PDF Only
$35.00 Free Updates Upto 90 Days
- 200-201 Dumps PDF
- 331 Questions
- Updated On July 26, 2024
PDF + Test Engine
$55.00 Free Updates Upto 90 Days
- 200-201 Question Answers
- 331 Questions
- Updated On July 26, 2024
Test Engine
$45.00 Free Updates Upto 90 Days
- 200-201 Practice Questions
- 331 Questions
- Updated On July 26, 2024
How to pass Cisco 200-201 exam with the help of dumps?
DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Cisco 200-201 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.
How Do I Know Cisco 200-201 Dumps are Worth it?
Did we mention our latest 200-201 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.
You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Cisco Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!
IT Students Are Using our Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Dumps Worldwide!
It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.
How to Get 200-201 Real Exam Dumps?
Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the 200-201 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!
Frequently Asked Questions
Question # 1
What is the function of a command and control server?
A. It enumerates open ports on a network device
B. It drops secondary payload into malware
C. It is used to regain control of the network after a compromise
D. It sends instruction to a compromised system
Question # 2
Which technology on a host is used to isolate a running application from otherapplications?
A. sandbox
B. application allow list
C. application block list
D. host-based firewall
Question # 3
Refer to the exhibit. An analyst was given a PCAP file, which is associated with a recent intrusion event in thecompany FTP server Which display filters should the analyst use to filter the FTP traffic?
A. dstport == FTP
B. tcp.port==21
C. tcpport = FTP
D. dstport = 21
Question # 4
An employee received an email from a colleague’s address asking for the password for thedomain controller. The employee noticed a missing letter within the sender’s address. Whatdoes this incident describe?
A. brute-force attack
B. insider attack
C. shoulder surfing
D. social engineering
Question # 5
During which phase of the forensic process are tools and techniques used to extractinformation from the collected data?
A. investigation
B. examination
C. reporting
D. collection
Question # 6
What should an engineer use to aid the trusted exchange of public keys between usertom0411976943 and dan1968754032?
A. central key management server
B. web of trust
C. trusted certificate authorities
D. registration authority data
Question # 7
Why is HTTPS traffic difficult to screen?
A. HTTPS is used internally and screening traffic (or external parties is hard due toisolation.
B. The communication is encrypted and the data in transit is secured.
C. Digital certificates secure the session, and the data is sent at random intervals.
D. Traffic is tunneled to a specific destination and is inaccessible to others except for thereceiver.
Question # 8
Which tool gives the ability to see session data in real time?
A. tcpdstat
B. trafdump
C. tcptrace
D. trafshow
Question # 9
Refer to the exhibit. An employee received an email from an unknown sender with anattachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoofor further analysis. What should an engineer interpret from the provided Cuckoo report?
A. Win32.polip.a.exe is an executable file and should be flagged as malicious.
B. The file is clean and does not represent a risk.
C. Cuckoo cleaned the malicious file and prepared it for usage.
D. MD5 of the file was not identified as malicious.
Question # 10
What are two denial-of-service (DoS) attacks? (Choose two)
A. port scan
B. SYN flood
C. man-in-the-middle
D. phishing
E. teardrop
Question # 11
According to the NIST SP 800-86. which two types of data are considered volatile?(Choose two.)
A. swap files
B. temporary files
C. login sessions
D. dump files
E. free space
Question # 12
What is the difference between discretionary access control (DAC) and role-based accesscontrol (RBAC)?
A. DAC requires explicit authorization for a given user on a given object, and RBACrequires specific conditions.
B. RBAC access is granted when a user meets specific conditions, and in DAC,permissions are applied on user and group levels.
C. RBAC is an extended version of DAC where you can add an extra level of authorizationbased on time.
D. DAC administrators pass privileges to users and groups, and in RBAC, permissions areapplied to specific groups
Question # 13
What is the difference between a threat and an exploit?
A. A threat is a result of utilizing flow in a system, and an exploit is a result of gainingcontrol over the system.
B. A threat is a potential attack on an asset and an exploit takes advantage of thevulnerability of the asset
C. An exploit is an attack vector, and a threat is a potential path the attack must go through.
D. An exploit is an attack path, and a threat represents a potential vulnerability
Question # 14
What describes a buffer overflow attack?
A. injecting new commands into existing buffers
B. fetching data from memory buffer registers
C. overloading a predefined amount of memory
D. suppressing the buffers in a process
Question # 15
An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret fromthe report?
A. The file will appear legitimate by evading signature-based detection.
B. The file will not execute its behavior in a sandbox environment to avoid detection.
C. The file will insert itself into an application and execute when the application is run.
D. The file will monitor user activity and send the information to an outside source.
Question # 16
What is a description of a social engineering attack?
A. fake offer for free music download to trick the user into providing sensitive data
B. package deliberately sent to the wrong receiver to advertise a new product
C. mistakenly received valuable order destined for another person and hidden on purpose
D. email offering last-minute deals on various vacations around the world with a due dateand a counter
Question # 17
Which are two denial-of-service attacks? (Choose two.)
A. TCP connections
B. ping of death
C. man-in-the-middle
D. code-red
E. UDP flooding
Question # 18
What is an incident response plan?
A. an organizational approach to events that could lead to asset loss or disruption ofoperations
B. an organizational approach to security management to ensure a service lifecycle andcontinuous improvements
C. an organizational approach to disaster recovery and timely restoration of operationalservices
D. an organizational approach to system backup and data archiving aligned to regulations
Question # 19
An engineer must compare NIST vs ISO frameworks The engineer deeded to compare asreadable documentation and also to watch a comparison video review. Using Windows 10OS. the engineer started a browser and searched for a NIST document and then opened anew tab in the same browser and searched for an ISO document for comparisonThe engineer tried to watch the video, but there 'was an audio problem with OS so theengineer had to troubleshoot it At first the engineer started CMD and looked fee a driverpath then locked for a corresponding registry in the registry editor The engineer enabled"Audiosrv" in task manager and put it on auto start and the problem was solved Which twocomponents of the OS did the engineer touch? (Choose two)
A. permissions
B. PowerShell logs
C. service
D. MBR
E. process and thread
Question # 20
What is the difference between indicator of attack (loA) and indicators of compromise (loC)?
A. loA is the evidence that a security breach has occurred, and loC allows organizations toact before the vulnerability can be exploited.
B. loA refers to the individual responsible for the security breach, and loC refers to theresulting loss.
C. loC is the evidence that a security breach has occurred, and loA allows organizations toact before the vulnerability can be exploited.
D. loC refers to the individual responsible for the security breach, and loA refers to theresulting loss.
Question # 21
Which security model assumes an attacker within and outside of the network and enforcesstrict verification before connecting to any system or resource within the organization?
A. Biba
B. Object-capability
C. Take-Grant
D. Zero Trust
Question # 22
Refer to the exhibit. Where is the executable file?
A. info
B. tags
C. MIME
D. name
Question # 23
How does a certificate authority impact security?
A. It validates client identity when communicating with the server.
B. It authenticates client identity when requesting an SSL certificate.
C. It authenticates domain identity when requesting an SSL certificate.
D. It validates the domain identity of the SSL certificate.
Question # 24
What is vulnerability management?
A. A security practice focused on clarifying and narrowing intrusion points.
B. A security practice of performing actions rather than acknowledging the threats.
C. A process to identify and remediate existing weaknesses.
D. A process to recover from service interruptions and restore business-critical applications
Question # 25
What is the difference between the ACK flag and the RST flag?
A. True positives affect security as no alarm is raised when an attack has taken place,resulting in a potential breach.
B. True positive alerts are blocked by mistake as potential attacks affecting applicationavailability.
C. False positives affect security as no alarm is raised when an attack has taken place,resulting in a potential breach.
D. False positive alerts are blocked by mistake as potential attacks affecting applicationavailability.
Question # 26
What is the difference between the ACK flag and the RST flag?
A. The RST flag approves the connection, and the ACK flag terminates spontaneousconnections.
B. The ACK flag confirms the received segment, and the RST flag terminates theconnection.
C. The RST flag approves the connection, and the ACK flag indicates that a packet needsto be resent
D. The ACK flag marks the connection as reliable, and the RST flag indicates the failurewithin TCP Handshake
Question # 27
Refer to the exhibit. An attacker scanned the server using Nmap. What did the attackerobtain from this scan?
A. Identified a firewall device preventing the pert state from being returned.
B. Identified open SMB ports on the server
C. Gathered information on processes running on the server
D. Gathered a list of Active Directory users
Question # 28
What is a difference between SIEM and SOAR?
A. SOAR predicts and prevents security alerts, while SIEM checks attack patterns andapplies the mitigation.
B. SlEM's primary function is to collect and detect anomalies, while SOAR is more focusedon security operations automation and response.
C. SIEM predicts and prevents security alerts, while SOAR checks attack patterns andapplies the mitigation.
D. SOAR's primary function is to collect and detect anomalies, while SIEM is more focusedon security operations automation and response.
Question # 29
A user received a targeted spear-phishing email and identified it as suspicious beforeopening the content. To which category of the Cyber Kill Chain model does to this type ofevent belong?
A. weaponization
B. delivery
C. exploitation
D. reconnaissance
Question # 30
Refer to the exhibit. What is occurring?
A. Cross-Site Scripting attack
B. XML External Entitles attack
C. Insecure Deserialization
D. Regular GET requests
Question # 31
Which type of access control depends on the job function of the user?
