2025年最新の実際に出る200-201問題集テストエンジン試験問題はここにある [Q183-Q207]

Share

2025年最新の実際に出る200-201問題集テストエンジン試験問題はここにある

更新された公式資料は200-201認証済みの200-201問題集PDF


Cisco 200-201認定を達成することで、サイバーセキュリティの分野で多くのキャリアの機会を開くことができます。認定された専門家は、セキュリティアナリスト、ネットワークセキュリティスペシャリスト、インシデント対応者、または脆弱性アナリストとして働くことができます。この認定は、サイバーセキュリティ業務における知識とスキルを実証することにより、専門家がキャリアを促進するのにも役立ちます。

 

質問 # 183
What are two social engineering techniques? (Choose two.)

  • A. man-in-the-middle
  • B. privilege escalation
  • C. DDoS attack
  • D. pharming
  • E. phishing

正解:D、E

解説:
Social engineering techniques often involve manipulating individuals into divulging confidential information or performing actions that compromise security. Phishing involves sending fraudulent messages (often emails) that appear to be from reputable sources with the goal of stealing sensitive data or installing malware. Pharming redirects the traffic of a legitimate website to another fraudulent website without the user's knowledge, aiming to collect the user's credentials. Reference:= Cisco Cybersecurity Source Documents


質問 # 184
Why is encryption challenging to security monitoring?

  • A. Encryption analysis is used by attackers to monitor VPN tunnels.
  • B. Encryption is used by threat actors as a method of evasion and obfuscation.
  • C. Encryption introduces additional processing requirements by the CPU.
  • D. Encryption introduces larger packet sizes to analyze and store.

正解:B

解説:
Encryption is challenging to security monitoring because it can be used by threat actors as a method of evasion and obfuscation. Encryption can prevent security devices from inspecting the content or payload of the network traffic, making it difficult to detect malicious activity or signatures. Encryption can also hide the source and destination of the traffic, making it hard to trace the origin or destination of the attack. References:
https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fund (Module 4, Lesson 4.1.1)


質問 # 185
Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

  • A. heap memory corruption
  • B. command injection
  • C. blind SQL injection
  • D. parameter manipulation

正解:C


質問 # 186
How is SQL injection prevented?

  • A. ...in the web server as a nonprivileged user
  • B. Address space layout randomization
  • C. Validate and sanitize user input
  • D. ...cost profiling

正解:C

解説:
* SQL injection is a type of injection attack where malicious SQL statements are inserted into an entry field for execution.
* The primary way to prevent SQL injection is by validating and sanitizing user input. This involves checking the input for malicious content and ensuring it adheres to expected patterns.
* Prepared statements (parameterized queries) are also highly effective, as they treat user input as data rather than executable code.
* Implementing these practices ensures that any input received from users does not manipulate SQL queries in a harmful way.
References
* OWASP SQL Injection Prevention Cheat Sheet
* Best Practices for Input Validation and Sanitization
* Secure Coding Guidelines


質問 # 187

Refer to the exhibit. Where is the executable file?

  • A. tags
  • B. name
  • C. MIME
  • D. info

正解:C


質問 # 188
Refer to the exhibit.

Which type of log is displayed?

  • A. proxy
  • B. NetFlow
  • C. IDS
  • D. sys

正解:C

解説:
Explanation
You also see the 5-tuple in IPS events, NetFlow records, and other event data. In fact, on the exam you may need to differentiate between a firewall log versus a traditional IPS or IDS event. One of the things to remember is that traditional IDS and IPS use signatures, so an easy way to differentiate is by looking for a signature ID (SigID). If you see a signature ID, then most definitely the event is a traditional IPS or IDS event.


質問 # 189
Refer to the exhibit.

What is shown in this PCAP file?

  • A. The User-Agent is Mozilla/5.0.
  • B. Timestamps are indicated with error.
  • C. The protocol is TCP.
  • D. The HTTP GET is encoded.

正解:B


質問 # 190
What is a difference between signature-based and behavior-based detection?

  • A. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
  • B. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
  • C. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
  • D. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

正解:B

解説:
Instead of searching for patterns linked to specific types of attacks, behavior-based IDS solutions monitor behaviors that may be linked to attacks, increasing the likelihood of identifying and mitigating a malicious action before the network is compromised.https://accedian.com/blog/what-is-the-difference-between-signature-based-and-behavior-based-ids


質問 # 191
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

  • A. protocol, log source, source IP, destination IP, and host name
  • B. protocol, source IP, source port, destination IP, and destination port
  • C. event name, log source, time, source IP, and username
  • D. event name, log source, time, source IP, and host name

正解:B

解説:
The 5-tuple approach consists of protocol, source IP address, source port number, destination IP address, and destination port number to uniquely identify sessions between endpoints on a network. References := Cisco Cybersecurity Source Documents


質問 # 192
Which type of data consists of connection level, application-specific records generated from network traffic?

  • A. statistical data
  • B. alert data
  • C. location data
  • D. transaction data

正解:D

解説:
Transaction data consists of connection level, application-specific records generated from network traffic. It provides information about the source, destination, protocol, and application of each network connection.
Transaction data can be used to identify anomalies, malicious activities, and user behaviors on the network. References := Cisco CyberOps Engineer


質問 # 193
Which data capture includes payload and header information?

