Cisco 200-201 CCNACBR Exam Questions Instant Access

Question 1

Which incidence response step includes identifying all hosts affected by an attack?

Adetection and analysis

Bpost-incident activity

Cpreparation

Dcontainment, eradication, and recovery

Answer : A

The 'detection and analysis' phase of incident response includes identifying all hosts affected by an attack.This step involves analyzing the scope of the incident, determining which systems and data are impacted, and understanding the nature of the attack to inform subsequent containment and eradication efforts45.

CrowdStrike's overview of incident response frameworks and steps4.

VCEGuide's explanation of incident response steps

Question 2

Which event is user interaction?

Againing root access

Bexecuting remote code

Creading and writing file permission

Dopening a malicious file

Answer : D

User interaction is any event that requires the user to perform an action that enables or facilitates a cyberattack. Opening a malicious file is an example of user interaction, as it can trigger the execution of malicious code or malware that can compromise the system or network. Gaining root access, executing remote code, and reading and writing file permissions are not user interactions, but rather actions that can be performed by an attacker after exploiting a vulnerability or bypassing security controls.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco,More than 99% of cyberattacks rely on human interaction

Question 3

Refer to the exhibit.

Refer to the exhibit. A security engineer receives several alerts from the SNORT IPS/IDS reporting malicious traffic. What should the engineer understand by examining the SNORT logs?

AA remote threat performs an EternalBlue attack on a Windows system on several ports.

BAn inside threat performs an EternalBlue attack on hosts 192.168.2.101 and 192.168.200.10 on port 445.

CA remote threat performs an EternalBlue attack on several hosts and different ports.

DAn inside threat performs an EternalBlue attack on a Windows system on port 445.

Answer : C

Question 4

Which tool provides a full packet capture from network traffic?

ANagios

BCAINE

CHydra

DWireshark

Answer : D

Wireshark is a widely-used network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network.It provides full packet capture capabilities, enabling detailed analysis of network traffic.Reference: This is supported by the CBROPS course materials, which discuss security monitoring and the analysis of network traffic, including full packet capture tools like Wireshark

Question 5

Which type of evasion technique is accomplished by separating the traffic into smaller segments before transmitting across the network?

Atunneling

Bfragmentation

Cencryption

Dproxies

Answer : B

Question 6

A forensic investigator is analyzing a recent breach case. An external USB drive was discovered to be connected and transmitting the data outside of the organization, and the owner of the USB drive could not be identified. Video surveillance shows six people during a two-month period had close contact with the affected asset. How must this type of evidence be categorized?

AIndirect evidence

BDirect evidence

CCorroborative evidence

DBest evidence

Answer : A

Question 7

What is the difference between attack surface and vulnerability?

AAn attack surface is a way of taking advantage of a system or resource, and a vulnerability is a specific technique utilized by the vulnerability.

BA vulnerability describes how software or a system is exposed to potential attacks, and an attack surface is an actual weakness that exposes the potential risk.

CA vulnerability is a way of taking advantage of a system or resource, and an attack surface is a specific technique utilized by the vulnerability.

DAn attack surface describes how software or a system is exposed to potential attacks, and a vulnerability is an actual weakness that exposes the potential risk.

Answer : D

Cisco Understanding Cisco Cybersecurity Operations Fundamentals 200-201 CCNACBR Exam Questions