Want to know Pass4sure 200-201 Exam practice test features? Want to lear more about Cisco Understanding Cisco Cybersecurity Operations Fundamentals certification experience? Study Best Quality Cisco 200-201 answers to Leading 200-201 questions at Pass4sure. Gat a success with an absolute guarantee to pass Cisco 200-201 (Understanding Cisco Cybersecurity Operations Fundamentals) test on your first attempt.
Online 200-201 free questions and answers of New Version:
NEW QUESTION 1
Which artifact is used to uniquely identify a detected file?
- A. file timestamp
- B. file extension
- C. file size
- D. file hash
NEW QUESTION 2
Which step in the incident response process researches an attacking host through logs in a SIEM?
- A. detection and analysis
- B. preparation
- C. eradication
- D. containment
NEW QUESTION 3
Which security technology allows only a set of pre-approved applications to run on a system?
- A. application-level blacklisting
- B. host-based IPS
- C. application-level whitelisting
- D. antivirus
NEW QUESTION 4
What is an attack surface as compared to a vulnerability?
- A. any potential danger to an asset
- B. the sum of all paths for data into and out of the application
- C. an exploitable weakness in a system or its design
- D. the individuals who perform an attack
NEW QUESTION 5
Which type of evidence supports a theory or an assumption that results from initial evidence?
- A. probabilistic
- B. indirect
- C. best
- D. corroborative
NEW QUESTION 6
Which signature impacts network traffic by causing legitimate traffic to be blocked?
- A. false negative
- B. true positive
- C. true negative
- D. false positive
NEW QUESTION 7
A malicious file has been identified in a sandbox analysis tool.
Which piece of information is needed to search for additional downloads of this file by other hosts?
- A. file type
- B. file size
- C. file name
- D. file hash value
NEW QUESTION 8
Which event artifact is used to identity HTTP GET requests for a specific file?
- A. destination IP address
- B. TCP ACK
- C. HTTP status code
- D. URI
NEW QUESTION 9
What is a difference between SOAR and SIEM?
- A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
- B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
- C. SOAR receives information from a single platform and delivers it to a SIEM
- D. SIEM receives information from a single platform and delivers it to a SOAR
NEW QUESTION 10
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
- A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
- B. MAC is the strictest of all levels of control and DAC is object-based access
- C. DAC is controlled by the operating system and MAC is controlled by an administrator
- D. DAC is the strictest of all levels of control and MAC is object-based access
NEW QUESTION 11
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
- A. SFlow
- B. NetFlow
- C. NFlow
- D. IPFIX
NEW QUESTION 12
What is a purpose of a vulnerability management framework?
- A. identifies, removes, and mitigates system vulnerabilities
- B. detects and removes vulnerabilities in source code
- C. conducts vulnerability scans on the network
- D. manages a list of reported vulnerabilities
NEW QUESTION 13
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?
- A. sequence numbers
- B. IP identifier
- C. 5-tuple
- D. timestamps
NEW QUESTION 14
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?
- A. Base64 encoding
- B. transport layer security encryption
- C. SHA-256 hashing
- D. ROT13 encryption
NEW QUESTION 15
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?
- A. online assault
- B. precursor
- C. trigger
- D. instigator
NEW QUESTION 16
Drag and drop the security concept on the left onto the example of that concept on the right.
- A. Mastered
- B. Not Mastered
NEW QUESTION 17
Refer to the exhibit.
What is occurring in this network traffic?
- A. high rate of SYN packets being sent from a multiple source towards a single destination IP
- B. high rate of SYN packets being sent from a single source IP towards multiple destination IPs
- C. flood of ACK packets coming from a single source IP to multiple destination IPs
- D. flood of SYN packets coming from a single source IP to a single destination IP
NEW QUESTION 18
100% Valid and Newest Version 200-201 Questions & Answers shared by Certleader, Get Full Dumps HERE: https://www.certleader.com/200-201-dumps.html (New 98 Q&As)