Cisco CyberOps Associate 200-201 Questions & Answers

• Question 261:

  DRAG DROP

  Drag and drop the access control models from the left onto the correct descriptions on the right.

  Select and Place:

  

  Correct Answer:

  

• Question 262:

  Which technique describes altering the data content and avoiding identification?

  A. data modification, such as hashing

  B. catching clear text data transfer

  C. data in transit hijacking

  D. obfuscation, such as tunneling

  Correct Answer: D

• Question 263:

  What is the difference between deep packet inspection and stateful inspection?

  A. Deep packet inspection is more secure than stateful inspection on Layer 4

  B. Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7

  C. Stateful inspection is more secure than deep packet inspection on Layer 7

  D. Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

  Correct Answer: D

• Question 264:

  A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

  A. installation

  B. reconnaissance

  C. weaponization

  D. delivery

  Correct Answer: A

• Question 265:

  What is a difference between signature-based and behavior-based detection?

  A. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.

  B. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.

  C. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.

  D. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

  Correct Answer: B

  Instead of searching for patterns linked to specific types of attacks, behavior- based IDS solutions monitor behaviors that may be linked to attacks, increasing the likelihood of identifying and mitigating a malicious action before the network is compromised. https://accedian.com/blog/what-is-the-difference-between-signature-based- and-behavior-based-ids/

• Question 266:

  The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?

  A. actions

  B. delivery

  C. reconnaissance

  D. installation

  Correct Answer: B

  The cyber kill chain is a framework that describes the stages of a typical cyber attack. These stages include reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions/objectives.

  In the context of a spam campaign, the delivery phase is where the malicious emails are sent to the target recipients. This phase involves the actual transmission or delivery of the spam emails to the victims' email accounts. It is during this phase that the security team should focus on mitigating the attack by implementing measures to detect and block the malicious emails, such as filtering or blocking techniques, spam detection mechanisms, and email security controls.

  By addressing the attack at the delivery phase, the security team aims to prevent the spam emails from reaching the intended recipients, thereby reducing the potential impact and mitigating the ongoing incidents related to the spam campaign.

• Question 267:

  An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?

  A. IP data

  B. PII data

  C. PSI data

  D. PHI data

  Correct Answer: A

• Question 268:

  A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

  A. post-incident activity

  B. detection and analysis

  C. preparation

  D. containment, eradication, and recovery

  Correct Answer: B

• Question 269:

  Which technology prevents end-device to end-device IP traceability?

  A. encryption

  B. load balancing

  C. NAT/PAT

  D. tunneling

  Correct Answer: C

• Question 270:

  Refer to the exhibit.

  

  Which frame numbers contain a file that is extractable via TCP stream within Wireshark?

  A. 7,14, and 21

  B. 7 and 21

  C. 14,16,18, and 19

  D. 7 to 21

  Correct Answer: C