Free 200-201 Dumps (Part 2, Q41-Q80) Online: Help You Check the 200-201 CBROPS Exam Questions (V16.02)

1. Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

2. Refer to the exhibit.

Which kind of attack method is depicted in this string?

3. Which two components reduce the attack surface on an endpoint? (Choose two.)

4. What is an attack surface as compared to a vulnerability?

5. An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.

Which testing method did the intruder use?

6. What are two social engineering techniques? (Choose two.)

7. Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

8. How does certificate authority impact a security system?

9. When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

10. How does an SSL certificate impact security between the client and the server?

11. Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

12. Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

13. Refer to the exhibit.

What information is depicted?

14. What is the difference between the ACK flag and the RST flag in the NetFlow log session?

15. Refer to the exhibit.

Which type of log is displayed?

16. How is NetFlow different from traffic mirroring?

17. What makes HTTPS traffic difficult to monitor?

18. How does an attacker observe network traffic exchanged between two users?

19. Which type of data consists of connection level, application-specific records generated from network traffic?

20. An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.

What is the impact of this traffic?

21. What is an example of social engineering attacks?

22. Refer to the exhibit.

What is occurring in this network?

23. Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

24. Which action prevents buffer overflow attacks?

25. Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

26. Refer to the exhibit.

What should be interpreted from this packet capture?

27. What are the two characteristics of the full packet captures? (Choose two.)

28. Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email.

What is the state of this file?

29. DRAG DROP

Drag and drop the technology on the left onto the data type the technology provides on the right.

30. Refer to the exhibit.

What is occurring in this network traffic?

31. An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow.

Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

32. Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

33. An engineer is investigating a case of the unauthorized usage of the “Tcpdump” tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface.

What type of information did the malicious insider attempt to obtain?

34. At a company party a guest asks questions about the company’s user account format and password complexity.

How is this type of conversation classified?

35. Which security monitoring data type requires the largest storage space?

36. What are two denial of service attacks? (Choose two.)

37. An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap.

Which command will accomplish this goal?

38. An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

39. What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

40. During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?