ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 13

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 121

Report
Export
Collapse

Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)

A.

UDP port to which the traffic is destined

A.

UDP port to which the traffic is destined

Answers
B.

TCP port from which the traffic was sourced

B.

TCP port from which the traffic was sourced

Answers
C.

source IP address of the packet

C.

source IP address of the packet

Answers
D.

destination IP address of the packet

D.

destination IP address of the packet

Answers
E.

UDP port from which the traffic is sourced

E.

UDP port from which the traffic is sourced

Answers
Suggested answer: C, D

Explanation:

The IPv4 protocol header contains various fields that provide essential information for routing and delivery of packets across an IP network. Two key pieces of information collected from the IPv4 header are the source IP address and the destination IP address of the packet.These addresses are crucial for identifying where a packet is coming from and where it is intended to go12.

Question 122

Report
Export
Collapse

Which HTTP header field is used in forensics to identify the type of browser used?

A.

referrer

A.

referrer

Answers
B.

host

B.

host

Answers
C.

user-agent

C.

user-agent

Answers
D.

accept-language

D.

accept-language

Answers
Suggested answer: C

Explanation:

Theuser-agentHTTP header field is used in forensics to identify the type of browser used. It contains a characteristic string that allows network protocol peers to identify the operating system and browser of the web-server.This information is crucial in forensic analysis as it can provide insights into the client's environment1.

Question 123

Report
Export
Collapse

Which event artifact is used to identify HTTP GET requests for a specific file?

A.

destination IP address

A.

destination IP address

Answers
B.

TCP ACK

B.

TCP ACK

Answers
C.

HTTP status code

C.

HTTP status code

Answers
D.

URI

D.

URI

Answers
Suggested answer: D

Explanation:

The Uniform Resource Identifier (URI) is used to identify specific resources on the internet, including files. In the context of HTTP GET requests, the URI specifies the path to the file being requested.

Question 124

Report
Export
Collapse

What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

A.

Tapping interrogation replicates signals to a separate port for analyzing traffic

A.

Tapping interrogation replicates signals to a separate port for analyzing traffic

Answers
B.

Tapping interrogations detect and block malicious traffic

B.

Tapping interrogations detect and block malicious traffic

Answers
C.

Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

C.

Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies

Answers
D.

Inline interrogation detects malicious traffic but does not block the traffic

D.

Inline interrogation detects malicious traffic but does not block the traffic

Answers
Suggested answer: A

Explanation:

Traffic tapping involves replicating network traffic and sending it to a separate port where it can be analyzed without affecting the original traffic flow. This allows security analysts to monitor and analyze traffic for potential threats without the risk of blocking legitimate traffic.

Question 125

Report
Export
Collapse

At which layer is deep packet inspection investigated on a firewall?

A.

internet

A.

internet

Answers
B.

transport

B.

transport

Answers
C.

application

C.

application

Answers
D.

data link

D.

data link

Answers
Suggested answer: C

Explanation:

Deep packet inspection (DPI) is a sophisticated method of examining the content of data packets as they pass through a network checkpoint, including both the header and the data payload. DPI is typically performed at the application layer of the Open Systems Interconnection (OSI) model.This allows the inspection process to evaluate the actual content of the packets, not just the header information, enabling the identification of various types of threats and the enforcement of network policies1.

Question 126

Report
Export
Collapse

What is a difference between inline traffic interrogation and traffic mirroring?

A.

Inline inspection acts on the original traffic data flow

A.

Inline inspection acts on the original traffic data flow

Answers
B.

Traffic mirroring passes live traffic to a tool for blocking

B.

Traffic mirroring passes live traffic to a tool for blocking

Answers
C.

Traffic mirroring inspects live traffic for analysis and mitigation

C.

Traffic mirroring inspects live traffic for analysis and mitigation

Answers
D.

Inline traffic copies packets for analysis and security

D.

Inline traffic copies packets for analysis and security

Answers
Suggested answer: A

Explanation:

Inline traffic interrogation analyzes traffic in real time and has the ability to prevent certain traffic from being forwarded Traffic mirroring doesn't pass the live traffic instead it copies traffic from one or more source ports and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device

Question 127

Report
Export
Collapse

A system administrator is ensuring that specific registry information is accurate.

Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

A.

file extension associations

A.

file extension associations

Answers
B.

hardware, software, and security settings for the system

B.

hardware, software, and security settings for the system

Answers
C.

currently logged in users, including folders and control panel settings

C.

currently logged in users, including folders and control panel settings

Answers
D.

all users on the system, including visual settings

D.

all users on the system, including visual settings

Answers
Suggested answer: B

Explanation:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users

Question 128

Report
Export
Collapse

Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

A.

2317

A.

2317

Answers
B.

1986

B.

1986

Answers
C.

2318

C.

2318

Answers
D.

2542

D.

2542

Answers
Suggested answer: C

Explanation:

Packet number 2318 is the one that contains a file that is extractable within Wireshark.This can be determined by the information provided in the packet details, which typically includes an HTTP GET request indicating the retrieval of a file, such as an image or document1.

Question 129

Report
Export
Collapse

Which regex matches only on all lowercase letters?

A.

[az]+

A.

[az]+

Answers
B.

[^az]+

B.

[^az]+

Answers
C.

az+

C.

az+

Answers
D.

a*z+

D.

a*z+

Answers
Suggested answer: A

Explanation:

The regex[az]+matches one or more lowercase letters from a to z.The plus sign (+) indicates that the preceding character set[az]can appear one or more times, thus matching strings of only lowercase letters1.

Question 130

Report
Export
Collapse

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

A.

encapsulation

A.

encapsulation

Answers
B.

TOR

B.

TOR

Answers
C.

tunneling

C.

tunneling

Answers
D.

NAT

D.

NAT

Answers
Suggested answer: D

Explanation:

Network Address Translation (NAT) is the technology that allows a single IP address to send and receive traffic for multiple devices by modifying the IP header.NAT remaps one IP address space into another, enabling multiple devices to use a single public IP address to send and receive packets through the Internet2.

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms