Cisco 200-201 Real Exam Questions
The questions for 200-201 were last updated at Dec 19,2024.
- Exam Code: 200-201
- Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
- Certification Provider: Cisco
- Latest update: Dec 19,2024
What makes HTTPS traffic difficult to monitor?
- A . SSL interception
- B . packet header size
- C . signature detection time
- D . encryption
What is the difference between statistical detection and rule-based detection models?
- A . Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
- B . Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
- C . Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior
- D . Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis
What is the principle of defense-in-depth?
- A . Agentless and agent-based protection for security are used.
- B . Several distinct protective layers are involved.
- C . Access control models are involved.
- D . Authentication, authorization, and accounting mechanisms are used.
What is the relationship between a vulnerability and a threat?
- A . A threat exploits a vulnerability
- B . A vulnerability is a calculation of the potential loss caused by a threat
- C . A vulnerability exploits a threat
- D . A threat is a calculation of the potential loss caused by a vulnerability
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.
Which identifier tracks an active program?
- A . application identification number
- B . active process identification number
- C . runtime identification number
- D . process identification number
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
- A . syslog messages
- B . full packet capture
- C . NetFlow
- D . firewall event logs
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
- A . MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
- B . MAC is the strictest of all levels of control and DAC is object-based access
- C . DAC is controlled by the operating system and MAC is controlled by an administrator
- D . DAC is the strictest of all levels of control and MAC is object-based access
How does an attacker observe network traffic exchanged between two users?
- A . port scanning
- B . man-in-the-middle
- C . command injection
- D . denial of service
What is an attack surface as compared to a vulnerability?
- A . any potential danger to an asset
- B . the sum of all paths for data into and out of the environment
- C . an exploitable weakness in a system or its design
- D . the individuals who perform an attack
B
Explanation:
An attack surface is the total sum of vulnerabilities that can be exploited to carry out a security attack. Attack surfaces can be physical or digital. The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access.
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property.
What is the threat agent in this situation?
- A . the intellectual property that was stolen
- B . the defense contractor who stored the intellectual property
- C . the method used to conduct the attack
- D . the foreign government that conducted the attack