[2024年01月06日]200-201認定ガイド問題と解答トレーニング [Q79-Q94]

[2024年01月06日]200-201認定ガイド問題と解答トレーニング

200-201認定お試しセット最新200-201のPDF問題集

200-201試験は120問から成り、2時間かかります。試験問題は、複数選択肢、ドラッグアンドドロップ、ブランクの埋め込みなど、さまざまな形式で提示されます。合格点を取得することが認定の授与に必要であり、この認定は3年間有効です。SCCOR（Cisco Cybersecurity Operations Fundamentalsの理解）認定は、業界で認められたサイバーセキュリティ認定であり、求人市場では高く要求されるため、候補者のキャリアアップに役立ちます。

Cisco 200-201（Understanding Cisco Cybersecurity Operations Fundamentals）認定試験は、サイバーセキュリティインシデントを識別、検出、対応する責任を持つプロフェッショナルの知識とスキルを検証するために設計されています。この試験は、サイバーセキュリティ業界でキャリアを追求したい個人や、この分野で既存のスキルを向上させたい人に最適です。

認定試験は100の質問で構成され、120分間続きます。この試験では、セキュリティの概念、セキュリティ監視、ホストベースの分析、ネットワーク侵入分析、セキュリティポリシーと手順など、さまざまなトピックについて説明します。この試験は、一般的なサイバーセキュリティの脅威を理解して特定する候補者の能力と、これらの脅威を軽減するために必要なスキルをテストするように設計されています。

 

質問 # 79

Refer to the exhibit. What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

• A. insert TCP subdissectors
• B. unfragment TCP
• C. extract a file from a packet capture
• D. disable TCP streams

正解：B

解説：
Section: Network Intrusion Analysis

質問 # 80
Which regular expression is needed to capture the IP address 192.168.20.232?

• A. ^ (?:[0-9]f1,3}\.){1,4}
• B. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}
• C. ^ (?:[0-9]{1,3}\.)'
• D. ^ ([0-9]-{3})

正解：B

質問 # 81
What is a benefit of agent-based protection when compared to agentless protection?

• A. It provides a centralized platform
• B. It lowers maintenance costs
• C. It manages numerous devices simultaneously
• D. It collects and detects all traffic locally

正解：A

質問 # 82
Refer to the exhibit.

A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded What would have occurred with stronger data visibility?

• A. Detailed information about the data in real time would have been provided
• B. Malicious traffic would have been blocked on multiple devices
• C. The traffic would have been monitored at any segment in the network.
• D. An extra level of security would have been in place

正解：B

質問 # 83
What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?

• A. SPAN results in more efficient traffic analysis, and TAPS is considerably slower due to latency caused by mirroring.
• B. APS interrogation is more complex because traffic mirroring applies additional tags to data and SPAN does not alter integrity and provides full duplex network.
• C. TAPS replicates the traffic to preserve integrity, and SPAN modifies packets before sending them to other analysis tools
• D. SPAN ports filter out physical layer errors, making some types of analyses more difficult, and TAPS receives all packets, including physical errors.

正解：B

質問 # 84
Which attack method intercepts traffic on a switched network?

• A. command and control
• B. ARP cache poisoning
• C. DHCP snooping
• D. denial of service

正解：B

解説：
An ARP-based MITM attack is achieved when an attacker poisons the ARP cache of two devices with the MAC address of the attacker's network interface card (NIC). Once the ARP caches have been successfully poisoned, each victim device sends all its packets to the attacker when communicating to the other device and puts the attacker in the middle of the communications path between the two victim devices. It allows an attacker to easily monitor all communication between victim devices. The intent is to intercept and view the information being passed between the two victim devices and potentially introduce sessions and traffic between the two victim devices

質問 # 85
Refer to the exhibit.

What is occurring in this network?

• A. ARP cache poisoning
• B. MAC flooding attack
• C. MAC address table overflow
• D. DNS cache poisoning

正解：A

質問 # 86
How does an attack surface differ from an attack vector?

• A. An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.
• B. An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.
• C. An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation
• D. An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.

正解：B

質問 # 87
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.
Which information is available on the server certificate?

• A. server name, trusted subordinate CA, and private key
• B. server name, trusted CA, and public key
• C. trusted subordinate CA, public key, and cipher suites
• D. trusted CA name, cipher suites, and private key

正解：B

解説：
Section: Security Monitoring

質問 # 88
Refer to the exhibit.

Which application protocol is in this PCAP file?

• A. HTTP
• B. SSH
• C. TCP
• D. TLS

正解：A

質問 # 89
Which two components reduce the attack surface on an endpoint? (Choose two.)

• A. restricting USB ports
• B. load balancing
• C. increased audit log levels
• D. full packet captures at the endpoint
• E. secure boot

正解：A、E

質問 # 90
How is NetFlow different from traffic mirroring?

• A. NetFlow collects metadata and traffic mirroring clones data.
• B. NetFlow generates more data than traffic mirroring.
• C. Traffic mirroring costs less to operate than NetFlow.
• D. Traffic mirroring impacts switch performance and NetFlow does not.

正解：A

質問 # 91
An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?

• A. File: Clean
• B. ^File: Clean$
• C. File: Clean (.*)
• D. ^Parent File Clean$

正解：A

質問 # 92
What does cyber attribution identify in an investigation?

• A. exploit of an attack
• B. threat actors of an attack
• C. cause of an attack
• D. vulnerabilities exploited

正解：B

解説：
Explanation
https://www.techtarget.com/searchsecurity/definition/cyber-attribution

質問 # 93
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

• A. ciphertext-only attack
• B. plaintext-only attack
• C. meet-in-the-middle attack
• D. forgery attack

正解：A

解説：
Explanation/Reference:

質問 # 94
......

ベストCisco 200-201学習ガイドと問題集は2024：https://www.jpntest.com/shiken/200-201-mondaishu