New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (424 Q&As)
P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR
NEW QUESTION 391
Which evasion method involves performing actions slower than normal to prevent detection?
A. timing attack
B. traffic fragmentation
C. resource exhaustion
D. tunneling
Answer: A
NEW QUESTION 392
After a large influx of network traffic to externally facing devices, a security engineer begins investigating what appears to be a denial of service attack. When the packet capture data is reviewed, the engineer notices that the traffic is a single SYN packet to each port. Which type of attack is occurring?
A. traffic fragmentation
B. port scanning
C. host profiling
D. SYN flood
Answer: D
NEW QUESTION 393
What is a difference between SIEM and SOAR security systems?
A. SOAR ingests numerous types of logs and event data infrastructure components, and SIEM can fetch data from endpoint security software and external threat intelligence feeds.
B. SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks.
C. SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts.
D. SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data, antivirus logs, firewall logs, and hashes of downloaded files.
Answer: C
NEW QUESTION 394
What is the dataflow set in the NetFlow flow-record format?
A. Dataflow set is a collection of HEX records.
B. Dataflow set provides basic information about the packet, such as the NetFlow version.
C. Dataflow set is a collection of binary patterns.
D. Dataflow set is a collection of data records.
Answer: D
NEW QUESTION 395
An employee received an email from a colleague’s address asking for the password for the domain controller. The employee noticed a missing letter within the sender’s address. What does this incident describe?
A. insider attack
B. shoulder surfing
C. social engineering
D. brute-force attack
Answer: C
NEW QUESTION 396
A security engineer must investigate a recent breach within the organization. An engineer noticed that a breached workstation is trying to connect to the domain “Ranso4676-mware41-603”, which is known as malicious. In which step of the Cyber Kill Chain is this event?
A. action on objectives
B. reconnaissance
C. delivery
D. weaponization
Answer: A
NEW QUESTION 397
According to CVSS, what is attack complexity?
A. existing exploits available in the wild exploiting the vulnerability
B. existing circumstances beyond the attacker’s control to exploit the vulnerability
C. number of actions an attacker should perform to exploit the vulnerability
D. number of patches available for certain attack mitigation and how complex the workarounds are
Answer: B
NEW QUESTION 398
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
A. Tampered images are used in the security investigation process.
B. Tampered images are used in the incident recovery process.
C. The image is tampered if the stored hash and the computed hash match.
D. Untampered images are used in the security investigation process.
E. The image is untampered if the stored hash and the computed hash match.
Answer: DE
NEW QUESTION 399
Which action matches the weaponization step of the Cyber Kill Chain Model?
A. Develop a specific malware to exploit a vulnerable server.
B. Construct a trojan and deliver it to the victim.
C. Match a known script to a vulnerability.
D. Scan open services and ports on a server.
Answer: A
NEW QUESTION 400
A security engineer must protect the company from known issues that trigger adware. Recently a new incident has been raised that could harm the system. Which security concepts are present in this scenario?
A. vulnerability and threat
B. exploit and patching
C. risk and evidence
D. analysis and remediation
Answer: A
NEW QUESTION 401
For which items is an end-point application greylist used?
A. items that have been installed with a baseline
B. items that have been established as malicious
C. items before being established as harmful or malicious
D. items that have been established as authorized
Answer: C
NEW QUESTION 402
How does rule-based detection differ from behavioral detection?
A. Rule-based systems have predefined patterns, and behavioral systems learn the patterns that are specific to the environment.
B. Rule-based systems search for patterns linked to specific types of attacks, and behavioral systems identify attacks per signature.
C. Behavioral systems have patterns are for complex environments, and rule-based systems can be used on low-mid-sized businesses.
D. Behavioral systems find sequences that match particular attack behaviors, and rule-based systems identify potential zero-day attacks.
Answer: A
NEW QUESTION 403
What is a description of a social engineering attack?
A. package deliberately sent to the wrong receiver to advertise a new product
B. fake offer for free music download to trick the user into providing sensitive data
C. mistakenly received valuable order destined for another person and hidden on purpose
D. email offering last-minute deals on various vacations around the world with a due date and a counter
Answer: B
NEW QUESTION 404
A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?
A. failure of the full packet capture solution
B. misconfiguration of a web filter
C. insufficient network resources
D. TCP injection
Answer: D
NEW QUESTION 405
What is the impact of false negative alerts when compared to true negative alerts?
A. A false negative is someone trying to hack into the system and no alert is raised, and a true negative is an event that never happened and an alert was not raised.
B. A true negative is an alert for an exploit attempt when no attack was detected, and a false negative is when no attack happens and an alert is still raised.
C. A true negative is a legitimate attack that triggers a brute force alert, and a false negative is when no alert and no attack is occurring.
D. A false negative is an event that alerts for injection attack when no attack is happening, and a true negative is an attack that happens and an alert that is appropriately raised.
