Practice Exams:

Free 200-201 Exam Braindumps

Pass your Understanding Cisco Cybersecurity Operations Fundamentals exam with these free Questions and Answers

Page 2 of 53
PDF with 263 Questions
QUESTION 1

Which of these describes SOC metrics in relation to security incidents?

  1. A. time it takes to detect the incident
  2. B. time it takes to assess the risks of the incident
  3. C. probability of outage caused by the incident
  4. D. probability of compromise and impact caused by the incident

Correct Answer: A

QUESTION 2

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

  1. A. resource exhaustion
  2. B. tunneling
  3. C. traffic fragmentation
  4. D. timing attack

Correct Answer: A
Resource exhaustion is a type of denial-of-service attack; however, it can also be used to evade detection by security defenses. A simple definition of resource exhaustion is “consuming the resources necessary to
perform an action.” Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

QUESTION 3

Which step in the incident response process researches an attacking host through logs in a SIEM?

  1. A. detection and analysis
  2. B. preparation
  3. C. eradication
  4. D. containment

Correct Answer: A
Preparation --> Detection and Analysis --> Containment, Erradicaion and Recovery --> Post-Incident Activity Detection and Analysis --> Profile networks and systems, Understand normal behaviors, Create a log retention policy, Perform event correlation. Maintain and use a knowledge base of information.Use Internet search engines for research. Run packet sniffers to collect additional data. Filter the data. Seek assistance from others. Keep all host clocks synchronized. Know the different types of attacks and attack vectors. Develop processes and procedures to recognize the signs of an incident. Understand the sources of precursors and indicators. Create appropriate incident documentation capabilities and processes. Create processes to effectively prioritize security incidents. Create processes to effectively communicate incident information (internal and external communications).
Ref: Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

QUESTION 4

Which incidence response step includes identifying all hosts affected by an attack?

  1. A. detection and analysis
  2. B. post-incident activity
  3. C. preparation
  4. D. containment, eradication, and recovery

Correct Answer: D
* 3.3.3 Identifying the Attacking Hosts During incident handling, system owners and others sometimes want to or need to identify the attacking host or hosts. Although this information can be important, incident handlers should generally stay focused on containment, eradication, and recovery. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
The response phase, or containment, of incident response, is the point at which the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident.

QUESTION 5

What are two denial of service attacks? (Choose two.)

  1. A. MITM
  2. B. TCP connections
  3. C. ping of death
  4. D. UDP flooding
  5. E. code red

Correct Answer: CD

Page 2 of 53
PDF with 263 Questions

Post your Comments and Discuss Cisco 200-201 exam with other Community members: