Free 200-201 Questions for Cisco Understanding Cisco Cybersecurity Operations Fundamentals 200-201 Exam as PDF & Practice Test Engine
What are the two differences between stateful and deep packet inspection? (Choose two )
Correct Answer: C,E
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.


Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

Correct Answer:

Explanation:
In a PCAP file, which is used to capture network packets, each packet contains various pieces of information that can be analyzed. The source and destination addresses refer to the IP addresses of the sender and receiver of the packets. The source and destination ports refer to the port numbers used for the communication, with common ports like 443 indicating HTTPS traffic. The network protocol here is TCP, which is responsible for establishing a connection and ensuring the delivery of packets. The transport protocol is IPv4, which is the underlying protocol for routing packets across the network. Lastly, the application protocol is TLS v1.2, which is used for secure communication over the internet.
References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the analysis of network traffic and the interpretation of PCAP files, which includes identifying the different elements within a packet capture1.

What is a difference between authorization and authentication from an access control perspective?
Correct Answer: A
Vote an answer
Which tool is used by threat actors on a webpage to take advantage of the software vulnerabilities of a system to spread malware?
Correct Answer: D
Vote an answer
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
Correct Answer: D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Drag and drop the event term from the left onto the description on the right.


Correct Answer:

Explanation:
A screenshot of a computer Description automatically generated

Drag and drop the data sources from the left onto the corresponding data types on the right.


Correct Answer:


An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmatware2022-12-22.pcaps file.The engineer is trying to open the tcpdump in the Wireshark tool. What is the expected result?
Correct Answer: A
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Correct Answer: C,D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
A security team receives a ticket to investigate suspicious emails sent to company employees from known malicious domains. Further analysis shows that a targeted phishing attempt was successfully blocked by the company's email antivirus. At which step of the Cyber Kill Chain did the security team mitigate this attack?
Correct Answer: B
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
What is used to maintain persistent control of an exploited device?
Correct Answer: C
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Refer to the exhibit.

Which type of attack is being executed?

Which type of attack is being executed?
Correct Answer: D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Which type of evasion technique is accomplished by separating the traffic into smaller segments before transmitting across the network?
Correct Answer: B
Vote an answer
Drag and drop the elements from the left into the correct order for incident handling on the right.


Correct Answer:

Explanation:
A close-up of several blue rectangular boxes Description automatically generated

0
0
0
10

