Cisco 200-201 Practice Test - Questions Answers, Page 22
Question list
List of questions
Related questions
Refer to the exhibit.
A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?
indicators of denial-of-service attack due to the frequency of requests
garbage flood attack attacker is sending garbage binary data to open ports
indicators of data exfiltration HTTP requests must be plain text
cache bypassing attack: attacker is sending requests for noncacheable content
A company encountered a breach on its web servers using IIS 7 5 Dunng the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1 2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters. Which action does the engineer recommend?
Upgrade to TLS v1 3.
Install the latest IIS version.
Downgrade to TLS 1.1.
Deploy an intrusion detection system
What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?
DAC requires explicit authorization for a given user on a given object, and RBAC requires specific conditions.
RBAC access is granted when a user meets specific conditions, and in DAC, permissions are applied on user and group levels.
RBAC is an extended version of DAC where you can add an extra level of authorization based on time.
DAC administrators pass privileges to users and groups, and in RBAC, permissions are applied to specific groups
Which technology prevents end-device to end-device IP traceability?
encryption
load balancing
NAT/PAT
tunneling
What are the two differences between stateful and deep packet inspection? (Choose two )
Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports
Deep packet inspection is capable of malware blocking, and stateful inspection is not
Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates on Layer 3 of the OSI model
Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.
Stateful inspection is capable of packet data inspections, and deep packet inspection is not
What is the purpose of command and control for network-aware malware?
It contacts a remote server for commands and updates
It takes over the user account for analysis
It controls and shuts down services on the infected host.
It helps the malware to profile the host
What do host-based firewalls protect workstations from?
zero-day vulnerabilities
unwanted traffic
malicious web scripts
viruses
Refer to exhibit.
An analyst performs the analysis of the pcap file to detect the suspicious activity. What challenges did the analyst face in terms of data visibility?
data encapsulation
IP fragmentation
code obfuscation
data encryption
Which two measures are used by the defense-m-depth strategy? (Choose two)
Bridge the single connection into multiple.
Divide the network into parts
Split packets into pieces.
Reduce the load on network devices.
Implement the patch management process
Which option describes indicators of attack?
spam emails on an employee workstation
virus detection by the AV software
blocked phishing attempt on a company
malware reinfection within a few minutes of removal
Question