DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CCNA 200-201 CAROPS Exam Questions an Answers - Csecurityco Cscortifie CyberOons-free Associate Braindumps

Preparing for the CCNA 200-201 CBROPS (Cisco Certified CyberOps Associate) exam requires reliable and comprehensive resources to ensure success. Exam question resources play a crucial role in this preparation journey. These resources include exam braindumps, exam questions and answers, dumps, practice tests, and study materials specifically designed for the CCNA 200-201 exam. Exam braindumps are compiled sets of real exam questions that offer insights into the exam structure and help test-takers familiarize themselves with the types of questions they will encounter. Exam questions and answers provide detailed explanations and solutions to enhance understanding. Dumps are curated collections of relevant exam content, while practice tests allow candidates to assess their knowledge and identify areas for improvement. By utilizing these exam resources effectively, candidates can prepare for the CCNA 200-201 exam thoroughly and increase their chances of successfully passing with confidence.
Take other online exams

Question #1
Which system monitors local system operation and local network access for violations of a security policy?
A. ost-based intrusion detection
B. ystems-based sandboxing
C. ost-based firewall
D. ntivirus
View answer
Correct Answer: A
Question #2
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?
A. he threat actor used a dictionary-based password attack to obtain credentials
B. he threat actor gained access to the system by known credentials
C. he threat actor used the teardrop technique to confuse and crash login services
D. he threat actor used an unknown vulnerability of the operating system that went undetected
View answer
Correct Answer: C
Question #3
Which security technology allows only a set of pre-approved applications to run on a system?
A. pplication-level blacklisting
B. ost-based IPS
C. pplication-level whitelisting
D. ntivirus
View answer
Correct Answer: C
Question #4
Which HTTP header field is used in forensics to identify the type of browser used?
A. eferrer
B. ost
C. ser-agent
D. ccept-language
View answer
Correct Answer: C
Question #5
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack.What is the reason for this discrepancy?
A. he computer has a HIPS installed on it
B. he computer has a NIPS installed on it
C. he computer has a HIDS installed on it
D. he computer has a NIDS installed on it
View answer
Correct Answer: C
Question #6
What does cyber attribution identify in an investigation?
A. ause of an attack
B. xploit of an attack
C. ulnerabilities exploited
D. hreat actors of an attack
View answer
Correct Answer: D
Question #7
DRAG DROP (Drag and Drop is not supported)Refer to the exhibit.Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #8
Refer to the exhibit.What is the potential threat identified in this Stealthwatch dashboard?
A. ost 10
B. ost 152
C. raffic to 152
D. ost 10
View answer
Correct Answer: D
Question #9
Which event artifact is used to identify HTTP GET requests for a specific file?
A. estination IP address
B. CP ACK
C. TTP status code
D. RI
View answer
Correct Answer: D
Question #10
What is rule-based detection when compared to statistical detection?
A. roof of a user's identity
B. roof of a user's action
C. ikelihood of user's action
D. alsification of a user's identity
View answer
Correct Answer: B
Question #11
Refer to the exhibit.Which packet contains a file that is extractable within Wireshark?
A. 317
B. 986
C. 318
D. 542
View answer
Correct Answer: D
Question #12
What makes HTTPS traffic difficult to monitor?
A. SL interception
B. acket header size
C. ignature detection time
D. ncryption
View answer
Correct Answer: D
Question #13
Which type of evidence supports a theory or an assumption that results from initial evidence?
A. robabilistic
B. ndirect
C. est
D. orroborative
View answer
Correct Answer: D
Question #14
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?
A. econnaissance
B. ction on objectives
C. nstallation
D. xploitation
View answer
Correct Answer: C
Question #15
How is attacking a vulnerability categorized?
A. ction on objectives
B. elivery
C. xploitation
D. nstallation
View answer
Correct Answer: C
Question #16
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
A. ate of birth
B. river's license number
C. ender
D. ip code
View answer
Correct Answer: CD
Question #17
Which incidence response step includes identifying all hosts affected by an attack?
A. etection and analysis
B. ost-incident activity
C. reparation
D. ontainment, eradication, and recovery
View answer
Correct Answer: D
Question #18
Refer to the exhibit.Which technology generates this log?
A. etFlow
B. DS
C. eb proxy
D. irewall
View answer
Correct Answer: D
Question #19
Refer to the exhibit.What is the potential threat identified in this Stealthwatch dashboard?
A. policy violation is active for host 10
B. host on the network is sending a DDoS attack to another inside host
C. here are two active data exfiltration alerts
D. policy violation is active for host 10
View answer
Correct Answer: C
Question #20
What is a benefit of agent-based protection when compared to agentless protection?
A. t lowers maintenance costs
B. t provides a centralized platform
C. t collects and detects all traffic locally
D. t manages numerous devices simultaneously
View answer
Correct Answer: B
Question #21
How is attacking a vulnerability categorized?
A. ction on objectives
B. elivery
C. xploitation
D. nstallation
View answer
Correct Answer: C
Question #22
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
A. he intellectual property that was stolen
B. he defense contractor who stored the intellectual property
C. he method used to conduct the attack
D. he foreign government that conducted the attack
View answer
Correct Answer: D
Question #23
What is the difference between a threat and a risk?
A. hreat represents a potential danger that could take advantage of a weakness in a system
B. isk represents the known and identified loss or danger in the system
C. isk represents the nonintentional interaction with uncertainty in the system
D. hreat represents a state of being exposed to an attack or a compromise, either physically or logically
View answer
Correct Answer: A
Question #24
Which security principle requires more than one person is required to perform a critical task?
A. east privilege
B. eed to know
C. eparation of duties
D. ue diligence
View answer
Correct Answer: C
Question #25
Which regular expression matches "color" and "colour"?
A. olo?ur
B. ol[0-8]+our
C. olou?r
D. ol[0-9]+our
View answer
Correct Answer: C
Question #26
What is the relationship between a vulnerability and a threat?
A. threat exploits a vulnerability
B. vulnerability is a calculation of the potential loss caused by a threat
C. vulnerability exploits a threat
D. threat is a calculation of the potential loss caused by a vulnerability
View answer
Correct Answer: A
Question #27
What is a benefit of agent-based protection when compared to agentless protection?
A. t lowers maintenance costs
B. t provides a centralized platform
C. t collects and detects all traffic locally
D. t manages numerous devices simultaneously
View answer
Correct Answer: C
Question #28
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.Which technology makes this behavior possible?
A. ncapsulation
B. OR
C. unneling
D. AT
View answer
Correct Answer: D
Question #29
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
A. yslog messages
B. ull packet capture
C. etFlow
D. irewall event logs
View answer
Correct Answer: C
Question #30
Which artifact is used to uniquely identify a detected file?
A. ile timestamp
B. ile extension
C. ile size
D. ile hash
View answer
Correct Answer: D
Question #31
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
A. SIRT
B. SIRT
C. ublic affairs
D. anagement
View answer
Correct Answer: D
Question #32
Refer to the exhibit.In which Linux log file is this output found?
A. var/log/authorization
B. var/log/dmesg
C. ar/log/var
D. var/log/auth
View answer
Correct Answer: D
Question #33
Why is encryption challenging to security monitoring?
A. ncryption analysis is used by attackers to monitor VPN tunnels
B. ncryption is used by threat actors as a method of evasion and obfuscation
C. ncryption introduces additional processing requirements by the CPU
D. ncryption introduces larger packet sizes to analyze and store
View answer
Correct Answer: B
Question #34
What does an attacker use to determine which network ports are listening on a potential target device?
A. an-in-the-middle
B. ort scanning
C. QL injection
D. ing sweep
View answer
Correct Answer: B
Question #35
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.Which testing method did the intruder use?
A. ocial engineering
B. avesdropping
C. iggybacking
D. ailgating
View answer
Correct Answer: A
Question #36
Refer to the exhibit.What is occurring in this network traffic?
A. igh rate of SYN packets being sent from a multiple source towards a single destination IP
B. igh rate of ACK packets being sent from a single source IP towards multiple destination IPs
C. lood of ACK packets coming from a single source IP to multiple destination IPs
D. lood of SYN packets coming from a single source IP to a single destination IP
View answer
Correct Answer: D
Question #37
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?
A. equence numbers
B. P identifier
C. -tuple
D. imestamps
View answer
Correct Answer: C
Question #38
What are two denial of service attacks? (Choose two.)
A. map --top-ports 192
B. map \xadsP 192
C. map -sL 192
D. map -sV 192
View answer
Correct Answer: CD
Question #39
Which regex matches only on all lowercase letters?
A. a-z]+
B. ^a-z]+
C. -z+
D. *z+
View answer
Correct Answer: A
Question #40
Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?
A. rc=10
B. p
C. p
D. rc==10
View answer
Correct Answer: B
Question #41
Which type of data consists of connection level, application-specific records generated from network traffic?
A. ransaction data
B. ocation data
C. tatistical data
D. lert data
View answer
Correct Answer: A
Question #42
How does an attacker observe network traffic exchanged between two users?
A. ort scanning
B. an-in-the-middle
C. ommand injection
D. enial of service
View answer
Correct Answer: B
Question #43
DRAG DROP (Drag and Drop is not supported) (Drag and Drop is not supported)Drag and drop the uses on the left onto the type of security system on the right.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #44
What is a difference between SOAR and SIEM?
A. OAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. IEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. OAR receives information from a single platform and delivers it to a SIEM
D. IEM receives information from a single platform and delivers it to a SOAR
View answer
Correct Answer: A
Question #45
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?
A. ansomware communicating after infection
B. sers downloading copyrighted content
C. ata exfiltration
D. ser circumvention of the firewall
View answer
Correct Answer: D
Question #46
What are two social engineering techniques? (Choose two.)
A. pen ports of a web server
B. pen port of an FTP server
C. pen ports of an email server
D. unning processes of the server
View answer
Correct Answer: CE
Question #47
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.Which kind of evidence is this IP address?
A. est evidence
B. orroborative evidence
C. ndirect evidence
D. orensic evidence
View answer
Correct Answer: B
Question #48
Which metric is used to capture the level of access needed to launch a successful attack?
A. rivileges required
B. ser interaction
C. ttack complexity
D. ttack vector
View answer
Correct Answer: D
Question #49
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.Which information is available on the server certificate?
A. erver name, trusted subordinate CA, and private key
B. rusted subordinate CA, public key, and cipher suites
C. rusted CA name, cipher suites, and private key
D. erver name, trusted CA, and public key
View answer
Correct Answer: D
Question #50
What is an example of social engineering attacks?
A. eceiving an unexpected email from an unknown person with an attachment from someone in the same company
B. eceiving an email from human resources requesting a visit to their secure website to update contact information
C. ending a verbal request to an administrator who knows how to change an account password
D. eceiving an invitation to the department's weekly WebEx meeting
View answer
Correct Answer: C
Question #51
At which layer is deep packet inspection investigated on a firewall?
A. nternet
B. ransport
C. pplication
D. ata link
View answer
Correct Answer: C
Question #52
Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?
A. WS
B. IS
C. oad balancer
D. roxy server
View answer
Correct Answer: C
Question #53
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
A. ecision making
B. apid response
C. ata mining
D. ue diligence
View answer
Correct Answer: B
Question #54
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
A. xamination
B. nvestigation
C. ollection
D. eporting
View answer
Correct Answer: C
Question #55
A user received a malicious attachment but did not run it. Which category classifies the intrusion?
A. eaponization
B. econnaissance
C. nstallation
D. elivery
View answer
Correct Answer: D
Question #56
Which security principle is violated by running all processes as root or administrator?
A. rinciple of least privilege
B. ole-based access control
C. eparation of duties
D. rusted computing base
View answer
Correct Answer: A
Question #57
What is a sandbox interprocess communication service?
A. collection of rules within the sandbox that prevent the communication between sandboxes
B. collection of network services that are activated on an interface, allowing for inter-port communication
C. collection of interfaces that allow for coordination of activities among processes
D. collection of host services that allow for communication between sandboxes
View answer
Correct Answer: C
Question #58
Which security principle requires more than one person is required to perform a critical task?
