ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 31

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 301

Report
Export
Collapse

What is the communication channel established from a compromised machine back to the attacker?

A.

man-in-the-middle

A.

man-in-the-middle

Answers
B.

IDS evasion

B.

IDS evasion

Answers
C.

command and control

C.

command and control

Answers
D.

port scanning

D.

port scanning

Answers
Suggested answer: C

Explanation:

The communication channel established from a compromised machine back to the attacker is known as a command and control (C2) channel. This channel allows attackers to maintain communication with the compromised system, issue commands, and potentially exfiltrate data. The C2 channel can be established using various protocols and methods to evade detection and maintain persistence.

Question 302

Report
Export
Collapse

What is the dataflow set in the NetFlow flow-record format?

A.

Dataflow set is a collection of HEX records.

A.

Dataflow set is a collection of HEX records.

Answers
B.

Dataflow set provides basic information about the packet such as the NetFlow version

B.

Dataflow set provides basic information about the packet such as the NetFlow version

Answers
C.

Dataflow set is a collection of binary patterns

C.

Dataflow set is a collection of binary patterns

Answers
D.

Dataflow set is a collection of data records.

D.

Dataflow set is a collection of data records.

Answers
Suggested answer: D

Explanation:

In the NetFlow flow-record format, a dataflow set is a collection of data records that follow the template FlowSet in an export packet. Each data record corresponds to a flow and contains values for the fields defined in the template FlowSet. This allows for efficient organization and retrieval of flow information by NetFlow collectors.

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

NetFlow Version 9 Flow-Record Format Documentation

Question 303

Report
Export
Collapse

Refer to the exhibit.

Which alert is identified from this packet capture?

A.

man-in-the-middle attack

A.

man-in-the-middle attack

Answers
B.

ARP poisoning

B.

ARP poisoning

Answers
C.

brute-force attack

C.

brute-force attack

Answers
D.

SQL injection

D.

SQL injection

Answers
Suggested answer: C

Explanation:

The screenshot shows multiple POP requests with the commandPASS, which is typically used for password entry. The rapid succession and variation of these requests suggest an attempt to guess the password, characteristic of a brute-force attack. Remember, always verify with additional data or context when possible, as packet captures can contain vast amounts of information and may require thorough analysis for accurate interpretation.

Question 304

Report
Export
Collapse

Which element is included in an incident response plan as stated m NIST SP800-617

A.

security of sensitive information

A.

security of sensitive information

Answers
B.

individual approach to incident response

B.

individual approach to incident response

Answers
C.

approval of senior management

C.

approval of senior management

Answers
D.

consistent threat identification

D.

consistent threat identification

Answers
Suggested answer: D

Question 305

Report
Export
Collapse

What does the Zero Trust security model signify?

A.

Zero Trust security means that no one is trusted by default from inside or outside the network

A.

Zero Trust security means that no one is trusted by default from inside or outside the network

Answers
B.

Zero Trust states that no users should be given enough privileges to misuse the system on their own

B.

Zero Trust states that no users should be given enough privileges to misuse the system on their own

Answers
C.

Zero Trust addresses access control and states that an individual should have only the minimum access privileges necessary to perform specific tasks

C.

Zero Trust addresses access control and states that an individual should have only the minimum access privileges necessary to perform specific tasks

Answers
D.

Zero Trust states that unless a subject is given explicit access to an object, it should be denied access to that object

D.

Zero Trust states that unless a subject is given explicit access to an object, it should be denied access to that object

Answers
Suggested answer: A

Question 306

Report
Export
Collapse

Which technique is a low-bandwidth attack?

A.

social engineering

A.

social engineering

Answers
B.

session hijacking

B.

session hijacking

Answers
C.

evasion

C.

evasion

Answers
D.

phishing

D.

phishing

Answers
Suggested answer: D

Explanation:

Phishing is considered a low-bandwidth attack because it does not require the use of significant network resources.Instead, it relies on social engineering to deceive individuals into providing sensitive information or clicking on malicious links, often through email or other communication methods1.

Question 307

Report
Export
Collapse

Which action matches the weaponization step of the Cyber Kill Chain model?

A.

Scan a host to find open ports and vulnerabilities

A.

Scan a host to find open ports and vulnerabilities

Answers
B.

Construct the appropriate malware and deliver it to the victim.

B.

Construct the appropriate malware and deliver it to the victim.

Answers
C.

Test and construct the appropriate malware to launch the attack

C.

Test and construct the appropriate malware to launch the attack

Answers
D.

Research data on a specific vulnerability

D.

Research data on a specific vulnerability

Answers
Suggested answer: B

Explanation:

The weaponization step in the Cyber Kill Chain model involves creating or repurposing malware based on the information gathered during reconnaissance to exploit vulnerabilities in the target's system.This step culminates in the preparation of the malware to be delivered to the victim2.

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Cyber Kill Chain

Question 308

Report
Export
Collapse

An engineer must configure network systems to detect command-and-control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology must be used to accomplish this task?

A.

static IP addresses

A.

static IP addresses

Answers
B.

signatures

B.

signatures

Answers
C.

digital certificates

C.

digital certificates

Answers
D.

cipher suite

D.

cipher suite

Answers
Suggested answer: C

Explanation:

Digital certificates are essential for decrypting ingress and egress perimeter traffic, as they provide the necessary encryption keys for secure communications. By using digital certificates, network security devices can inspect the decrypted traffic to detect any malicious outbound communications that may indicate command-and-control activity.

Question 309

Report
Export
Collapse

Refer to the exhibit.

A company's user HTTP connection to a malicious site was blocked according to configured policy What is the source technology used for this measure'?

A.

network application control

A.

network application control

Answers
B.

firewall

B.

firewall

Answers
C.

IPS

C.

IPS

Answers
D.

web proxy

D.

web proxy

Answers
Suggested answer: D

Explanation:

A web proxy is the technology used to block a user's HTTP connection to a malicious site according to configured policy. It acts as an intermediary between users and the internet, enforcing security policies and preventing access to harmful sites by inspecting and managing web traffic.

Question 310

Report
Export
Collapse

Refer to the exhibit.

What is the outcome of the command?

A.

TCP rule that detects TCP packets with the SYN flag in an external FTP server

A.

TCP rule that detects TCP packets with the SYN flag in an external FTP server

Answers
B.

TCP rule that detects TCP packets with a SYN flag in the internal network

B.

TCP rule that detects TCP packets with a SYN flag in the internal network

Answers
C.

TCP rule that detects TCP packets with a ACK flag in the internal network

C.

TCP rule that detects TCP packets with a ACK flag in the internal network

Answers
D.

TCP rule that detects TCP packets with the ACK flag in an external FTP server

D.

TCP rule that detects TCP packets with the ACK flag in an external FTP server

Answers
Suggested answer: B

Explanation:

The command in the exhibit is a Snort rule that is configured to alert on TCP packets with the SYN flag set, where the source is not the home network (!$HOME_NET) and the destination is within the home network ($HOME_NET) on port 80. This rule is designed to detect potential SYN flood attacks targeting the internal network's web server on port 80.

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms