identification number
• C. runtime identification number
• D. application identification number

Answer: A

 

NEW QUESTION 116
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?

• A. total throughput on the interface of the router and NetFlow records
• B. running processes on the applications and their total network usage
• C. deep packet captures of each application flow and duration
• D. output of routing protocol authentication failures and ports used

Answer: B

 

NEW QUESTION 117
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

• A. Base64 encoding
• B. transport layer security encryption
• C. SHA-256 hashing
• D. ROT13 encryption

Answer: B

 

NEW QUESTION 118

Refer to the exhibit. What information is depicted?

• A. IIS data
• B. network discovery event
• C. IPS event data
• D. NetFlow data

Answer: D

 

NEW QUESTION 119
......

Cisco 200-201 Test Engine PDF - All Free Dumps: https://www.certkingdompdf.com/200-201-latest-certkingdom-dumps.html

Get New 200-201 Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1Zc3n-k5xf6LdNgBjAMDfxFV5fSi7heDv