Up To The Minute 200-201 Vce For Understanding Cisco Cybersecurity Operations Fundamentals Certification

NEW QUESTION 1
Which HTTP header field is used in forensics to identify the type of browser used?

• A. referrer
• B. host
• C. user-agent
• D. accept-language

Answer: C

NEW QUESTION 2
Refer to the exhibit.

Which kind of attack method is depicted in this string?

• A. cross-site scripting
• B. man-in-the-middle
• C. SQL injection
• D. denial of service

Answer: A

NEW QUESTION 3
What does cyber attribution identity in an investigation?

• A. cause of an attack
• B. exploit of an attack
• C. vulnerabilities exploited
• D. threat actors of an attack

Answer: D

NEW QUESTION 4
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

• A. examination
• B. investigation
• C. collection
• D. reporting

Answer: C

NEW QUESTION 5
Which event artifact is used to identity HTTP GET requests for a specific file?

• A. destination IP address
• B. TCP ACK
• C. HTTP status code
• D. URI

Answer: D

NEW QUESTION 6
What do the Security Intelligence Events within the FMC allow an administrator to do?

• A. See if a host is connecting to a known-bad domain.
• B. Check for host-to-server traffic within your network.
• C. View any malicious files that a host has downloaded.
• D. Verify host-to-host traffic within your network.

Answer: A

NEW QUESTION 7
Which security principle is violated by running all processes as root or administrator?

• A. principle of least privilege
• B. role-based access control
• C. separation of duties
• D. trusted computing base

Answer: A

NEW QUESTION 8
What causes events on a Windows system to show Event Code 4625 in the log messages?

• A. The system detected an XSS attack
• B. Someone is trying a brute force attack on the network
• C. Another device is gaining root access to the system
• D. A privileged user successfully logged into the system

Answer: B

NEW QUESTION 9
What are two social engineering techniques? (Choose two.)

• A. privilege escalation
• B. DDoS attack
• C. phishing
• D. man-in-the-middle
• E. pharming

Answer: CE

NEW QUESTION 10
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

• A. sequence numbers
• B. IP identifier
• C. 5-tuple
• D. timestamps

Answer: C

NEW QUESTION 11
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?

• A. online assault
• B. precursor
• C. trigger
• D. instigator

Answer: B

NEW QUESTION 12
What is a difference between SOAR and SIEM?

• A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
• B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
• C. SOAR receives information from a single platform and delivers it to a SIEM
• D. SIEM receives information from a single platform and delivers it to a SOAR

Answer: A

NEW QUESTION 13
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

• A. application identification number
• B. active process identification number
• C. runtime identification number
• D. process identification number

Answer: D

NEW QUESTION 14
Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

• A. resource exhaustion
• B. tunneling
• C. traffic fragmentation
• D. timing attack

Answer: A

NEW QUESTION 15
A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

• A. file extension associations
• B. hardware, software, and security settings for the system
• C. currently logged in users, including folders and control panel settings
• D. all users on the system, including visual settings

Answer: B

NEW QUESTION 16
What is the difference between a threat and a risk?

• A. Threat represents a potential danger that could take advantage of a weakness in a system
• B. Risk represents the known and identified loss or danger in the system
• C. Risk represents the nonintentional interaction with uncertainty in the system
• D. Threat represents a state of being exposed to an attack or a compromise either physically or logically

Answer: A

NEW QUESTION 17
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?

• A. SFlow
• B. NetFlow
• C. NFlow
• D. IPFIX

Answer: D

NEW QUESTION 18
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

• A. The computer has a HIPS installed on it.
• B. The computer has a NIPS installed on it.
• C. The computer has a HIDS installed on it.
• D. The computer has a NIDS installed on it.

Answer: C

NEW QUESTION 19
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network?
(Choose two.)

• A. PCI
• B. GLBA
• C. HIPAA
• D. SOX
• E. COBIT

Answer: AC

NEW QUESTION 20
......