100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader

https://www.certleader.com/200-201-dumps.html (98 Q&As)

200-201 Dumps

Understanding Cisco Cybersecurity Operations Fundamentals

https://www.certleader.com/200-201-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

NEW QUESTION 1
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

A. syslog messages
B. full packet capture
C. NetFlow
D. firewall event logs

Answer: C

NEW QUESTION 2
Refer to the exhibit.

What is occurring in this network?

A. ARP cache poisoning

B. DNS cache poisoning
C. MAC address table overflow
D. MAC flooding attack

Answer: A

NEW QUESTION 3
What is a benefit of agent-based protection when compared to agentless protection?

A. It lowers maintenance costs

B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously

Answer: B

NEW QUESTION 4
Which piece of information is needed for attribution in an investigation?

A. proxy logs showing the source RFC 1918 IP addresses

B. RDP allowed from the Internet
C. known threat actor behavior
D. 802.1x RADIUS authentication pass arid fail logs

Answer: C

NEW QUESTION 5
Refer to the exhibit.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

What should be interpreted from this packet capture?

A. IP address 179.179.69/50272/192.168.122.100/80/6 is sending a packet from port 80 of IP address 192.168.122.100 that is going to port 50272 of IP address
81.179.179.69 using IP protocol 6.
B. IP address 192.168.122.100/50272/81.179.179.69/80/6 is sending a packet from port 50272 of IP address 192.168.122.100 that is going to port 80 of IP
address 81.179.179.69 using IP protocol 6.
C. IP address 192.168.122.100/50272/81.179.179.69/80/6 is sending a packet from port 80 of IP address 192.168.122.100 that is going to port 50272 of IP
address 81.179.179.69 using IP protocol 6.7E503B693763E0113BE0CD2E4A16C9C4
D. IP address 179.179.69/50272/192.168.122.100/80/6 is sending a packet from port 50272 of IP address 192.168.122.100 that is going to port 80 of IP address
81.179.179.69 using IP protocol 6.

Answer: B

NEW QUESTION 6
Which type of data collection requires the largest amount of storage space?

A. alert data
B. transaction data
C. session data
D. full packet capture

Answer: D

NEW QUESTION 7
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet
capture the analyst cannot determine the technique and payload used for the communication.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

Which obfuscation technique is the attacker using?

A. Base64 encoding
B. transport layer security encryption
C. SHA-256 hashing
D. ROT13 encryption

Answer: B

NEW QUESTION 8
What specific type of analysis is assigning values to the scenario to see expected outcomes?

A. deterministic
B. exploratory
C. probabilistic
D. descriptive

Answer: A

NEW QUESTION 9
Refer to the exhibit.

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

Which application protocol is in this PCAP file?

A. SSH
B. TCP
C. TLS
D. HTTP

Answer: B

NEW QUESTION 10
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

A. decision making
B. rapid response
C. data mining
D. due diligence

Answer: A

NEW QUESTION 10
Which evasion technique is a function of ransomware?

A. extended sleep calls

B. encryption
C. resource exhaustion
D. encoding

Answer: B

NEW QUESTION 13
Which step in the incident response process researches an attacking host through logs in a SIEM?

A. detection and analysis

B. preparation
C. eradication
D. containment

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

Answer: A

NEW QUESTION 14
Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
B. The file has an embedded non-Windows executable but no suspicious features are identified.
C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

Answer: C

NEW QUESTION 17
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked
the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?

A. social engineering
B. eavesdropping
C. piggybacking
D. tailgating

Answer: A

NEW QUESTION 21
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

A. encapsulation
B. TOR
C. tunneling
D. NAT

Answer: D

NEW QUESTION 24
Which artifact is used to uniquely identify a detected file?

A. file timestamp
B. file extension
C. file size
D. file hash

Answer: D

NEW QUESTION 27
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

executed, creates and writes to a new PHP file on the webserver. Which event category is described?

A. reconnaissance
B. action on objectives
C. installation
D. exploitation

Answer: C

NEW QUESTION 31
Refer to the exhibit.

What does the message indicate?

A. an access attempt was made from the Mosaic web browser

B. a successful access attempt was made to retrieve the password file
C. a successful access attempt was made to retrieve the root of the website
D. a denied access attempt was made to retrieve the password file

Answer: C

NEW QUESTION 35
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to
regulatory agencies?

A. CSIRT
B. PSIRT
C. public affairs
D. management

Answer: D

NEW QUESTION 39
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?

A. best evidence
B. corroborative evidence
C. indirect evidence
D. forensic evidence

Answer: B

NEW QUESTION 44
Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)

A. UDP port to which the traffic is destined

B. TCP port from which the traffic was sourced
C. source IP address of the packet
D. destination IP address of the packet
E. UDP port from which the traffic is sourced

Answer: CD

NEW QUESTION 47
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

A. fragmentation
B. pivoting
C. encryption
D. stenography

Answer: D

NEW QUESTION 51
Which event artifact is used to identify HTTP GET requests for a specific file?

A. destination IP address
B. URI
C. HTTP status code
D. TCP ACK

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

Answer: B

NEW QUESTION 55
Which event is user interaction?

A. gaining root access

B. executing remote code
C. reading and writing file permission
D. opening a malicious file

Answer: D

NEW QUESTION 57
What does cyber attribution identity in an investigation?

A. cause of an attack
B. exploit of an attack
C. vulnerabilities exploited
D. threat actors of an attack

Answer: D

NEW QUESTION 60
Refer to the exhibit.

What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

A. insert TCP subdissectors

B. extract a file from a packet capture
C. disable TCP streams
D. unfragment TCP

Answer: D

NEW QUESTION 62
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

A. queries Linux devices that have Microsoft Services for Linux installed
B. deploys Windows Operating Systems in an automated fashion
C. is an efficient tool for working with Active Directory
D. has a Common Information Model, which describes installed hardware and software

Answer: D

NEW QUESTION 66
At which layer is deep packet inspection investigated on a firewall?

A. internet
B. transport
C. application
D. data link

Answer: C

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

NEW QUESTION 69
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network?
(Choose two.)

A. PCI
B. GLBA
C. HIPAA
D. SOX
E. COBIT

Answer: AC

NEW QUESTION 73
Which action prevents buffer overflow attacks?

A. variable randomization
B. using web based applications
C. input sanitization
D. using a Linux operating system

Answer: C

NEW QUESTION 77
Why is encryption challenging to security monitoring?

A. Encryption analysis is used by attackers to monitor VPN tunnels.

B. Encryption is used by threat actors as a method of evasion and obfuscation.
C. Encryption introduces additional processing requirements by the CPU.
D. Encryption introduces larger packet sizes to analyze and store.

Answer: B

NEW QUESTION 79
......

The Leader of IT Certification visit - https://www.certleader.com

 100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader
https://www.certleader.com/200-201-dumps.html (98 Q&As)

Thank You for Trying Our Product

* 100% Pass or Money Back

All our products come with a 90-day Money Back Guarantee.
* One year free update
You can enjoy free update one year. 24x7 online support.
* Trusted by Millions
We currently serve more than 30,000,000 customers.
* Shop Securely
All transactions are protected by VeriSign!

100% Pass Your 200-201 Exam with Our Prep Materials Via below:

https://www.certleader.com/200-201-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

Powered by TCPDF (www.tcpdf.org)