Cisco 200-201 CCNACBR Exam Questions Instant Access

Question 1

What is a Heartbleed vulnerability?

Ainformation disclosure

Bbuffer overflow

Cdenial of service

Dcommand injection

Answer : A

Question 2

A security incident occurred with the potential of impacting business services. Who performs the attack?

Amalware author

Bthreat actor

Cbug bounty hunter

Ddirect competitor

Answer : B

A threat actor is a person or entity that is responsible for an incident that impacts or has the potential to impact an organization's security. A threat actor can have various motivations, such as financial gain, espionage, sabotage, or activism. A threat actor can use various methods, such as malware, phishing, denial-of-service, or social engineering, to perform an attack. A threat actor is not the same as a malware author, a bug bounty hunter, or a direct competitor, although they may be related or associated. A malware author is someone who creates malicious software that can be used by threat actors. A bug bounty hunter is someone who finds and reports vulnerabilities in software or systems for a reward. A direct competitor is someone who offers similar products or services as the organization and may seek to gain an advantage over it.Reference:=Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 87;CNSSI 4009-2015, page 77

Question 3

What does cyber attribution identify in an investigation?

Acause of an attack

Bexploit of an attack

Cvulnerabilities exploited

Dthreat actors of an attack

Answer : D

Cyber attribution identifies the threat actors of an attack in an investigation. Threat actors are the individuals, groups, organizations, or states that are responsible for conducting or sponsoring a cyberattack. Threat actors can have different motives, such as financial gain, espionage, sabotage, activism, or warfare. Cyber attribution can help investigators to determine the identity, location, affiliation, and motivation of the threat actors, as well as to hold them accountable and impose sanctions or legal actions.Reference:= Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.

Question 4

Refer to the exhibit. A security analyst received a ticket about suspicious traffic from one of the workstations. During the investigation, the analyst discovered that the workstation was communicating with an external IP. The analyst could not investigate further and escalated the case to a T2 security analyst. What are the two data visibility challenges that the security analyst should identify? (Choose two.)

AA default user agent is present in the headers.

BTraffic is not encrypted.

CHTTP requests and responses are sent in plaintext.

DPOST requests have a 'Microsoft-IIS/7.5' server header.

EEncrypted data is being transmitted.

Answer : C, E

Question 5

A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

Apost-incident activity

Bdetection and analysis

Cpreparation

Dcontainment, eradication, and recovery

Answer : B

The analyst is in the detection and analysis phase of the incident response process according to NIST SP800-61. In this phase, events are detected and analyzed to determine whether they constitute incidents that require a response. It involves monitoring security events or data collection, correlation, and analysis of log entries and network flow data, among others. The goal is to identify incidents quickly so that appropriate actions can be taken.Reference:= NIST SP800-61, Computer Security Incident Handling Guide, Section 3.2: Detection and Analysis

Question 6

What is the difference between inline traffic interrogation and traffic mirroring?

AInline interrogation is less complex as traffic mirroring applies additional tags to data.

BTraffic mirroring copies the traffic rather than forwarding it directly to the analysis tools

CInline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.

DTraffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.

Answer : B

Traffic mirroring is a technique that copies the traffic from a source port or VLAN to a destination port or VLAN, where it can be analyzed by a security device or tool. Traffic mirroring does not affect the original traffic flow and does not introduce any latency or modification to the packets. Inline traffic interrogation is a technique that forwards the traffic directly to the security device or tool, where it can be inspected and modified before being sent to the destination. Inline traffic interrogation can introduce latency and affect the performance of the network.Reference:

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, Module 2: Security Monitoring, Lesson 2.2: Network Security Monitoring Tools

200-201 CBROPS - Cisco, Exam Topics, 2.0 Security Monitoring, 2.2 Describe the impact of various technologies on security monitoring

Cisco Certified CyberOps Associate Overview - Cisco Learning Network, Videos, 2.2 Describe the impact of various technologies on security monitoring

Question 7

Which step in the incident response process researches an attacking host through logs in a SIEM?

Adetection and analysis

Bpreparation

Ceradication

Dcontainment

Answer : A

In the incident response process, detection and analysis involve researching an attacking host through logs in a Security Information and Event Management (SIEM) system. This step helps in identifying, validating, and managing potential security incidents.Reference:=Cisco CyberOps Associate - Module 3: Security Monitoring

Cisco Understanding Cisco Cybersecurity Operations Fundamentals 200-201 CCNACBR Exam Questions