Cisco CyberOps Associate 200-201 Questions & Answers

• Question 281:

  What is a collection of compromised machines that attackers use to carry out a DDoS attack?

  A. subnet

  B. botnet

  C. VLAN

  D. command and control

  Correct Answer: B

• Question 282:

  Refer to the exhibit.

  

  Which type of log is displayed?

  A. IDS

  B. proxy

  C. NetFlow

  D. sys

  Correct Answer: A

  You also see the 5-tuple in IPS events, NetFlow records, and other event data. In fact, on the exam you may need to differentiate between a firewall log versus a traditional IPS or IDS event. One of the things to remember is that traditional

  IDS and IPS use signatures, so an easy way to differentiate is by looking for a signature ID (SigID). If you see a signature ID, then most definitely the event is a traditional IPS or IDS event.

• Question 283:

  How does agentless monitoring differ from agent-based monitoring?

  A. Agentless can access the data via API. while agent-base uses a less efficient method and accesses log data through WMI.

  B. Agent-based monitoring is less intrusive in gathering log data, while agentless requires open ports to fetch the logs

  C. Agent-based monitoring has a lower initial cost for deployment, while agentless monitoring requires resource-intensive deployment.

  D. Agent-based has a possibility to locally filter and transmit only valuable data, while agentless has much higher network utilization

  Correct Answer: D

  Agent-based monitoring: With agent-based monitoring, software agents are installed on the monitored systems or devices. These agents collect data locally, perform filtering or preprocessing of the data, and then transmit the relevant or valuable information to the monitoring system. Agent-based monitoring allows for local processing and filtering, which can reduce network utilization by only transmitting essential data.

  Agentless monitoring: Agentless monitoring, on the other hand, does not require software agents to be installed on the monitored systems or devices. Instead, it relies on leveraging existing protocols and interfaces, such as APIs (Application Programming Interfaces) or SNMP (Simple Network Management Protocol), to remotely access and retrieve monitoring data from the target systems. Agentless monitoring generally involves higher network utilization as the monitoring system needs to gather data from remote systems over the network.

• Question 284:

  Which action prevents buffer overflow attacks?

  A. variable randomization

  B. using web based applications

  C. input sanitization

  D. using a Linux operating system

  Correct Answer: C

• Question 285:

  Which security principle is violated by running all processes as root or administrator?

  A. principle of least privilege

  B. role-based access control

  C. separation of duties

  D. trusted computing base

  Correct Answer: A

• Question 286:

  How does a certificate authority impact security?

  A. It validates client identity when communicating with the server.

  B. It authenticates client identity when requesting an SSL certificate.

  C. It authenticates domain identity when requesting an SSL certificate.

  D. It validates the domain identity of the SSL certificate.

  Correct Answer: D

  A certificate authority is a computer or entity that creates and issues digital certificates. CA do not "authenticate" it validates. "D" is wrong because The digital certificate validate a user. CA --> DC --> user, server or whatever. Reference: https://en.wikipedia.org/wiki/Certificate_authority

• Question 287:

  What is the impact of false positive alerts on business compared to true positive?

  A. True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

  B. True positive alerts are blocked by mistake as potential attacks affecting application availability.

  C. False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

  D. False positive alerts are blocked by mistake as potential attacks affecting application availability.

  Correct Answer: C

• Question 288:

  Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

  A. decision making

  B. rapid response

  C. data mining

  D. due diligence

  Correct Answer: B

• Question 289:

  What is vulnerability management?

  A. A security practice focused on clarifying and narrowing intrusion points.

  B. A security practice of performing actions rather than acknowledging the threats.

  C. A process to identify and remediate existing weaknesses.

  D. A process to recover from service interruptions and restore business-critical applications

  Correct Answer: C

  Reference: https://www.brinqa.com/vulnerability-management-primer-part-2-challenges/

  Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating" software vulnerabilities.[1] Vulnerability management is integral to computer security and network security, and must not be confused with Vulnerability assessment" source: https://en.wikipedia.org/wiki/Vulnerability_management

• Question 290:

  What is the difference between the ACK flag and the RST flag?

  A. The RST flag approves the connection, and the ACK flag terminates spontaneous connections.

  B. The ACK flag confirms the received segment, and the RST flag terminates the connection.

  C. The RST flag approves the connection, and the ACK flag indicates that a packet needs to be resent

  D. The ACK flag marks the connection as reliable, and the RST flag indicates the failure within TCP Handshake

  Correct Answer: B