Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Cisco
CyberOps Associate
200-201
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Questions and Answers

Pass the Cisco CyberOps Associate 200-201 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 200-201 Premium Access

View all detail and faqs for the 200-201 exam

Go to Exam

478 Students Passed

84% Average Score

92% Same Questions

Viewing page 1 out of 13 pages

Viewing questions 1-10 out of questions

Questions # 1:

Refer to the exhibit.

Question # 1

Which application protocol is in this PCAP file?

Options:

SSH

TCP

TLS

HTTP

Answer

Explanation

The PCAP file in the exhibit shows a Transmission Control Protocol (TCP) communication between two IP addresses. In the data section of the packet capture, “pdy/3.1… http/1” isvisible, indicating that HTTP (Hypertext Transfer Protocol) is being used as the application protocol for this communication.

References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the analysis of network traffic using tools like packet analyzers to identify application protocols in use1.

Questions # 2:

Refer to the exhibit.

Question # 2

A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?

Options:

indicators of denial-of-service attack due to the frequency of requests

garbage flood attack attacker is sending garbage binary data to open ports

indicators of data exfiltration HTTP requests must be plain text

cache bypassing attack: attacker is sending requests for noncacheable content

Answer

Explanation

The presence of a default user agent in the headers of requests and data being transmitted suggests a cache bypassing attack. In this scenario, the attacker is likely requesting noncacheable content to avoid detection by caching mechanisms that could otherwise identify and block malicious traffic.

Questions # 3:

Which action matches the weaponization step of the Cyber Kill Chain model?

Options:

Scan a host to find open ports and vulnerabilities

Construct the appropriate malware and deliver it to the victim.

Test and construct the appropriate malware to launch the attack

Research data on a specific vulnerability

Answer

Explanation

The weaponization step in the Cyber Kill Chain model involves creating or repurposing malware based on the information gathered during reconnaissance to exploit vulnerabilities in the target’s system. This step culminates in the preparation of the malware to be delivered to the victim2.

[:, Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS), Cyber Kill Chain, ]

Questions # 4:

Question # 4

Refer to the exhibit. The figure shows an X 509 certificate. Which field represents the digital cryptographic algorithm used by the issuer to sign the certificate?

Options:

Signature Algorithm

Timestamp

Fingerprints

Log Operator

Answer

Questions # 5:

An engineer is working on the implementation of digital certificates for new cntical web applications One of the requirements is that the https connection must be validated and protected against malicious network impersonators The server will be exposed externally from the DMZ network Which certificate must be used?

Options:

SSLv3

TLS 1.1

private CA

X.509

Answer

Questions # 6:

Which type of evasion technique is accomplished by separating the traffic into smaller segments before transmitting across the network?

Options:

tunneling

fragmentation

encryption

proxies

Answer

Questions # 7:

What is the difference between statistical detection and rule-based detection models?

Options:

Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time

Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis

Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior

Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis

Answer

Explanation

Statistical detection involves collecting data over time to define what is considered normal behavior or legitimate data for users or systems. It then uses statistical analysis to identify abnormal behavior that could indicate a security incident. Rule-based detection uses predefined rules or patterns that are based on known threats or vulnerabilities - it operates on an IF/THEN basis where if certain conditions are met then an alert is triggered. References := Cisco Cybersecurity Operations Fundamentals

Questions # 8:

How can TOR impact data visibility inside an organization?

Options:

increases data integrity

increases security

decreases visibility

no impact

Answer

Explanation

TOR, or The Onion Router, is designed to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using TOR makes it more difficult to trace internet activity, including “visits to Web sites, online posts, instant messages, and other communication forms,” back to the user1. It is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their internet activities unmonitored. Within an organization, the use of TOR can decrease visibility into data traffic because it encrypts the data multiple times and routes it through a series of servers operated by volunteers around the globe. This makes network monitoring and data visibility challenging for cybersecurity professionals within the organization. References: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Questions # 9:

Why is encryption challenging to security monitoring?

Options:

Encryption analysis is used by attackers to monitor VPN tunnels.

Encryption is used by threat actors as a method of evasion and obfuscation.

Encryption introduces additional processing requirements by the CPU.

Encryption introduces larger packet sizes to analyze and store.

Answer

Explanation

Encryption is challenging to security monitoring because it can be used by threat actors as a method of evasion and obfuscation. Encryption can prevent security devices from inspecting the content or payload of the network traffic, making it difficult to detect malicious activity or signatures. Encryption can also hide the source and destination of the traffic, making it hard to trace the origin or destination of the attack. References: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 4, Lesson 4.1.1)

Questions # 10:

An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?

Options:

ransomware communicating after infection

users downloading copyrighted content

data exfiltration

user circumvention of the firewall

Answer

Explanation

Traffic with a known TOR exit node is often associated with data exfiltration, where sensitive information is transferred from within the network to an external location. TOR networks are used to anonymize the traffic, making it difficult to trace back to the source. References := Cisco Cybersecurity Operations Fundamentals - Module 2: Security Monitoring

Viewing page 1 out of 13 pages

Viewing questions 1-10 out of questions