ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 30

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 291

Report
Export
Collapse

DRAG DROP

Drag and drop the security concept from the left onto the example of that concept on the right.


Question 291
Correct answer: Question 291

Question 292

Report
Export
Collapse

DRAG DROP

Drag and drop the type of evidence from the left onto the description of that evidence on the right.


Question 292
Correct answer: Question 292

Question 293

Report
Export
Collapse

DRAG DROP

Drag and drop the event term from the left onto the description on the right.


Question 293
Correct answer: Question 293

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/ips-4200-series-sensors/13876-f-pos.html

Question 294

Report
Export
Collapse

DRAG DROP

Drag and drop the data source from the left onto the data type on the right.


Question 294
Correct answer: Question 294

Question 295

Report
Export
Collapse

DRAG DROP

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.


Question 295
Correct answer: Question 295

Explanation:


Question 296

Report
Export
Collapse

DRAG DROP

Refer to the exhibit Drag and drop the element names from the left onto the corresponding pieces of the PCAP file on the right.


Question 296
Correct answer: Question 296

Question 297

Report
Export
Collapse

After a large influx of network traffic to externally facing devices, a security engineer begins investigating what appears to be a denial of service attack When the packet capture data is reviewed, the engineer notices that the traffic is a single SYN packet to each port Which type of attack is occurring?

A.

traffic fragmentation

A.

traffic fragmentation

Answers
B.

port scanning

B.

port scanning

Answers
C.

host profiling

C.

host profiling

Answers
D.

SYN flood

D.

SYN flood

Answers
Suggested answer: D

Explanation:

The scenario described is indicative of a port scanning attack. Port scanning is a method used by attackers to discover open ports on network devices. A single SYN packet sent to each port is a technique known as SYN scanning or half-open scanning, where the attacker sends a SYN message (as if they are going to initiate a TCP connection) to every port on the server, looking for positive responses which indicate an open port.This type of scanning is less intrusive and harder to detect because it never completes the TCP three-way handshake1.

Question 298

Report
Export
Collapse

Endpoint logs indicate that a machine has obtained an unusual gateway address and unusual DNS servers via DHCP Which type of attack is occurring?

A.

command injection

A.

command injection

Answers
B.

man in the middle attack

B.

man in the middle attack

Answers
C.

evasion methods

C.

evasion methods

Answers
D.

phishing

D.

phishing

Answers
Suggested answer: B

Explanation:

The situation where endpoint logs show a machine receiving an unusual gateway address and DNS servers via DHCP is indicative of a Man-in-the-Middle (MitM) attack, specifically a DHCP spoofing attack. In this type of attack, an adversary can set up a rogue DHCP server or manipulate the DHCP communication to provide false gateway and DNS information to clients.This allows the attacker to intercept, monitor, or manipulate traffic between the client and the intended gateway or DNS servers2.

Question 299

Report
Export
Collapse

What is a difference between SI EM and SOAR security systems?

A.

SOAR ingests numerous types of logs and event data infrastructure components and SIEM can fetch data from endpoint security software and external threat intelligence feeds

A.

SOAR ingests numerous types of logs and event data infrastructure components and SIEM can fetch data from endpoint security software and external threat intelligence feeds

Answers
B.

SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks

B.

SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks

Answers
C.

SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts

C.

SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts

Answers
D.

SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data antivirus logs, firewall logs, and hashes of downloaded files

D.

SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data antivirus logs, firewall logs, and hashes of downloaded files

Answers
Suggested answer: C

Explanation:

SIEM (Security Information and Event Management) systems are designed to collect, correlate, and analyze security event data from various sources to provide insights into potential security issues. They raise alerts when detecting suspicious activities. SOAR (Security Orchestration, Automation, and Response) systems, on the other hand, focus on automating and orchestrating incident response processes.They automate investigation path workflows and reduce the time spent on alerts by executing predefined actions and workflows in response to security events or incidents.Reference:: The differences between SIEM and SOAR are highlighted in various cybersecurity resources, including those provided by Palo Alto Networks and Exabeam, which explain that while SIEM primarily focuses on collecting and analyzing security event data, SOAR extends these capabilities through automation, orchestration, and predefined incident response playbooks

Question 300

Report
Export
Collapse

A cyberattacker notices a security flaw in a software that a company is using They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software To which category of the Cyber Kill Cham model does this event belong?

A.

reconnaissance

A.

reconnaissance

Answers
B.

delivery

B.

delivery

Answers
C.

weaponization

C.

weaponization

Answers
D.

exploitation

D.

exploitation

Answers
Suggested answer: C

Explanation:

The category of the Cyber Kill Chain model that this event belongs to is weaponization. This stage occurs after reconnaissance has taken place and the attacker has discovered all necessary information about potential targets, such as vulnerabilities.In the weaponization stage, the attacker's preparatory work culminates in the creation of malware to be used against an identified target, which in this case is a specific worm tailored to exploit a software flaw and extract saved passwords.Reference:: The Cyber Kill Chain framework, developed by Lockheed Martin, explains the weaponization stage as the process where attackers create or modify cyber weapons based on the intelligence gathered during reconnaissance

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms