200-201無料問題集「Cisco Understanding Cisco Cybersecurity Operations Fundamentals」

質問 1

An analyst see that this security alert "Default-Botnet-Communication-Detection-By-Endpoint" has been raised from the IPS. The analyst checks and finds that an endpoint communicates to the C&C. How must an impact from this event be categorized?

（A）false positive

（B）false negative

（C）true positive

（D）true negative

正解：C 解答を投票する

質問 2

Refer to the exhibit.

Which stakeholders must be involved when a company workstation is compromised?

（A）Employee 4, Employee 6, Employee 7

（B）Employee 1, Employee 2, Employee 4, Employee 5

（C）Employee 2, Employee 3, Employee 4, Employee 5

（D）Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?

（A）IIS

（B）Proxy server

（C）Load balancer

（D）AWS

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Refer to exhibit.

An engineer is Investigating an Intrusion and Is analyzing the pcap file. Which two key elements must an engineer consider? (Choose two.)

（A）identical length of 120 and window size (64)

（B）High volume oi SYN packets with very little variance in lime

（C）same source IP address with a destination port 80

（D）Variable "info" field and unchanging sequence number

（E）SYN packets acknowledged from several source IP addresses

正解：B、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A company encountered a breach on its web servers using IIS 7 5 Dunng the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1 2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters. Which action does the engineer recommend?

（A）Install the latest IIS version.

（B）Downgrade to TLS 1.1.

（C）Deploy an intrusion detection system

（D）Upgrade to TLS v1 3.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

What specific type of analysis is assigning values to the scenario to see expected outcomes?

（A）deterministic

（B）exploratory

（C）probabilistic

（D）descriptive

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

What is the communication channel established from a compromised machine back to the attacker?

（A）man-in-the-middle

（B）port scanning

（C）command and control

（D）IDS evasion

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which type of data collection requires the largest amount of storage space?

（A）full packet capture

（B）session data

（C）alert data

（D）transaction data

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which evasion technique is a function of ransomware?

（A）encryption

（B）resource exhaustion

（C）extended sleep calls

（D）encoding

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

（A）The image is tampered if the stored hash and the computed hash match

（B）The image is untampered if the stored hash and the computed hash match

（C）Tampered images are used in the security investigation process

（D）Tampered images are used in the incident recovery process

（E）Untampered images are used in the security investigation process

正解：B、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

（A）laptop

（B）threat actor

（C）firewall logs

（D）context

（E）session

正解：A、B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?

（A）insufficient network resources

（B）TCP injection

（C）misconfiguration of a web filter

（D）Failure of the full packet capture solution

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

What is the difference between vulnerability and risk?

（A）A vulnerability is a weakness that can be exploited and the risk is the potential for loss or damage

（B）Risk is the assessment of possible weaknesses and vulnerability is a reconfiguration of an asset

（C）A vulnerability is an attack surface, and the risk is the vector of the attack

（D）A risk is a possible danger that an exploit applies to and a vulnerability represents the threat actor

正解：B 解答を投票する

質問 14

Which type of access control depends on the job function of the user?

（A）role-based access control

（B）discretionary access control

（C）nondiscretionary access control

（D）rule-based access control

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

What is the difference between the ACK flag and the RST flag?

（A）The ACK flag confirms the received segment, and the RST flag terminates the connection.

（B）The RST flag approves the connection, and the ACK flag terminates spontaneous connections.

（C）The ACK flag marks the connection as reliable, and the RST flag indicates the failure within TCP Handshake

（D）The RST flag approves the connection, and the ACK flag indicates that a packet needs to be resent

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

正解：

Explanation:
In a PCAP file, which is used to capture network packets, each packet contains various pieces of information that can be analyzed. The source and destination addresses refer to the IP addresses of the sender and receiver of the packets. The source and destination ports refer to the port numbers used for the communication, with common ports like 443 indicating HTTPS traffic. The network protocol here is TCP, which is responsible for establishing a connection and ensuring the delivery of packets. The transport protocol is IPv4, which is the underlying protocol for routing packets across the network. Lastly, the application protocol is TLS v1.2, which is used for secure communication over the internet.
References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the analysis of network traffic and the interpretation of PCAP files, which includes identifying the different elements within a packet capture1.

質問 17

Which classification of cross-site scripting attack executes the payload without storing it for repeated use?

（A）reflective

（B）CSRF

（C）stored

（D）DOM

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

200-201 無料問題集「Cisco Understanding Cisco Cybersecurity Operations Fundamentals」

弊社を連絡する

関連リンク

トップ試験