Cisco (200-201-CBROPS) Exam Questions And Answers page 2
Refer to the exhibit. An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
The file has an embedded non-Windows executable but no suspicious features are identified.
The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
Security Monitoring and Analysis
What is the impact of false positive alerts on business compared to true positive?
True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.
True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks identified as harmless.
False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.
False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.
Security Monitoring and Analysis
Data and Event Analysis
What specific type of analysis is assigning values to the scenario to see expected outcomes?
deterministic
exploratory
probabilistic
descriptive
Data and Event Analysis
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
A policy violation is active for host 10.10.101.24.
A host on the network is sending a DDoS attack to another inside host.
There are two active data exfiltration alerts.
A policy violation is active for host 10.201.3.149.
Security Operations and Technology
Security Monitoring and Analysis
What is the relationship between a vulnerability and a threat?
A threat exploits a vulnerability
A vulnerability is a calculation of the potential loss caused by a threat
A vulnerability exploits a threat
A threat is a calculation of the potential loss caused by a vulnerability
Security Operations and Technology
Security Monitoring and Analysis
An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)
management and reporting
traffic filtering
adaptive AVC
metrics collection and exporting
application recognition
Security Monitoring and Analysis
Data and Event Analysis
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
Which type of evidence is this?
best evidence
prima facie evidence
indirect evidence
physical evidence
Security Operations and Technology
Security Monitoring and Analysis
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
The computer has a HIPS installed on it.
The computer has a NIPS installed on it.
The computer has a HIDS installed on it.
The computer has a NIDS installed on it.
Security Monitoring and Analysis
Incident Response
What are two examples of denial of service attacks?
Multiple Choice
What are two denial of service attacks? (Choose two.)
MITM
TCP connections
ping of death
UDP flooding
code red
Security Operations and Technology
Security Monitoring and Analysis
What is a difference between signature-based and behavior-based detection?
Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.
Security Operations and Technology
Security Monitoring and Analysis
Comments