New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (365 Q&As –> 424 Q&As)
P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR
NEW QUESTION 336
An engineer is working on a ticket for an incident from the incident management team. A week ago, an external web application was targeted by a DDoS attack. Server resources were exhausted and after two hours, it crashed. An engineer was able to identify the attacker and technique used. Three hours after the attack, the server was restored and the engineer recommended implementing mitigation by Blackhole filtering and transferred the incident ticket back to the IR team. According to NIST.SP800-61, at which phase of the incident response did the engineer finish work?
A. post-incident activity
B. preparation
C. detection and analysis
D. containment, eradication, and recovery
Answer: D
NEW QUESTION 337
What is the difference between attack surface and vulnerability?
A. A vulnerability is a way of taking advantage of a system or resource, and an attack surface is a specific technique utilized by the vulnerability.
B. An attack surface is a way of taking advantage of a system or resource, and a vulnerability is a specific technique utilized by the vulnerability.
C. An attack surface describes how software or a system is exposed to potential attacks, and a vulnerability is an actual weakness that exposes the potential risk.
D. A vulnerability describes how software or a system is exposed to potential attacks, and an attack surface is an actual weakness that exposes the potential risk.
Answer: C
NEW QUESTION 338
What is a scareware attack?
A. inserting malicious code that causes popup windows with flashing colors
B. overwhelming a targeted website with fake traffic
C. gaining access to your computer and encrypting data stored on it
D. using the spoofed email addresses to trick people into providing login credentials
Answer: A
NEW QUESTION 339
What is the communication channel established from a compromised machine back to the attacker?
A. man-in-the-middle
B. command and control
C. IDS evasion
D. port scanning
Answer: B
NEW QUESTION 340
During which phase of the forensic process are tools and techniques used to extract information from the collected data?
A. examination
B. investigation
C. collection
D. reporting
Answer: A
NEW QUESTION 341
An information security analyst inspects the .pcap file and observes encrypted unusual SSH traffic flow over nonstandard ports. Which technology makes this behavior feasible?
A. NAT
B. tunneling
C. P2P
D. TOR
Answer: B
NEW QUESTION 342
What is the role of NAT in data visibility?
A. load balancing
B. hiding IP addresses
C. web filtering
D. encrypting files
Answer: B
NEW QUESTION 343
What is the purpose of command and control for network-aware malware?
A. It controls and shuts down services on the infected host.
B. It helps the malware to profile the host.
C. It contacts a remote server for commands and updates.
D. It takes over the user account for analysis.
Answer: C
NEW QUESTION 344
Which element is included in an incident response plan as stated in NIST.SP800-61?
A. security of sensitive information
B. individual approach to incident response
C. consistent threat identification
D. approval of senior management
Answer: D
NEW QUESTION 345
Which statement describes patch management?
A. scanning servers and workstations for missing patches and vulnerabilities
B. process of appropriate distribution of system or software updates
C. managing and keeping previous patches lists documented for audit purposes
D. workflow of distributing mitigations of newly found vulnerabilities
Answer: B
NEW QUESTION 346
A user received a malicious email attachment named “DS045-report1122345.exe” and executed it. In which step of the Cyber Kill Chain is this event?
A. reconnaissance
B. delivery
C. weaponization
D. installation
Answer: D
NEW QUESTION 347
What is sliding window anomaly detection?
A. Detect changes in operations and management processes.
B. Define response times for requests for owned applications.
C. Apply lowest privilege/permission level to software.
D. Identify uncommon patterns that do not fit usual behavior.
Answer: D
NEW QUESTION 348
Which type of attack is a blank email with the subject “price deduction” that contains a malicious attachment?
A. integrity violation
B. smishing
C. phishing attack
D. man-in-the-middle attack
Answer: C
NEW QUESTION 349
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints, via Cisco StealthWatch. What are the two next steps of the SOC team according to the NIST.SP800-61 incident handling process? (Choose two.)
A. Update antivirus signature databases on affected endpoints to block connections to C&C.
B. Isolate affected endpoints and take disk images for analysis.
C. Block connection to this C&C server on the perimeter next-generation firewall.
D. Provide security awareness training to HR managers and employees.
E. Detect the attack vector and analyze C&C connections.
Answer: BE
NEW QUESTION 350
An organization that develops high-end technology is going through an internal audit. The organization uses two databases. The main database stores patent information and a secondary database stores employee names and contact information. A compliance team is asked to analyze the infrastructure and identify protected data. Which two types of protected data should be identified? (Choose two.)
A. Payment Card Industry (PCI)
B. Sarbanes-Oxley (SOX)
C. Intellectual Property (IP)
D. Protected Health Information (PHI)
E. Personally Identifiable Information (PII)
Answer: CE
NEW QUESTION 351
Which option describes indicators of attack?
A. blocked phishing attempt on a company
B. spam emails on an employee workstation
C. virus detection by the AV software
D. malware reinfection within a few minutes of removal
Answer: D
NEW QUESTION 352
What is a difference between a threat and a risk?
A. A threat can be people, property, or information, and risk is a probability by which these threats may bring harm to the business.
B. A risk is a flaw or hole in security, and a threat is what is being used against that flaw.
C. A risk is an intersection between threat and vulnerabilities, and a threat is what a security engineer is trying to protect against.
D. A threat is a sum of risks, and a risk itself represents a specific danger toward the asset.
Answer: C
NEW QUESTION 353
A SOC analyst observed Ursnif malware at the SIEM dashboard. The analyst opened the PCAP file to search the certificate issue data. Where must the analyst navigate?
A. under the rdnSequence line
B. under the validity line
C. under the subject
D. under the signed certificate
Answer: B
NEW QUESTION 354
Which technique is a low-bandwidth attack?
A. evasion
B. phishing
C. session hijacking
D. social engineering
Answer: A
NEW QUESTION 355
What matches the regular expression c(rgr)+e?
A. c(rgr)e
B. crgrrgre
C. crgr+e
D. ce
Answer: B
NEW QUESTION 356
Which classification of cross-site scripting attack executes the payload without storing it for repeated use?
A. CSRF
B. reflective
C. DOM
D. stored
Answer: B
NEW QUESTION 357
Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?
A. replay
B. SQL injection
C. dictionary
D. cross-site scripting
Answer: C
NEW QUESTION 358
What is the purpose of a ransomware attack?
A. to escalate privileges
B. to make files inaccessible by encrypting the data
C. to send keystrokes to a threat actor
D. to decrypt encrypted data and disks
Answer: B
NEW QUESTION 359
A company’s cyber security team performed a phishing simulation campaign for employees and performed security awareness trainings to affected personal. According to NIST.SP800-61, at which phase of incident response is this action?
A. post-incident activity phase
B. detection and analyze phase
C. preparation phase
D. eradication and recovery phase
Answer: C
NEW QUESTION 360
What do host-based firewalls protect workstations from?
A. viruses
B. unwanted traffic
C. zero-day vulnerabilities
D. malicious web scripts
Answer: B
NEW QUESTION 361
Which type of data must an engineer capture to analyze payload and header information?
A. full packet
B. frame check sequence
C. alert data
D. session logs
Answer: A
NEW QUESTION 362
……
New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (365 Q&As –> 424 Q&As)
P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR