What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

Untampered images are used in the security investigation process

The image is untampered if the stored hash and the computed hash match

Untampered images are used in the security investigation process

Tampered images are used in the security investigation process

The image is tampered if the stored hash and the computed hash match

Tampered images are used in the incident recovery process

The image is untampered if the stored hash and the computed hash match

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.

Host 152.46.6.91 is being identified as a watchlist country for data transfer.

Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.

Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

There are two active data exfiltration alerts.

A policy violation is active for host 10.10.101.24.

A host on the network is sending a DDoS attack to another inside host.

There are two active data exfiltration alerts.

A policy violation is active for host 10.201.3.149.

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

data from a CD copied using Mac-based system

data from a CD copied using Linux system

data from a DVD copied using Windows system

data from a CD copied using Windows

Why is encryption challenging to security monitoring?

Encryption is used by threat actors as a method of evasion and obfuscation.

Encryption analysis is used by attackers to monitor VPN tunnels.

Encryption is used by threat actors as a method of evasion and obfuscation.

Encryption introduces additional processing requirements by the CPU.

Encryption introduces larger packet sizes to analyze and store.

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

The threat actor gained access to the system by known credentials.

The threat actor used a dictionary-based password attack to obtain credentials.

The threat actor gained access to the system by known credentials.

The threat actor used the teardrop technique to confuse and crash login services.

The threat actor used an unknown vulnerability of the operating system that went undetected.

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

company assets that are threatened

customer assets that are threatened

What is the relationship between a vulnerability and a threat?

A threat exploits a vulnerability

A vulnerability is a calculation of the potential loss caused by a threat

A vulnerability exploits a threat

A threat is a calculation of the potential loss caused by a vulnerability

Refer to the exhibit. What does the output indicate about the server with the IP address 172.18.104.139?

running processes of the server

How does certificate authority impact a security system?

It validates domain identity of a SSL certificate

It authenticates client identity when requesting SSL certificate

It validates domain identity of a SSL certificate

It authenticates domain identity when requesting SSL certificate

It validates client identity when communicating with the server

When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.Which information is available on the server certificate?

server name, trusted CA, and public key

server name, trusted subordinate CA, and private key

trusted subordinate CA, public key, and cipher suites

trusted CA name, cipher suites, and private key

server name, trusted CA, and public key

How does an SSL certificate impact security between the client and the server?

by creating an encrypted channel between the client and the server

by enabling an authenticated channel between the client and the server

by creating an integrated channel between the client and the server

by enabling an authorized channel between the client and the server

by creating an encrypted channel between the client and the server

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

What is the difference between the ACK flag and the RST flag in the NetFlow log session?

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

How is NetFlow different from traffic mirroring?

NetFlow collects metadata and traffic mirroring clones data.

Traffic mirroring impacts switch performance and NetFlow does not.

Traffic mirroring costs less to operate than NetFlow.

NetFlow generates more data than traffic mirroring.

An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?

ransomware communicating after infection

users downloading copyrighted content

user circumvention of the firewall

What is an example of social engineering attacks?

receiving an email from human resources requesting a visit to their secure website to update contact information

receiving an unexpected email from an unknown person with an attachment from someone in the same company

receiving an email from human resources requesting a visit to their secure website to update contact information

sending a verbal request to an administrator who knows how to change an account password

receiving an invitation to the department's weekly WebEx meeting

A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

containment, eradication, and recovery

Cisco 200-201 Practice Test 2 - Free Online Exam Prep & Questions

Question 1 / 40

What does an attacker use to determine which network ports are listening on a potential target device?

man-in-the-middle

port scanning

SQL injection

ping sweep

Comment (0)

Cisco 200-201 Practice Test 2

Question

Cisco 200-201 Practice Tests

Practice Tests