[2025年12月]更新のCisco 200-201試験練習テスト問題 [Q16-Q36]

Share

[2025年12月]更新のCisco 200-201試験練習テスト問題

更新された認定試験200-201問題集で練習テスト問題

質問 # 16
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

  • A. confidentiality, integrity, and authorization
  • B. confidentiality, identity, and availability
  • C. confidentiality, integrity, and availability
  • D. confidentiality, identity, and authorization

正解:C

解説:
CIA stands for confidentiality, integrity, and availability, which are the three main objectives of information security. Confidentiality means protecting the information from unauthorized access or disclosure. Integrity means ensuring the information is accurate and consistent, and preventing unauthorized modification or deletion. Availability means ensuring the information and systems are accessible and usable by authorized users when needed. References:
https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fund (Module 2: Security Concepts, Lesson 2.1: Security Principles)


質問 # 17
What ate two categories of DDoS attacks? (Choose two.)

  • A. reflected
  • B. scanning
  • C. split brain
  • D. phishing
  • E. direct

正解:A、E


質問 # 18
Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

  • A. running processes of the server
  • B. open port of an FTP server
  • C. open ports of a web server
  • D. open ports of an email server

正解:C

解説:
The output indicates that several ports are open on the server with IP address 172.18.104.139, including port 22/tcp for SSH, port 25/tcp for SMTP, port 110/tcp for POP3, and port 143/tcp for IMAP - these are typically associated with a web server. Reference := Cisco Cybersecurity Source Documents


質問 # 19
Drag and drop the data source from the left onto the data type on the right.

正解:

解説:


質問 # 20
What is the difference between a threat and an exploit?

  • A. An exploit is an attack path, and a threat represents a potential vulnerability
  • B. An exploit is an attack vector, and a threat is a potential path the attack must go through.
  • C. A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset
  • D. A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.

正解:C

解説:
A threat is a possible danger that might exploit a vulnerability to breach the security and cause harm to an asset. An asset is anything of value that needs to be protected, such as data, systems, or networks. A vulnerability is a weakness or flaw in the security that can be exploited by a threat. An exploit is a piece of code or a technique that takes advantage of a vulnerability to compromise the security and perform malicious actions on an asset. References := Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.1: The CIA Triad and Security Concepts, Topic 1.1.3: Threats, Vulnerabilities, and Exploits


質問 # 21
What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?

  • A. DAC administrators pass privileges to users and groups, and in RBAC, permissions are applied to specific groups
  • B. DAC requires explicit authorization for a given user on a given object, and RBAC requires specific conditions.
  • C. RBAC is an extended version of DAC where you can add an extra level of authorization based on time.
  • D. RBAC access is granted when a user meets specific conditions, and in DAC, permissions are applied on user and group levels.

正解:D

解説:
In RBAC, access is based on the roles that users have within an organization, and permissions to perform certain operations are assigned to specific roles. DAC, on the other hand, is a type of access control where the access rights are determined by the owner of the resource or the resource itself.


質問 # 22

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

  • A. The file is clean and does not represent a risk.
  • B. Cuckoo cleaned the malicious file and prepared it for usage.
  • C. MD5 of the file was not identified as malicious.
  • D. Win32.polip.a.exe is an executable file and should be flagged as malicious.

正解:D

解説:
The Cuckoo report indicates that the file is a PE32 executable for MS Windows, which is typically an executable file format. The presence of the watermark "CHINESEDUMPS" and the detection ratio from VirusTotal suggest that the file is recognized by multiple antivirus engines as potentially harmful. This aligns with option A, suggesting that the file, named Win32.polip.a.exe, should be considered malicious and flagged accordingly.
The information provided is based on standard practices for analyzing potentially malicious files using tools like Cuckoo and services like VirusTotal, which are commonly referenced in cybersecurity documentation, including Cisco's cybersecurity training materials.


質問 # 23
How is NetFlow different from traffic mirroring?

  • A. NetFlow generates more data than traffic mirroring.
  • B. Traffic mirroring impacts switch performance and NetFlow does not.
  • C. NetFlow collects metadata and traffic mirroring clones data.
  • D. Traffic mirroring costs less to operate than NetFlow.

正解:C

解説:
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It collects metadata of the IP traffic flowing across networking devices like routers and switches. On the other hand, Traffic mirroring involves capturing all the data packets that flow through a particular point in the network to analyze or inspect them later. References := Cisco Cybersecurity Operations Fundamentals


質問 # 24
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

  • A. prima facie evidence
  • B. physical evidence
  • C. indirect evidence
  • D. best evidence

正解:C

解説:
Indirect evidence is evidence that does not directly prove a fact, but rather implies or infers it from other facts or circumstances. Indirect evidence is also known as circumstantial evidence or corroborating evidence. A video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor is an example of indirect evidence, because it does not directly show that the suspect was involved in the file transfer, but rather suggests a possible connection or correlation between the two events. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.3: Digital Forensics, Topic 5.3.1: Evidence, page 5-24.