A. east privilege
B. eed to know
C. eparation of duties
D. ue diligence
View answer
Correct Answer: C
Question #59
What is the function of a command and control server?
A. t enumerates open ports on a network device
B. t drops secondary payload into malware
C. t is used to regain control of the network after a compromise
D. t sends instruction to a compromised system
View answer
Correct Answer: D
Question #60
Refer to the exhibit.What is occurring in this network?
A. RP cache poisoning
B. NS cache poisoning
C. AC address table overflow
D. AC flooding attack
View answer
Correct Answer: A
Question #61
What is a difference between inline traffic interrogation and traffic mirroring?
A. nline inspection acts on the original traffic data flow
B. raffic mirroring passes live traffic to a tool for blocking
C. raffic mirroring inspects live traffic for analysis and mitigation
D. nline traffic copies packets for analysis and security
View answer
Correct Answer: A
Question #62
Refer to the exhibit.What is depicted in the exhibit?
A. indows Event logs
B. pache logs
C. IS logs
D. NIX-based syslog
View answer
Correct Answer: B
Question #63
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?
A. pplication identification number
B. ctive process identification number
C. untime identification number
D. rocess identification number
View answer
Correct Answer: D
Question #64
What is a purpose of a vulnerability management framework?
A. dentifies, removes, and mitigates system vulnerabilities
B. etects and removes vulnerabilities in source code
C. onducts vulnerability scans on the network
D. anages a list of reported vulnerabilities
View answer
Correct Answer: A
Question #65
What is a difference between tampered and untampered disk images?
A. ampered images have the same stored and computed hash
B. ntampered images are deliberately altered to preserve as evidence
C. ampered images are used as evidence
D. ntampered images are used for forensic investigations
View answer
Correct Answer: D
Question #66
What is the difference between the ACK flag and the RST flag in the NetFlow log session?
A. he RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete
B. he ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete
C. he RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection
D. he ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection
View answer
Correct Answer: D
Question #67
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
A. ragmentation
B. ivoting
C. ncryption
D. tenography
View answer
Correct Answer: C
Question #68
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
A. ntegrity
B. onfidentiality
C. vailability
D. cope
View answer
Correct Answer: A
Question #69
Refer to the exhibit.What does the output indicate about the server with the IP address 172.18.104.139?
A. t authenticates client identity when requesting SSL certificate
B. t validates domain identity of a SSL certificate
C. t authenticates domain identity when requesting SSL certificate
D. t validates client identity when communicating with the server
View answer
Correct Answer: C
Question #70
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
A. AC is controlled by the discretion of the owner and DAC is controlled by an administrator
B. AC is the strictest of all levels of control and DAC is object-based access
C. AC is controlled by the operating system and MAC is controlled by an administrator
D. AC is the strictest of all levels of control and MAC is object-based access
View answer
Correct Answer: B
Question #71
An engineer configured regular expression ".*\.([Dd][Oo][Cc]|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]" on Cisco ASA firewall. What does this regular expression do?
A. t captures
B. t captures documents in an HTTP network session
C. t captures Word, Excel, and PowerPoint files in HTTP v1
D. t captures
View answer
Correct Answer: C
Question #72
What is the difference between deep packet inspection and stateful inspection?
A. eep packet inspection is more secure than stateful inspection on Layer 4
B. tateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7
C. tateful inspection is more secure than deep packet inspection on Layer 7
D. eep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer
View answer
Correct Answer: D
Question #73
What is personally identifiable information that must be safeguarded from unauthorized access?
A. ode signing enforcement
B. ull assets scan
C. nternet exposed devices
D. ingle factor authentication
View answer
Correct Answer: B
Question #74
DRAG DROPDrag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
A. TTPS ports are open on the server
B. MB ports are closed on the server
C. TP ports are open on the server
D. mail ports are closed on the server
View answer
Correct Answer: A
Question #75
What is the impact of false positive alerts on business compared to true positive?
A. rue positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach
B. rue positive alerts are blocked by mistake as potential attacks affecting application availability
C. alse positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach
D. alse positive alerts are blocked by mistake as potential attacks affecting application availability
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: