Cisco CyberOps Associate [200-201] Free Cisco CyberOps Practice Test – 200-201 Back to exams page. Check our our Cisco CyberOps Associate course here. 1. This type of attacks is another type of denial of service attacks that send a flood of protocol request packets to various IP hosts on a network. The idea is that the attacker will spoof the source of a target device.The host that receives these flooded packets, they become the reflector. And so they're going to reflect or respond back to the unsuspecting target. And what happens, that device gets flooded with all of these responses to something that he didn't even ask for.Distributed Denial of Service AttackReflection and Amplification AttackSmurf AttackMITMQuestion 1 of 50 2. These access control method is based on the user's work function within the organization, and access is allowed or denied on the basis of a set of rules defined by the system administratorDiscretionary access control (DAC)Non-discretionary access controlContext-Based Access Control (CBAC)Attribute-based access control (ABAC)Question 2 of 50 3. It is a free tool that allows users to surf the web anonymously.It works by 'routing' IP traffic through a free, worldwide network of thousands of relays.Then it constantly changes the way the traffic is routed to obscure the location of the user from anyone monitoring the network.DarkwebTHORTORDeepwebQuestion 3 of 50 4. When deciding to implement a full packet capture, what considerations should be take into account before implementing it? (Choose 4)Security Operation CapabilityLocationStorageNIC ConfigurationMethod of Network ConnectionQuestion 4 of 50 5. After a security incident has been detected and sufficient analysis has been performed to determine that the incident is valid, it must be contained in order to determine what to do about it.Strategies and procedures for incident containment need to be in place before an incident occurs and implemented before there is widespread damage. Which phase is this?PreparationCSIRTDetection and analysisContainment, eradication, and recoveryPost-incident activitiesQuestion 5 of 50 6. It attempts to consume all the resources that a computer or network makes available to legitimate clients.This is a very important issue, because it could disrupt the entire operation of a business.DOSDDOSDDDOSResource Exhaustion attackQuestion 6 of 50 7. This access control method enables each user to control access to their own data.Instead of a security label, as in the case of MAC, each resource in this system has an access-list attached to it.Discretionary access control (DAC)Non-discretionary access controlContext-Based Access Control (CBAC)Attribute-based access control (ABAC)Question 7 of 50 8. Which two of the following statements are true about host-based antivirus software? (Choose two.)Most antivirus software uses signature-based malware detection.User identity detection is embedded in most antivirus software code.antivirus software may use heuristics with other methods to detect malware.antivirus software is wholly dependent on running scans to find malware that has already obtained a foothold on a system.Question 8 of 50 9. In this type of attack, the attacker creates a fragment of a packet and offset the value in the ip header to indicate that the size of this packet is more than 65,536 bytes.So what happens is that whenever a vulnerable machine gets this type of fragment, it tries to set up buffers to fit the size of the packet.And then all of a sudden, there's no more resources left, because all of this buffer space is allocated to a packet that has the offset fragment set to a large size that isn't that big.Buffer OverflowPing of DeathTCP Flood AttackDNS TunnelingQuestion 9 of 50 10. In the IPS Alert matrix, an abundance of these kind of alerts becomes a significant burden for IPS analysts as these can obscure the console and hide true positive alerts. False PositivesFalse NegativesTrue PosititivesTrue NegativesQuestion 10 of 50 11. A ___________ is a system weakness or a design that can be exploited through a threat.These are found in protocols themselves sometimes, as in the case of TCP / IP .AssetsThreatsVulnerabilitiesCountermeasureQuestion 11 of 50 12. This incident response stakeholder might need to perform disciplinary measures if an incident caused by an employee occurs.ManagementInformation AssuranceLegal DepartmentHuman ResourcesQuestion 12 of 50 13. In data classification, these data are very difficult to obtain and sometimes cost considerable to ensure their secrecy.Usually, few people have access to this data based only on a requirement to know this informationSensitiveSecretTop SecretConfidentialQuestion 13 of 50 14. ________________ minimize errors that may be caused by personnel who are under stress while participating in incident