Cisco CyberOps Associate 200-201 Questions & Answers

• Question 51:

  During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

  A. examination

  B. investigation

  C. collection

  D. reporting

  Correct Answer: C

• Question 52:

  Refer to the exhibit.

  

  What must be interpreted from this packet capture?

  A. IP address 192.168.88 12 is communicating with 192 168 88 149 with a source port 74 to destination port 49098 using TCP protocol

  B. IP address 192.168.88.12 is communicating with 192 168 88 149 with a source port 49098 to destination port 80 using TCP protocol.

  C. IP address 192.168.88.149 is communicating with 192.168 88.12 with a source port 80 to destination port 49098 using TCP protocol.

  D. IP address 192.168.88.149 is communicating with 192.168.88.12 with a source port 49098 to destination port 80 using TCP protocol.

  Correct Answer: B

• Question 53:

  Refer to the exhibit.

  

  What is the potential threat identified in this Stealthwatch dashboard?

  A. A policy violation is active for host 10.10.101.24.

  B. A host on the network is sending a DDoS attack to another inside host.

  C. There are two active data exfiltration alerts.

  D. A policy violation is active for host 10.201.3.149.

  Correct Answer: C

• Question 54:

  Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

  A. forgery attack

  B. plaintext-only attack

  C. ciphertext-only attack

  D. meet-in-the-middle attack

  Correct Answer: C

• Question 55:

  A user received a malicious attachment but did not run it. Which category classifies the intrusion?

  A. weaponization

  B. reconnaissance

  C. installation

  D. delivery

  Correct Answer: D

• Question 56:

  One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

  A. confidentiality, identity, and authorization

  B. confidentiality, integrity, and authorization

  C. confidentiality, identity, and availability

  D. confidentiality, integrity, and availability

  Correct Answer: D

• Question 57:

  An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?

  A. digital certificates

  B. static IP addresses

  C. signatures

  D. cipher suite

  Correct Answer: A

• Question 58:

  What is a difference between an inline and a tap mode traffic monitoring?

  A. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.

  B. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

  C. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.

  D. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

  Correct Answer: D

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

• Question 59:

  Refer to the exhibit.

  

  An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

  A. Win32.polip.a.exe is an executable file and should be flagged as malicious.

  B. The file is clean and does not represent a risk.

  C. Cuckoo cleaned the malicious file and prepared it for usage.

  D. MD5 of the file was not identified as malicious.

  Correct Answer: A

  The Cuckoo report provides information on the behavior of the file submitted for analysis, and the fact that it was identified as Win32.polip.a.exe indicates that it is an executable file and may pose a risk. The description of the file as "malicious" suggests that it may contain malicious code or perform unwanted actions.

  It is important to note that just because a file has a specific name or label, it does not necessarily mean it is definitely malicious. Further analysis and investigation would be necessary to fully assess the risk posed by the file. However, based on the information provided in the report, it is reasonable to flag the file as malicious and take appropriate action to protect the system and data.

• Question 60:

  Which type of evidence supports a theory or an assumption that results from initial evidence?

  A. probabilistic

  B. indirect

  C. best

  D. corroborative

  Correct Answer: D

  Corroborating evidence (or corroboration) is evidence that tends to support a theory or an assumption deduced by some initial evidence. This corroborating evidence confirms the proposition. Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide