DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Dominate 200-201 Mock Tests & Study Materials, Cisco 200-201 CBROPS | SPOTO

Master the 200-201 CBROPS exam with our comprehensive mock tests and study materials. Our platform provides a wealth of resources, including practice tests, sample questions, and exam materials, designed to empower your exam preparation. Dive deep into security concepts, security monitoring, and host-based analysis with our curated content. Access our exam simulator to simulate real exam scenarios and refine your exam practice. Utilize our exam answers and questions to reinforce your understanding and boost your confidence for the exam. Say goodbye to unreliable exam dumps and embrace trusted study materials to dominate your preparation journey. With our online exam questions, you can assess your readiness and tailor your study plan effectively. Start your journey towards certification success with our mock tests and study materials today.
Take other online exams

Question #1
What is the potential threat identified in this Stealthwatch dashboard?
A. Host 10
B. Host 152
C. Traffic to 152
D. Host 10
View answer
Correct Answer: A

View The Updated 200-201 Exam Questions

SPOTO Provides 100% Real 200-201 Exam Questions for You to Pass Your 200-201 Exam!

Question #2
What is occurring in this network traffic?
A. high rate of SYN packets being sent from a multiple source towards a single destination IP
B. high rate of SYN packets being sent from a single source IP towards multiple destination IPs
C. flood of ACK packets coming from a single source IP to multiple destination IPs
D. flood of SYN packets coming from a single source IP to a single destination IP
View answer
Correct Answer: A
Question #3
What makes HTTPS traffic difficult to monitor?
A. SSL interception
B. packet header size
C. signature detection time
D. encryption
View answer
Correct Answer: C
Question #4
Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?
A. resource exhaustion
B. tunneling
C. traffic fragmentation
D. timing attack
View answer
Correct Answer: C
Question #5
What does cyber attribution identify in an investigation?
A. exploit of an attack
B. threat actors of an attack
C. vulnerabilities exploited
D. cause of an attack
View answer
Correct Answer: D
Question #6
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
A. CSIRT
B. PSIRT
C. public affairs
D. management
View answer
Correct Answer: A
Question #7
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?
A. ransomware communicating after infection
B. users downloading copyrighted content
C. data exfiltration
D. user circumvention of the firewall
View answer
Correct Answer: A
Question #8
How is NetFlow different than traffic mirroring?
A. NetFlow collects metadata and traffic mirroring clones data
B. Traffic mirroring impacts switch performance and NetFlow does not
C. Traffic mirroring costs less to operate than NetFlow
D. NetFlow generates more data than traffic mirroring
View answer
Correct Answer: D
Question #9
Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?
A. ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
B. ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods
C. ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods
D. ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
View answer
Correct Answer: D
Question #10
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)
A. detection and analysis
B. post-incident activity
C. vulnerability management
D. risk assessment
E. vulnerability scoring
View answer
Correct Answer: BE
Question #11
Which kind of attack method is depicted in this string?
A. cross-site scripting
B. man-in-the-middle
C. SQL injection
D. denial of service
View answer
Correct Answer: A
Question #12
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
A. integrity
B. confidentiality
C. availability
D. scope
View answer
Correct Answer: B
Question #13
An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?
A. data from a CD copied using Mac-based system
B. data from a CD copied using Linux system
C. data from a DVD copied using Windows system
D. data from a CD copied using Windows
View answer
Correct Answer: D
Question #14
An analyst is exploring the functionality of different operating systems. What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
A. queries Linux devices that have Microsoft Services for Linux installed
B. deploys Windows Operating Systems in an automated fashion
C. is an efficient tool for working with Active Directory
D. has a Common Information Model, which describes installed hardware and software
View answer
Correct Answer: B
Question #15
How is attacking a vulnerability categorized?
A. action on objectives
B. delivery
C. exploitation
D. installation
View answer
Correct Answer: AD
Question #16
What is the difference between an attack vector and attack surface?
A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vectoridentifies vulnerabilities that are independent of user actions
B. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network
C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities
D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities
View answer
Correct Answer: A
Question #17
Which step in the incident response process researches an attacking host through logs in a SIEM?
A. detection and analysis
B. preparation
C. eradication
D. containment
View answer
Correct Answer: D
Question #18
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. Tapping interrogation replicates signals to a separate port for analyzing traffic
B. Tapping interrogations detect and block malicious traffic
C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. Inline interrogation detects malicious traffic but does not block the traffic
View answer
Correct Answer: A
Question #19
Which two elements are used for profiling a network? (Choose two.)
A. session duration
B. total throughput
C. running processes
D. listening ports
E. OS fingerprint
View answer
Correct Answer: C
Question #20
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
A. syslog messages
B. full packet capture
C. NetFlow
D. firewall event logs
View answer
Correct Answer: C
Question #21
What is the difference between a threat and a risk?
A. Threat represents a potential danger that could take advantage of a weakness in a system
B. Risk represents the known and identified loss or danger in the system
C. Risk represents the nonintentional interaction with uncertainty in the system
D. Threat represents a state of being exposed to an attack or a compromise either physically or logically
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: