200-201 Exam - Understanding Cisco Cybersecurity Operations Fundamentals

NEW QUESTION 1
What makes HTTPS traffic difficult to monitor?

• A. SSL interception
• B. packet header size
• C. signature detection time
• D. encryption

Answer: D

NEW QUESTION 2
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

• A. CSIRT
• B. PSIRT
• C. public affairs
• D. management

Answer: D

NEW QUESTION 3
Which action prevents buffer overflow attacks?

• A. variable randomization
• B. using web based applications
• C. input sanitization
• D. using a Linux operating system

Answer: C

NEW QUESTION 4
Which type of data consists of connection level, application-specific records generated from network traffic?

• A. transaction data
• B. location data
• C. statistical data
• D. alert data

Answer: A

NEW QUESTION 5
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

• A. decision making
• B. rapid response
• C. data mining
• D. due diligence

Answer: A

NEW QUESTION 6
Refer to the exhibit.

Which event is occurring?

• A. A binary named "submit" is running on VM cuckoo1.
• B. A binary is being submitted to run on VM cuckoo1
• C. A binary on VM cuckoo1 is being submitted for evaluation
• D. A URL is being evaluated to see if it has a malicious binary

Answer: C

NEW QUESTION 7
Which two elements are assets in the role of attribution in an investigation? (Choose two.)

• A. context
• B. session
• C. laptop
• D. firewall logs
• E. threat actor

Answer: AE

NEW QUESTION 8
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

• A. application identification number
• B. active process identification number
• C. runtime identification number
• D. process identification number

Answer: D

NEW QUESTION 9
Which event artifact is used to identify HTTP GET requests for a specific file?

• A. destination IP address
• B. URI
• C. HTTP status code
• D. TCP ACK

Answer: B

NEW QUESTION 10
A malicious file has been identified in a sandbox analysis tool.
Which piece of information is needed to search for additional downloads of this file by other hosts?

• A. file type
• B. file size
• C. file name
• D. file hash value

Answer: D

NEW QUESTION 11
What is a difference between SOAR and SIEM?

• A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
• B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
• C. SOAR receives information from a single platform and delivers it to a SIEM
• D. SIEM receives information from a single platform and delivers it to a SOAR

Answer: A

NEW QUESTION 12
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?

• A. application whitelisting/blacklisting
• B. network NGFW
• C. host-based IDS
• D. antivirus/antispyware software

Answer: A

NEW QUESTION 13
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

• A. integrity
• B. confidentiality
• C. availability
• D. scope

Answer: A

NEW QUESTION 14
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?

• A. true negative
• B. false negative
• C. false positive
• D. true positive

Answer: B

NEW QUESTION 15
What is a purpose of a vulnerability management framework?

• A. identifies, removes, and mitigates system vulnerabilities
• B. detects and removes vulnerabilities in source code
• C. conducts vulnerability scans on the network
• D. manages a list of reported vulnerabilities

Answer: A

NEW QUESTION 16
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?

• A. the intellectual property that was stolen
• B. the defense contractor who stored the intellectual property
• C. the method used to conduct the attack
• D. the foreign government that conducted the attack

Answer: D

NEW QUESTION 17
What are the two characteristics of the full packet captures? (Choose two.)

• A. Identifying network loops and collision domains.
• B. Troubleshooting the cause of security and performance issues.
• C. Reassembling fragmented traffic from raw data.
• D. Detecting common hardware faults and identify faulty assets.
• E. Providing a historical record of a network transaction.

Answer: CE

NEW QUESTION 18
What is personally identifiable information that must be safeguarded from unauthorized access?

• A. date of birth
• B. driver's license number
• C. gender
• D. zip code

Answer: B

NEW QUESTION 19
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

• A. signatures
• B. host IP addresses
• C. file size
• D. dropped files
• E. domain names

Answer: BE

NEW QUESTION 20
What is the difference between an attack vector and attack surface?

• A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vectoridentifies vulnerabilities that are independent of user actions.
• B. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network.
• C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
• D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Answer: C

NEW QUESTION 21
......