[Q148-Q173] The 200-201 PDF Dumps Greatest for the Cisco Exam Study Guide!

The 200-201 PDF Dumps Greatest for the Cisco Exam Study Guide!

Read Online 200-201 Test Practice Test Questions Exam Dumps

NEW QUESTION # 148
Refer to the exhibit.
What is shown in this PCAP file?

• A. The protocol is TCP.
• B. Timestamps are indicated with error.
• C. The HTTP GET is encoded.
• D. The User-Agent is Mozilla/5.0.

Answer: D

Explanation:
The PCAP file shows a network packet capture of an HTTP GET request from a client to a server. The User-Agent header field identifies the type and version of the client software that generated the request. In this case, the User-Agent is Mozilla/5.0, which indicates that the client is using a Mozilla-based browser or application. The User-Agent can help the server to customize the response based on the client's capabilities and preferences. Reference: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Network Protocols and Services, Lesson 3.2: HTTP and HTTPS, Topic 3.2.1: HTTP Headers.
1of30

NEW QUESTION # 149
Which evasion technique is a function of ransomware?

• A. encoding
• B. resource exhaustion
• C. encryption
• D. extended sleep calls

Answer: C

Explanation:
Encryption is an evasion technique that is a function of ransomware, which is a type of malware that encrypts the victim's files or system and demands a ransom for the decryption key. Encryption is used by ransomware to prevent the victim from accessing their data and to avoid detection by antivirus or other security tools.
Encryption can also be used by other types of malware to hide their communication, configuration, or payload from analysis. References:
* Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Network Intrusion Analysis, Lesson 3.4: Malware
* Cisco Certified CyberOps Associate Overview, Exam Topics, 3.4 Compare and contrast types of malware

NEW QUESTION # 150
How is NetFlow different from traffic mirroring?

• A. Traffic mirroring impacts switch performance and NetFlow does not.
• B. NetFlow generates more data than traffic mirroring.
• C. NetFlow collects metadata and traffic mirroring clones data.
• D. Traffic mirroring costs less to operate than NetFlow.

Answer: C

NEW QUESTION # 151
What is sliding window anomaly detection?

• A. Apply lowest privilege/permission level to software
• B. Define response times for requests for owned applications.
• C. Detect changes in operations and management processes.
• D. Identify uncommon patterns that do not fit usual behavior.

Answer: D

Explanation:
Sliding window anomaly detection is a technique used in cybersecurity to identify unusual patterns or behaviors that deviate from the norm. It involves analyzing segments of data over a period of time, referred to as a 'window,' and comparing them against typical patterns. Anomalies are detected when observed behaviors significantly differ from expected patterns, indicating potential security incidents or issues that require further investigation. Reference:: An adaptive sliding window for anomaly detection of time series in wireless sensor networks

NEW QUESTION # 152
Refer to the exhibit.

What is occurring?

• A. XML External Entitles attack
• B. Insecure Deserialization
• C. Cross-Site Scripting attack
• D. Regular GET requests

Answer: A

NEW QUESTION # 153
Which type of access control depends on the job function of the user?

• A. nondiscretionary access control
• B. discretionary access control
• C. rule-based access control
• D. role-based access control

Answer: D

NEW QUESTION # 154
An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario'?

• A. X 509 certificates
• B. RADIUS server
• C. web application firewall
• D. CA server

Answer: A

Explanation:
X.509 certificates are used in conjunction with secure data transfer protocols to ensure the confidentiality and integrity of communication. They are part of a public key infrastructure (PKI) that authenticates the identity of entities and encrypts data in transit. References: Implementing X.509 certificates along with secure data transfer protocols like SFTP, HTTPS, FTPS, and IPSec can help secure data sharing with third-party companies

NEW QUESTION # 155
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

• A. NAT
• B. encapsulation
• C. tunneling
• D. TOR

Answer: A

Explanation:
Explanation
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

NEW QUESTION # 156
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

• A. Identify lessons learned from the threat.
• B. Reduce the probability of similar threats.
• C. Recover from the threat.
• D. Analyze the threat.

Answer: C

Explanation:
Explanation
Per: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

NEW QUESTION # 157
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

• A. Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.
• B. Run "ps -u" to find out who executed additional processes that caused a high load on a server.
• C. Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.
• D. Run "ps -ef" to understand which processes are taking a high amount of resources.

Answer: D

NEW QUESTION # 158
What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?

• A. SPAN results in more efficient traffic analysis, and TAPS is considerably slower due to latency caused by mirroring.
• B. TAPS interrogation is more complex because traffic mirroring applies additional tags to data and SPAN does not alter integrity and provides full duplex network.
• C. SPAN ports filter out physical layer errors, making some types of analyses more difficult, and TAPS receives all packets, including physical errors.
• D. TAPS replicates the traffic to preserve integrity, and SPAN modifies packets before sending them to other analysis tools

Answer: C

NEW QUESTION # 159

Refer to the exhibit. Which application protocol is in this PCAP file?

