200-201無料問題集「Cisco Understanding Cisco Cybersecurity Operations Fundamentals」

質問 1

A security engineer must determine why a new core application does not work as desired The client can send requests toward the application server but receives no response One of the requirements is to gather all packets Data needs to be reliable without any delay or packet drops Which solution best meets this need?

（A）port mirroring

（B）tap device

（C）3 device logs

（D）span port

正解：D 解答を投票する

質問 2

Refer to the exhibit.

What information is depicted?

（A）network discovery event

（B）IPS event data

（C）IIS data

（D）NetFlow data

正解：D 解答を投票する

質問 3

What describes the defense-m-depth principle?

（A）implementing alerts for unexpected asset malfunctions

（B）categorizing critical assets within the organization

（C）isolating guest Wi-Fi from the focal network

（D）defining precise guidelines for new workstation installations

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which type of data must an engineer capture to analyze payload and header information?

（A）alert data

（B）full packet

（C）frame check sequence

（D）session logs

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which category relates to improper use or disclosure of PII data?

（A）legal

（B）contractual

（C）regulated

（D）compliance

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

An analyst see that this security alert "Default-Botnet-Communication-Detection-By-Endpoint" has been raised from the IPS. The analyst checks and finds that an endpoint communicates to the C&C. How must an impact from this event be categorized?

（A）false positive

（B）false negative

（C）true positive

（D）true negative

正解：C 解答を投票する

質問 7

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

（A）active process identification number

（B）process identification number

（C）application identification number

（D）runtime identification number

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A network engineer informed a security team of a large amount of traffic and suspicious activity from an unknown source to the company DMZ server The security team reviewed the data and identified a potential DDoS attempt According to NIST, at which phase of incident response is the security team?

（A）preparation

（B）recovery

（C）containment and eradication

（D）detection and analysis

正解：D 解答を投票する

質問 9

What is the difference between the ACK flag and the RST flag in the NetFlow log session?

（A）The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

（B）The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

（C）The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

（D）The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Drag and drop the uses on the left onto the type of security system on the right.

正解：

質問 11

Refer to the exhibit.

An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

（A）circumstantial

（B）indirect

（C）best

（D）corroborative

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Which statement describes indicators of attack?

（A）Critical patches are missing.

（B）internal hosts communicate with countries outside of the business range.

（C）Phishing attempts on an organization are blocked by mall AV.

（D）A malicious file is detected by the AV software.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

What is the impact of false negative alerts when compared to true negative alerts?

（A）A false negative is someone trying to hack into the system and no alert is raised, and a true negative is an event that never happened and an alert was not raised.

（B）A false negative is an event that alerts for injection attack when no attack is happening, and a true negative is an attack that happens and an alert that is appropriately raised.

（C）A true negative is an alert for an exploit attempt when no attack was detected, and a false negative is when no attack happens and an alert is still raised.

（D）A true negative is a legitimate attack that triggers a brute force alert, and a false negative is when no alert and no attack is occurring.

正解：A 解答を投票する

質問 14

Refer to the exhibit.

Which technology produced the log?

（A）firewall

（B）IPS/IDS

（C）proxy

（D）antivirus

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

A CMS plugin creates two files that are accessible from the Internet myplugin html and exploitable php A newly discovered exploit takes advantage of an injection vulnerability m exploitable php To exploit the vulnerability an HTTP POST must be sent with specific variables to exploitable php A security engineer notices traffic to the webserver that consists of only HTTP GET requests to myplugin html Which category does this activity fall under?

（A）installation

（B）exploitation

（C）reconnaissance

（D）weaponization

正解：C 解答を投票する

質問 16

Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

（A）NetScout

（B）netsh

（C）tcpdump

（D）SolarWinds

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

200-201 無料問題集「Cisco Understanding Cisco Cybersecurity Operations Fundamentals」

弊社を連絡する

関連リンク

トップ試験