handling.What is this?Incident Response ProcedureSOP - Standard Operating ProcedureOperational ToolkitSecurity HandbookQuestion 14 of 50 15. In security deployments, the continuum of attack is divided into three phases. What are those? (choose 3).BeforeOngoingDuringAfterQuestion 15 of 50 16. Source and destination IP addresses are usually shown in NetFlow records and security events. What other artifacts are part of NetFlow records? (Choose 2)Destination portsUsernamesSignature IDsSource portsQuestion 16 of 50 17. ___________ is a function of the likelihood of a particular potential vulnerability being exercised by a particular threat source and the resulting impact of that adverse event on the organization.ThreatRiskExploitVulnerabilityQuestion 17 of 50 18. It refers to a dictionary of publicly known information security vulnerabilities and exposures.National Vulnerability Database (NVD) Cisco TalosCommon Vulnerabilities and Exposures (CVE) None of the aboveQuestion 18 of 50 19. It refers to a Security feature to correlate and translate IP address map to Netflow. This feature is being provided by Cisco's Stealthwatch system.Port Address TranslationNAT StitchingNetflow NAT OverloadQuestion 19 of 50 20. Which of these options refer to the first 3 steps involved in Cyber Kill Chain?InstallationDeliveryReconnaissanceWeaponizationQuestion 20 of 50 21. This protocol is a connectionless protocol that is primarily used to route information over the Internet.This protocol depends on the upper-level layers to ensure accountability and reliability.TCPIPICMPUDPQuestion 21 of 50 22. This type of firewall is implemented in the Linux user space, works at the application layer, and is used to permit or deny access to a specific service.IP TablesTCP WrappersUFWHost-based IPSQuestion 22 of 50 23. This access control method intelligently filters TCP and UDP packets based on application layer log information.It can be used for intranets, extranets and the Internet because of its inherent ability to distill packets (TCP and UDP) based on application protocol session information.Discretionary access control (DAC)Non-discretionary access controlContext-Based Access Control (CBAC)Attribute-based access control (ABAC)Question 23 of 50 24. Which of the following is an example of a packet capture program?WiresharkPacketsharkPacketRealNetFlowQuestion 24 of 50 25. Malicious Windows operating system codes that share a single virtual address space, and can manage the system CPU and memory resources directly are running in which mode?privilegedkernelusersafeQuestion 25 of 50 26. In Security onion, it is feature that provides audit records of every network session that is seen on the wire.It also provides audit records at the application layer.BROELSANetsniff-ngsyslog-ngQuestion 26 of 50 27. In Linux, which command allows a user to view a list of open files/connections?net usershow net usernetstatlsofQuestion 27 of 50 28. Which security management concept addresses the inventory and control of hardware and software configurations of systems?Configuration ManagementAsset ManagementMobile Device ManagementVulnerability ManagementPatch ManagementQuestion 28 of 50 29. This incident response stakeholder designs the budget and are in charge of staffing all of the departments.Human ResourcesManagementLegal DepartmentPublic Affairs and Media RelationsQuestion 29 of 50 30. This NIST standard is a valuable resource for organizations that require guidance in developing digital forensics plans.NIST 800-140CNIST 800-140ENIST 800-126NIST 800-86Question 30 of 50 31. Which of the following is true about NetFlow?NetFlow typically provides more details than sFlow.NetFlow typically contains more details than packet capturing.NetFlow is not available in virtual networking environments.NetFlow is only used as a network performance measurement.Question 31 of 50 32. After the weapon has been delivered, the threat actor uses it to break the vulnerability and gain control of the target.Which cyberkill chain step does this refer to?ExploitationInstallationCnCAction on ObjectivesQuestion 32 of 50 33. Which of the following statements describe the features of anomaly detection? (Choose 4)Requires alot of storage due to full packet capturesDetect Unusually frequent large or lengthy network sessions.Detect connections to suspicious IP Geo-locationsEach Flow data Record contains IPs, Ports, Duration and Bytes TransferredDoes not require as much storage space as Full Packet CaptureQuestion 33 of 50 34. It evaluates the data part and the header of a packet that is transmitted through an inspection point, weeding out any non-compliance to protocol, spam, viruses, intrusions, and any other defined criteria to block the packet from passing through the inspection point.Deep Packet InspectionPacket FilteringFirewallingIntrusion DetectionQuestion 34 of 50 35. This security management concept requires a robust means of identifying weaknesses based on vendor security bulletins and other information systems such as CVE. What is this? Configuration ManagementAsset ManagementMobile Device ManagementVulnerability ManagementPatch ManagementQuestion 35 of 50 36. Regarding malware protection, which statement is true?A combination of an antivirus product and an antispyware product provides the best defense against malware.Antivirus and antispyware tools provide a line of defense, but their efficacy is dropping.Most modern malware protection products typically achieve 100 percent success in detection and prevention.Malware protection at the host installation level is useless and can only be performed at the network level.Question 36 of 50 37. This tool is a command line utility that allows you to capture and analyze network traffic through your system.It is often used to help resolve network issues, as well as a security tool.It can be used in a variety of cases as a powerful and versatile tool that includes many options and filters.Since it is a command line tool, it is ideal to run on remote servers or devices for which a GUI is not available, to collect data that can be analyzed later. WiresharkUDPDUMPTCPDUMPPacket TracerQuestion 37 of 50 38. ________ is a new platform for the integration of multiple security technologies from a single point of view to ease of control, unified policy across on-site and cloud assets.It is an open, cloud-based platform that connects the Cisco-integrated security portfolio to existing (non-Cisco) security products.Cisco ThreatGridCisco Secure-XCisco ACICisco FMCQuestion 38 of 50 39. This phase is when the CSIRT is created and trained.This phase is also when the tools and assets that will be needed by the team to investigate incidents are acquired and deployed.PreparationCSIRTDetection and analysisContainment, eradication, and recoveryPost-incident activitiesQuestion 39 of 50 40. Which Cisco AMP for Endpoints feature is used during post-incident investigations to determine the source (patient zero) of the malware?file security intelligence feedsfile capturefile sandboxingfile trajectoryQuestion 40 of 50 41. In Cisco security products, it provides comprehensive cloud-based security and controls for unique corporate email challenges, including email content, email attachments, and embedded URLs.ESACESNGFWISEQuestion 41 of 50 42. If the Downloads directory is in the home directory, which three of the following commands will navigate you to the Downloads directory? (Choose three.)cd /home//Downloadscd /etc/home/bob/Downloadscd Downloadscd ~/DownloadsQuestion 42 of 50 43. You encountered malware that automatically runs upon bootup in its own Windows sessions, and without any user interface. Which Windows component can be used to configure the malware from starting automatically?startup managerperformance managerservices control managerdevice managerQuestion 43 of 50 44. The process that is known as piping performs which of the following?allows the user to have superuser privilegescleans up the directory structureallows a user to send the output of one command to another command.extends the desktop environmentQuestion 44 of 50 45. Which of the following are used as the main techniques for deep packet inspection? (choose 3)Pattern or signature matching Protocol anomaly IPS solutions Packet FilteringQuestion 45 of 50 46. In the IPS Alert matrix, very high priority is given to minimizing these type of alerts . The consequence can be catastrophic, and signatures need to be continuously updated as new exploits are discovered and hacking techniques False PositivesFalse NegativesTrue PosititivesTrue NegativesQuestion 46 of 50 47. Which of the following regular expressions will match any IP address on the 10.1.2.0/24 network?%10.1.2\.$10\.1\.2\..*^10.1.2.010.[1..2].0Question 47 of 50 48. It refers to a piece of software, a tool, a technique, or a process that takes advantage of a weakness or flaw that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system.ThreatRiskExploitVulnerabilityQuestion 48 of 50 49. NetFlow is a great tool for anomaly and DDoS detection. Beforeimplementing these detection capabilities, you should perform which ofthe following tasks?Enable NetFlow in more than two interfaces.Enable BGP for route redirection.Develop a traffic baseline.Enable anti-spoofing protection.Question 49 of 50 50. When investigating Windows-based security incidents, which can cause the most damage to the integrity of the Windows operating system?malicious rootkits that run in user modemalicious applications that run in safe modemalicious applications that run in kernel modemalicious Windows drivers that run in kernel modeQuestion 50 of 50 Loading...