  • A. alert data
  • B. session logs
  • C. frame check sequence
  • D. full packet

正解:D


質問 # 194
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.
Which identifier tracks an active program?

  • A. active process identification number
  • B. application identification number
  • C. runtime identification number
  • D. process identification number

正解:D

解説:
In the context of Linux systems, each active program is tracked using a process identification number (PID)
. The PID is a unique number that the system uses to refer to a specific process, which is an instance of an executed program. This allows the system and the SOC analyst to monitor and manage different processes, including those initiated by users, the system itself, or by applications.
References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) training material provides insights into how a Security Operations Center (SOC) operates and the tools and data used by analysts to monitor and investigate security incidents, including the tracking of active programs on system


質問 # 195
What is a difference between data obtained from Tap and SPAN ports?

  • A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
  • B. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
  • C. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
  • D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination

正解:A


質問 # 196
A security engineer must investigate a recent breach within the organization. An engineer noticed that a breached workstation is trying to connect to the domain "Ranso4730-mware92-647". which is known as malicious. In which step of the Cyber Kill Chain is this event?

  • A. Action on objectives
  • B. reconnaissance
  • C. Delivery
  • D. Vaporization

正解:A

解説:
The event where a breached workstation is trying to connect to a known malicious domain suggests that the attacker is moving towards their end goals, which typically involves actions on objectives.
In the Cyber Kill Chain framework, "Action on objectives" refers to the steps taken by an attacker to achieve their intended outcomes, such as data exfiltration, destruction, or ransom demands.
This phase involves the attacker executing their final mission within the target environment, leveraging access gained in earlier stages of the attack.
Reference:
Lockheed Martin Cyber Kill Chain
Understanding the Stages of Cyber Attacks
Incident Response and the Cyber Kill Chain


質問 # 197
Refer to the exhibit.

What is occurring in this network traffic?

  • A. Flood of ACK packets coming from a single source IP to multiple destination IPs.
  • B. Flood of SYN packets coming from a single source IP to a single destination IP.
  • C. High rate of ACK packets being sent from a single source IP towards multiple destination IPs.
  • D. High rate of SYN packets being sent from a multiple source towards a single destination IP.

正解:B


質問 # 198
Refer to the exhibit.

A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?

  • A. garbage flood attack attacker is sending garbage binary data to open ports
  • B. cache bypassing attack: attacker is sending requests for noncacheable content
  • C. indicators of data exfiltration HTTP requests must be plain text
  • D. indicators of denial-of-service attack due to the frequency of requests

正解:B


質問 # 199
What is personally identifiable information that must be safeguarded from unauthorized access?

  • A. date of birth
  • B. gender
  • C. driver's license number
  • D. zip code

正解:C

解説:
Explanation
According to the Executive Office of the President, Office of Management and Budget (OMB), and the U.S.
Department of Commerce, Office of the Chief Information Officer, PII refers to "information which can be used to distinguish or trace an individual's identity." The following are a few examples:
- An individual's name
- Social security number
- Biological or personal characteristics, such as an image of distinguishing features, fingerprints, Xrays, voice signature, retina scan, and the geometry of the face
- Date and place of birth
- Mother's maiden name
- Credit card numbers
- Bank account numbers
- Driver license number
- Address information, such as email addresses or street addresses, and telephone numbers for businesses or personal use
- Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide Omar Santos


質問 # 200
The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?

  • A. installation
  • B. delivery
  • C. actions
  • D. reconnaissance

正解:B

解説:
In the context of the cyber kill chain model, spam campaigns fall under the "delivery" phase where attackers deliver malicious payloads via email or other means to target systems or networks. Reference: Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.4: Security Monitoring, Topic 1.4.2: The Cyber Kill Chain Model


質問 # 201
Drag and drop the data source from the left onto the data type on the right.

正解:

解説:


質問 # 202
What is obtained using NetFlow?

  • A. network downtime report
  • B. application logs
  • C. full packet capture
  • D. session data

正解:D

解説:
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. It provides valuable data about the network sessions occurring within the network, such as source and destination IP addresses, port numbers, and protocols used. This session data is useful for understanding traffic patterns, volume, and usage.


質問 # 203
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

正解:

解説:


質問 # 204
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

  • A. DAC is the strictest of all levels of control and MAC is object-based access
  • B. DAC is controlled by the operating system and MAC is controlled by an administrator
  • C. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
  • D. MAC is the strictest of all levels of control and DAC is object-based access

正解:D


質問 # 205
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

  • A. Base64 encoding
  • B. ROT13 encryption
  • C. TLS encryption
  • D. SHA-256 hashing

正解:C


質問 # 206
What is the practice of giving an employee access to only the resources needed to accomplish their job?

  • A. need to know principle
  • B. separation of duties
  • C. principle of least privilege
  • D. organizational separation

正解:C

解説:
Section: Security Concepts


質問 # 207
......

最新版無料体験を掴み取れ!Cisco 200-201問題集PDFは更新された:https://jp.fast2test.com/200-201-premium-file.html

最新リリースの200-201問題集はCyberOps Associate認証済み:https://drive.google.com/open?id=1Rmgn-9_OLATSiLI4crylzcV2NlGJwZs2


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어