Cisco 200-201 Practice Test - Questions Answers, Page 2

tcpdump is an open-source packet capture tool that uses the libpcap library to capture network traffic on Linux and Mac OS X operating systems. It can display the contents of packets in various formats, filter packets based on criteria, and save packets to a file.tcpdump is a command-line tool that can be run on a terminal or a remote shell1Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Module 2: Security Monitoring

The image shows a piece of code within a bordered rectangular area.

It is a string of HTML code that appears to be an example of an attack, specifically ''<IMG SRC=j%41vascript:alert('attack')>''.

The code suggests an attempt to execute JavaScript within an image source attribute, indicative of a cross-site scripting attack.

Secure boot and restricting USB ports are two components that can reduce the attack surface on an endpoint. The attack surface is the sum of all paths for data into and out of the environment. Reducing the attack surface means minimizing the number and complexity of these paths, and thus reducing the opportunities for attackers to exploit vulnerabilities or gain unauthorized access. Secure boot is a feature that ensures that only trusted and verified code can run during the boot process, preventing malware or unauthorized software from compromising the system. Restricting USB ports is a policy that limits the use of USB devices, such as flash drives or external hard drives, that can introduce malware or exfiltrate data from the endpoint.

Reference: [Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Module 4: Network Intrusion Analysis], [Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Module 5: Security Policies and Procedures]

The attack surface is the sum of all paths for data into and out of the environment, such as network interfaces, applications, services, protocols, ports, and user accounts. The attack surface represents the exposure of the environment to potential threats and attacks. A vulnerability is an exploitable weakness in a system or its design that can allow an attacker to compromise the system or its data. A vulnerability is a subset of the attack surface, as not all paths for data are vulnerable.Reference: [Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Module 1: Security Concepts]

Social engineering is a type of testing method that involves manipulating or deceiving people into performing actions or divulging information that can compromise the security of the organization. Social engineering can take various forms, such as phishing, vishing, baiting, quid pro quo, or impersonation. The scenario in the question is an example of a phishing attack, where the intruder sent an email to the user that appeared to be legitimate and contained a malicious link that infected the user's machine and allowed the intruder to access the corporate network.Reference: [Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Module 6: Security Incident Investigations]

Enabling the ''Allow subdissector to reassemble TCP streams'' feature in Wireshark allows the tool to reassemble TCP segments into a contiguous sequence, which can be used by higher-level protocols to reconstruct a full message, such as an HTTP request or response.This is particularly useful for extracting files or data transmitted over TCP that are spread across multiple packets1.

Full packet capture requires the largest amount of storage space because it involves recording all packets that pass through a network, including all headers and payloads.This type of data collection is comprehensive and allows for detailed analysis, but due to the volume of data it encompasses, it demands significant storage capacity1.

User interaction is any event that requires the user to perform an action that enables or facilitates a cyberattack. Opening a malicious file is an example of user interaction, as it can trigger the execution of malicious code or malware that can compromise the system or network. Gaining root access, executing remote code, and reading and writing file permissions are not user interactions, but rather actions that can be performed by an attacker after exploiting a vulnerability or bypassing security controls.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco,More than 99% of cyberattacks rely on human interaction

Separation of duties is a security principle that requires more than one person to perform a critical task, such as authorizing a transaction, approving a budget, or granting access to sensitive data. Separation of duties reduces the risk of fraud, error, abuse, or conflict of interest by preventing any single person from having too much power or privilege. Least privilege, need to know, and due diligence are other security principles, but they do not require more than one person to perform a critical task.Reference:Separation of Duty (SOD) - Glossary | CSRC - NIST Computer Security ...,Separation of Duties | Imperva