Page: 1
/ 14
Total 331 questions
Cisco 200-201 Understanding Cisco Cybersecurity Operations Fundamentals CBROPS Exam Practice Test
Question 1
What is a comparison between rule-based and statistical detection?
Answer : C
Rule-based detection methods rely on predefined rules and patterns that are known beforehand. These rules are created based on prior knowledge of what constitutes normal and abnormal behavior.
Statistical detection, on the other hand, involves analyzing data to identify anomalies. It is based on assumptions about what normal behavior looks like and uses statistical methods to detect deviations from this norm.
Rule-based systems are typically straightforward but may miss novel attacks that do not match existing rules.
Statistical methods can detect previously unknown threats by recognizing patterns that deviate from established baselines but may produce more false positives.
Intrusion Detection Systems (IDS) Concepts
Comparative Studies on Rule-based and Statistical Anomaly Detection
Understanding Anomaly Detection in Network Security
Question 2
An engineer configured regular expression ''.''\.(pd][Oo][Cc)|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1 .[01]" on Cisco ASA firewall. What does this regular expression do?
Answer : D
The regular expression provided is: .\.(pd][Oo][Cc)|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1 .[01]
This regular expression is designed to match file extensions for Word (.doc), Excel (.xls), and PowerPoint (.ppt) files in HTTP network sessions.
The regular expression uses character classes and alternatives to match different case variations of these file extensions.
The part .\.(pd][Oo][Cc)|[Xx][LI][Ss]|[Pp][Pp][Tt]) matches the file extensions, and HTTP/1 .[01] ensures that the match is in the context of HTTP version 1.0 or 1.1.
Cisco ASA Regular Expressions Documentation
Understanding Regular Expressions in Network Security
Filtering and Capturing HTTP Traffic with Regex
Question 3
A security engineer must protect the company from known issues that trigger adware. Recently new incident has been raised that could harm the system. Which security concepts are present in this scenario?
Answer : D
The security scenario involves protecting the company from known issues that trigger adware and addressing a recent incident that could harm the system.
This scenario involves identifying vulnerabilities (weaknesses in the system that can be exploited) and threats (potential harm that can exploit these vulnerabilities).
A vulnerability is an inherent flaw in the system, while a threat is an event or condition that has the potential to exploit the vulnerability.
The security engineer needs to assess both the vulnerabilities present and the threats that could exploit these vulnerabilities to implement effective protection measures.
Cisco Cybersecurity Operations Fundamentals
Concepts of Vulnerability and Threat in Cybersecurity
Best Practices in Vulnerability Management
Question 4
Refer to the exhibit.
What does this Cuckoo sandbox report indicate?
Answer : C
The Cuckoo sandbox report shows the analysis results of a file named 'VirusShare_fc1937c1aa536b3744ebfb1716fd5f4d'.
The file type is identified as a PE32 executable for MS Windows.
The 'Yara' section indicates that the file contains shellcode, which matches specific shellcode byte patterns.
Shellcode typically indicates that the file will execute a payload, often used to open a command interpreter or execute commands directly.
Additionally, the antivirus result shows that the file was identified as containing a trojan (Trojan.Generic.7654828), which is consistent with behaviors such as opening a command interpreter for malicious purposes.
Cuckoo Sandbox Documentation
Analysis of Shellcode Behavior
Understanding Trojan Malware Functionality
Question 5
An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmatware2022-12-22.pcaps file. The engineer is trying to open the tcpdump in the Wireshark tool. What is the expected result?
Answer : B
Wireshark is a widely used network protocol analyzer that supports various capture file formats, including those generated by tcpdump.
The .pcap extension is a standard format for packet capture files and is fully supported by Wireshark.
The file extension or the inclusion of characters such as '-' in the file name does not impact Wireshark's ability to open and read the file.
When the engineer opens the sandboxmatware2022-12-22.pcaps file in Wireshark, the tool will read the packet capture data, allowing for detailed analysis of network traffic.
Cisco Cybersecurity Operations Fundamentals
Wireshark User Guide
tcpdump and libpcap Documentation
Question 6
An engineer must configure network systems to detect command-and-control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology must be used to accomplish this task?
Answer : C
Digital certificates are essential for decrypting ingress and egress perimeter traffic, as they provide the necessary encryption keys for secure communications. By using digital certificates, network security devices can inspect the decrypted traffic to detect any malicious outbound communications that may indicate command-and-control activity.
Question 7
Which technique is a low-bandwidth attack?
All Official Question Types