200-201 VOL1 Question

1

• 200-201 Understanding Cisco Cybersecurity
  Operations Fundamentals (CBROPS) VOL1
• QUESTION NO 1
• Which of the following is an administrative
  control principle that dictates that a single
  individual should not solely perform critical
  network related tasks?
• Principle of least privilege
• Separation of duty
• Chain of Custody
• Role based access control
• Answer B

• QUESTION NO 2
• Which of the following security principles states
  that all users should be granted only the level
  of privilege they need to perform their specific
  job functions.
• Principle of least privilege
• Separation of duty
• Chain of Custody
• Role based access control
• Answer A

• QUESTION NO 3
• Which of the following describe the two levels of
  access control? (Select two)
• Physical
• Rule-based
• Machine-based
• Logical
• Answer A, D

QUESTION NO 4 A hacker is using a server to send
instructions to hosts that have been compromised
after malware was installed on the machines.
What is the term given to this server? A. DoS
server
2

• Man-in-the-middle
• Command and Control
• Attack Vector
• Answer C

• QUESTION NO 5
• Which of the following statements are true
  regarding the relationship between risks and
  threats? (Select two)
• A threat exploits a vulnerability in a system
  that can be used to compromise it.
• A threat refers to the potential loss that can
  occur from a system being exploited.
• A risk exploits a vulnerability in a system that
  can be used to compromise it.
• A risk refers to the potential loss that can
  occur from a system being exploited.
• Answer A, D

• QUESTION NO 6
• Why would an attacker utilize a port scanner on a
  network?
• To obtain IP address information from the hosts
  on a network.
• To obtain MAC address information from the hosts
  on a network.
• To see which TCP and UDP applications that
  devices are listening for.
• To see the login credentials of users on a
  network.
• Answer C

• QUESTION NO 7
• What is the term given for a layered security
  approach where multiple devices offer a variety
  of overlapping and redundant systems for a
  comprehensive security solution?
• Defense in depth
• Principle of least privilege
• SIEM
• Root cause analysis
• Answer A

3

• QUESTION NO 8
• A threat actor calls an employee at their desk
  pretending to be with the help desk in an attempt
  to get the employees login credentials. What is
  this an example of? (Select two)
• Phishing
• Vishing
• Watering Hole
• Social Engineering
• Answer B, D

• QUESTION NO 9
• What does the acronym SOAR stand for in regards
  to cyber security?
• Systems Operations and Restoral
• Security Operations and Restoral
• Systems Operations and Response
• Security Operations and Response
• Systems Orchestration, Automation, and Response
• Security Orchestration, Automation, and Response
• Answer F

• QUESTION NO 10
• You want to view incoming packet data for your
  Linux based server in real time. What command
  should you use to do this?
• tcpdump
• netstat
• netsh
• netmon
• Answer A

• QUESTION NO 11
• Which of the following describe types of
  cross-site scripting (XSS) attacks? (Select two)
• Reflected
• Refracted
• Stored

4
D. Dynamic Answer A, C

• QUESTION NO 12
• Which of the following is the most effective way
  to prevent tailgating and piggybacking attempts
  to access a building?
• User awareness training
• Badge readers
• Multifactor authentication
• Mantraps
• Answer E

• QUESTION NO 13
• You want to utilize the third party provider to
  validate the identities of domains and bind them
  through the use of digital certificates. What
  term describes this third party?
• CASB
• DNS broker
• SDN controller
• Certificate authority
• Answer D

QUESTION NO 14 Refer to the following exhibit

• What is this an example of?
• IDS/IPS data
• Netflow conversations

5

• syslog messages
• Firewall rule matches
• Answer B

• QUESTION NO 15
• When comparing the monitoring of HTTP and HTTPS
  traffic on your network, which of the following
  is true?
• HTTP is easier to monitor compared to HTTPS since
  HTTP uses plain text and HTTPS is encrypted.
• HTTPS is easier to monitor compared to HTTP since
  HTTPS uses plain text and HTTP is encrypted.
• HTTP is easier to monitor compared to HTTPS since
  it uses smaller packet sizes.
• HTTPS is easier to monitor compared to HTTP since
  it uses TCP sequencing while HTTP uses UDP.
• Answer A

• QUESTION NO 16
• Which of the following are the two main types of
  Buffer Overflow Attacks? (Select two)
• Stack-based
• RAM-based
• ROM-based
• Heap-based
• Answer A, D

• QUESTION NO 17
• Which of the following could be categorized as
  Personally Identifiable Information (PII) in
  Privacy Regulations? (Select two)
• Social Security Number
• Home address
• Time zone
• Language spoken
• Browser cookies
• Answer A, B

6

• QUESTION NO 18
• A network baseline has been created and you want
  to use this information to detect anomalous
  behavior. In order to decrease the amount of
  analysis that must be done to detect abnormal
  behavior, you focus on a window of time. What is
  the term for this?
• Time based anomaly detection
• Sliding window anomaly detection
• Point in time detection
• Periodic time analysis detection
• Answer B

QUESTION NO 19
You have collected all the event data for a
specific event and had this data aggregated.
additional task should be done to prepare this
data for use by security analytics?
What

• Back up the data to another location
• Verify the validity of the data.
• Tune the event logs to eliminate false positives
  and false negatives.
• Use different sources to correlate the data,
  including time stamps of the data.
• Answer D

• QUESTION NO 20
• What do the letters CIA stand for in the CIA
  triad? (Select three)
• Confidentiality
• Cryptography
• Identity
• Integrity
• Availability
• Authentication
• Answer A, D, E