200-201試験無料問題集（379題）「Cisco Understanding Cisco Cybersecurity Operations Fundamentals 認定」

出題：1

Which step in the incident response process researches an attacking host through logs in a SIEM?

A. preparation

B. eradication

C. containment

D. detection and analysis

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

What is a difference between an inline and a tap mode traffic monitoring?

A. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

B. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.

C. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.

D. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

A. context

B. laptop

C. threat actor

D. session

E. firewall logs

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

What is the communication channel established from a compromised machine back to the attacker?

A. port scanning

B. man-in-the-middle

C. IDS evasion

D. command and control

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Why should an engineer use a full packet capture to investigate a security breach?

A. It collects metadata for the engineer to analyze, including IP traffic packet data that is sorted, parsed, and indexed.

B. It reconstructs the event allowing the engineer to identify the root cause by seeing what took place during the breach

C. It provides the full TCP streams for the engineer to follow the metadata to identify the incoming threat.

D. It captures the TCP flags set within each packet for the engineer to focus on suspicious packets to identify malicious activity

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

A. reconnaissance

B. action on objectives

C. delivery

D. weaponization

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

A. reconnaissance

B. exploitation

C. delivery

D. weaponization

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

A. A host on the network is sending a DDoS attack to another inside host.

B. A policy violation is active for host 10.201.3.149.

C. A policy violation is active for host 10.10.101.24.

D. There are three active data exfiltration alerts.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Refer to the exhibit.

An engineer received an event log file to review. Which technology generated the log?

A. proxy

B. NetFlow

C. firewall

D. IDS/IPS

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Refer to the exhibit.

What does the message indicate?

A. a denied access attempt was made to retrieve the password file

B. a successful access attempt was made to retrieve the root of the website

C. an access attempt was made from the Mosaic web browser

D. a successful access attempt was made to retrieve the password file

正解：B 解答を投票する

出題：11

Refer to the exhibit. A SOC analyst is examining the Windows security logs of one of the endpoints. What is the possible reason for this event log?

A. Brute force attack

B. System maintenance logs

C. Malware Attack

D. Windows failed to audit logs

正解：C 解答を投票する

出題：12

Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

A. SolarWinds

B. NetScout

C. tcpdump

D. netsh

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.
Which identifier tracks an active program?

A. active process identification number

B. runtime identification number

C. process identification number

D. application identification number

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

Which action matches the weaponization step of the Cyber Kill Chain Model?

A. Scan open services and ports on a server.

B. Develop a specific malware to exploit a vulnerable server, i

C. Match a known script to a vulnerability.

D. Construct a trojan and deliver l! to the victim.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

Which action prevents buffer overflow attacks?

A. input sanitization

B. variable randomization

C. using a Linux operating system

D. using web based applications

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

What is the benefit of processing statistical data for security systems?

A. provides fewer false negative events than full packet capture

B. detects suspicious behavior based on traffic baselining trends

C. uses less CPU and RAM resources than metadata-based monitoring

D. provides full visibility based on capture of packet traffic data

正解：B 解答を投票する

出題：17

An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?

A. false negative

B. true negative

C. false positive

D. true positive

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

200-201試験無料問題集「Cisco Understanding Cisco Cybersecurity Operations Fundamentals 認定」