Cisco (200-201-CBROPS) Exam Questions And Answers page 1
Refer to the exhibit. What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?
extract a file from a packet capture
disable TCP streams
unfragment TCP
Security Monitoring and Analysis
What is a difference between data obtained from Tap and SPAN ports?
SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination.
Data and Event Analysis
Which security principle is violated by running all processes as root or administrator?
principle of least privilege
role-based access control
separation of duties
trusted computing base
Security Operations and Technology
Security Monitoring and Analysis
How does a certificate authority impact security?
It authenticates domain identity when requesting an SSL certificate.
It validates client identity when communicating with the server.
It authenticates client identity when requesting an SSL certificate.
It validates the domain identity of the SSL certificate.
Security Operations and Technology
Which component is identifiable in the exhibit?
Single Choice
Refer to the exhibit. Which component is identifiable in this exhibit?
Windows Registry hive
Trusted Root Certificate store on the local machine
Windows PowerShell verb
local service in the Windows Services Manager
Security Monitoring and Analysis
Data and Event Analysis
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
MAC is the strictest of all levels of control and DAC is object-based access
DAC is controlled by the operating system and MAC is controlled by an administrator
DAC is the strictest of all levels of control and MAC is object-based access
Security Operations and Technology
Security Monitoring and Analysis
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is the impact of this traffic?
What is the impact of this traffic?
ransomware communicating after infection
users downloading copyrighted content
data exfiltration
user circumvention of the firewall
Security Operations and Technology
Security Monitoring and Analysis
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
Modify the settings of the intrusion detection system.
Design criteria for reviewing alerts.
Redefine signature rules.
Adjust the alerts schedule.
Security Monitoring and Analysis
Data and Event Analysis
A security incident occurred with the potential of impacting business services. Who performs the attack?
threat actor
malware author
direct competitor
bug bounty hunter
Security Operations and Technology
Security Monitoring and Analysis
Which security monitoring data type requires the largest storage space?
transaction data
statistical data
session data
full packet capture
Security Monitoring and Analysis
Comments