DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

CCNA 200-201 CBROPS Exam Questions and Answers - Cisco Certified CyberOps Associate Braindumps

Preparing for the CCNA 200-201 CBROPS (Cisco Certified CyberOps Associate) exam requires reliable and comprehensive resources to ensure success. Exam question resources play a crucial role in this preparation journey. These resources include exam braindumps, exam questions and answers, dumps, practice tests, and study materials specifically designed for the CCNA 200-201 exam. Exam braindumps are compiled sets of real exam questions that offer insights into the exam structure and help test-takers familiarize themselves with the types of questions they will encounter. Exam questions and answers provide detailed explanations and solutions to enhance understanding. Dumps are curated collections of relevant exam content, while practice tests allow candidates to assess their knowledge and identify areas for improvement. By utilizing these exam resources effectively, candidates can prepare for the CCNA 200-201 exam thoroughly and increase their chances of successfully passing with confidence.
Take other online exams
Question #1
Refer to the exhibit.Which type of log is displayed?
A. roxy
B. etFlow
C. DS
D. ys
View answer
Correct Answer: B
Question #2
Refer to the exhibit.Which kind of attack method is depicted in this string?
A. ross-site scripting
B. an-in-the-middle
C. QL injection
D. enial of service
View answer
Correct Answer: A
Question #3
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?
A. onfidentiality, identity, and authorization
B. onfidentiality, integrity, and authorization
C. onfidentiality, identity, and availability
D. onfidentiality, integrity, and availability
View answer
Correct Answer: D
Question #4
An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?
A. ata from a CD copied using Mac-based system
B. ata from a CD copied using Linux system
C. ata from a DVD copied using Windows system
D. ata from a CD copied using Windows
View answer
Correct Answer: B
Question #5
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?
A. irepower
B. mail Security Appliance
C. eb Security Appliance
D. tealthwatch
View answer
Correct Answer: C
Question #6
What is the difference between an attack vector and attack surface?
A. n attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions
B. n attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network
C. n attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities
D. n attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities
View answer
Correct Answer: C
Question #7
Refer to the exhibit.An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
A. he file has an embedded executable and was matched by PEiD threat signatures for further analysis
B. he file has an embedded non-Windows executable but no suspicious features are identified
C. he file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis
D. he file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date
View answer
Correct Answer: C
Question #8
DRAG DROP (Drag and Drop is not supported)Drag and drop the access control models from the left onto the correct descriptions on the right.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #9
What is the difference between statistical detection and rule-based detection models?
A. ule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
B. tatistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
C. tatistical detection involves the evaluation of an object on its intended actions before it executes that behavior
D. ule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis
View answer
Correct Answer: B
Question #10
Which process is used when IPS events are removed to improve data integrity?
A. ata availability
B. ata normalization
C. ata signature
D. ata protection
View answer
Correct Answer: B
Question #11
Refer to the exhibit.What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?
A. nsert TCP subdissectors
B. xtract a file from a packet capture
C. isable TCP streams
D. nfragment TCP
View answer
Correct Answer: D
Question #12
Which event is user interaction?
A. aining root access
B. xecuting remote code
C. eading and writing file permission
D. pening a malicious file
View answer
Correct Answer: D
Question #13
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
A. nown-plaintext
B. eplay
C. ictionary
D. an-in-the-middle
View answer
Correct Answer: D
Question #14
What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?
A. east privilege
B. eed to know
C. ntegrity validation
D. ue diligence
View answer
Correct Answer: A
Question #15
What specific type of analysis is assigning values to the scenario to see expected outcomes?
A. eterministic
B. xploratory
C. robabilistic
D. escriptive
View answer
Correct Answer: A
Question #16
Which utility blocks a host portscan?
A. IDS
B. andboxing
C. ost-based firewall
D. ntimalware
View answer
Correct Answer: C
Question #17
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
A. odify the settings of the intrusion detection system
B. esign criteria for reviewing alerts
C. edefine signature rules
D. djust the alerts schedule
View answer
Correct Answer: A
Question #18
What is rule-based detection when compared to statistical detection?
A. roof of a user's identity
B. roof of a user's action
C. ikelihood of user's action
D. alsification of a user's identity
View answer
Correct Answer: B
Question #19
Which tool provides a full packet capture from network traffic?
A. agios
B. AINE
C. ydra
D. ireshark
View answer
Correct Answer: D
Question #20
Refer to the exhibit.Which two elements in the table are parts of the 5-tuple? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: DE
Question #21
DRAG DROP (Drag and Drop is not supported)Drag and drop the technology on the left onto the data type the technology provides on the right.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #22
What is the difference between the rule-based detection when compared to behavioral detection?
A. ule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature
B. ule-Based systems have established patterns that do not change with new data, while behavioral changes
C. ehavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures
D. ehavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks
View answer
Correct Answer: D
Question #23
What is the principle of defense-in-depth?
A. gentless and agent-based protection for security are used
B. everal distinct protective layers are involved
C. ccess control models are involved
D. uthentication, authorization, and accounting mechanisms are used
View answer
Correct Answer: B
Question #24
Which action prevents buffer overflow attacks?
A. ariable randomization
B. sing web based applications
C. nput sanitization
D. sing a Linux operating system
View answer
Correct Answer: C
Question #25
Which type of data collection requires the largest amount of storage space?
A. lert data
B. ransaction data
C. ession data
D. ull packet capture
View answer
Correct Answer: D
Question #26
Which two components reduce the attack surface on an endpoint? (Choose two.)
A. ny potential danger to an asset
B. he sum of all paths for data into and out of the environment
C. n exploitable weakness in a system or its design
D. he individuals who perform an attack
View answer
Correct Answer: AD
Question #27
Refer to the exhibit.What information is depicted?
A. IS data
B. etFlow data
C. etwork discovery event
D. PS event data
View answer
Correct Answer: B
Question #28
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.Which type of evidence is this?
A. est evidence
B. rima facie evidence
C. ndirect evidence
D. hysical evidence
View answer
Correct Answer: C
Question #29
Which piece of information is needed for attribution in an investigation?
A. roxy logs showing the source RFC 1918 IP addresses
B. DP allowed from the Internet
C. nown threat actor behavior
D. 02
View answer
Correct Answer: C
Question #30
Refer to the exhibit.This request was sent to a web application server driven by a database. Which type of web server attack is represented?
A. arameter manipulation
B. eap memory corruption
C. ommand injection
D. lind SQL injection
View answer
Correct Answer: D
Question #31
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?
A. rue negative
B. alse negative
C. alse positive
D. rue positive
View answer
Correct Answer: B
Question #32
Refer to the exhibit.Which type of log is displayed?
A. DS
B. roxy
C. etFlow
D. ys
View answer
Correct Answer: A
Question #33
A malicious file has been identified in a sandbox analysis tool.Which piece of information is needed to search for additional downloads of this file by other hosts?
A. ile header type
B. ile size
C. ile name
D. ile hash value
View answer
Correct Answer: D
Question #34
An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap. Which command will accomplish this goal?
A. ase64 encoding
B. LS encryption
C. HA-256 hashing
D. OT13 encryption
View answer
Correct Answer: B
Question #35
An analyst is investigating an incident in a SOC environment.Which method is used to identify a session from a group of logs?
A. equence numbers
B. P identifier
C. -tuple
D. imestamps
View answer
Correct Answer: C
Question #36
One of the objectives of information security is to protect the CIA of information and systems.What does CIA mean in this context?
A. onfidentiality, identity, and authorization
B. onfidentiality, integrity, and authorization
C. onfidentiality, identity, and availability
D. onfidentiality, integrity, and availability
View answer
Correct Answer: D
Question #37
An analyst is exploring the functionality of different operating systems.What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
A. he system detected an XSS attack
B. omeone is trying a brute force attack on the network
C. nother device is gaining root access to the system
D. privileged user successfully logged into the system
View answer
Correct Answer: D
Question #38
How is NetFlow different from traffic mirroring?
A. etFlow collects metadata and traffic mirroring clones data
B. raffic mirroring impacts switch performance and NetFlow does not
C. raffic mirroring costs less to operate than NetFlow
D. etFlow generates more data than traffic mirroring
View answer
Correct Answer: A
Question #39
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.Which technology should be used to accomplish this task?
A. pplication whitelisting/blacklisting
B. etwork NGFW
C. ost-based IDS
D. ntivirus/antispyware software
View answer
Correct Answer: A
Question #40
What is the practice of giving an employee access to only the resources needed to accomplish their job?
A. rinciple of least privilege
B. rganizational separation
C. eparation of duties
D. eed to know principle
View answer
Correct Answer: A
Question #41
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?
A. orgery attack
B. laintext-only attack
C. iphertext-only attack
D. eet-in-the-middle attack
View answer
Correct Answer: C
Question #42
Which process is used when IPS events are removed to improve data integrity?
A. ata availability
B. ata normalization
C. ata signature
D. ata protection
View answer
Correct Answer: B
Question #43
Which event is user interaction?
A. aining root access
B. xecuting remote code
C. eading and writing file permission
D. pening a malicious file
View answer
Correct Answer: D
Question #44
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
A. ecision making
B. apid response
C. ata mining
D. ue diligence
View answer
Correct Answer: A
Question #45
An engineer is investigating a case of the unauthorized usage of the "Tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?
A. agged protocols being used on the network
B. ll firewall alerts and resulting mitigations
C. agged ports being used on the network
D. ll information and data within the datagram
View answer
Correct Answer: C
Question #46
Which two elements are used for profiling a network? (Choose two.)
A. egal
B. ompliance
C. egulated
D. ontractual
View answer
Correct Answer: AB
Question #47
How does an SSL certificate impact security between the client and the server?
A. y enabling an authenticated channel between the client and the server
B. y creating an integrated channel between the client and the server
C. y enabling an authorized channel between the client and the server
D. y creating an encrypted channel between the client and the server
View answer
Correct Answer: D
Question #48
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?
A. D data copy prepared in Windows
B. D data copy prepared in Mac-based system
C. D data copy prepared in Linux system
D. D data copy prepared in Android-based system
View answer
Correct Answer: A
Question #49
Which step in the incident response process researches an attacking host through logs in a SIEM?
A. etection and analysis
B. reparation
C. radication
D. ontainment
View answer
Correct Answer: A
Question #50
What causes events on a Windows system to show Event Code 4625 in the log messages?
A. n access attempt was made from the Mosaic web browser
B. successful access attempt was made to retrieve the password file
C. successful access attempt was made to retrieve the root of the website
D. denied access attempt was made to retrieve the password file
View answer
Correct Answer: B
Question #51
What is the virtual address space for a Windows process?
A. hysical location of an object in memory
B. et of pages that reside in the physical memory
C. ystem-level memory protection feature built into the operating system
D. et of virtual memory addresses that can be used
View answer
Correct Answer: D
Question #52
Refer to the exhibit.Which application protocol is in this PCAP file?
A. SH
B. CP
C. LS
D. TTP
View answer
Correct Answer: D
Question #53
Which evasion technique is a function of ransomware?
A. xtended sleep calls
B. ncryption
C. esource exhaustion
D. ncoding
View answer
Correct Answer: B
Question #54
Refer to the exhibit.What should be interpreted from this packet capture?
A. 1
B. 92
C. 92
D. 1
View answer
Correct Answer: B
Question #55
Which security monitoring data type requires the largest storage space?
A. ransaction data
B. tatistical data
C. ession data
D. ull packet capture
View answer
Correct Answer: D
Question #56
At a company party a guest asks questions about the company's user account format and password complexity. How is this type of conversation classified?
A. hishing attack
B. assword Revelation Strategy
C. iggybacking
D. ocial Engineering
View answer
Correct Answer: D
Question #57
A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?
A. ompany assets that are threatened
B. ustomer assets that are threatened
C. erpetrators of the attack
D. ictims of the attack
View answer
Correct Answer: B
Question #58
A system administrator is ensuring that specific registry information is accurate.Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?
A. ile extension associations
B. ardware, software, and security settings for the system
C. urrently logged in users, including folders and control panel settings
D. ll users on the system, including visual settings
View answer
Correct Answer: B
Question #59
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?
A. otal throughput on the interface of the router and NetFlow records
B. utput of routing protocol authentication failures and ports used
C. unning processes on the applications and their total network usage
D. eep packet captures of each application flow and duration
View answer
Correct Answer: C
Question #60
Refer to the exhibit.What is the potential threat identified in this Stealthwatch dashboard?
A. policy violation is active for host 10
B. host on the network is sending a DDoS attack to another inside host
C. here are three active data exfiltration alerts
D. policy violation is active for host 10
View answer
Correct Answer: C
Question #61
Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?
A. ypertext Transfer Protocol
B. SL Certificate
C. unneling
D. PN
View answer
Correct Answer: B
Question #62
Refer to the exhibit.Which event is occurring?
A. binary named "submit" is running on VM cuckoo1
B. binary is being submitted to run on VM cuckoo1
C. binary on VM cuckoo1 is being submitted for evaluation
D. URL is being evaluated to see if it has a malicious binary
View answer
Correct Answer: B
Question #63
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?
A. etScout
B. cpdump
C. olarWinds
D. etsh
View answer
Correct Answer: B
Question #64
Which signature impacts network traffic by causing legitimate traffic to be blocked?
A. alse negative
B. rue positive
C. rue negative
D. alse positive
View answer
Correct Answer: D
Question #65
Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?
A. lientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
B. lientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods
C. lientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods
D. lientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
View answer
Correct Answer: C
Question #66
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. apping interrogation replicates signals to a separate port for analyzing traffic
B. apping interrogations detect and block malicious traffic
C. nline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. nline interrogation detects malicious traffic but does not block the traffic
View answer
Correct Answer: A
Question #67
Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?
A. esource exhaustion
B. unneling
C. raffic fragmentation
D. iming attack
View answer
Correct Answer: A
Question #68
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.What is the initial event called in the NIST SP800-61?
A. nline assault
B. recursor
C. rigger
D. nstigator
View answer
Correct Answer: B
Question #69
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)
A. ueries Linux devices that have Microsoft Services for Linux installed
B. eploys Windows Operating Systems in an automated fashion
C. s an efficient tool for working with Active Directory
D. as a Common Information Model, which describes installed hardware and software
View answer
Correct Answer: BE
Question #70
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: AB
Question #71
Which attack method intercepts traffic on a switched network?
A. enial of service
B. RP cache poisoning
C. HCP snooping
D. ommand and control
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.