最近更新された2024年10月テストエンジン練習テストは200-201試験問題解答! [Q195-Q214]

Share

最近更新された2024年10月テストエンジン練習テストは200-201試験問題解答!

Understanding Cisco Cybersecurity Operations Fundamentals認定サンプル問題と練習試験合格させます


Cisco 200-201認定試験は、サイバーセキュリティ運用の分野での能力を実証する優れた方法です。これは、世界中の雇用主によって評価される世界的に認められた認定です。試験に合格すると、競争の激しい雇用市場で際立っており、サイバーセキュリティ分野で高給の仕事を獲得する可能性を高めます。

 

質問 # 195
Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

  • A. direct evidence
  • B. best evidence
  • C. corroborative evidence
  • D. indirect evidence

正解:D


質問 # 196
Which evasion method involves performing actions slower than normal to prevent detection?

  • A. tunneling
  • B. resource exhaustion
  • C. timing attack
  • D. traffic fragmentation

正解:B


質問 # 197
Drag and drop the elements from the left into the correct order for incident handling on the right.

正解:

解説:


質問 # 198
Drag and drop the elements from the left into the correct order for incident handling on the right.

正解:

解説:


質問 # 199
Refer to the exhibit.
An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server Which display filters should the analyst use to filter the FTP traffic?

  • A. dstport == FTP
  • B. tcp.port==21
  • C. tcpport = FTP
  • D. dstport = 21

正解:B

解説:
The correct display filter for analyzing FTP traffic in a PCAP file is "tcp.port==21". This filter will show all TCP packets where the port number is 21, which is the standard port for FTP control messages.


質問 # 200
What is the difference between deep packet inspection and stateful inspection?

  • A. Deep packet inspection is more secure than stateful inspection on Layer 4
  • B. Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7
  • C. Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4
  • D. Stateful inspection is more secure than deep packet inspection on Layer 7

正解:C

解説:
Section: Security Concepts


質問 # 201
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is the impact of this traffic?

  • A. ransomware communicating after infection
  • B. user circumvention of the firewall
  • C. users downloading copyrighted content
  • D. data exfiltration

正解:B

解説:
Section: Security Monitoring


質問 # 202
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

  • A. prima facie evidence
  • B. best evidence
  • C. physical evidence
  • D. indirect evidence

正解:D

解説:
1: Indirect evidence is evidence that does not directly prove a fact, but rather implies or infers it from other facts or circumstances. Indirect evidence is also known as circumstantial evidence or corroborating evidence. A video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor is an example of indirect evidence, because it does not directly show that the suspect was involved in the file transfer, but rather suggests a possible connection or correlation between the two events. Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.3: Digital Forensics, Topic 5.3.1: Evidence, page 5-24.


質問 # 203
Which process is used when IPS events are removed to improve data integrity?

  • A. data protection
  • B. data availability
  • C. data normalization
  • D. data signature

正解:C


質問 # 204
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

  • A. Tampered images are used in the incident recovery process
  • B. Tampered images are used in the security investigation process
  • C. The image is tampered if the stored hash and the computed hash match
  • D. The image is untampered if the stored hash and the computed hash match
  • E. Untampered images are used in the security investigation process

正解:B、D


質問 # 205
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

  • A. tunneling
  • B. TOR
  • C. encapsulation
  • D. NAT

正解:D

解説:
Section: Network Intrusion Analysis


質問 # 206
An engineer received an alert affecting the degraded performance of a critical server Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

  • A. Run "ps -m" to capture the existing state of daemons and map the required processes to find the gap
  • B. Run "ps -ef to understand which processes are taking a high amount of resources
  • C. Run "ps -u" to find out who executed additional processes that caused a high load on a server
  • D. Run "ps -d" to decrease the priority state of high-load processes to avoid resource exhaustion

正解:B

解説:
When a server is experiencing heavy CPU and memory load, the initial step is to identify the processes consuming the most resources. The command "ps -ef" provides a detailed view of all running processes, including their IDs, CPU, and memory usage, which helps in pinpointing the resource-intensive processes1234. References: This approach is supported by various resources on server management and troubleshooting, which recommend using the "ps -ef" command as a starting point for investigating high resource usage on servers


質問 # 207
What is a benefit of using asymmetric cryptography?

  • A. decrypts data with one key
  • B. encrypts data with one key
  • C. fast data transfer
  • D. secure data transfer

正解:D


質問 # 208
Endpoint logs indicate that a machine has obtained an unusual gateway address and unusual DNS servers via DHCP Which type of attack is occurring?

  • A. evasion methods
  • B. phishing
  • C. man in the middle attack
  • D. command injection

正解:C

解説:
The situation where endpoint logs show a machine receiving an unusual gateway address and DNS servers via DHCP is indicative of a Man-in-the-Middle (MitM) attack, specifically a DHCP spoofing attack. In this type of attack, an adversary can set up a rogue DHCP server or manipulate the DHCP communication to provide false gateway and DNS information to clients. This allows the attacker to intercept, monitor, or manipulate traffic between the client and the intended gateway or DNS servers2.
References: Cisco's best practices for network protections and attack identification3, and additional insights on securing networks from DHCP attacks


質問 # 209
At a company party a guest asks questions about the company's user account format and password complexity.
How is this type of conversation classified?

  • A. Phishing attack
  • B. Password Revelation Strategy
  • C. Piggybacking
  • D. Social Engineering

正解:B


質問 # 210
One of the objectives of information security is to protect the CIA of information and systems.
What does CIA mean in this context?

  • A. confidentiality, integrity, and authorization
  • B. confidentiality, identity, and availability
  • C. confidentiality, integrity, and availability
  • D. confidentiality, identity, and authorization

正解:C


質問 # 211
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

  • A. Reduce the probability of similar threats.
  • B. Recover from the threat.
  • C. Analyze the threat.
  • D. Identify lessons learned from the threat.

正解:B

解説:
Per:https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf


質問 # 212
Which two elements of the incident response process are stated in NIST SP 800-61 r2? (Choose two.)

  • A. post-incident activity
  • B. risk assessment
  • C. detection and analysis
  • D. vulnerability management
  • E. vulnerability scoring

正解:A、C

解説:
NIST SP 800-61 r2 outlines a structured incident handling lifecycle composed of four phases: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, and Post-Incident Activity. Detection and Analysis involve identifying and investigating incidents, while Post-Incident Activity focuses on lessons learned and evidence retention for future reference.


質問 # 213
A user received a malicious attachment but did not run it. Which category classifies the intrusion?

  • A. delivery
  • B. reconnaissance
  • C. weaponization
  • D. installation

正解:A


質問 # 214
......


シスコ200-201認定試験は、サイバーセキュリティオペレーション分野における知識とスキルを評価するために設計されたもので、Understanding Cisco Cybersecurity Operations Fundamentalsとも呼ばれます。この試験は、サイバーセキュリティのキャリアを追求したい人や、業界で既に働いている人々がスキルと知識を向上させたい場合に最適です。


Cisco 200-201試験は、サイバーセキュリティオペレーションのキャリアを目指す個人に必要な基礎知識とスキルを検証するように設計されています。この認定試験は、候補者がサイバーセキュリティインシデントを特定し対応する必要なスキルを身につけることを重点的に扱っています。試験は、セキュリティの概念、ネットワークインフラストラクチャや技術、セキュリティモニタリングや解析、およびインシデント対応を含む幅広いトピックをカバーしています。

 

認定問題集でCyberOps Associate 200-201ガイドで100%有効な:https://jp.fast2test.com/200-201-premium-file.html

100%必ず合格させる200-201一発合格はこれ:https://drive.google.com/open?id=1K24GG6WKrsOkcv5pdgx0JP8nkqPkU1rE


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어