CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 200-201

Free 200-201 Exam Braindumps (page: 26)

Page 26 of 66
PDF with 400 Questions

An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack.
What is the reason for this discrepancy?

  1. The computer has a HIPS installed on it.
  2. The computer has a NIPS installed on it.
  3. The computer has a HIDS installed on it.
  4. The computer has a NIDS installed on it.

Answer(s): C



Refer to the exhibit.



What is the potential threat identified in this Stealthwatch dashboard?

  1. A policy violation is active for host 10.10.101.24.
  2. A host on the network is sending a DDoS attack to another inside host.
  3. There are three active data exfiltration alerts.
  4. A policy violation is active for host 10.201.3.149.

Answer(s): C

Explanation:

"EX" = exfiltration
And there are three.
Also the "suspect long flow" and "suspect data heading" suggest, for example, DNS exfiltration https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/smc_us ers_guide/SW_6_9_0_SMC_Users_Guide_DV_1_2.pdf page 177.



What is a difference between tampered and untampered disk images?

  1. Tampered images have the same stored and computed hash.
  2. Untampered images are deliberately altered to preserve as evidence.
  3. Tampered images are used as evidence.
  4. Untampered images are used for forensic investigations.

Answer(s): D

Explanation:

The disk image must be intact for forensics analysis. As a cybersecurity professional, you may be given the task of capturing an image of a disk in a forensic manner. Imagine a security incident has occurred on a system and you are required to perform some forensic investigation to determine who and what caused the attack. Additionally, you want to ensure the data that was captured is not tampered with or modified during the creation of a disk image process.


Reference:

Cisco Certified CyberOps Associate 200-201 Certification Guide



What is a sandbox interprocess communication service?

  1. A collection of rules within the sandbox that prevent the communication between sandboxes.
  2. A collection of network services that are activated on an interface, allowing for inter-port communication.
  3. A collection of interfaces that allow for coordination of activities among processes.
  4. A collection of host services that allow for communication between sandboxes.

Answer(s): C

Explanation:

Inter-process communication (IPC) allows communication between different processes. A process is one or more threads running inside its own, isolated address space.
https://docs.legato.io/16_10/basicIPC.html



Page 26 of 66



Post your Comments and Discuss Cisco® 200-201 exam with other Community members:

AEB commented on December 11, 2024
The breadth of knowledge for this exam is large. It doesn't seem possible to learn everything on it for an associate level exam.
UNITED STATES
upvote

Bio commented on September 05, 2023
200-201 CBROPS 092023 - Exam still 75% to 80% valid. Suggest to those who wants to pass to study this, along with netacads, and review quizlets to ensure you pass.
GERMANY
upvote

AB commented on August 21, 2023
200-201 is still good. passed Aug 14
UNITED STATES
upvote