Cisco 200-201 Understanding Cisco Cybersecurity Operations Fundamentals CBROPS Exam Practice Test

Page: 1 / 14
Total 331 questions
Question 1

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?



Answer : A

TCP injection is an attack where the attacker sends crafted packets into an existing TCP session. These packets appear to be part of the session.

The presence of many SYN packets with the same sequence number, source, and destination IP but different payloads indicates that an attacker might be injecting packets into the session.

This method can be used to disrupt communication, inject malicious commands, or manipulate the data being transmitted.


Understanding TCP Injection Attacks

Analyzing Packet Captures for Injection Attacks

Network Security Monitoring Techniques

Question 2

Which of these is a defense-in-depth strategy principle?



Answer : C

Defense-in-depth is a layered security strategy that aims to protect information and resources through multiple security measures.

One of its key principles is the concept of least privilege, which means providing users and systems with the minimum level of access necessary to perform their job functions.

By assigning only the necessary permissions, the attack surface is reduced, and the potential damage from a compromised account or system is minimized.

This principle helps in mitigating the risk of unauthorized access and limits the capabilities of an attacker if they gain access to an account.


Defense-in-Depth Strategy by NIST

Principle of Least Privilege in Cybersecurity

Layered Security Approach Explained

Question 3

Which type of attack uses a botnet to reflect requests off of an NTP server to overwhelm a target?



Answer : C

A Distributed Denial of Service (DDoS) attack involves multiple compromised devices (botnet) sending a large number of requests to a target server to overwhelm it.

In a specific type of DDoS attack known as an NTP amplification attack, the attacker exploits the Network Time Protocol (NTP) servers by sending small queries with a spoofed source IP address (the target's IP).

The NTP server responds with a much larger reply to the target's IP address, thereby amplifying the traffic directed at the target.

This reflection and amplification technique significantly increases the volume of traffic sent to the target, causing denial of service.


OWASP DDoS Attack Overview

NTP Amplification Attack Explained

Understanding Botnets and Distributed Attacks

Question 4

What is data encapsulation?



Answer : B

Data encapsulation is a process in networking where the protocol stack of the sending host adds headers (and sometimes trailers) to the data.

Each layer of the OSI or TCP/IP model adds its own header to the data as it passes down the layers, preparing it for transmission over the network.

For example, in the TCP/IP model, data starts at the application layer and is encapsulated at each subsequent layer (Transport, Internet, and Network Access) before being transmitted.

This encapsulation ensures that the data is correctly formatted and routed to its destination, where the headers are stripped off in reverse order by the receiving host.


Networking Fundamentals by Cisco

OSI Model and Data Encapsulation Process

Understanding TCP/IP Encapsulation

Question 5

A security engineer must investigate a recent breach within the organization. An engineer noticed that a breached workstation is trying to connect to the domain "Ranso4730-mware92-647". which is known as malicious. In which step of the Cyber Kill Chain is this event?



Answer : D

The event where a breached workstation is trying to connect to a known malicious domain suggests that the attacker is moving towards their end goals, which typically involves actions on objectives.

In the Cyber Kill Chain framework, 'Action on objectives' refers to the steps taken by an attacker to achieve their intended outcomes, such as data exfiltration, destruction, or ransom demands.

This phase involves the attacker executing their final mission within the target environment, leveraging access gained in earlier stages of the attack.


Lockheed Martin Cyber Kill Chain

Understanding the Stages of Cyber Attacks

Incident Response and the Cyber Kill Chain

Question 6

Refer to the exhibit.

Which attack is being attempted against a web application?



Answer : C

The exhibit shows an HTTP GET request with a parameter that includes ; /bin/sh -c id.

This indicates a command injection attempt, where the attacker is trying to execute shell commands on the server.

Command injection vulnerabilities allow an attacker to execute arbitrary commands on the host operating system via a vulnerable application.

The use of /bin/sh and the -c flag is typical in command injection exploits to run shell commands, such as id, which returns user identity information.


OWASP Command Injection

Analyzing HTTP Requests for Injection Attacks

Web Application Security Testing Guidelines

Question 7

According to CVSS, what is attack complexity?



Answer : B

In the Common Vulnerability Scoring System (CVSS), attack complexity refers to the conditions beyond the attacker's control that must exist for the vulnerability to be successfully exploited.

This includes factors such as the need for user interaction, the presence of specific configurations, or network conditions that are not easily controlled by the attacker.

A high attack complexity means that these external factors make exploitation more difficult, while a low attack complexity indicates that fewer such conditions are required.


CVSS v3.1 Specifications Document

Understanding Attack Complexity in Vulnerability Assessments

Cybersecurity Frameworks and Metrics

Page:    1 / 14   
Total 331 questions