[2024年06月12日] 心強い200-201のPDF問題集は200-201問題 [Q34-Q52]

Share

[2024年06月12日] 心強い200-201のPDF問題集は200-201問題

正真正銘の200-201問題集で無料PDF問題で合格させる

質問 # 34
Refer to the exhibit.

An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

  • A. best
  • B. indirect
  • C. corroborative
  • D. circumstantial

正解:C

解説:
Explanation
Indirect=circumstantail so there is no posibility to match A or B (only one answer is needed in this question).
For suer it's not a BEST evidence - this FW data inform only of DROPPED traffic. If smth happend inside network, presented evidence could be used to support other evidences or make our narreation stronger but alone it's mean nothing.


質問 # 35
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?

  • A. by most active source IP
  • B. based on the protocols used
  • C. based on the most used applications
  • D. by most used ports

正解:B


質問 # 36

Refer to the exhibit. What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

  • A. insert TCP subdissectors
  • B. disable TCP streams
  • C. extract a file from a packet capture
  • D. unfragment TCP

正解:D

解説:
Section: Network Intrusion Analysis


質問 # 37
How can TOR impact data visibility inside an organization?

  • A. increases security
  • B. decreases visibility
  • C. increases data integrity
  • D. no impact

正解:B

解説:
TOR, or The Onion Router, is designed to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using TOR makes it more difficult to trace internet activity, including
"visits to Web sites, online posts, instant messages, and other communication forms," back to the user1. It is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their internet activities unmonitored. Within an organization, the use of TOR can decrease visibility into data traffic because it encrypts the data multiple times and routes it through a series of servers operated by volunteers around the globe. This makes network monitoring and data visibility challenging for cybersecurity professionals within the organization. References: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)


質問 # 38
Drag and drop the access control models from the left onto the correct descriptions on the right.

正解:

解説:


質問 # 39
What is personally identifiable information that must be safeguarded from unauthorized access?

  • A. zip code
  • B. gender
  • C. date of birth
  • D. driver's license number

正解:D

解説:
Explanation
According to the Executive Office of the President, Office of Management and Budget (OMB), and the U.S.
Department of Commerce, Office of the Chief Information Officer, PII refers to "information which can be used to distinguish or trace an individual's identity." The following are a few examples:
- An individual's name
- Social security number
- Biological or personal characteristics, such as an image of distinguishing features, fingerprints, Xrays, voice signature, retina scan, and the geometry of the face
- Date and place of birth
- Mother's maiden name
- Credit card numbers
- Bank account numbers
- Driver license number
- Address information, such as email addresses or street addresses, and telephone numbers for businesses or personal use
- Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide Omar Santos


質問 # 40
DRAG DROP
Drag and drop the security concept on the left onto the example of that concept on the right.
Select and Place:

正解:

解説:


質問 # 41
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?

  • A. true positive
  • B. true negative
  • C. false positive
  • D. false negative

正解:D

解説:
Explanation
A false negative occurs when the security system (usually a WAF) fails to identify a threat. It produces a
"negative" outcome (meaning that no threat has been observed), even though a threat exists.


質問 # 42
Which regular expression matches "color" and "colour"?

  • A. col[09]+our
  • B. colou?r
  • C. colo?ur
  • D. col[08]+our

正解:B


質問 # 43
What is an example of social engineering attacks?

  • A. receiving an unexpected email from an unknown person with an attachment from someone in the same company
  • B. receiving an email from human resources requesting a visit to their secure website to update contact information
  • C. receiving an invitation to the department's weekly WebEx meeting
  • D. sending a verbal request to an administrator who knows how to change an account password

正解:B

解説:
Social engineering attacks are techniques that exploit human psychology and behavior to manipulate or deceive people into performing actions or divulging information that can compromise the security of the organization. An example of a social engineering attack is receiving an email from human resources requesting a visit to their secure website to update contact information. This could be a phishing attempt to trick the user into clicking on a malicious link or entering their credentials on a fake website that looks like the legitimate one. References := Cisco Cybersecurity Operations Fundamentals - Module 6: Security Incident Investigations


質問 # 44
What is an attack surface as compared to a vulnerability?

  • A. an exploitable weakness in a system or its design
  • B. the individuals who perform an attack
  • C. the sum of all paths for data into and out of the environment
  • D. any potential danger to an asset

正解:A

解説:
Explanation
An attack surface is the total sum of vulnerabilities that can be exploited to carry out a security attack. Attack surfaces can be physical or digital. The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access.


質問 # 45
What are the two characteristics of the full packet captures? (Choose two.)

  • A. Reassembling fragmented traffic from raw data.
  • B. Providing a historical record of a network transaction.
  • C. Identifying network loops and collision domains.
  • D. Troubleshooting the cause of security and performance issues.
  • E. Detecting common hardware faults and identify faulty assets.

正解:A、B

解説:
Section: Security Monitoring


質問 # 46
Which information must an organization use to understand the threats currently targeting the organization?

  • A. threat intelligence
  • B. vulnerability exposure
  • C. risk scores
  • D. vendor suggestions

正解:A


質問 # 47
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

正解:

解説:

Explanation:
Delivery: This step involves transmitting the weapon to the target.
Weaponization: In this step, the intruder creates a malware weapon like a virus, worm or such in order to exploit the vulnerabilities of the target. Depending on the target and the purpose of the attacker, this malware can exploit new, undetected vulnerabilities (also known as the zero-day exploits) or it can focus on a combination of different vulnerabilities.
Reconnaissance: In this step, the attacker / intruder chooses their target. Then they conduct an in-depth research on this target to identify its vulnerabilities that can be exploited.


質問 # 48
What is a difference between tampered and untampered disk images?

  • A. Tampered images are used as evidence.
  • B. Tampered images have the same stored and computed hash.
  • C. Untampered images are used for forensic investigations.
  • D. Untampered images are deliberately altered to preserve as evidence.

正解:C

解説:
The difference between tampered and untampered disk images is:
* Tampered Images: These are disk images that have been altered or modified in some way after their initial creation. The stored hash and the computed hash will not match if the image has been tampered with.
* Untampered Images: These are disk images that have not been altered since their creation. They are considered authentic and reliable for forensic investigations. The stored hash and the computed hash will match, confirming that the image has remained unchanged.
Therefore, the correct answer is: D. Untampered images are used for forensic investigations.


質問 # 49
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?

  • A. corroborative evidence
  • B. forensic evidence
  • C. best evidence
  • D. indirect evidence

正解:A

解説:
The source IP address from an audit log that indicates a session which may have exploited a vulnerability is considered corroborative evidence. This type of evidence supports other evidence that suggests a security breach occurred. In the context of cybersecurity, corroborative evidence can help establish that an attack was carried out and can be used in conjunction with other data points to build a case during an investigation.
References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) training material discusses the types of data needed to investigate security incidents, which includes understanding the role of different types of evidence in building a security incident case1.


質問 # 50
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received.
Which technology should the engineer use to accomplish this task?

  • A. Email Security Appliance
  • B. Firepower
  • C. Web Security Appliance
  • D. Stealthwatch

正解:D


質問 # 51
How does agentless monitoring differ from agent-based monitoring?

  • A. Agent-based monitoring is less intrusive in gathering log data, while agentless requires open ports to fetch the logs
  • B. Agentless can access the data via API. while agent-base uses a less efficient method and accesses log data through WMI.
  • C. Agent-based monitoring has a lower initial cost for deployment, while agentless monitoring requires resource-intensive deployment.
  • D. Agent-based has a possibility to locally filter and transmit only valuable data, while agentless has much higher network utilization

正解:A


質問 # 52
......

結果を保証するには最新2024年06月無料:https://jp.fast2test.com/200-201-premium-file.html

有効な問題最新版を無料で試そう200-201試験問題集解答:https://drive.google.com/open?id=1bLaqghLC7Nw2VtGxQkjiHUn8Zhu02-SY


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어