Cisco
200-201 Exam
Understanding Cisco Cybersecurity Operations Fundamentals Exam
Thank you for Downloading
(200-201 Dumps Demo)
Try Full Updated Product Here:
https://officialdumps.com/updated/cisco/200-201-exam-dumps/
, Cisco
200-201 Exam
Understanding Cisco Cybersecurity Operations Fundamentals
Questions & Answers
Demo
,Questions & Answers PDF Page 2
Version: 5.0
Question: 1
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for
multiple devices by modifying the IP header.
Which technology makes this behavior possible?
A. encapsulation
B. TOR
C. tunneling
D. NAT
Answer: D
Question: 2
When communicating via TLS, the client initiates the handshake to the server and the server
responds back with its certificate for identification.
Which information is available on the server certificate?
A. server name, trusted subordinate CA, and private key
B. trusted subordinate CA, public key, and cipher suites
C. trusted CA name, cipher suites, and private key
D. server name, trusted CA, and public key
Answer: D
Question: 3
A security engineer has a video of a suspect entering a data center that was captured on the same
day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence
Answer: C
,Questions & Answers PDF Page 3
Question: 4
Which two elements of the incident response process are stated in NIST Special Publication 800-61
r2? (Choose two.)
A. detection and analysis
B. post-incident activity
C. vulnerability management
D. risk assessment
E. vulnerability scoring
Answer: A, B
Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Question: 5
Which utility blocks a host portscan?
A. HIDS
B. sandboxing
C. host-based firewall
D. antimalware
Answer: C
Question: 6
Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file
Answer: D
Question: 7
An intruder attempted malicious activity and exchanged emails with a user and received corporate
information, including email distribution lists. The intruder asked the user to engage with a link in an
email. When the fink launched, it infected machines and the intruder was able to access the
corporate network.
Which testing method did the intruder use?
A. social engineering
B. eavesdropping
,Questions & Answers PDF Page 4
C. piggybacking
D. tailgating
Answer: A
Question: 8
Refer to the exhibit.
What information is depicted?
A. IIS data
B. NetFlow data
C. network discovery event
D. IPS event data
Answer: B
Question: 9
Which type of evidence supports a theory or an assumption that results from initial evidence?
A. probabilistic
B. indirect
C. best
D. corroborative
Answer: D
Question: 10
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
A. context
B. session
C. laptop
D. firewall logs
E. threat actor
Answer: AE
, Questions & Answers PDF Page 5
Question: 11
Which regular expression matches "color" and "colour"?
A. colo?ur
B. col[0−8]+our
C. colou?r
D. col[0−9]+our
Answer: C
Question: 12
A user received a malicious attachment but did not run it.
Which category classifies the intrusion?
A. weaponization
B. reconnaissance
C. installation
D. delivery
Answer: D
200-201 Exam
Understanding Cisco Cybersecurity Operations Fundamentals Exam
Thank you for Downloading
(200-201 Dumps Demo)
Try Full Updated Product Here:
https://officialdumps.com/updated/cisco/200-201-exam-dumps/
, Cisco
200-201 Exam
Understanding Cisco Cybersecurity Operations Fundamentals
Questions & Answers
Demo
,Questions & Answers PDF Page 2
Version: 5.0
Question: 1
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for
multiple devices by modifying the IP header.
Which technology makes this behavior possible?
A. encapsulation
B. TOR
C. tunneling
D. NAT
Answer: D
Question: 2
When communicating via TLS, the client initiates the handshake to the server and the server
responds back with its certificate for identification.
Which information is available on the server certificate?
A. server name, trusted subordinate CA, and private key
B. trusted subordinate CA, public key, and cipher suites
C. trusted CA name, cipher suites, and private key
D. server name, trusted CA, and public key
Answer: D
Question: 3
A security engineer has a video of a suspect entering a data center that was captured on the same
day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence
Answer: C
,Questions & Answers PDF Page 3
Question: 4
Which two elements of the incident response process are stated in NIST Special Publication 800-61
r2? (Choose two.)
A. detection and analysis
B. post-incident activity
C. vulnerability management
D. risk assessment
E. vulnerability scoring
Answer: A, B
Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Question: 5
Which utility blocks a host portscan?
A. HIDS
B. sandboxing
C. host-based firewall
D. antimalware
Answer: C
Question: 6
Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file
Answer: D
Question: 7
An intruder attempted malicious activity and exchanged emails with a user and received corporate
information, including email distribution lists. The intruder asked the user to engage with a link in an
email. When the fink launched, it infected machines and the intruder was able to access the
corporate network.
Which testing method did the intruder use?
A. social engineering
B. eavesdropping
,Questions & Answers PDF Page 4
C. piggybacking
D. tailgating
Answer: A
Question: 8
Refer to the exhibit.
What information is depicted?
A. IIS data
B. NetFlow data
C. network discovery event
D. IPS event data
Answer: B
Question: 9
Which type of evidence supports a theory or an assumption that results from initial evidence?
A. probabilistic
B. indirect
C. best
D. corroborative
Answer: D
Question: 10
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
A. context
B. session
C. laptop
D. firewall logs
E. threat actor
Answer: AE
, Questions & Answers PDF Page 5
Question: 11
Which regular expression matches "color" and "colour"?
A. colo?ur
B. col[0−8]+our
C. colou?r
D. col[0−9]+our
Answer: C
Question: 12
A user received a malicious attachment but did not run it.
Which category classifies the intrusion?
A. weaponization
B. reconnaissance
C. installation
D. delivery
Answer: D
