ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
Which statement describes indicators of attack?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
What describes the impact of false-positive alerts compared to false-negative alerts?
What is a difference between SIEM and SOAR?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 21

Report
Export
Collapse

How is attacking a vulnerability categorized?

A.

action on objectives

A.

action on objectives

Answers
B.

delivery

B.

delivery

Answers
C.

exploitation

C.

exploitation

Answers
D.

installation

D.

installation

Answers
Suggested answer: C

Explanation:

Attacking a vulnerability is categorized as exploitation, which is the third phase of the cyberattack lifecycle. Exploitation is the process of taking advantage of a vulnerability in a system, application, or network to gain access, escalate privileges, or execute commands. Action on objectives, delivery, and installation are other phases of the cyberattack lifecycle, but they do not involve attacking a vulnerability. Action on objectives is the final phase, where the attacker achieves their goal, such as stealing data, disrupting services, or destroying assets. Delivery is the second phase, where the attacker delivers the malicious payload, such as malware, phishing email, or malicious link, to the target. Installation is the fourth phase, where the attacker installs the malicious payload on the compromised system or network to maintain persistence or spread laterally.Reference:What is a Cyberattack? | IBM,Recognizing the seven stages of a cyber-attack - DNV

Question 22

Report
Export
Collapse

What is a benefit of agent-based protection when compared to agentless protection?

A.

It lowers maintenance costs

A.

It lowers maintenance costs

Answers
B.

It provides a centralized platform

B.

It provides a centralized platform

Answers
C.

It collects and detects all traffic locally

C.

It collects and detects all traffic locally

Answers
D.

It manages numerous devices simultaneously

D.

It manages numerous devices simultaneously

Answers
Suggested answer: C

Explanation:

Agent-based protection is a type of endpoint security that uses software agents installed on the devices to monitor and protect them. Agent-based protection can collect and detect all traffic locally, which means it can operate without relying on a network connection or a centralized server. Agent-based protection can also provide more granular and comprehensive visibility and control over the devices.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html (Module 2: Security Concepts, Lesson 2.3: Endpoint Security)

Question 23

Report
Export
Collapse

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

A.

decision making

A.

decision making

Answers
B.

rapid response

B.

rapid response

Answers
C.

data mining

C.

data mining

Answers
D.

due diligence

D.

due diligence

Answers
Suggested answer: A

Explanation:

Decision making is a principle that guides an analyst to gather information relevant to a security incident to determine the appropriate course of action. Decision making involves identifying the problem, defining the criteria, analyzing the alternatives, and choosing the best solution. Decision making helps an analyst to respond to an incident effectively and efficiently, while minimizing the impact and risk to the organization.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html (Module 3: Security Monitoring, Lesson 3.1: Security Operations Center)

Question 24

Report
Export
Collapse

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

A.

confidentiality, identity, and authorization

A.

confidentiality, identity, and authorization

Answers
B.

confidentiality, integrity, and authorization

B.

confidentiality, integrity, and authorization

Answers
C.

confidentiality, identity, and availability

C.

confidentiality, identity, and availability

Answers
D.

confidentiality, integrity, and availability

D.

confidentiality, integrity, and availability

Answers
Suggested answer: D

Explanation:

CIA stands for confidentiality, integrity, and availability, which are the three main objectives of information security. Confidentiality means protecting the information from unauthorized access or disclosure. Integrity means ensuring the information is accurate and consistent, and preventing unauthorized modification or deletion. Availability means ensuring the information and systems are accessible and usable by authorized users when needed.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html (Module 2: Security Concepts, Lesson 2.1: Security Principles)

Question 25

Report
Export
Collapse

What is rule-based detection when compared to statistical detection?

A.

proof of a user's identity

A.

proof of a user's identity

Answers
B.

proof of a user's action

B.

proof of a user's action

Answers
C.

likelihood of user's action

C.

likelihood of user's action

Answers
D.

falsification of a user's identity

D.

falsification of a user's identity

Answers
Suggested answer: B

Explanation:

Rule-based detection is a type of intrusion detection system (IDS) that uses predefined rules or signatures to identify malicious or suspicious activity. Rule-based detection can provide proof of a user's action, such as an attempt to exploit a known vulnerability or execute a malicious command. Rule-based detection can also provide a high level of accuracy and specificity, but it requires constant updates and maintenance of the rules or signatures.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html (Module 4: Attack Methods, Lesson 4.2: Attack Techniques)

Question 26

Report
Export
Collapse

A user received a malicious attachment but did not run it. Which category classifies the intrusion?

A.

weaponization

A.

weaponization

Answers
B.

reconnaissance

B.

reconnaissance

Answers
C.

installation

C.

installation

Answers
D.

delivery

D.

delivery

Answers
Suggested answer: D

Question 27

Report
Export
Collapse

Which process is used when IPS events are removed to improve data integrity?

A.

data availability

A.

data availability

Answers
B.

data normalization

B.

data normalization

Answers
C.

data signature

C.

data signature

Answers
D.

data protection

D.

data protection

Answers
Suggested answer: B

Question 28

Report
Export
Collapse

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

A.

sequence numbers

A.

sequence numbers

Answers
B.

IP identifier

B.

IP identifier

Answers
C.

5-tuple

C.

5-tuple

Answers
D.

timestamps

D.

timestamps

Answers
Suggested answer: C

Question 29

Report
Export
Collapse

What is a difference between SOAR and SIEM?

A.

SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

A.

SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

Answers
B.

SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

B.

SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

Answers
C.

SOAR receives information from a single platform and delivers it to a SIEM

C.

SOAR receives information from a single platform and delivers it to a SIEM

Answers
D.

SIEM receives information from a single platform and delivers it to a SOAR

D.

SIEM receives information from a single platform and delivers it to a SOAR

Answers
Suggested answer: A

Question 30

Report
Export
Collapse

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

A.

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

A.

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

Answers
B.

MAC is the strictest of all levels of control and DAC is object-based access

B.

MAC is the strictest of all levels of control and DAC is object-based access

Answers
C.

DAC is controlled by the operating system and MAC is controlled by an administrator

C.

DAC is controlled by the operating system and MAC is controlled by an administrator

Answers
D.

DAC is the strictest of all levels of control and MAC is object-based access

D.

DAC is the strictest of all levels of control and MAC is object-based access

Answers
Suggested answer: B
Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms