Cisco 200-201 Practice Test - Questions Answers, Page 12

The Stealthwatch dashboard indicates that there is an active policy violation associated with host 10.201.3.149. Stealthwatch is a security analytics tool that uses network telemetry to detect and respond to threats. In this case, the dashboard has flagged a policy violation, which means that activity from this host has been detected that goes against the defined security policies, potentially indicating a security threat or unauthorized access.

The difference between tampered and untampered disk images is:

Tampered Images: These are disk images that have beenaltered or modifiedin some way after their initial creation. The stored hash and the computed hash willnot matchif the image has been tampered with.

Untampered Images: These are disk images that havenot been alteredsince their creation. They are consideredauthenticand reliable for forensic investigations. The stored hash and the computed hash willmatch, confirming that the image has remained unchanged.

Therefore, the correct answer is: D. Untampered images are used for forensic investigations.

A sandbox interprocess communication service refers to the mechanisms that allow different processes within a sandboxed environment to communicate with each other. These interfaces are crucial for coordinating activities among processes, especially in a restricted environment like a sandbox where direct interaction with the operating system or other processes might be limited for security reasons. This communication is essential for complex applications that require different processes to work together to perform tasks.

The regular expression that matches both ''color'' and ''colour'' iscolo?ur. In this expression, the?denotes that the preceding characteruis optional, meaning it may appear zero or one time. This allows the expression to match both the American spelling ''color'' and the British spelling ''colour''.

A file hash is a unique identifier that is used to detect a specific file. It is generated by running a file through a cryptographic hash function, which produces a string of characters that represents the contents of the file. If even a single bit in the file changes, the resulting hash will be different, making it an effective way to identify files uniquely.

Application whitelisting/blacklisting is a technology used to control which applications are allowed to execute on a company's corporate PCs. Whitelisting allows only approved applications to run, while blacklisting prevents specific applications from running. This approach is effective for managing application usage across an enterprise.

A host-based firewall is a utility that can block unauthorized access to a computer system, including port scans. It monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.

A false negative occurs when an intrusion detection system (IDS) fails to detect and report actual malicious activity. This means that a legitimate security alert has been dismissed or overlooked, allowing potentially harmful traffic to pass through the network undetected.The impact of false negatives can be significant as they represent missed opportunities to stop or mitigate security threats1.

A false positive in network security is when a benign action is incorrectly flagged as malicious, leading to legitimate traffic being blocked.This can disrupt normal network operations and access to services, as the security system mistakenly identifies normal behavior as a threat1.