質問 # 25
Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

正解:

解説:


質問 # 26
Why is encryption challenging to security monitoring?

  • A. Encryption is used by threat actors as a method of evasion and obfuscation.
  • B. Encryption introduces larger packet sizes to analyze and store.
  • C. Encryption introduces additional processing requirements by the CPU.
  • D. Encryption analysis is used by attackers to monitor VPN tunnels.

正解:A

解説:
Encryption is challenging to security monitoring because it can be used by threat actors as a method of evasion and obfuscation. Encryption can prevent security devices from inspecting the content or payload of the network traffic, making it difficult to detect malicious activity or signatures. Encryption can also hide the source and destination of the traffic, making it hard to trace the origin or destination of the attack. Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 4, Lesson 4.1.1)


質問 # 27
Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

正解:

解説:

Explanation:
In a PCAP file, which is used to capture network packets, each packet contains various pieces of information that can be analyzed. The source and destination addresses refer to the IP addresses of the sender and receiver of the packets. The source and destination ports refer to the port numbers used for the communication, with common ports like 443 indicating HTTPS traffic. The network protocol here is TCP, which is responsible for establishing a connection and ensuring the delivery of packets. The transport protocol is IPv4, which is the underlying protocol for routing packets across the network. Lastly, the application protocol is TLS v1.2, which is used for secure communication over the internet.
References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the analysis of network traffic and the interpretation of PCAP files, which includes identifying the different elements within a packet capture1.


質問 # 28
What is a difference between signature-based and behavior-based detection?

  • A. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
  • B. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
  • C. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
  • D. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

正解:D


質問 # 29
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

  • A. application identification number
  • B. process identification number
  • C. active process identification number
  • D. runtime identification number

正解:B


質問 # 30
What does cyber attribution identify in an investigation?

  • A. cause of an attack
  • B. threat actors of an attack
  • C. vulnerabilities exploited
  • D. exploit of an attack

正解:B

解説:
Cyber attribution identifies the threat actors of an attack in an investigation. Threat actors are the individuals, groups, organizations, or states that are responsible for conducting or sponsoring a cyberattack. Threat actors can have different motives, such as financial gain, espionage, sabotage, activism, or warfare. Cyber attribution can help investigators to determine the identity, location, affiliation, and motivation of the threat actors, as well as to hold them accountable and impose sanctions or legal actions. Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.


質問 # 31
Which regular expression is needed to capture the IP address 192.168.20.232?

  • A. ^ (?:[0-9]f1,3}\.){1,4}
  • B. ^ ([0-9]-{3})
  • C. ^ (?:[0-9]{1,3}\.)'
  • D. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}

正解:D

解説:
The regular expression ^ (?:[0-9]{1,3}.){3}[0-9]{1,3} is needed to capture the IP address 192.168.20.232.
This regex matches any string that starts with three groups of one to three digits followed by a dot, and ends with one group of one to three digits. The IP address 192.168.20.232 matches this pattern exactly. The other options are either invalid or do not match the IP address format. References := Cisco Cybersecurity Operations Fundamentals, Module 5: Security Policies and Procedures, Lesson 5.3: Data and Event Analysis,


質問 # 32
What is sliding window anomaly detection?

  • A. Apply lowest privilege/permission level to software
  • B. Identify uncommon patterns that do not fit usual behavior.
  • C. Define response times for requests for owned applications.
  • D. Detect changes in operations and management processes.

正解:B


質問 # 33
Which regular expression matches loopback IP address (127.0.0.1)?

  • A. 127\.0\.0\.1
  • B. %127.0.0.1%
  • C. 127[.0.].0.\
  • D. &127%0%0%1

正解:A


質問 # 34
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

  • A. Tapping interrogations detect and block malicious traffic
  • B. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
  • C. Inline interrogation detects malicious traffic but does not block the traffic
  • D. Tapping interrogation replicates signals to a separate port for analyzing traffic

正解:D

解説:
Traffic tapping involves replicating network traffic and sending it to a separate port where it can be analyzed without affecting the original traffic flow. This allows security analysts to monitor and analyze traffic for potential threats without the risk of blocking legitimate traffic.
References: This explanation is based on general network security concepts, as the current page does not provide specific Cisco documentation.


質問 # 35
What is the difference between deep packet inspection and stateful inspection?

  • A. Stateful inspection is more secure than deep packet inspection on Layer 7
  • B. Deep packet inspection is more secure than stateful inspection on Layer 4
  • C. Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7
  • D. Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

正解:D

解説:
Section: Security Concepts


質問 # 36
......

更新された検証済みの200-201問題集と解答で合格保証もしくは全額返金:https://jp.fast2test.com/200-201-premium-file.html

200-201のPDF問題とテストエンジンには452問があります:https://drive.google.com/open?id=1K24GG6WKrsOkcv5pdgx0JP8nkqPkU1rE


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어