A. discretionary access control
B. nondiscretionary access control
C. role-based access control
D. rule-based access control
Question # 32
What is a difference between data obtained from Tap and SPAN ports?
A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured
data for deeper analysis.
B. SPAN passively splits traffic between a network device and the network without altering
it, while Tap alters response times.
C. SPAN improves the detection of media errors, while Tap provides direct access to traffic
with lowered data visibility.
D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a
copy of network traffic from switch to destination
Question # 33
An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?
A. IP data
B. PII data
C. PSI data
D. PHI data
Question # 34
Which attack represents the evasion technique of resource exhaustion?
A. SQL injection
B. man-in-the-middle
C. bluesnarfing
D. denial-of-service
Question # 35
Which regular expression is needed to capture the IP address 192.168.20.232?
A. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}
B. ^ (?:[0-9]f1,3}\.){1,4}
C. ^ (?:[0-9]{1,3}\.)'
D. ^ ([0-9]-{3})
Question # 36
Which event is a vishing attack?
A. obtaining disposed documents from an organization
B. using a vulnerability scanner on a corporate network
C. setting up a rogue access point near a public hotspot
D. impersonating a tech support agent during a phone call
Question # 37
Drag and drop the data source from the left onto the data type on the right.
Question # 38
What describes the impact of false-positive alerts compared to false-negative alerts?
A. A false negative is alerting for an XSS attack. An engineer investigates the alert anddiscovers that an XSS attack happened A false positive is when an XSS attack happensand no alert is raised
B. A false negative is a legitimate attack triggering a brute-force alert. An engineerinvestigates the alert and finds out someone intended to break into the system A falsepositive is when no alert and no attack is occurring
C. A false positive is an event alerting for a brute-force attack An engineer investigates thealert and discovers that a legitimate user entered the wrong credential several times A falsenegative is when a threat actor tries to brute-force attack a system and no alert is raised.
D. A false positive is an event alerting for an SQL injection attack An engineer investigatesthe alert and discovers that an attack attempt was blocked by IPS A false negative is whenthe attack gets detected but succeeds and results in a breach.
Question # 39
What ate two denial-of-service (DoS) attacks? (Choose two)
A. port scan
B. SYN flood
C. man-in-the-middle
D. phishing
E. teardrop
Question # 40
A security engineer notices confidential data being exfiltrated to a domain "Ranso4134- mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
A. reconnaissance
B. delivery
C. action on objectives
D. weaponization
Question # 41
What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?
A. APS interrogation is more complex because traffic mirroring applies additional tags todata and SPAN does not alter integrity and provides full duplex network.
B. SPAN results in more efficient traffic analysis, and TAPS is considerably slower due tolatency caused by mirroring.
C. TAPS replicates the traffic to preserve integrity, and SPAN modifies packets beforesending them to other analysis tools
D. SPAN ports filter out physical layer errors, making some types of analyses more difficult,and TAPS receives all packets, including physical errors.
Question # 42
Drag and drop the security concept from the left onto the example of that concept on the right.
Question # 43
The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?
A. actions
B. delivery
C. reconnaissance
D. installation
Question # 44
A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?
A. installation
B. reconnaissance
C. weaponization
D. delivery
Question # 45
Refer to the exhibit. A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded What would have occurred with stronger data visibility?
A. The traffic would have been monitored at any segment in the network.
B. Malicious traffic would have been blocked on multiple devices
C. An extra level of security would have been in place
D. Detailed information about the data in real time would have been provided
Question # 46
Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?
A. evidence collection order
B. data integrity
C. data preservation
D. volatile data collection
Question # 47
According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim's workstations using RDP exploits Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?
A. malware attack
B. ransomware attack
C. whale-phishing
D. insider threat
Question # 48
What are the two differences between stateful and deep packet inspection? (Choose two )
A. Stateful inspection is capable of TCP state tracking, and deep packet filtering checksonly TCP source and destination ports
B. Deep packet inspection is capable of malware blocking, and stateful inspection is not
C. Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates onLayer 3 of the OSI model
D. Deep packet inspection is capable of TCP state monitoring only, and stateful inspectioncan inspect TCP and UDP.
E. Stateful inspection is capable of packet data inspections, and deep packet inspection isnot
Question # 49
How does agentless monitoring differ from agent-based monitoring?
A. Agentless can access the data via API. while agent-base uses a less efficient method and accesses log data through WMI.
B. Agent-based monitoring is less intrusive in gathering log data, while agentless requires open ports to fetch the logs
C. Agent-based monitoring has a lower initial cost for deployment, while agentless monitoring requires resource-intensive deployment.
