[2024年08月03日]200-201試験問題集を試そう!ベスト200-201試験問題
検証済みの200-201テスト問題集で正確な312問題と解答
質問 # 23
Which signature impacts network traffic by causing legitimate traffic to be blocked?
- A. true negative
- B. false negative
- C. true positive
- D. false positive
正解:D
解説:
Section: Network Intrusion Analysis
質問 # 24
During which phase of the forensic process are tools and techniques used to extract information from the collected data?
- A. reporting
- B. examination
- C. collection
- D. investigation
正解:C
質問 # 25
Which security principle requires more than one person is required to perform a critical task?
- A. need to know
- B. separation of duties
- C. least privilege
- D. due diligence
正解:B
質問 # 26
Endpoint logs indicate that a machine has obtained an unusual gateway address and unusual DNS servers via DHCP Which type of attack is occurring?
- A. phishing
- B. evasion methods
- C. command injection
- D. man in the middle attack
正解:D
解説:
The situation where endpoint logs show a machine receiving an unusual gateway address and DNS servers via DHCP is indicative of a Man-in-the-Middle (MitM) attack, specifically a DHCP spoofing attack. In this type of attack, an adversary can set up a rogue DHCP server or manipulate the DHCP communication to provide false gateway and DNS information to clients. This allows the attacker to intercept, monitor, or manipulate traffic between the client and the intended gateway or DNS servers2.
References: Cisco's best practices for network protections and attack identification3, and additional insights on securing networks from DHCP attacks
質問 # 27
Refer to the exhibit.
What is occurring in this network traffic?
- A. Flood of ACK packets coming from a single source IP to multiple destination IPs.
- B. Flood of SYN packets coming from a single source IP to a single destination IP.
- C. High rate of SYN packets being sent from a multiple source towards a single destination IP.
- D. High rate of ACK packets being sent from a single source IP towards multiple destination IPs.
正解:B
質問 # 28
What is a difference between an inline and a tap mode traffic monitoring?
- A. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.
- B. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.
- C. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.
- D. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.
正解:C
質問 # 29
What is the difference between inline traffic interrogation and traffic mirroring?
- A. Traffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.
- B. Traffic mirroring copies the traffic rather than forwarding it directly to the analysis tools
- C. Inline interrogation is less complex as traffic mirroring applies additional tags to data.
- D. Inline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.
正解:B
解説:
Traffic mirroring is a technique that copies the traffic from a source port or VLAN to a destination port or VLAN, where it can be analyzed by a security device or tool. Traffic mirroring does not affect the original traffic flow and does not introduce any latency or modification to the packets. Inline traffic interrogation is a technique that forwards the traffic directly to the security device or tool, where it can be inspected and modified before being sent to the destination. Inline traffic interrogation can introduce latency and affect the performance of the network. References:
* Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, Module 2: Security Monitoring, Lesson 2.2: Network Security Monitoring Tools
* 200-201 CBROPS - Cisco, Exam Topics, 2.0 Security Monitoring, 2.2 Describe the impact of various technologies on security monitoring
* Cisco Certified CyberOps Associate Overview - Cisco Learning Network, Videos, 2.2 Describe the impact of various technologies on security monitoring
質問 # 30
Refer to the exhibit.
During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?
- A. firewall
- B. proxy
- C. antivirus
- D. IDS/IPS
正解:A
質問 # 31 
Refer to the exhibit. This request was sent to a web application server driven by a database.
Which type of web server attack is represented?
- A. parameter manipulation
- B. heap memory corruption
- C. blind SQL injection
- D. command injection
正解:C
解説:
Section: Host-Based Analysis
質問 # 32
An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
- A. Payment Card Industry (PCI)
- B. Protected Hearth Information (PHI)
- C. Personally Identifiable Information (Pll)
- D. Intellectual Property (IP)
- E. Sarbanes-Oxley (SOX)
正解:C、D
質問 # 33
Drag and drop the elements from the left into the correct order for incident handling on the right.
正解:
解説:
Explanation:
A close-up of several blue rectangular boxes Description automatically generated
質問 # 34
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
- A. data mining
- B. rapid response
- C. due diligence
- D. decision making
正解:D
解説:
Decision making is a principle that guides an analyst to gather information relevant to a security incident to determine the appropriate course of action. Decision making involves identifying the problem, defining the criteria, analyzing the alternatives, and choosing the best solution. Decision making helps an analyst to respond to an incident effectively and efficiently, while minimizing the impact and risk to the organization. References:
https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fund (Module 3: Security Monitoring, Lesson 3.1: Security Operations Center)
質問 # 35
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
- A. Modify the settings of the intrusion detection system.
- B. Redefine signature rules.
- C. Adjust the alerts schedule.
- D. Design criteria for reviewing alerts.
正解:A
解説:
Traditional intrusion detection system (IDS) and intrusion prevention system (IPS) devices need to be tuned to avoid false positives and false negatives. Next-generation IPSs do not need the same level of tuning compared to traditional IPSs. Also, you can obtain much deeper reports and functionality, including advanced malware protection and retrospective analysis to see what happened after an attack took place. Ref: Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide
質問 # 36
Refer to the exhibit.
Which application protocol is in this PCAP file?
- A. HTTP
- B. TLS
- C. TCP
- D. SSH
正解:A
解説:
The PCAP file in the exhibit shows a Transmission Control Protocol (TCP) communication between two IP addresses. In the data section of the packet capture, "pdy/3.1... http/1" is visible, indicating that HTTP (Hypertext Transfer Protocol) is being used as the application protocol for this communication.
References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the analysis of network traffic using tools like packet analyzers to identify application protocols in use1.
質問 # 37
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.
Which information is available on the server certificate?
- A. trusted CA name, cipher suites, and private key
- B. server name, trusted CA, and public key
- C. trusted subordinate CA, public key, and cipher suites
- D. server name, trusted subordinate CA, and private key
正解:B
質問 # 38
Which type of data collection requires the largest amount of storage space?
- A. session data
- B. alert data
- C. transaction data
- D. full packet capture
正解:D
質問 # 39
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received.
Which technology should the engineer use to accomplish this task?
- A. Email Security Appliance
- B. Web Security Appliance
- C. Firepower
- D. Stealthwatch
正解:D
質問 # 40
Refer to the exhibit.
Which application-level protocol is being targeted?
- A. HTTP
- B. TCP
- C. HTTPS
- D. FTP
正解:A
質問 # 41
......
Cisco 200-201テストエンジンPDFで全問 無料問題集:https://jp.fast2test.com/200-201-premium-file.html
手に入れよう!最新200-201認定有効な試験問題集解答:https://drive.google.com/open?id=1Rmgn-9_OLATSiLI4crylzcV2NlGJwZs2