• A. TLS
• B. SSH
• C. HTTP
• D. TCP

Answer: D

Explanation:
Section: Network Intrusion Analysis

NEW QUESTION # 160
Which are two denial-of-service attacks? (Choose two.)

• A. TCP connections
• B. ping of death
• C. UDP flooding
• D. man-in-the-middle
• E. code-red

Answer: B,C

Explanation:
* The ping of death is a type of attack that involves sending oversized or malformed packets using the ICMP protocol to crash, freeze, or reboot the target system1.
* UDP flooding is an attack method that sends a large number of User Datagram Protocol (UDP) packets to random ports on a remote host, causing the host to repeatedly check for the application listening at that port, and (when no application is found) reply with an ICMP Destination Unreachable packet. This process can saturate the network and the resources of the host, leading to denial of service2.
References:
* Cloudflare's explanation of common DoS attacks1.
* Wikipedia's description of denial-of-service attack methods

NEW QUESTION # 161
Which access control model does SELinux use?

• A. MAC
• B. DAC
• C. RBAC
• D. ABAC

Answer: A

NEW QUESTION # 162
Drag and drop the type of evidence from the left onto the description of that evidence on the right.

Answer:

Explanation:

Explanation:
Graphical user interface, application Description automatically generated

NEW QUESTION # 163
Drag and drop the data source from the left onto the data type on the right.

Answer:

Explanation:

NEW QUESTION # 164
Which two measures are used by the defense-m-depth strategy? (Choose two)

• A. Bridge the single connection into multiple.
• B. Split packets into pieces.
• C. Reduce the load on network devices.
• D. Divide the network into parts
• E. Implement the patch management process

Answer: D,E

Explanation:
The defense-in-depth strategy is a layered approach to security that includes multiple defensive measures to protect against threats. Dividing the network into parts (B) helps isolate potential breaches, making it harder for an attacker to move laterally across the network. Implementing the patch management process (E) ensures that systems are up-to-date with the latest security patches, reducing vulnerabilities that attackers could exploit.

NEW QUESTION # 165
What is the difference between statistical detection and rule-based detection models?

• A. Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis
• B. Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
• C. Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior
• D. Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis

Answer: D

Explanation:
Statistical detection involves collecting data over time to define what is considered normal behavior or legitimate data for users or systems. It then uses statistical analysis to identify abnormal behavior that could indicate a security incident. Rule-based detection uses predefined rules or patterns that are based on known threats or vulnerabilities - it operates on an IF/THEN basis where if certain conditions are met then an alert is triggered. Reference:= Cisco Cybersecurity Operations Fundamentals

NEW QUESTION # 166
What is a difference between signature-based and behavior-based detection?

• A. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
• B. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
• C. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
• D. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Answer: D

NEW QUESTION # 167
What is an advantage of symmetric over asymmetric encryption?

• A. It is suited for transmitting large amounts of data.
• B. A key is generated on demand according to data type.
• C. A one-time encryption key is generated for data transmission
• D. It is a faster encryption mechanism for sessions

Answer: A

NEW QUESTION # 168
Refer to the exhibit.

Which component is identifiable in this exhibit?

• A. Trusted Root Certificate store on the local machine
• B. Windows PowerShell verb
• C. local service in the Windows Services Manager
• D. Windows Registry hive

Answer: D

NEW QUESTION # 169
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

• A. detection and analysis
• B. preparation
• C. post-incident activity
• D. containment, eradication, and recovery

Answer: A

NEW QUESTION # 170
A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

• A. file hash value
• B. file header type
• C. file size
• D. file name

Answer: A

NEW QUESTION # 171
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

• A. Identify lessons learned from the threat.
• B. Reduce the probability of similar threats.
• C. Recover from the threat.
• D. Analyze the threat.

Answer: C

Explanation:
Per:https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

NEW QUESTION # 172
Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

• A. running processes of the server
• B. open ports of an email server
• C. open port of an FTP server
• D. open ports of a web server

Answer: B

NEW QUESTION # 173
......

The Understanding Cisco Cybersecurity Operations Fundamentals certification exam consists of 100 questions and lasts for 120 minutes. 200-201 exam covers a range of topics, including security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. 200-201 exam is designed to test the candidate's ability to understand and identify common cybersecurity threats, as well as the skills required to mitigate these threats.

 

200-201 Certification All-in-One Exam Guide Jan-2025: https://www.freecram.com/Cisco-certification/200-201-exam-dumps.html

Easily To Pass New 200-201 Premium Exam: https://drive.google.com/open?id=1Ukk3K8LRnujsqd_TPax4APqoz_HNGifz