Free 200-201 Sample Questions — Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

• A. Hypertext Transfer Protocol
• B. SSL Certificate
• C. Tunneling
• D. VPN

Which two protocols are used for DDoS amplification attacks? (Choose two.)

• A. HTTP
• B. DNS
• C. TCP
• D. ICMPv6
• E. NTP

Which HTTP header field is used in forensics to identify the type of browser used?

• A. referrer
• B. host
• C. user-agent
• D. accept-language

Which artifact is used to uniquely identify a detected file?

• A. file timestamp
• B. file extension
• C. file size
• D. file hash

What is email greylisting by the mail transfer agent?

• A. denying any email from a sender it does not recognize
• B. returning emails that are potential phishing attempts
• C. allowing emails from unknown senders temporarily
• D. quarantining emails sent from outside of the organization

An engineer received a flood of phishing emails from HR with the source address [email protected]. What is the threat actor in this scenario?

• A. sender
• B. phishing email
• C. receiver
• D. HR

What is the difference between indicator of attack (IoA) and indicators of compromise (IoC)?

• A. IoA refers to the individual responsible for the security breach, and IoC refers to the resulting loss
• B. IoA is the evidence that a security breach has occurred, and IoC allows organizations to act before the vulnerability can be exploited
• C. IoC refers to the individual responsible for the security breach, and IoA refers to the resulting loss
• D. IoC is the evidence that a security breach has occurred, and IoA allows organizations to act before the vulnerability can be exploited

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

• A. confidentiality, identity, and authorization
• B. confidentiality, integrity, and authorization
• C. confidentiality, identity, and availability
• D. confidentiality, integrity, and availability

What are indicators of attack?

• A. large numbers of requests for the same file
• B. multiple log ins from different regions
• C. swells in database read volume
• D. suspicious registry or system file changes

What is a comparison between rule-based and statistical detection?

• A. Statistical is based on measured data while rule-based uses the evaluated probability approach
• B. Statistical uses the probability approach while rule-based is based on measured data
• C. Rule-based is based on assumptions and statistical uses data known beforehand
• D. Rule-based uses data known beforehand and statistical is based on assumptions

What is obtained using NetFlow?

• A. full packet capture
• B. session data
• C. application logs
• D. network downtime report

Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?

• A. AWS
• B. IIS
• C. Load balancer
• D. Proxy server

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

• A. context
• B. session
• C. laptop
• D. firewall logs
• E. threat actor

Which security principle requires more than one person is required to perform a critical task?

• A. least privilege
• B. need to know
• C. separation of duties
• D. due diligence

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header. Which technology makes this behavior possible?

• A. encapsulation
• B. TOR
• C. tunneling
• D. NAT

What is a sandbox interprocess communication service?

• A. collection of rules within the sandbox that prevent the communication between sandboxes
• B. collection of network services that are activated on an interface, allowing for inter-port communication
• C. collection of interfaces that allow for coordination of activities among processes
• D. collection of host services that allow for communication between sandboxes

Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?

• A. replay
• B. SQL injection
• C. dictionary
• D. cross-site scripting

An engineer is working on the implementation of digital certificates for new critical web applications. One of the requirements is that the https connection must be validated and protected against malicious network impersonators. The server will be exposed externally from the DMZ network. Which certificate must be used?

• A. X.509
• B. private CA
• C. SSLv3
• D. TLS1.1

The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?

• A. installation
• B. reconnaissance
• C. actions
• D. delivery

What matches the regular expression c(rgr)+e?

• A. c(rgr)e
• B. crgrrgre
• C. crgr+e
• D. ce