Free 200-201 Exam Braindumps (page: 33)

Page 32 of 66

Which regex matches only on all lowercase letters?

  1. [a-z]+
  2. [^a-z]+
  3. a-z+
  4. a*z+

Answer(s): A



While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

  1. encapsulation
  2. TOR
  3. tunneling
  4. NAT

Answer(s): D

Explanation:

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.



Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

  1. Modify the settings of the intrusion detection system.
  2. Design criteria for reviewing alerts.
  3. Redefine signature rules.
  4. Adjust the alerts schedule.

Answer(s): A

Explanation:

Traditional intrusion detection system (IDS) and intrusion prevention system (IPS) devices need to be tuned to avoid false positives and false negatives. Next-generation IPSs do not need the same level of tuning compared to traditional IPSs. Also, you can obtain much deeper reports and functionality, including advanced malware protection and retrospective analysis to see what happened after an

attack took place. Ref: Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide



What is the impact of false positive alerts on business compared to true positive?

  1. True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.
  2. True positive alerts are blocked by mistake as potential attacks affecting application availability.
  3. False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.
  4. False positive alerts are blocked by mistake as potential attacks affecting application availability.

Answer(s): C






Post your Comments and Discuss Cisco® 200-201 exam with other Community members:

200-201 Discussions & Posts