Most Updated 200-201 Dumps (V15.02) – Pass 200-201 CBROPS Exam on the First Try

1. Which event is user interaction?

2. Which security principle requires more than one person is required to perform a critical task?

3. How is attacking a vulnerability categorized?

4. What is a benefit of agent-based protection when compared to agentless protection?

5. Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

6. One of the objectives of information security is to protect the CIA of information and systems.

What does CIA mean in this context?

7. What is rule-based detection when compared to statistical detection?

8. A user received a malicious attachment but did not run it.

Which category classifies the intrusion?

9. Which process is used when IPS events are removed to improve data integrity?

10. An analyst is investigating an incident in a SOC environment.

Which method is used to identify a session from a group of logs?

11. What is a difference between SOAR and SIEM?

12. What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

13. What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

14. What is the virtual address space for a Windows process?

15. Which security principle is violated by running all processes as root or administrator?

16. What is the function of a command and control server?

17. What is the difference between deep packet inspection and stateful inspection?

18. Which evasion technique is a function of ransomware?

19. Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)

20. DRAG DROP

Drag and drop the security concept on the left onto the example of that concept on the right.

21. What is the difference between statistical detection and rule-based detection models?

22. What is the difference between a threat and a risk?

23. Which attack method intercepts traffic on a switched network?

24. What does an attacker use to determine which network ports are listening on a potential target device?

25. What is a purpose of a vulnerability management framework?

26. A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property.

What is the threat agent in this situation?

27. What is the practice of giving an employee access to only the resources needed to accomplish their job?

28. Which metric is used to capture the level of access needed to launch a successful attack?

29. What is the difference between an attack vector and attack surface?

30. Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

31. A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver.

Which event category is described?

32. What specific type of analysis is assigning values to the scenario to see expected outcomes?

33. When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

34. Why is encryption challenging to security monitoring?

35. An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts.

What is causing the lack of data visibility needed to detect the attack?

36. A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information.

What is the threat actor in this incident?

37. What is the relationship between a vulnerability and a threat?

38. What is the principle of defense-in-depth?

39. DRAG DROP

Drag and drop the uses on the left onto the type of security system on the right.

40. What is the difference between the rule-based detection when compared to behavioral detection?

41. Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

42. Refer to the exhibit.

Which kind of attack method is depicted in this string?

43. Which two components reduce the attack surface on an endpoint? (Choose two.)

44. What is an attack surface as compared to a vulnerability?

45. An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

46. What are two social engineering techniques? (Choose two.)

47. Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

48. How does certificate authority impact a security system?

49. When communicating via TLS, the client initiates the handshake to the server and the server

responds back with its certificate for identification.

Which information is available on the server certificate?

50. How does an SSL certificate impact security between the client and the server?

51. Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

52. Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

53. Refer to the exhibit.

Which type of log is displayed?

54. Refer to the exhibit.

What information is depicted?

55. What is the difference between the ACK flag and the RST flag in the NetFlow log session?

56. Refer to the exhibit.

Which type of log is displayed?

57. How is NetFlow different from traffic mirroring?

58. What makes HTTPS traffic difficult to monitor?

59. How does an attacker observe network traffic exchanged between two users?

60. Which type of data consists of connection level, application-specific records generated from network traffic?

61. An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.

What is the impact of this traffic?

62. What is an example of social engineering attacks?

63. Refer to the exhibit.

What is occurring in this network?

64. Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

65. Which action prevents buffer overflow attacks?

66. Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

67. Refer to the exhibit.

What should be interpreted from this packet capture?

68. What are the two characteristics of the full packet captures? (Choose two.)

69. Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email.

What is the state of this file?

70. DRAG DROP

Drag and drop the technology on the left onto the data type the technology provides on the right.

71. Refer to the exhibit.

What is occurring in this network traffic?

72. An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow.

Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

73. Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

74. An engineer is investigating a case of the unauthorized usage of the “Tcpdump” tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface.

What type of information did the malicious insider attempt to obtain?

75. At a company party a guest asks questions about the company’s user account format and password complexity.

How is this type of conversation classified?

76. Which security monitoring data type requires the largest storage space?

77. What are two denial of service attacks? (Choose two.)

78. An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap.

Which command will accomplish this goal?

79. An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

80. What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

81. During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

82. Which step in the incident response process researches an attacking host through logs in a SIEM?

83. A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

84. Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

85. Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

86. Which security technology allows only a set of pre-approved applications to run on a system?

87. An investigator is examining a copy of an ISO file that is stored in CDFS format.

What type of evidence is this file?

88. Which piece of information is needed for attribution in an investigation?

89. What does cyber attribution identify in an investigation?

90. A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.

Which type of evidence is this?

91. Refer to the exhibit.

Which event is occurring?

92. Refer to the exhibit.

In which Linux log file is this output found?

93. An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.

Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

94. An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

95. What causes events on a Windows system to show Event Code 4625 in the log messages?

96. Refer to the exhibit.

What does the message indicate?

97. Refer to the exhibit.

This request was sent to a web application server driven by a database.

Which type of web server attack is represented?

98. A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.

Which identifier tracks an active program?

99. An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.

Which kind of evidence is this IP address?

100. Which system monitors local system operation and local network access for violations of a security policy?