200-201 VOL1-Question

1. 200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) VOL1 QUESTION NO: 1 Which of the following is an administrative control principle that dictates that a single individual should not solely perform critical network related tasks? A.Principle of least privilege B.Separation of duty C.Chain of Custody D.Role based access control Answer: B QUESTION NO: 2 Which of the following security principles states that all users should be granted only the level of privilege they need to perform their specific job functions. A.Principle of least privilege B.Separation of duty C.Chain of Custody D.Role based access control Answer: A QUESTION NO: 3 Which of the following describe the two levels of access control? (Select two) A.Physical B.Rule-based C.Machine-based D.Logical Answer: A, D QUESTION NO: 4 A hacker is using a server to send instructions to hosts that have been compromised after malware was installed on the machines. What is the term given to this server? A.DoS server © Copyright Prep Solutions Limited, All rights reserved

2. B.Man-in-the-middle C.Command and Control D.Attack Vector Answer: C QUESTION NO: 5 Which of the following statements are true regarding the relationship between risks and threats? (Select two) A.A threat exploits a vulnerability in a system that can be used to compromise it. B.A threat refers to the potential loss that can occur from a system being exploited. C.A risk exploits a vulnerability in a system that can be used to compromise it. D.A risk refers to the potential loss that can occur from a system being exploited. Answer: A, D QUESTION NO: 6 Why would an attacker utilize a port scanner on a network? A.To obtain IP address information from the hosts on a network. B.To obtain MAC address information from the hosts on a network. C.To see which TCP and UDP applications that devices are listening for. D.To see the login credentials of users on a network. Answer: C QUESTION NO: 7 What is the term given for a layered security approach where multiple devices offer a variety of overlapping and redundant systems for a comprehensive security solution? A.Defense in depth B.Principle of least privilege C.SIEM D.Root cause analysis Answer: A © Copyright Prep Solutions Limited, All rights reserved

3. QUESTION NO: 8 A threat actor calls an employee at their desk pretending to be with the help desk in an attempt to get the employees login credentials. What is this an example of? (Select two) A.Phishing B.Vishing C.Watering Hole D.Social Engineering Answer: B, D QUESTION NO: 9 What does the acronym SOAR stand for in regards to cyber security? A.Systems Operations and Restoral B.Security Operations and Restoral C.Systems Operations and Response D.Security Operations and Response E.Systems Orchestration, Automation, and Response F.Security Orchestration, Automation, and Response Answer: F QUESTION NO: 10 You want to view incoming packet data for your Linux based server in real time. What command should you use to do this? A.tcpdump B.netstat C.netsh D.netmon Answer: A QUESTION NO: 11 Which of the following describe types of cross-site scripting (XSS) attacks? (Select two) A.Reflected B.Refracted C.Stored © Copyright Prep Solutions Limited, All rights reserved

4. D.Dynamic Answer: A, C QUESTION NO: 12 Which of the following is the most effective way to prevent tailgating and piggybacking attempts to access a building? A.User awareness training B.Badge readers C.Multifactor authentication D.Mantraps Answer: E QUESTION NO: 13 You want to utilize the third party provider to validate the identities of domains and bind them through the use of digital certificates. What term describes this third party? A.CASB B.DNS broker C.SDN controller D.Certificate authority Answer: D QUESTION NO: 14 Refer to the following exhibit: What is this an example of? A.IDS/IPS data B.Netflow conversations © Copyright Prep Solutions Limited, All rights reserved

5. C.syslog messages D.Firewall rule matches Answer: B QUESTION NO: 15 When comparing the monitoring of HTTP and HTTPS traffic on your network, which of the following is true? A.HTTP is easier to monitor compared to HTTPS since HTTP uses plain text and HTTPS is encrypted. B.HTTPS is easier to monitor compared to HTTP since HTTPS uses plain text and HTTP is encrypted. C.HTTP is easier to monitor compared to HTTPS since it uses smaller packet sizes. D.HTTPS is easier to monitor compared to HTTP since it uses TCP sequencing while HTTP uses UDP. Answer: A QUESTION NO: 16 Which of the following are the two main types of Buffer Overflow Attacks? (Select two) A.Stack-based B.RAM-based C.ROM-based D.Heap-based Answer: A, D QUESTION NO: 17 Which of the following could be categorized as Personally Identifiable Information (PII) in Privacy Regulations? (Select two) A.Social Security Number B.Home address C.Time zone D.Language spoken E.Browser cookies Answer: A, B © Copyright Prep Solutions Limited, All rights reserved

6. QUESTION NO: 18 A network baseline has been created and you want to use this information to detect anomalous behavior. In order to decrease the amount of analysis that must be done to detect abnormal behavior, you focus on a window of time. What is the term for this? A.Time based anomaly detection B.Sliding window anomaly detection C.Point in time detection D.Periodic time analysis detection Answer: B QUESTION NO: 19 You have collected all the event data for a specific event and had this data aggregated. What additional task should be done to prepare this data for use by security analytics? A.Back up the data to another location B.Verify the validity of the data. C.Tune the event logs to eliminate false positives and false negatives. D.Use different sources to correlate the data, including time stamps of the data. Answer: D QUESTION NO: 20 What do the letters CIA stand for in the CIA triad? (Select three) A.Confidentiality B.Cryptography C.Identity D.Integrity E.Availability F.Authentication Answer: A, D, E © Copyright Prep Solutions Limited, All rights reserved