Answer: A
NEW QUESTION 406
What describes the framework that enables to control user access to critical information in the heterogenous technology environments?
A. vulnerability scanner
B. configuration management
C. mobile device management
D. identity and access management
Answer: D
NEW QUESTION 407
A company plans to implement network segmentations and use IP address inventory management best practices. Servers and end-user devices are using the same VLANs and IP subnets with manual address assignment. What are the first two steps the engineers must take to meet these requirements? (Choose two.)
A. Configure packet captures to perform deep packet inspection for further traffic analysis and implementation of access rules.
B. Implement deep network traffic analysis using NetFlow v5 from routers and switches.
C. Deploy an Active Directory server and add all assets to the created domain for better visibility.
D. Assign separate hard-coded IP address spaces for critical assets, according to their role and functions.
E. Create IP address inventory database and deploy separate role-based IP subnetting for users using centralized DHCP server.
Answer: DE
NEW QUESTION 408
What does the SOC metric MTTC provide in incident analysis?
A. average time it takes to recognize and stop the incident
B. average time it takes to fix the issues caused by the incident
C. average time it takes to detect that the incident has occurred
D. average time the attacker has access to the environment
Answer: A
NEW QUESTION 409
How is SQL injection prevented?
A. sanitize user input
B. address space layout randomization
C. run the web server as a nonprivileged user
D. host profiling
Answer: A
NEW QUESTION 410
A vulnerability is discovered on a network. If successfully exploited, it will completely remove the ability of the system to limit disclosure of information to an unauthorized user. Which concept and value describes this vulnerability?
A. confidentiality, none
B. availability, none
C. availability, high
D. confidentiality, high
Answer: D
NEW QUESTION 411
What matches the regular expression r(ege)+x?
A. r(ege)x
B. regeegex
C. rx
D. rege+x
Answer: B
NEW QUESTION 412
Which statement describes indicators of attack?
A. A malicious file is detected by the AV software.
B. Internal hosts communicate with countries outside of the business range.
C. Phishing attempts on an organization are blocked by mail AV.
D. Critical patches are missing.
Answer: B
NEW QUESTION 413
Which type of data is used to detect anomalies in the network?
A. statistical data
B. metadata
C. transaction data
D. alert data
Answer: A
NEW QUESTION 414
What is data encapsulation?
A. Data is encrypted backwards, which makes it unusable.
B. Multiple hosts can be supported with only a few public IP addresses.
C. A protocol of the sending host adds additional data to the packet header.
D. Browsing history is erased automatically with every session.
Answer: C
NEW QUESTION 415
Which type of attack uses a botnet to reflect requests off of an NTP server to overwhelm a target?
A. replay
B. distributed denial of service
C. denial of service
D. man-in-the-middle
Answer: B
NEW QUESTION 416
An analyst performs traffic analysis to detect suspicious activity and identifies the multiple UDP connections through the same port. Which technology makes this behavior feasible?
A. TOR
B. ACL
C. P2P
D. NAT
Answer: D
NEW QUESTION 417
Which of these is a defense-in-depth strategy principle?
A. Identify the minimum resource required per employee.
B. Provide the minimum permissions needed to perform job functions.
C. Disable administrative accounts to avoid unauthorized changes.
D. Assign the least network privileges to segment network permissions.
Answer: D
NEW QUESTION 418
Which security monitoring data type is associated with application server logs?
A. transaction data
B. statistical data
C. session data
D. alert data
Answer: A
NEW QUESTION 419
Which principle reduces the risk of attackers gaining access to sensitive data by compromising a low-level user account?
A. separation of duties
B. limited access
C. least privilege
D. privilege separation
Answer: C
NEW QUESTION 420
What is the impact of encryption on data visibility?
A. TLS 1.3 traffic cannot be decrypted and monitored.
B. Traffic decryption causes high CPU load on monitoring systems.
C. Traffic decryption is needed for deep inspection of SSL traffic via NGFW.
D. IPsec encryption of traffic is vulnerable to man-in-the-middle attacks.
Answer: A
NEW QUESTION 421
During a quarterly vulnerability scan, a security analyst discovered unused uncommon ports open and in a listening state. Further investigation showed that the unknown application was communicating with an external IP address on an encrypted channel. A deeper analysis revealed a command and control communication on an infected server. At which step of the Cyber Kill Chain was the attack detected?
A. Exploitation
B. Actions on Objectives
C. Weaponization
D. Delivery
Answer: B
NEW QUESTION 422
Which description is a defense-in-depth principal strategy?
A. isolating employees with access to critical data
B. implementing VLANs to segment network traffic
C. developing approval flow for new hires
D. designing Active Directory groups
Answer: B
NEW QUESTION 423
……
New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (424 Q&As)
P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR
