CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 200-201

Free 200-201 Exam Braindumps (page: 21)

Page 21 of 66
PDF with 400 Questions

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

  1. examination
  2. investigation
  3. collection
  4. reporting

Answer(s): C



Which step in the incident response process researches an attacking host through logs in a SIEM?

  1. detection and analysis
  2. preparation
  3. eradication
  4. containment

Answer(s): A

Explanation:

Preparation --> Detection and Analysis --> Containment, Erradicaion and Recovery --> Post-Incident Activity Detection and Analysis --> Profile networks and systems, Understand normal behaviors, Create a log retention policy, Perform event correlation. Maintain and use a knowledge base of information.Use Internet search engines for research. Run packet sniffers to collect additional data. Filter the data. Seek assistance from others. Keep all host clocks synchronized. Know the different types of attacks and attack vectors. Develop processes and procedures to recognize the signs of an incident. Understand the sources of precursors and indicators. Create appropriate incident documentation capabilities and processes. Create processes to effectively prioritize security incidents. Create processes to effectively communicate incident information (internal and external communications).

Ref: Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide



A malicious file has been identified in a sandbox analysis tool.



Which piece of information is needed to search for additional downloads of this file by other hosts?

  1. file header type
  2. file size
  3. file name
  4. file hash value

Answer(s): D



Refer to the exhibit.



What is the potential threat identified in this Stealthwatch dashboard?

  1. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
  2. Host 152.46.6.91 is being identified as a watchlist country for data transfer.
  3. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
  4. Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Answer(s): D



Page 21 of 66



Post your Comments and Discuss Cisco® 200-201 exam with other Community members:

AEB commented on December 11, 2024
The breadth of knowledge for this exam is large. It doesn't seem possible to learn everything on it for an associate level exam.
UNITED STATES
upvote

Bio commented on September 05, 2023
200-201 CBROPS 092023 - Exam still 75% to 80% valid. Suggest to those who wants to pass to study this, along with netacads, and review quizlets to ensure you pass.
GERMANY
upvote

AB commented on August 21, 2023
200-201 is still good. passed Aug 14
UNITED STATES
upvote