Understanding Cisco Cybersecurity Operations Fundamentals (200-201) Free Practice Test

Question 1

An engineer is working on a ticket for an incident from the incident management team A week ago. an external web application was targeted by a DDoS attack Server resources were exhausted and after two hours it crashed. An engineer was able to identify the attacker and technique used Three hours after the attack, the server was restored and the engineer recommended implementing mitigation by Blackhole filtering and transferred the incident ticket back to the IR team According to NIST SP800-61, at which phase of the incident response did the engineer finish work?

A. detection and analysis

B. preparation

C. containment eradication and recovery

D. post-incident activity

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

Which system monitors local system operation and local network access for violations of a security policy?

A. systems-based sandboxing

B. antivirus

C. host-based firewall

D. host-based intrusion detection

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which regular expression matches loopback IP address (127.0.0.1)?

A. %127.0.0.1%

B. &127%0%0%1

C. 127[.0.].0.\

D. 127\.0\.0\.1

Correct Answer: D

Question 4

How does the approach of a behavioral detection system to identifying security threats compare to that of a rule-based detection system?

A. Behavioral detection is easier to deploy without rules, and rule-based needs historical data.

B. Rule-based detection excels at APT hunts with updates, and behavioral focuses on anomalies.

C. Rule-based detection is effective with fewer false positives, and behavioral adapts over time.

D. Behavioral detection is adaptive to deviations, and rule-based detection uses static rules.

Correct Answer: D

Question 5

An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario'?

A. X.509 certificates

B. web application firewall

C. RADIUS server

D. CA server

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Refer to the exhibit. A SOC team member receives a case from his colleague with notes attached. The artifacts and alerts associated with the case must be analyzed and a conclusion must be provided. What is the cause of the alert?

A. An insider threat compromised the service account to delete sensitive data.

B. A ransomware attack is underway, encrypting files and deleting originals.

C. A misconfigured backup process malfunctioned, causing unexpected file changes.

D. External attackers gained access and are exfiltrating data stealthily.

Correct Answer: B

Question 7

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

A. reconnaissance

B. installation

C. exploitation

D. action on objectives

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

An engineer received an alert affecting the degraded performance of a critical server Analysis showed a heavy CPU and memory load What is the next step the engineer should take to investigate this resource usage7

A. Run "ps -u" to find out who executed additional processes that caused a high load on a server

B. Run "ps -d" to decrease the priority state of high-load processes to avoid resource exhaustion

C. Run "ps -m" to capture the existing state of daemons and map the required processes to find the gap

D. Run "ps -ef to understand which processes are taking a high amount of resources

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

What is a characteristic of a temporal score in CVSS?

A. It can change over time

B. It is defined by impacted users

C. It depends on the environment

D. It has a vendor fixed value

Correct Answer: C

Question 10

What is the relationship between a vulnerability and a threat?

A. A threat exploits a vulnerability

B. A threat is a calculation of the potential loss caused by a vulnerability

C. A vulnerability is a calculation of the potential loss caused by a threat

D. A vulnerability exploits a threat

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

What is the function of a command and control server?

A. It drops secondary payload into malware

B. It sends instruction to a compromised system

C. It enumerates open ports on a network device

D. It is used to regain control of the network after a compromise

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

Refer to the exhibit.

Which component is identifiable in this exhibit?

A. local service in the Windows Services Manager

B. Windows PowerShell verb

C. Trusted Root Certificate store on the local machine

D. Windows Registry hive

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Cisco Understanding Cisco Cybersecurity Operations Fundamentals (200-201) Free Practice Test