次の認定試験に速く合格する!

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センター  カート (0)
  • ホーム
  • ブログ
  • 試験高合格率保証2023年11月19日 200-201試験問題と正確な回答! [Q122-Q137]

試験高合格率保証2023年11月19日 200-201試験問題と正確な回答! [Q122-Q137]

Share

試験高合格率保証2023年11月19日 200-201試験問題と正確な回答!

テストエンジン練習問題200-201有効最新の問題集

質問 # 122
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2?
(Choose two.)

  • A. post-incident activity
  • B. risk assessment
  • C. vulnerability management
  • D. vulnerability scoring
  • E. detection and analysis

正解:A、E

解説:
Section: Security Policies and Procedures
Explanation/Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf


質問 # 123
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

  • A. The image is tampered if the stored hash and the computed hash match
  • B. Untampered images are used in the security investigation process
  • C. Tampered images are used in the security investigation process
  • D. Tampered images are used in the incident recovery process
  • E. The image is untampered if the stored hash and the computed hash match

正解:B、E

解説:
Explanation
Cert Guide by Omar Santos, Chapter 9 - Introduction to digital Forensics. "When you collect evidence, you must protect its integrity. This involves making sure that nothing is added to the evidence and that nothing is deleted or destroyed (this is known as evidence preservation)."


質問 # 124
What is a difference between data obtained from Tap and SPAN ports?

  • A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
  • B. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
  • C. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination
  • D. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.

正解:A


質問 # 125
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?

  • A. social engineering
  • B. piggybacking
  • C. tailgating
  • D. eavesdropping

正解:A


質問 # 126
Why is encryption challenging to security monitoring?

  • A. Encryption introduces larger packet sizes to analyze and store.
  • B. Encryption analysis is used by attackers to monitor VPN tunnels.
  • C. Encryption is used by threat actors as a method of evasion and obfuscation.
  • D. Encryption introduces additional processing requirements by the CPU.

正解:C


質問 # 127
Which step in the incident response process researches an attacking host through logs in a SIEM?

  • A. containment
  • B. preparation
  • C. eradication
  • D. detection and analysis

正解:D

解説:
Explanation
Preparation --> Detection and Analysis --> Containment, Erradicaion and Recovery --> Post-Incident Activity Detection and Analysis --> Profile networks and systems, Understand normal behaviors, Create a log retention policy, Perform event correlation. Maintain and use a knowledge base of information.Use Internet search engines for research. Run packet sniffers to collect additional data. Filter the data. Seek assistance from others.
Keep all host clocks synchronized. Know the different types of attacks and attack vectors. Develop processes and procedures to recognize the signs of an incident. Understand the sources of precursors and indicators.
Create appropriate incident documentation capabilities and processes. Create processes to effectively prioritize security incidents. Create processes to effectively communicate incident information (internal and external communications).
Ref: Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide


質問 # 128
What is the difference between the rule-based detection when compared to behavioral detection?

  • A. Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.
  • B. Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
  • C. Rule-Based systems have established patterns that do not change with new data, while behavioral changes.
  • D. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.

正解:D


質問 # 129
Which type of evidence supports a theory or an assumption that results from initial evidence?

  • A. best
  • B. indirect
  • C. corroborative
  • D. probabilistic

正解:C

解説:
Explanation
Corroborating evidence (or corroboration) is evidence that tends to support a theory or an assumption deduced by some initial evidence. This corroborating evidence confirms the proposition. Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide


質問 # 130
A user received a malicious attachment but did not run it.
Which category classifies the intrusion?

  • A. delivery
  • B. reconnaissance
  • C. installation
  • D. weaponization

正解:A


質問 # 131
One of the objectives of information security is to protect the CIA of information and systems.
What does CIA mean in this context?

  • A. confidentiality, identity, and authorization
  • B. confidentiality, integrity, and authorization
  • C. confidentiality, integrity, and availability
  • D. confidentiality, identity, and availability

正解:C


質問 # 132
Refer to the exhibit.

What is occurring in this network traffic?

  • A. high rate of SYN packets being sent from a multiple source towards a single destination IP
  • B. high rate of SYN packets being sent from a single source IP towards multiple destination IPs
  • C. flood of SYN packets coming from a single source IP to a single destination IP
  • D. flood of ACK packets coming from a single source IP to multiple destination IPs

正解:C


質問 # 133
Which attack method intercepts traffic on a switched network?

  • A. command and control
  • B. denial of service
  • C. ARP cache poisoning
  • D. DHCP snooping

正解:D


質問 # 134
Refer to the exhibit.

Which event is occurring?

  • A. A binary named "submit" is running on VM cuckoo1.
  • B. A URL is being evaluated to see if it has a malicious binary
  • C. A binary is being submitted to run on VM cuckoo1
  • D. A binary on VM cuckoo1 is being submitted for evaluation

正解:D


質問 # 135
Refer to the exhibit.

An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server Which display filters should the analyst use to filter the FTP traffic?

  • A. tcp.port==21
  • B. dstport = 21
  • C. tcpport = FTP
  • D. dstport == FTP

正解:C


質問 # 136
Refer to the exhibit.

Which kind of attack method is depicted in this string?

  • A. denial of service
  • B. SQL injection
  • C. man-in-the-middle
  • D. cross-site scripting

正解:D


質問 # 137
......


Cisco 200-201 の認定試験は、サイバーセキュリティのオペレーションに関する専門知識を証明する絶好の機会です。サイバーセキュリティにおけるキャリアを始めたばかりであれば、またはスキルや知識を高めたい場合には、この試験に合格することは競争力のある求人市場において差別化を図るのに役立ちます。適切な準備と献身によって、認定サイバーセキュリティプロフェッショナルとなる目標を達成できます。

 

試験解答200-201最新版とテストエンジン:https://www.jpntest.com/shiken/200-201-mondaishu

関するブログ

もっと
200-201無料問題集

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡 

関連リンク

トップ試験