« 返回题库列表通过2026年更新的练习测试来顺利通过200-201考试。Cisco 200-201 CBROPS | 思博网络
确保你在其中取得成功。
200-201使用我们更新的2026年模拟试题来参加CBROPS考试。 我们的平台提供了丰富的考试资料,包括样题和模拟考试等,这些资料旨在帮助您更好地准备考试。 通过我们精心挑选的内容,您可以深入了解诸如安全概念、安全监控以及基于主机的分析等核心主题。 请使用我们的考试模拟系统来熟悉考试形式,并提升你的应试技巧。 可以查看考试答案和题目,从而加深你的理解,增强你的自信心。 向那些不可靠的考试说再见吧。
倾倒/丢弃我们提供可靠的备考资料,帮助您轻松通过考试。
在线通过历年真题,你可以评估自己的准备情况,并有效地调整自己的学习策略。从今天开始做好准备,争取在CyberOps Associate认证考试中取得优异成绩吧。
问题 #1
An employee received an email from a colleague's address asking for the password for the domain controller. The employee noticed a missing letter within the sender's address. What does this incident describe?
A. brute-force attack.
B. insider attack.
C. shoulder surfing.
D. social engineering.
问题 #2
Topic 1Which process is used when IPS events are removed to improve data integrity?
A. data availability
B. data normalization
C. data signature
D. data protection
问题 #3
Topic 1How is attacking a vulnerability categorized?
A. action on objectives
B. delivery
C. exploitation
D. installation
问题 #4
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. Tapping interrogation replicates signals to a separate port for analyzing traffic
B. Tapping interrogations detect and block malicious traffic
C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policiesD. Inline interrogation detects malicious traffic but does not block the traffic
问题 #5
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs. Which technology should be used to accomplish this task?
A. application whitelisting/blacklisting
B. network NGFWC. host-based IDS
D. antivirus/antispyware software
问题 #6
Which application protocol is in this PCAP file?
A. SSH
B. TCP
C. TLS
D. HTTP
问题 #7
Topic 1What is rule-based detection when compared to statistical detection?
A. proof of a user's identity
B. proof of a user's action
C. likelihood of user's action
D. falsification of a user's identity
问题 #8
Topic 1Which security principle is violated by running all processes as root or administrator?
A. principle of least privilege
B. role-based access control
C. separation of duties
D. trusted computing base
问题 #9
Topic 1What is a difference between SOAR and SIEM?
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. SOAR receives information from a single platform and delivers it to a SIEM
D. SIEM receives information from a single platform and delivers it to a SOAR
问题 #10
Topic 1One of the objectives of information security is to protect the CIA of information and systems.What does CIA mean in this context?
A. confidentiality, identity, and authorization
B. confidentiality, integrity, and authorization
C. confidentiality, identity, and availability
D. confidentiality, integrity, and availability
问题 #11
What is the potential threat identified in this Stealthwatch dashboard?
A. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
B. Host 152.46.6.91 is being identified as a watchlist country for data transfer.
C. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
D. Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.
问题 #12
A cyberattacker notices a security flaw in a software that a company is using They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software To which category of the Cyber Kill Cham model does this event belong?
A. reconnaissance.
B. delivery.
C. weaponization.
D. exploitation.
问题 #13
Topic 1What is the virtual address space for a Windows process?
A. physical location of an object in memory
B. set of pages that reside in the physical memory
C. system-level memory protection feature built into the operating system
D. set of virtual memory addresses that can be used
问题 #14
Which regular expression matches "color" and "colour"?
A. colo?ur
B. col[0−8]+our
C. colou?r
D. col[0−9]+our
问题 #15
Refer to the exhibit. A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?
A. employee 5.
B. employee 3.
C. employee 4.
D. employee 2.
问题 #16
What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?
A. insert TCP subdissectors
B. extract a file from a packet capture
C. disable TCP streams
D. unfragment TCP
问题 #17
Topic 1An analyst is investigating an incident in a SOC environment.Which method is used to identify a session from a group of logs?
A. sequence numbers
B. IP identifier
C. 5-tuple
D. timestamps
问题 #18
Topic 1What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously
问题 #19
Topic 1A user received a malicious attachment but did not run it.Which category classifies the intrusion?
A. weaponization
B. reconnaissance
C. installation
D. delivery
问题 #20
A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers A SOC analyst checked the endpoints and discovered that they are infected and became part of the botnet Endpoints are sending multiple DNS requests but with spoofed IP addresses of valid external sources What kind of attack are infected endpoints involved in1?
A. DNS hijacking.
B. DNS tunneling.
C. DNS flooding.
D. DNS amplification.
问题 #21
This request was sent to a web application server driven by a database. Which type of web server attack is represented?
A. parameter manipulation
B. heap memory corruption
C. command injectionD. blind SQL injection
问题 #22
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
A. The computer has a HIPS installed on it.
B. The computer has a NIPS installed on it.
C. The computer has a HIDS installed on it.
D. The computer has a NIDS installed on it.
问题 #23
Topic 1What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
B. MAC is the strictest of all levels of control and DAC is object-based access
C. DAC is controlled by the operating system and MAC is controlled by an administrator
D. DAC is the strictest of all levels of control and MAC is object-based access
问题 #24
What is a difference between SOAR and SIEM?
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. SOAR receives information from a single platform and delivers it to a SIEM
D. SIEM receives information from a single platform and delivers it to a SOAR
问题 #25
What does the output indicate about the server with the IP address 172.18.104.139?
A. open ports of a web server
B. open port of an FTP server
C. open ports of an email server
D. running processes of the server
问题 #26
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence
问题 #27
Topic 1Which security principle requires more than one person is required to perform a critical task?
A. least privilege
B. need to know
C. separation of duties
D. due diligence
问题 #28
What is a difference between SI EM and SOAR security systems?
A. SOAR ingests numerous types of logs and event data infrastructure components and SIEM can fetch data from endpoint security software and external threat intelligence feeds.
B. SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks.
C. SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts.
D. SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data antivirus logs, firewall logs, and hashes of downloaded files.
问题 #29
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification. Which information is available on the server certificate?
A. server name, trusted subordinate CA, and private key
B. trusted subordinate CA, public key, and cipher suites
C. trusted CA name, cipher suites, and private key
D. server name, trusted CA, and public key
问题 #30
Topic 1Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file
问题 #31
Topic 1Which principle is being followed when an analyst gathers information relevant to a security incident to determine theappropriate course of action?
A. decision making
B. rapid response
C. data mining
D. due diligence
问题 #32
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
A. SFlow
B. NetFlow
C. NFlow
D. IPFIX
问题 #33
Topic 1What is the practice of giving employees only those permissions necessary to perform their specific role within anorganization?
A. least privilege
B. need to know
C. integrity validation
D. due diligence
闽公网安备 35012102500533号
|
闽ICP备18010967号-7