ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 11

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 101

Report
Export
Collapse

Refer to the exhibit.

Which event is occurring?

A.

A binary named 'submit' is running on VM cuckoo1.

A.

A binary named 'submit' is running on VM cuckoo1.

Answers
B.

A binary is being submitted to run on VM cuckoo1

B.

A binary is being submitted to run on VM cuckoo1

Answers
C.

A binary on VM cuckoo1 is being submitted for evaluation

C.

A binary on VM cuckoo1 is being submitted for evaluation

Answers
D.

A URL is being evaluated to see if it has a malicious binary

D.

A URL is being evaluated to see if it has a malicious binary

Answers
Suggested answer: B

Explanation:

The command ''$ cuckoo submit --machine cuckoo1 /path/to/binary'' indicates that a binary located at ''/path/to/binary'' is being submitted to be run on a virtual machine named ''cuckoo1''. This is a common practice in cybersecurity to analyze the behavior of suspicious files in an isolated environment.Reference: Cisco Cybersecurity documents or resources are needed for more detailed information.

Question 102

Report
Export
Collapse

Refer to the exhibit.

In which Linux log file is this output found?

A.

/var/log/authorization.log

A.

/var/log/authorization.log

Answers
B.

/var/log/dmesg

B.

/var/log/dmesg

Answers
C.

var/log/var.log

C.

var/log/var.log

Answers
D.

/var/log/auth.log

D.

/var/log/auth.log

Answers
Suggested answer: D

Explanation:

The /var/log/auth.log file contains information about authentication and authorization events on a Linux system, such as successful and failed logins, sudo commands, and SSH sessions. The output in the exhibit shows a failed login attempt from a user named ''root'' using SSH.Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01101.html

Question 103

Report
Export
Collapse

An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.

Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

A.

signatures

A.

signatures

Answers
B.

host IP addresses

B.

host IP addresses

Answers
C.

file size

C.

file size

Answers
D.

dropped files

D.

dropped files

Answers
E.

domain names

E.

domain names

Answers
Suggested answer: B, E

Explanation:

To investigate the callouts made post infection, it's essential to know where the callouts were made to (domain names) and from which host IP addresses they originated. This information can help trace back the source and destination, aiding in understanding the nature of the callouts.Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Working_with_Indicators_of_Compromise.html

Question 104

Report
Export
Collapse

An analyst is exploring the functionality of different operating systems.

What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

A.

queries Linux devices that have Microsoft Services for Linux installed

A.

queries Linux devices that have Microsoft Services for Linux installed

Answers
B.

deploys Windows Operating Systems in an automated fashion

B.

deploys Windows Operating Systems in an automated fashion

Answers
C.

is an efficient tool for working with Active Directory

C.

is an efficient tool for working with Active Directory

Answers
D.

has a Common Information Model, which describes installed hardware and software

D.

has a Common Information Model, which describes installed hardware and software

Answers
Suggested answer: D

Explanation:

Windows Management Instrumentation (WMI) provides a unified way for users to request system information, including hardware and software inventory data. The Common Information Model (CIM) is an open standard that defines how managed elements in an IT environment are represented as a common set of objects and relationships between them.Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01100.html

Question 105

Report
Export
Collapse

What causes events on a Windows system to show Event Code 4625 in the log messages?

A.

The system detected an XSS attack

A.

The system detected an XSS attack

Answers
B.

Someone is trying a brute force attack on the network

B.

Someone is trying a brute force attack on the network

Answers
C.

Another device is gaining root access to the system

C.

Another device is gaining root access to the system

Answers
D.

A privileged user successfully logged into the system

D.

A privileged user successfully logged into the system

Answers
Suggested answer: B

Explanation:

Event Code 4625 in Windows logs indicates a failed logon attempt. This could be a sign of someone trying to guess the credentials of a valid user account by repeatedly trying different passwords or usernames. This is known as a brute force attack and can be used to gain unauthorized access to a system or network.Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01110.html

Question 106

Report
Export
Collapse

Refer to the exhibit.

What does the message indicate?

A.

an access attempt was made from the Mosaic web browser

A.

an access attempt was made from the Mosaic web browser

Answers
B.

a successful access attempt was made to retrieve the password file

B.

a successful access attempt was made to retrieve the password file

Answers
C.

a successful access attempt was made to retrieve the root of the website

C.

a successful access attempt was made to retrieve the root of the website

Answers
D.

a denied access attempt was made to retrieve the password file

D.

a denied access attempt was made to retrieve the password file

Answers
Suggested answer: C

Question 107

Report
Export
Collapse

Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

A.

parameter manipulation

A.

parameter manipulation

Answers
B.

heap memory corruption

B.

heap memory corruption

Answers
C.

command injection

C.

command injection

Answers
D.

blind SQL injection

D.

blind SQL injection

Answers
Suggested answer: D

Question 108

Report
Export
Collapse

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

A.

application identification number

A.

application identification number

Answers
B.

active process identification number

B.

active process identification number

Answers
C.

runtime identification number

C.

runtime identification number

Answers
D.

process identification number

D.

process identification number

Answers
Suggested answer: D

Explanation:

In the context of Linux systems, each active program is tracked using aprocess identification number (PID). The PID is a unique number that the system uses to refer to a specific process, which is an instance of an executed program. This allows the system and the SOC analyst to monitor and manage different processes, including those initiated by users, the system itself, or by applications.

Question 109

Report
Export
Collapse

An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.

Which kind of evidence is this IP address?

A.

best evidence

A.

best evidence

Answers
B.

corroborative evidence

B.

corroborative evidence

Answers
C.

indirect evidence

C.

indirect evidence

Answers
D.

forensic evidence

D.

forensic evidence

Answers
Suggested answer: B

Explanation:

The source IP address from an audit log that indicates a session which may have exploited a vulnerability is consideredcorroborative evidence. This type of evidence supports other evidence that suggests a security breach occurred. In the context of cybersecurity, corroborative evidence can help establish that an attack was carried out and can be used in conjunction with other data points to build a case during an investigation.

Question 110

Report
Export
Collapse

Which system monitors local system operation and local network access for violations of a security policy?

A.

host-based intrusion detection

A.

host-based intrusion detection

Answers
B.

systems-based sandboxing

B.

systems-based sandboxing

Answers
C.

host-based firewall

C.

host-based firewall

Answers
D.

antivirus

D.

antivirus

Answers
Suggested answer: A

Explanation:

Ahost-based intrusion detection system (HIDS)monitors a computer system for suspicious activity by analyzing events occurring within that host. It can detect malicious activities and security policy violations by examining system calls, application logs, file-system modifications (such as rootkit installations), and other host activities. HIDS is an essential component in safeguarding the IT infrastructure against unauthorized access and security breaches.

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms