Get ready to pass the 200-201 Exam right now using our CyberOps Associate Exam Package [Q87-Q112]

Share

 Get ready to pass the 200-201 Exam right now using our CyberOps Associate  Exam Package

A fully updated 2021 200-201 Exam Dumps exam guide from training expert PrepAwayExam

NEW QUESTION 87
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?

  • A. host-based IDS
  • B. application whitelisting/blacklisting
  • C. antivirus/antispyware software
  • D. network NGFW

Answer: B

Explanation:
Section: Network Intrusion Analysis

 

NEW QUESTION 88
Which system monitors local system operation and local network access for violations of a security policy?

  • A. host-based firewall
  • B. antivirus
  • C. systems-based sandboxing
  • D. host-based intrusion detection

Answer: A

Explanation:
Section: Host-Based Analysis

 

NEW QUESTION 89
What makes HTTPS traffic difficult to monitor?

  • A. packet header size
  • B. encryption
  • C. SSL interception
  • D. signature detection time

Answer: B

 

NEW QUESTION 90
Which regular expression is needed to capture the IP address 192.168.20.232?

  • A. ^ ([0-9]-{3})
  • B. ^ (?:[0-9]{1,3}\.)'
  • C. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}
  • D. ^ (?:[0-9]f1,3}\.){1,4}

Answer: C

 

NEW QUESTION 91
Which type of data collection requires the largest amount of storage space?

  • A. alert data
  • B. transaction data
  • C. session data
  • D. full packet capture

Answer: D

Explanation:
Section: Network Intrusion Analysis

 

NEW QUESTION 92
What specific type of analysis is assigning values to the scenario to see expected outcomes?

  • A. deterministic
  • B. exploratory
  • C. probabilistic
  • D. descriptive

Answer: A

 

NEW QUESTION 93
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.
Which information is available on the server certificate?

  • A. server name, trusted CA, and public key
  • B. server name, trusted subordinate CA, and private key
  • C. trusted CA name, cipher suites, and private key
  • D. trusted subordinate CA, public key, and cipher suites

Answer: A

 

NEW QUESTION 94
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is the impact of this traffic?

  • A. user circumvention of the firewall
  • B. data exfiltration
  • C. users downloading copyrighted content
  • D. ransomware communicating after infection

Answer: A

Explanation:
Section: Security Monitoring

 

NEW QUESTION 95
Which type of data consists of connection level, application-specific records generated from network traffic?

  • A. location data
  • B. statistical data
  • C. alert data
  • D. transaction data

Answer: D

 

NEW QUESTION 96
Drag and drop the access control models from the left onto the correct descriptions on the right.

Answer:

Explanation:

 

NEW QUESTION 97
Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?

  • A. Proxy server
  • B. Load balancer
  • C. IIS
  • D. AWS

Answer: C

 

NEW QUESTION 98
Drag and drop the access control models from the left onto the correct descriptions on the right.

Answer:

Explanation:

 

NEW QUESTION 99
At which layer is deep packet inspection investigated on a firewall?

  • A. data link
  • B. transport
  • C. internet
  • D. application

Answer: D

 

NEW QUESTION 100
Drag and drop the uses on the left onto the type of security system on the right.

Answer:

Explanation:

 

NEW QUESTION 101
Which attack method intercepts traffic on a switched network?

  • A. DHCP snooping
  • B. command and control
  • C. denial of service
  • D. ARP cache poisoning

Answer: A

 

NEW QUESTION 102
Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)

  • A. First Packet
  • B. Ingress Security Zone
  • C. Initiator User
  • D. Initiator IP
  • E. Source Port

Answer: D,E

 

NEW QUESTION 103
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?

  • A. SFlow
  • B. NetFlow
  • C. IPFIX
  • D. NFlow

Answer: C

 

NEW QUESTION 104

Refer to the exhibit. Which application protocol is in this PCAP file?

  • A. TCP
  • B. SSH
  • C. TLS
  • D. HTTP

Answer: A

 

NEW QUESTION 105
Refer to the exhibit.

Which application protocol is in this PCAP file?

  • A. SSH
  • B. TLS
  • C. HTTP
  • D. TCP

Answer: C

 

NEW QUESTION 106
Which system monitors local system operation and local network access for violations of a security policy?

  • A. host-based firewall
  • B. antivirus
  • C. systems-based sandboxing
  • D. host-based intrusion detection

Answer: A

 

NEW QUESTION 107
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

  • A. reconnaissance
  • B. exploitation
  • C. action on objectives
  • D. installation

Answer: D

Explanation:
Section: Security Concepts

 

NEW QUESTION 108
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2?
(Choose two.)

  • A. vulnerability management
  • B. detection and analysis
  • C. vulnerability scoring
  • D. risk assessment
  • E. post-incident activity

Answer: B,E

 

NEW QUESTION 109
How does an SSL certificate impact security between the client and the server?

  • A. by enabling an authenticated channel between the client and the server
  • B. by creating an encrypted channel between the client and the server
  • C. by creating an integrated channel between the client and the server
  • D. by enabling an authorized channel between the client and the server

Answer: B

 

NEW QUESTION 110
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

  • A. Tapping interrogations detect and block malicious traffic
  • B. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
  • C. Tapping interrogation replicates signals to a separate port for analyzing traffic
  • D. Inline interrogation detects malicious traffic but does not block the traffic

Answer: C

 

NEW QUESTION 111
Which security technology allows only a set of pre-approved applications to run on a system?

  • A. application-level whitelisting
  • B. antivirus
  • C. application-level blacklisting
  • D. host-based IPS

Answer: A

Explanation:
Section: Host-Based Analysis

 

NEW QUESTION 112
......

Master 2021 Latest The Questions CyberOps Associate and Pass 200-201  Real Exam!: https://www.prepawayexam.com/Cisco/braindumps.200-201.ete.file.html

Practice To 200-201 - PrepAwayExam Remarkable Practice On your Understanding Cisco Cybersecurity Operations Fundamentals Exam: https://drive.google.com/open?id=1ah69tLX0o3TnHBp5J7a63aDU6FxSTfEU