Practice CyberOps Associate 200-201 exam. Online Exam Practice Tests with detailed explanations! Pass 200-201 with confidence!
200-201 - Understanding Cisco Cybersecurity Operations Fundamentals Practice Tests 2023 | PremiumVCEDump
NEW QUESTION 82
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.
Which information is available on the server certificate?
- A. trusted subordinate CA, public key, and cipher suites
- B. trusted CA name, cipher suites, and private key
- C. server name, trusted CA, and public key
- D. server name, trusted subordinate CA, and private key
Answer: C
NEW QUESTION 83
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
- A. encryption
- B. pivoting
- C. stenography
- D. fragmentation
Answer: C
NEW QUESTION 84
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network?
(Choose two.)
- A. PCI
- B. COBIT
- C. HIPAA
- D. GLBA
- E. SOX
Answer: A,C
NEW QUESTION 85
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
- A. Tampered images are used in the security investigation process
- B. The image is tampered if the stored hash and the computed hash match
- C. Tampered images are used in the incident recovery process
- D. The image is untampered if the stored hash and the computed hash match
- E. Untampered images are used in the security investigation process
Answer: A,D
Explanation:
Section: Host-Based Analysis
NEW QUESTION 86
What is a difference between an inline and a tap mode traffic monitoring?
- A. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.
- B. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.
- C. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.
- D. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.
Answer: B
NEW QUESTION 87
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?
- A. deep packet captures of each application flow and duration
- B. running processes on the applications and their total network usage
- C. total throughput on the interface of the router and NetFlow records
- D. output of routing protocol authentication failures and ports used
Answer: B
NEW QUESTION 88
According to the NIST SP 800-86. which two types of data are considered volatile? (Choose two.)
- A. temporary files
- B. dump files
- C. swap files
- D. login sessions
- E. free space
Answer: D,E
NEW QUESTION 89
Which signature impacts network traffic by causing legitimate traffic to be blocked?
- A. false negative
- B. true positive
- C. false positive
- D. true negative
Answer: C
NEW QUESTION 90 
Refer to the exhibit. Which two elements in the table are parts of the 5-tuple? (Choose two.)
- A. Ingress Security Zone
- B. First Packet
- C. Source Port
- D. Initiator IP
- E. Initiator User
Answer: C,D
NEW QUESTION 91
Refer to the exhibit.
This request was sent to a web application server driven by a database. Which type of web server attack is represented?
- A. heap memory corruption
- B. command injection
- C. parameter manipulation
- D. blind SQL injection
Answer: D
NEW QUESTION 92
Which type of evidence supports a theory or an assumption that results from initial evidence?
- A. indirect
- B. probabilistic
- C. corroborative
- D. best
Answer: C
Explanation:
Explanation
Corroborating evidence (or corroboration) is evidence that tends to support a theory or an assumption deduced by some initial evidence. This corroborating evidence confirms the proposition. Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide
NEW QUESTION 93
Which security principle requires more than one person is required to perform a critical task?
- A. least privilege
- B. need to know
- C. due diligence
- D. separation of duties
Answer: D
Explanation:
Section: Security Concepts
NEW QUESTION 94
Refer to the exhibit.
What information is depicted?
- A. IPS event data
- B. network discovery event
- C. NetFlow data
- D. IIS data
Answer: C
NEW QUESTION 95
Which tool provides a full packet capture from network traffic?
- A. CAINE
- B. Wireshark
- C. Nagios
- D. Hydra
Answer: B
NEW QUESTION 96
Which type of data consists of connection level, application-specific records generated from network traffic?
- A. statistical data
- B. transaction data
- C. alert data
- D. location data
Answer: B
NEW QUESTION 97
What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?
- A. SPAN ports filter out physical layer errors, making some types of analyses more difficult, and TAPS receives all packets, including physical errors.
- B. APS interrogation is more complex because traffic mirroring applies additional tags to data and SPAN does not alter integrity and provides full duplex network.
- C. TAPS replicates the traffic to preserve integrity, and SPAN modifies packets before sending them to other analysis tools
- D. SPAN results in more efficient traffic analysis, and TAPS is considerably slower due to latency caused by mirroring.
Answer: B
NEW QUESTION 98
What is a difference between SOAR and SIEM?
- A. SIEM receives information from a single platform and delivers it to a SOAR
- B. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
- C. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
- D. SOAR receives information from a single platform and delivers it to a SIEM
Answer: B
NEW QUESTION 99
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
- A. firewall event logs
- B. syslog messages
- C. full packet capture
- D. NetFlow
Answer: D
NEW QUESTION 100
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Answer:
Explanation:

NEW QUESTION 101 
Refer to the exhibit. This request was sent to a web application server driven by a database.
Which type of web server attack is represented?
- A. heap memory corruption
- B. command injection
- C. parameter manipulation
- D. blind SQL injection
Answer: D
Explanation:
Section: Host-Based Analysis
NEW QUESTION 102
Refer to the exhibit.
An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command. How must the engineer interpret the results?
- A. The web application is receiving a common, legitimate traffic
- B. The web application server is under a denial-of-service attack.
- C. The server is under a man-in-the-middle attack between the web application and its database
- D. The engineer must gather more data.
Answer: B
NEW QUESTION 103
An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?
- A. sequence numbers
- B. timestamps
- C. IP identifier
- D. 5-tuple
Answer: D
NEW QUESTION 104
Drag and drop the uses on the left onto the type of security system on the right.
Answer:
Explanation:

NEW QUESTION 105
......
The best 200-201 exam study material and preparation tool is here: https://pass4lead.premiumvcedump.com/Cisco/valid-200-201-premium-vce-exam-dumps.html