D. Agent-based has a possibility to locally filter and transmit only valuable data, while agentless has much higher network utilization
Question # 50
How does TOR alter data content during transit?
A. It spoofs the destination and source information protecting both sides.
B. It encrypts content and destination information over multiple layers.
C. It redirects destination traffic through multiple sources avoiding traceability.
D. It traverses source traffic through multiple destinations before reaching the receiver
Question # 51
An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario'?
A. X 509 certificates
B. RADIUS server
C. CA server
D. web application firewall
Question # 52
Syslog collecting software is installed on the server For the log containment, a disk with FAT type partition is used An engineer determined that log files are being corrupted when the 4 GB tile size is exceeded. Which action resolves the issue?
A. Add space to the existing partition and lower the retention penod.
B. Use FAT32 to exceed the limit of 4 GB.
C. Use the Ext4 partition because it can hold files up to 16 TB.
D. Use NTFS partition for log file containment
Question # 53
What is threat hunting?
A. Managing a vulnerability assessment report to mitigate potential threats.
B. Focusing on proactively detecting possible signs of intrusion and compromise.
C. Pursuing competitors and adversaries to infiltrate their system to acquire intelligencedata.
D. Attempting to deliberately disrupt servers by altering their availability
Question # 54
An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?
A. incorrect TCP handshake
B. incorrect UDP handshake
C. incorrect OSI configuration
D. incorrect snaplen configuration
Question # 55
Which data type is necessary to get information about source/destination ports?
A. statistical data
B. session data
C. connectivity data
D. alert data
Question # 56
Refer to the exhibit. A company employee is connecting to mail google.com from an endpoint device. The website is loaded but with an error. What is occurring?
A. DNS hijacking attack
B. Endpoint local time is invalid.
C. Certificate is not in trusted roots.
D. man-m-the-middle attack
Question # 57
Which of these describes SOC metrics in relation to security incidents?
A. time it takes to detect the incident
B. time it takes to assess the risks of the incident
C. probability of outage caused by the incident
D. probability of compromise and impact caused by the incident
Question # 58
What is an advantage of symmetric over asymmetric encryption?
A. A key is generated on demand according to data type.
B. A one-time encryption key is generated for data transmission
C. It is suited for transmitting large amounts of data.
D. It is a faster encryption mechanism for sessions
Question # 59
What describes the defense-m-depth principle?
A. defining precise guidelines for new workstation installations
B. categorizing critical assets within the organization
C. isolating guest Wi-Fi from the focal network
D. implementing alerts for unexpected asset malfunctions
Question # 60
What is a benefit of using asymmetric cryptography?
A. decrypts data with one key
B. fast data transfer
C. secure data transfer
D. encrypts data with one key
Question # 61
What is a difference between an inline and a tap mode traffic monitoring?
A. Inline monitors traffic without examining other devices, while a tap mode tags traffic andexamines the data from monitoring devices.
B. Tap mode monitors traffic direction, while inline mode keeps packet data as it passesthrough the monitoring devices.
C. Tap mode monitors packets and their content with the highest speed, while the inlinemode draws a packet path for analysis.
D. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap modemonitors traffic as it crosses the network.
Question # 62
What is the difference between the rule-based detection when compared to behavioral detection?
A. Rule-Based detection is searching for patterns linked to specific types of attacks, whilebehavioral is identifying per signature.
B. Rule-Based systems have established patterns that do not change with new data, whilebehavioral changes.
C. Behavioral systems are predefined patterns from hundreds of users, while Rule-Basedonly flags potentially abnormal patterns using signatures.
D. Behavioral systems find sequences that match a particular attack signature, while RuleBased identifies potential attacks.
Question # 63
Refer to the exhibit. Which frame numbers contain a file that is extractable via TCP stream within Wireshark?
A. 7,14, and 21
B. 7 and 21
C. 14,16,18, and 19
D. 7 to 21
Question # 64
How does an attack surface differ from an attack vector?
A. An attack vector recognizes the potential outcomes of an attack, and the attack surfaceis choosing a method of an attack.
B. An attack surface identifies vulnerable parts for an attack, and an attack vector specifieswhich attacks are feasible to those parts.
C. An attack surface mitigates external vulnerabilities, and an attack vector identifiesmitigation techniques and possible workarounds.
D. An attack vector matches components that can be exploited, and an attack surfaceclassifies the potential path for exploitation
Question # 65
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A. event name, log source, time, source IP, and host name
B. protocol, source IP, source port, destination IP, and destination port
C. event name, log source, time, source IP, and username
D. protocol, log source, source IP, destination IP, and host name
Question # 66
An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data. Which two types of data must be identified'? (Choose two.)
A. SOX
B. PII
C. PHI
D. PCI
E. copyright
Leave a comment
Your email address will not be published. Required fields are marked *