New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (200 Q&As –> 235 Q&As –> 261 Q&As –> 287 Q&As –> 365 Q&As –> 424 Q&As)
P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR
NEW QUESTION 176
Which attack represents the evasion technique of resource exhaustion?
A. SQL injection
B. man-in-the-middle
C. bluesnarfing
D. denial-of-service
Answer: D
NEW QUESTION 177
A threat actor penetrated an organization’s network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A. event name, log source, time, source IP, and host name
B. protocol, source IP, source port, destination IP, and destination port
C. event name, log source, time, source IP, and username
D. protocol, log source, source IP, destination IP, and host name
Answer: B
NEW QUESTION 178
Which event is a vishing attack?
A. Obtaining disposed documents from an organization.
B. Using a vulnerability scanner on a corporate network.
C. Setting up a rogue access point near a public hotspot.
D. Impersonating a tech support agent during a phone call.
Answer: D
NEW QUESTION 179
What is indicated by an increase in IPv4 traffic carrying protocol 41?
A. additional PPTP traffic due to Windows clients
B. unauthorized peer-to-peer traffic
C. deployment of a GRE network on top of an existing Layer 3 network
D. attempts to tunnel IPv6 traffic through an IPv4 network
Answer: D
NEW QUESTION 180
What is the impact of false positive alerts on business compared to true positive?
A. True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.
B. True positive alerts are blocked by mistake as potential attacks, while false positives are actual attacks Identified as harmless.
C. False positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.
D. False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.
Answer: C
NEW QUESTION 181
An organization’s security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning. How should the analyst collect the traffic to isolate the suspicious host?
A. by most active source IP
B. by most used ports
C. based on the protocols used
D. based on the most used applications
Answer: C
NEW QUESTION 182
What is an incident response plan?
A. an organizational approach to events that could lead to asset loss or disruption of operations
B. an organizational approach to security management to ensure a service lifecycle and continuous improvements
C. an organizational approach to disaster recovery and timely restoration ot operational services
D. an organizational approach to system backup and data archiving aligned to regulations
Answer: C
NEW QUESTION 183
An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?
A. incorrect TCP handshake
B. incorrect UDP handshake
C. incorrect OSI configuration
D. incorrect snaplen configuration
Answer: A
NEW QUESTION 184
A security incident occurred with the potential of impacting business services. Who performs the attack?
A. malware author
B. threat actor
C. bug bounty hunter
D. direct competitor
Answer: A
NEW QUESTION 185
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file’s type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?
A. Isolate the infected endpoint from the network.
B. Perform forensics analysis on the infected endpoint.
C. Collect public information on the malware behavior.
D. Prioritize incident handling based on the impact.
Answer: C
NEW QUESTION 186
Which technology on a host is used to isolate a running application from other applications?
A. sandbox
B. application allow list
C. application block list
D. host-based firewall
Answer: A
NEW QUESTION 187
Which data type is necessary to get information about source/destination ports?
A. statistical data
B. session data
C. connectivity data
D. alert data
Answer: C
NEW QUESTION 188
What is vulnerability management?
A. A security practice focused on clarifying and narrowing intrusion points.
B. A security practice of performing actions rather than acknowledging the threats.
C. A process to identify and remediate existing weaknesses.
D. A process to recover from service interruptions and restore business-critical applications.
Answer: C
NEW QUESTION 189
What is a difference between data obtained from Tap and SPAN ports?
A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
B. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
C. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination.
Answer: A
NEW QUESTION 190
An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?
A. digital certificates
B. static IP addresses
C. signatures
D. cipher suite
Answer: D
NEW QUESTION 191
……
New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (200 Q&As –> 235 Q&As –> 261 Q&As –> 287 Q&As –> 365 Q&As –> 424 Q&As)
P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR
