Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CyberOps Associate 200-201 Questions and answers with Dumpstech

Exam 200-201 Premium Access

View all detail and faqs for the 200-201 exam

Go to Exam
Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 5 out of 15 pages
Viewing questions 41-50 out of questions
Questions # 41:

What is a benefit of agent-based protection when compared to agentless protection?

Options:

A.

It lowers maintenance costs

B.

It provides a centralized platform

C.

It collects and detects all traffic locally

D.

It manages numerous devices simultaneously

Questions # 42:

Drag and drop the event term from the left onto the description on the right.

Question # 42

Options:

Questions # 43:

Refer to the exhibit.

Question # 43

An engineer is analyzing a PCAP file after a recent breach An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access How did the attacker gain access?

Options:

A.

by using the buffer overflow in the URL catcher feature for SSH

B.

by using an SSH Tectia Server vulnerability to enable host-based authentication

C.

by using an SSH vulnerability to silently redirect connections to the local host

D.

by using brute force on the SSH service to gain access

Questions # 44:

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

Options:

A.

reconnaissance

B.

action on objectives

C.

installation

D.

exploitation

Questions # 45:

Which type of data collection requires the largest amount of storage space?

Options:

A.

alert data

B.

transaction data

C.

session data

D.

full packet capture

Questions # 46:

What is a difference between SOAR and SIEM?

Options:

A.

SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

B.

SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

C.

SOAR receives information from a single platform and delivers it to a SIEM

D.

SIEM receives information from a single platform and delivers it to a SOAR

Questions # 47:

An employee of a company receives an email with an attachment. They notice that this email is from a suspicious source, and they decide not to open the attached file. After further investigation, a security analyst concludes that this file is malware. To which category of the Cyber Kill Chain model does this event belong?

Options:

A.

Weaponization

B.

Installation

C.

Exploitation

D.

Delivery

Questions # 48:

Refer to the exhibit.

Question # 48

What information is depicted?

Options:

A.

IIS data

B.

NetFlow data

C.

network discovery event

D.

IPS event data

Questions # 49:

Which element is included in an incident response plan as stated m NIST SP800-617

Options:

A.

security of sensitive information

B.

individual approach to incident response

C.

approval of senior management

D.

consistent threat identification

Questions # 50:

Refer to the exhibit

Question # 50

An engineer is analyzing DNS response packets that are larger than expected The engineer looks closer and notices a lack of appropriate DNS queries What is occurring?

Options:

A.

DNS hijack attack

B.

DNS amplification attack

C.

DNS tunneling

D.

DNS cache poisoning

Viewing page 5 out of 15 pages
Viewing questions 41-50 out of questions