Cisco CyberOps Associate 200-201 Questions & Answers

• Question 1:

  How does certificate authority impact a security system?

  A. It authenticates client identity when requesting SSL certificate

  B. It validates domain identity of a SSL certificate

  C. It authenticates domain identity when requesting SSL certificate

  D. It validates client identity when communicating with the server

  Correct Answer: B

• Question 2:

  Which two elements are assets in the role of attribution in an investigation? (Choose two.)

  A. context

  B. session

  C. laptop

  D. firewall logs

  E. threat actor

  Correct Answer: CD

  The following are some factors that are used during attribution in an investigation: Assets, Threat actor, Indicators of Compromise (IoCs), Indicators of Attack (IoAs), Chain of custody Asset: This factor identifies which assets were compromised by a threat actor or hacker. An example of an asset can be an organization's domain controller (DC) that runs Active Directory Domain Services (AD DS). AD is a service that allows an administrator to manage user accounts, user groups, and policies across a Microsoft Windows environment. Keep in mind that an asset is anything that has value to an organization; it can be something physical, digital, or even people. Cisco Certified CyberOps Associate 200-201 Certification Guide

• Question 3:

  What is the difference between inline traffic interrogation and traffic mirroring?

  A. Inline interrogation is less complex as traffic mirroring applies additional tags to data.

  B. Traffic mirroring copies the traffic rather than forwarding it directly to the analysis tools

  C. Inline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.

  D. Traffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.

  Correct Answer: B

  Inline inspection - Inline traffic interrogation is a technique in which traffic flows through a device that inspects the traffic and makes decisions about how to handle it. The inspection takes place in real-time and in-line with the traffic flow.

  Traffic mirroring - Traffic mirroring, also known as port mirroring or SPAN (Switched Port Analyzer), is a technique for forwarding a copy of network traffic to a monitoring device. The copy of the traffic is sent to a separate tool for analysis, security or other purposes.

• Question 4:

  Which evasion technique is a function of ransomware?

  A. extended sleep calls

  B. encryption

  C. resource exhaustion

  D. encoding

  Correct Answer: B

• Question 5:

  An employee received an email from a colleague's address asking for the password for the domain controller. The employee noticed a missing letter within the sender's address. What does this incident describe?

  A. brute-force attack

  B. insider attack

  C. shoulder surfing

  D. social engineering

  Correct Answer: B

• Question 6:

  Which system monitors local system operation and local network access for violations of a security policy?

  A. host-based intrusion detection

  B. systems-based sandboxing

  C. host-based firewall

  D. antivirus

  Correct Answer: A

  HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

• Question 7:

  Which utility blocks a host portscan?

  A. HIDS

  B. sandboxing

  C. host-based firewall

  D. antimalware

  Correct Answer: C

• Question 8:

  What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

  A. Tapping interrogation replicates signals to a separate port for analyzing traffic

  B. Tapping interrogations detect and block malicious traffic

  C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

  D. Inline interrogation detects malicious traffic but does not block the traffic

  Correct Answer: A

  A network TAP is a simple device that connects directly to the cabling infrastructure to split or copy packets for use in analysis, security, or general network management

• Question 9:

  Refer to the exhibit.

  

  What information is depicted?

  A. IIS data

  B. NetFlow data

  C. network discovery event

  D. IPS event data

  Correct Answer: B

• Question 10:

  What is a difference between inline traffic interrogation and traffic mirroring?

  A. Inline inspection acts on the original traffic data flow

  B. Traffic mirroring passes live traffic to a tool for blocking

  C. Traffic mirroring inspects live traffic for analysis and mitigation

  D. Inline traffic copies packets for analysis and security

  Correct Answer: A

  Inline traffic interrogation analyzes traffic in real time and has the ability to prevent certain traffic from being forwarded Traffic mirroring doesn't pass the live traffic instead it copies traffic from one or more source ports and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device