Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CyberOps Associate 200-201 Questions and answers with Dumpstech

Home
Cisco
CyberOps Associate
200-201
200-201 Questions and Answers

Exam 200-201 Premium Access

View all detail and faqs for the 200-201 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 2 out of 15 pages

Viewing questions 11-20 out of questions

Questions # 11:

Which security technology allows only a set of pre-approved applications to run on a system?

Options:

application-level blacklisting

host-based IPS

application-level whitelisting

antivirus

Answer

Explanation

Application-level whitelisting is a security technology that allows only a set of pre-approved applications to run on a system, and blocks any other unauthorized or malicious programs. This can prevent malware, ransomware, zero-day exploits, and other threats from compromising the system. Application-level whitelisting is also known as application control or application allowlisting. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Host-Based Analysis, Lesson 3.2: Endpoint Security Technologies, Topic 3.2.3: Application Whitelisting, page 3-20.

Questions # 12:

Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?

Options:

src=10.11.0.0/16 and dst=10.11.0.0/16

ip.src==10.11.0.0/16 and ip.dst==10.11.0.0/16

ip.src=10.11.0.0/16 and ip.dst=10.11.0.0/16

src==10.11.0.0/16 and dst==10.11.0.0/16

Answer

Explanation

In Wireshark, to filter traffic for a specific LAN, the correct syntax uses ip.src== and ip.dst== to specify the source and destination IP addresses. The /16 denotes the subnet mask, indicating that we are interested in the entire 10.11.x.x range. This filter will show all traffic where both the source and destination IP addresses fall within the specified LAN, excluding any internet traffic. References: The information is based on the Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course, which covers network intrusion analysis and the use of tools like Wireshark for traffic analysis1.

Questions # 13:

Which category relates to improper use or disclosure of PII data?

Options:

legal

compliance

regulated

contractual

Answer

Explanation

The improper use or disclosure of Personally Identifiable Information (PII) falls under the category of compliance because organizations are required to adhere to laws and regulations that protect the privacy and security of PII. This includes following guidelines set forth by privacy laws such as GDPR, HIPAA, and others that mandate the proper handling of personal data to prevent misuse and unauthorized access123.

References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS), Personally identifiable information (PII): What it is, how it’s used, and how to protect it, What is PII? Examples, laws, and standards, Overview of the Privacy Act: 2020 Edition

Questions # 14:

An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.

Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

Options:

signatures

host IP addresses

file size

dropped files

domain names

Answer

B, E

Explanation

To investigate the callouts made post infection, it’s essential to know where the callouts were made to (domain names) and from which host IP addresses they originated. This information can help trace back the source and destination, aiding in understanding the nature of the callouts. References: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Working_with_Indicators_of_Compromise.html

Questions # 15:

Refer to the exhibit.

Question # 15

What information is depicted?

Options:

IIS data

NetFlow data

network discovery event

IPS event data

Answer

Questions # 16:

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Options:

reconnaissance

delivery

action on objectives

weaponization

Answer

Explanation

The event described falls under the ‘action on objectives’ category of the Cyber Kill Chain. This stage occurs after the attacker has established a foothold within the network and begins to execute their intended actions, such as data exfiltration. References: The Cyber Kill Chain framework outlines the stages of a cyberattack, with ‘action onobjectives’ being the final step where attackers achieve their primary goal, such as data theft

Questions # 17:

Which regular expression matches loopback IP address (127.0.0.1)?

Options:

&127%0%0%1

%127.0.0.1%

127\.0\.0\.1

127[.0.].0.\

Answer

Questions # 18:

Drag and drop the technology on the left onto the data type the technology provides on the right.

Question # 18

Options:

Answer

Answer:

Questions # 19:

Drag and drop the security concept from the left onto the example of that concept on the right.

Question # 19

Options:

Answer

Answer:

Explanation

Table Description automatically generated

Questions # 20:

What is the difference between a threat and a risk?

Options:

Threat represents a potential danger that could take advantage of a weakness in a system

Risk represents the known and identified loss or danger in the system

Risk represents the nonintentional interaction with uncertainty in the system

Threat represents a state of being exposed to an attack or a compromise, either physically or logically.

Answer

Explanation

A threat represents a potential danger that could exploit a weakness in a system while risk is associated with the potential impact or loss that could occur if a threat exploits a vulnerability in the system. So, option A which states “Threat represents a potential danger that could take advantage of a weakness in a system” is correct. References := Cisco Certified CyberOps Associate Overview

Viewing page 2 out of 15 pages

Viewing questions 11-20 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).