Ask Question
Cisco 200-201 Practice Test - Questions Answers, Page 11
List of questions
Question 101
Refer to the exhibit.
Which event is occurring?
A binary named 'submit' is running on VM cuckoo1.
A binary is being submitted to run on VM cuckoo1
A binary on VM cuckoo1 is being submitted for evaluation
A URL is being evaluated to see if it has a malicious binary
The command ''$ cuckoo submit --machine cuckoo1 /path/to/binary'' indicates that a binary located at ''/path/to/binary'' is being submitted to be run on a virtual machine named ''cuckoo1''. This is a common practice in cybersecurity to analyze the behavior of suspicious files in an isolated environment.Reference: Cisco Cybersecurity documents or resources are needed for more detailed information.
Question 102
Refer to the exhibit.
In which Linux log file is this output found?
/var/log/authorization.log
/var/log/dmesg
var/log/var.log
/var/log/auth.log
The /var/log/auth.log file contains information about authentication and authorization events on a Linux system, such as successful and failed logins, sudo commands, and SSH sessions. The output in the exhibit shows a failed login attempt from a user named ''root'' using SSH.Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01101.html
Question 103
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)
signatures
host IP addresses
file size
dropped files
domain names
To investigate the callouts made post infection, it's essential to know where the callouts were made to (domain names) and from which host IP addresses they originated. This information can help trace back the source and destination, aiding in understanding the nature of the callouts.Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Working_with_Indicators_of_Compromise.html
Question 104
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
queries Linux devices that have Microsoft Services for Linux installed
deploys Windows Operating Systems in an automated fashion
is an efficient tool for working with Active Directory
has a Common Information Model, which describes installed hardware and software
Windows Management Instrumentation (WMI) provides a unified way for users to request system information, including hardware and software inventory data. The Common Information Model (CIM) is an open standard that defines how managed elements in an IT environment are represented as a common set of objects and relationships between them.Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01100.html
Question 105
What causes events on a Windows system to show Event Code 4625 in the log messages?
The system detected an XSS attack
Someone is trying a brute force attack on the network
Another device is gaining root access to the system
A privileged user successfully logged into the system
Event Code 4625 in Windows logs indicates a failed logon attempt. This could be a sign of someone trying to guess the credentials of a valid user account by repeatedly trying different passwords or usernames. This is known as a brute force attack and can be used to gain unauthorized access to a system or network.Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01110.html
Question 106
Refer to the exhibit.
What does the message indicate?
an access attempt was made from the Mosaic web browser
a successful access attempt was made to retrieve the password file
a successful access attempt was made to retrieve the root of the website
a denied access attempt was made to retrieve the password file
Question 107
Refer to the exhibit.
This request was sent to a web application server driven by a database. Which type of web server attack is represented?
parameter manipulation
heap memory corruption
command injection
blind SQL injection
Question 108
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?
application identification number
active process identification number
runtime identification number
process identification number
In the context of Linux systems, each active program is tracked using aprocess identification number (PID). The PID is a unique number that the system uses to refer to a specific process, which is an instance of an executed program. This allows the system and the SOC analyst to monitor and manage different processes, including those initiated by users, the system itself, or by applications.
Question 109
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?
best evidence
corroborative evidence
indirect evidence
forensic evidence
The source IP address from an audit log that indicates a session which may have exploited a vulnerability is consideredcorroborative evidence. This type of evidence supports other evidence that suggests a security breach occurred. In the context of cybersecurity, corroborative evidence can help establish that an attack was carried out and can be used in conjunction with other data points to build a case during an investigation.
Question 110
Which system monitors local system operation and local network access for violations of a security policy?
host-based intrusion detection
systems-based sandboxing
host-based firewall
antivirus
Ahost-based intrusion detection system (HIDS)monitors a computer system for suspicious activity by analyzing events occurring within that host. It can detect malicious activities and security policy violations by examining system calls, application logs, file-system modifications (such as rootkit installations), and other host activities. HIDS is an essential component in safeguarding the IT infrastructure against unauthorized access and security breaches.
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question