web analytics

[8-Feb-2022] New 2020 CyberOps 200-201 CBROPS Dumps with VCE and PDF from PassLeader (Update Questions)

New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (261 Q&As –> 278 Q&As)

P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR

NEW QUESTION 241
A company encountered a breach on its web servers using IIS 7.5. During the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1.2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters. Which action does the engineer recommend?

A.    Upgrade to TLS 1.3.
B.    Install the latest IIS version.
C.    Downgrade to TLS 1.1.
D.    Deploy an intrusion detection system.

Answer: B

NEW QUESTION 242
What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?

A.    DAC requires explicit authorization for a given user on a given object, and RBAC requires specific conditions.
B.    RBAC access is granted when a user meets specific conditions, and in DAC, permissions are applied on user and group levels.
C.    RBAC is an extended version of DAC where you can add an extra level of authorization based on time.
D.    DAC administrators pass privileges to users and groups, and in RBAC, permissions are applied to specific groups.

Answer: A

NEW QUESTION 243
Which technology prevents end-device to end-device IP traceability?

A.    encryption
B.    load balancing
C.    NAT/PAT
D.    tunneling

Answer: C

NEW QUESTION 244
What are the two differences between stateful and deep packet inspection? (Choose two.)

A.    Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports.
B.    Deep packet inspection is capable of malware blocking, and stateful inspection is not.
C.    Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates on Layer 3 of the OSI model.
D.    Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.
E.    Stateful inspection is capable of packet data inspections, and deep packet inspection is not.

Answer: AB

NEW QUESTION 245
Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?

A.    evidence collection order
B.    data integrity
C.    data preservation
D.    volatile data collection

Answer: B

NEW QUESTION 246
What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?

A.    APS interrogation is more complex because traffic mirroring applies additional tags to data and SPAN does not alter integrity and provides full duplex network.
B.    SPAN results in more efficient traffic analysis, and TAPS is considerably slower due to latency caused by mirroring.
C.    TAPS replicates the traffic to preserve integrity, and SPAN modifies packets before sending them to other analysis tools.
D.    SPAN ports filter out physical layer errors, making some types of analyses more difficult, and TAPS receives all packets, including physical errors.

Answer: A

NEW QUESTION 247
Which information must an organization use to understand the threats currently targeting the organization?

A.    threat intelligence
B.    risk scores
C.    vendor suggestions
D.    vulnerability exposure

Answer: A

NEW QUESTION 248
What is threat hunting?

A.    Managing a vulnerability assessment report to mitigate potential threats.
B.    Focusing on proactively detecting possible signs of intrusion and compromise.
C.    Pursuing competitors and adversaries to infiltrate their system to acquire intelligence data.
D.    Attempting to deliberately disrupt servers by altering their availability.

Answer: A

NEW QUESTION 249
An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age. The engineer must identify protected data. Which two types of data must be identified? (Choose two.)

A.    SOX
B.    PII
C.    PHI
D.    PCI
E.    copyright

Answer: BC

NEW QUESTION 250
What describes the impact of false-positive alerts compared to false-negative alerts?

A.    A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised.
B.    A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring.
C.    A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
D.    A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Answer: C

NEW QUESTION 251
When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

A.    full packet capture
B.    NetFlow data
C.    session data
D.    firewall logs

Answer: A

NEW QUESTION 252
What is the difference between deep packet inspection and stateful inspection?

A.    Deep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4.
B.    Deep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention.
C.    Stateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention.
D.    Stateful inspection verifies data at the transport layer and deep packet inspection verifies data at the application layer.

Answer: B

NEW QUESTION 253
What is obtained using NetFlow?

A.    session data
B.    application logs
C.    network downtime report
D.    full packet capture

Answer: A

NEW QUESTION 254
How does statistical detection differ from rule-based detection?

A.    Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.
B.    Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules.
C.    Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function Rule-based detection defines.
D.    legitimate data over a period of time, and statistical detection works on a predefined set of rules.

Answer: B

NEW QUESTION 255
What is a benefit of using asymmetric cryptography?

A.    decrypts data with one key
B.    fast data transfer
C.    secure data transfer
D.    encrypts data with one key

Answer: B

NEW QUESTION 256
An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario?

A.    X.509 certificates.
B.    RADIUS server.
C.    CA server.
D.    Web application firewall.

Answer: A

NEW QUESTION 257
A security engineer notices confidential data being exfiltrated to a domain “Ranso4134-mware31- 895” address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

A.    reconnaissance
B.    delivery
C.    action on objectives
D.    weaponization

Answer: D

NEW QUESTION 258
Which of these describes SOC metrics in relation to security incidents?

A.    time it takes to detect the incident
B.    time it takes to assess the risks of the incident
C.    probability of outage caused by the incident
D.    probability of compromise and impact caused by the incident

Answer: A

NEW QUESTION 259
What is the difference between vulnerability and risk?

A.    A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.
B.    A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself.
C.    A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.
D.    A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit.

Answer: B

NEW QUESTION 260
Drag and Drop
Drag and drop the type of evidence from the left onto the description of that evidence on the right.
200-201-Exam-Dumps-2601

Answer:
200-201-Exam-Dumps-2602

NEW QUESTION 261
……


New 2020 CyberOps 200-201 CBROPS exam questions from PassLeader 200-201 dumps! Welcome to download the newest PassLeader 200-201 VCE and PDF dumps: https://www.passleader.com/200-201.html (261 Q&As –> 278 Q&As)

P.S. Free 2020 CyberOps 200-201 CBROPS dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1aj2ghGnPncHmi8GRgirxCZe31EXkG8nR