[2024年12月01日] 問題集お試しセット200-201テストエンジン問題集には332問あります [Q110-Q128]

Share

[2024年12月01日] 問題集お試しセット200-201テストエンジントレーニング問題集には332問あります

Cisco 200-201問題集で100%カバー率リアル試験問題

質問 # 110
Refer to the exhibit.
What information is depicted?

  • A. NetFlow data
  • B. IIS data
  • C. network discovery event
  • D. IPS event data

正解:A


質問 # 111
An engineer is investigating a case of the unauthorized usage of the "Tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?

  • A. all firewall alerts and resulting mitigations
  • B. all information and data within the datagram
  • C. tagged protocols being used on the network
  • D. tagged ports being used on the network

正解:B

解説:
The unauthorized usage of "Tcpdump" tool indicates that the malicious insider was attempting to obtain all information within datagrams passing through a specific interface on the network. Tcpdump allows users to capture packet data from a live network or read packets from a previously saved capture file. References := Cisco CyberOps - Module 3: Network Data and Event Analysis


質問 # 112
What is the virtual address space for a Windows process?

  • A. set of pages that reside in the physical memory
  • B. system-level memory protection feature built into the operating system
  • C. physical location of an object in memory
  • D. set of virtual memory addresses that can be used

正解:D

解説:
The virtual address space for a Windows process is the set of virtual memory addresses that can be used by the process. Each process has its own virtual address space that is isolated from other processes. The virtual address space is divided into regions that have different attributes, such as read-only, read-write, execute, and so on. The virtual address space is mapped to the physical memory by the operating system using a data structure called a page table. References:
* Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 4: Host-Based Analysis, Lesson 4.1: Windows Operating System
* Virtual Address Space


質問 # 113
What is a difference between SIEM and SOAR?

  • A. SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.
  • B. SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.
  • C. SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.
  • D. SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.

正解:A


質問 # 114
How does a certificate authority impact security?

  • A. It validates client identity when communicating with the server.
  • B. It authenticates client identity when requesting an SSL certificate.
  • C. It validates the domain identity of the SSL certificate.
  • D. It authenticates domain identity when requesting an SSL certificate.

正解:C

解説:
A certificate authority (CA) is a trusted entity that issues and manages digital certificates for secure communication over the internet. A digital certificate is a document that contains the public key and the identity of the owner of the key. A CA impacts security by validating the domain identity of the SSL certificate, which is a type of digital certificate that enables encrypted communication between a web server and a web browser. The CA verifies that the domain name in the certificate matches the domain name of the web server, and signs the certificate with its own private key. The web browser can then verify the signature of the CA and trust the identity of the web server. Reference:= Cisco Cybersecurity Operations Fundamentals, Module 2: Security Monitoring, Lesson 2.3: Cryptography and PKI, Topic 2.3.2: Public Key InfrastructureReference: https://en.wikipedia.org/wiki/Certificate_authority


質問 # 115
Refer to the exhibit.

What is shown in this PCAP file?

  • A. The HTTP GET is encoded.
  • B. Timestamps are indicated with error.
  • C. The protocol is TCP.
  • D. The User-Agent is Mozilla/5.0.

正解:A


質問 # 116
Refer to the exhibit.

What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

  • A. extract a file from a packet capture
  • B. unfragment TCP
  • C. disable TCP streams
  • D. insert TCP subdissectors

正解:A

解説:
Enabling the "Allow subdissector to reassemble TCP streams" feature in Wireshark allows the tool to reassemble TCP segments into a contiguous sequence, which can be used by higher-level protocols to reconstruct a full message, such as an HTTP request or response. This is particularly useful for extracting files or data transmitted over TCP that are spread across multiple packets1.
References := The explanation is based on the Wireshark documentation, which details how the reassembly feature works and its use in analyzing TCP streams


質問 # 117
How does an attack surface differ from an attack vector?

  • A. An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.
  • B. An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.
  • C. An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.
  • D. An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation

正解:B


質問 # 118
What describes the impact of false-positive alerts compared to false-negative alerts?

  • A. A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
  • B. A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.
  • C. A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised
  • D. A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring

正解:A


質問 # 119
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

  • A. Perform forensics analysis on the infected endpoint.
  • B. Collect public information on the malware behavior.
  • C. Isolate the infected endpoint from the network.
  • D. Prioritize incident handling based on the impact.

正解:B


質問 # 120
Which action prevents buffer overflow attacks?

  • A. using a Linux operating system
  • B. using web based applications
  • C. input sanitization
  • D. variable randomization

正解:C


質問 # 121
Refer to the exhibit.
A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?

  • A. indicators of data exfiltration HTTP requests must be plain text
  • B. indicators of denial-of-service attack due to the frequency of requests
  • C. cache bypassing attack: attacker is sending requests for noncacheable content
  • D. garbage flood attack attacker is sending garbage binary data to open ports

正解:C

解説:
The presence of a default user agent in the headers of requests and data being transmitted suggests a cache bypassing attack. In this scenario, the attacker is likely requesting noncacheable content to avoid detection by caching mechanisms that could otherwise identify and block malicious traffic.


質問 # 122
Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

  • A. A policy violation is active for host 10.201.3.149.
  • B. A policy violation is active for host 10.10.101.24.
  • C. There are two active data exfiltration alerts.
  • D. A host on the network is sending a DDoS attack to another inside host.

正解:C


質問 # 123
Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)

  • A. First Packet
  • B. Ingress Security Zone
  • C. Initiator IP
  • D. Source Port
  • E. Initiator User

正解:C、D


質問 # 124
What is the difference between a threat and a risk?

  • A. Risk represents the nonintentional interaction with uncertainty in the system
  • B. Threat represents a potential danger that could take advantage of a weakness in a system
  • C. Threat represents a state of being exposed to an attack or a compromise, either physically or logically.
  • D. Risk represents the known and identified loss or danger in the system

正解:B

解説:
A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited-or, more importantly, it is not yet publicly known-the threat is latent and not yet realized.


質問 # 125
Which category relates to improper use or disclosure of PII data?

  • A. contractual
  • B. compliance
  • C. legal
  • D. regulated

正解:B

解説:
The improper use or disclosure of Personally Identifiable Information (PII) falls under the category of compliance because organizations are required to adhere to laws and regulations that protect the privacy and security of PII. This includes following guidelines set forth by privacy laws such as GDPR, HIPAA, and others that mandate the proper handling of personal data to prevent misuse and unauthorized access123.
References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS), Personally identifiable information (PII): What it is, how it's used, and how to protect it, What is PII? Examples, laws, and standards, Overview of the Privacy Act: 2020 Edition


質問 # 126
Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)

  • A. source IP address of the packet
  • B. destination IP address of the packet
  • C. UDP port from which the traffic is sourced
  • D. TCP port from which the traffic was sourced
  • E. UDP port to which the traffic is destined

正解:A、B

解説:
The IPv4 protocol header contains various fields that provide essential information for routing and delivery of packets across an IP network. Two key pieces of information collected from the IPv4 header are the source IP address and the destination IP address of the packet. These addresses are crucial for identifying where a packet is coming from and where it is intended to go12.
References := The structure and fields of the IPv4 header, including the source and destination IP addresses, are explained in detail in networking resources and documentation, such as the ComputerNetworkingNotes tutorial on IPv4 Header Structure1, and the Engineering LibreTexts on the IPv4 Header2.


質問 # 127
Refer to the exhibit.

Which component is identifiable in this exhibit?

  • A. Windows Registry hive
  • B. Windows PowerShell verb
  • C. local service in the Windows Services Manager
  • D. Trusted Root Certificate store on the local machine

正解:A

解説:
The exhibit shows "HKEY_LOCAL_MACHINE," which is a Windows Registry hive. The registry is a database used to store low-level settings for the operating system and for applications that opt to use the registry. The other options are not related to the exhibit, as they are either a part of the Windows Certificate Manager, a naming convention for Windows PowerShell commands, or a component of the Windows Services Manager. References := Cisco Cybersecurity
https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-hives
https://ldapwiki.com/wiki/HKEY_LOCAL_MACHINE#:~:text=HKEY_LOCAL_MACHINE%20Windows%20


質問 # 128
......

実際にある200-201問題集PDFで100%合格率保証付きます:https://jp.fast2test.com/200-201-premium-file.html

リアルな200-201問題集でCisco問題集PDF:https://drive.google.com/open?id=1K24GG6WKrsOkcv5pdgx0JP8nkqPkU1rE


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어