[May-2023] The Best CyberOps Associate 200-201 Professional Exam Questions
Try 100% Updated 200-201 Exam Questions [2023]
The Cisco 200-201 exam is an excellent opportunity to showcase your knowledge and skills in the cybersecurity field. With this certification, you can demonstrate to potential employers that you have the skills and knowledge necessary to protect networks and systems from cyber threats. Additionally, you can show that you are committed to staying up-to-date with the latest trends and technologies in the cybersecurity field.
Cisco 200-201 Exam Topics:
| Section | Weight | Objectives |
|---|---|---|
| Security Monitoring | 25% | 1.Compare attack surface and vulnerability 2.Identify the types of data provided by these technologies
3.Describe the impact of these technologies on data visibility
4.Describe the uses of these data types in security monitoring
5.Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
|
| Host-Based Analysis | 20% | 1.Describe the functionality of these endpoint technologies in regard to security monitoring
2.Identify components of an operating system (such as Windows and Linux) in a given scenario
4.Identify type of evidence used based on provided logs
5.Compare tampered and untampered disk image
|
| Security Policies and Procedures | 15% | 1.Describe management concepts
2.Describe the elements in an incident response plan as stated in NIST.SP800-61
5.Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
6.Describe concepts as documented in NIST.SP800-86
7.Identify these elements used for network profiling
8.Identify these elements used for server profiling
9.Identify protected data in a network
10.Classify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of Intrusion |
The benefit in Obtaining the Cisco Cybersecurity Operations Fundamentals v1.0 (200-201 CBROPS)
This exam will help you:
- Earns you the Cisco Certified CyberOps Associate certification
- Learn the fundamental skills, techniques, technologies, and the hands-on practice necessary to prevent and defend against cyberattacks as part of a SOC team
NEW QUESTION # 39
Which data type is necessary to get information about source/destination ports?
- A. alert data
- B. connectivity data
- C. session data
- D. statistical data
Answer: B
NEW QUESTION # 40
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email.
When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?
- A. tailgating
- B. eavesdropping
- C. piggybacking
- D. social engineering
Answer: D
NEW QUESTION # 41
Refer to the exhibit.
What is occurring within the exhibit?
- A. regular GET requests
- B. XML External Entities attack
- C. insecure deserialization
- D. cross-site scripting attack
Answer: A
NEW QUESTION # 42
Which two elements are used for profiling a network? (Choose two.)
- A. running processes
- B. OS fingerprint
- C. session duration
- D. total throughput
- E. listening ports
Answer: C,D
Explanation:
Explanation
A network profile should include some important elements, such as the following:
Total throughput - the amount of data passing from a given source to a given destination in a given period of time Session duration - the time between the establishment of a data flow and its termination Ports used - a list of TCP or UDP processes that are available to accept data Critical asset address space - the IP addresses or the logical location of essential systems or data Profiling data are data that system has gathered, these data helps for incident response and to detect incident Network profiling = throughput, sessions duration, port used, Critical Asset Address Space Host profiling = Listening ports, logged in accounts, running processes, running tasks,applications
NEW QUESTION # 43
Refer to the exhibit.
What is shown in this PCAP file?
- A. Timestamps are indicated with error.
- B. The User-Agent is Mozilla/5.0.
- C. The HTTP GET is encoded.
- D. The protocol is TCP.
Answer: A
NEW QUESTION # 44
Refer to the exhibit.
What is shown in this PCAP file?
- A. Timestamps are indicated with error.
- B. The User-Agent is Mozilla/5.0.
- C. The HTTP GET is encoded.
- D. The protocol is TCP.
Answer: C
NEW QUESTION # 45
Refer to the exhibit.
Which type of log is displayed?
- A. sys
- B. NetFlow
- C. proxy
- D. IDS
Answer: A
NEW QUESTION # 46
Drag and drop the event term from the left onto the description on the right.
Answer:
Explanation:

NEW QUESTION # 47
Drag and drop the access control models from the left onto the correct descriptions on the right.
Answer:
Explanation:

NEW QUESTION # 48
What is the difference between inline traffic interrogation and traffic mirroring?
- A. Traffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.
- B. Inline interrogation is less complex as traffic mirroring applies additional tags to data.
- C. Traffic mirroring copies the traffic rather than forwarding it directly to the analysis tools
- D. Inline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.
Answer: B
NEW QUESTION # 49
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
- A. deploys Windows Operating Systems in an automated fashion
- B. has a Common Information Model, which describes installed hardware and software
- C. queries Linux devices that have Microsoft Services for Linux installed
- D. is an efficient tool for working with Active Directory
Answer: B
NEW QUESTION # 50
A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?
- A. all users on the system, including visual settings
- B. hardware, software, and security settings for the system
- C. currently logged in users, including folders and control panel settings
- D. file extension associations
Answer: B
NEW QUESTION # 51
Refer to the exhibit.
What is occurring in this network traffic?
- A. High rate of ACK packets being sent from a single source IP towards multiple destination IPs.
- B. High rate of SYN packets being sent from a multiple source towards a single destination IP.
- C. Flood of ACK packets coming from a single source IP to multiple destination IPs.
- D. Flood of SYN packets coming from a single source IP to a single destination IP.
Answer: D
NEW QUESTION # 52
What is the difference between vulnerability and risk?
- A. A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.
- B. A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit
- C. A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself
- D. A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.
Answer: C
NEW QUESTION # 53
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)
- A. file size
- B. signatures
- C. dropped files
- D. domain names
- E. host IP addresses
Answer: D,E
NEW QUESTION # 54
What is a difference between signature-based and behavior-based detection?
- A. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.
- B. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
- C. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
- D. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
Answer: A
NEW QUESTION # 55
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
- A. firewall event logs
- B. full packet capture
- C. NetFlow
- D. syslog messages
Answer: C
Explanation:
Section: Security Monitoring
NEW QUESTION # 56
A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
- A. weaponization
- B. action on objectives
- C. reconnaissance
- D. delivery
Answer: A
NEW QUESTION # 57
......
200-201 Exam Questions Get Updated [2023] with Correct Answers: https://www.prepawayete.com/Cisco/200-201-practice-exam-dumps.html
Pass 200-201 Exam - Real Questions and Answers: https://drive.google.com/open?id=1W030I2ixHiTwXBuXL1j4Vq1LvfxbLRwh