ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 51

Report
Export
Collapse

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

A.

reconnaissance

A.

reconnaissance

Answers
B.

action on objectives

B.

action on objectives

Answers
C.

installation

C.

installation

Answers
D.

exploitation

D.

exploitation

Answers
Suggested answer: D

Explanation:

This event category is exploitation because the HTTP requests contain PHP code that attempts to execute commands on the web server and create a backdoor. Exploitation is the phase of the attack where the threat actor gains access to the target system and executes malicious code.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 2, Lesson 2.1.3)

Question 52

Report
Export
Collapse

What specific type of analysis is assigning values to the scenario to see expected outcomes?

A.

deterministic

A.

deterministic

Answers
B.

exploratory

B.

exploratory

Answers
C.

probabilistic

C.

probabilistic

Answers
D.

descriptive

D.

descriptive

Answers
Suggested answer: A

Explanation:

This type of analysis is deterministic because it assigns fixed values to the scenario and calculates the expected outcomes based on those values. Deterministic analysis does not account for uncertainty or randomness in the scenario.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 3, Lesson 3.1.2)

Question 53

Report
Export
Collapse

When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

A.

fragmentation

A.

fragmentation

Answers
B.

pivoting

B.

pivoting

Answers
C.

encryption

C.

encryption

Answers
D.

stenography

D.

stenography

Answers
Suggested answer: C

Explanation:

Encryption allows the user to make the data incomprehensible without a specific key, certificate, or password. Encryption is a method of transforming data into a format that only authorized parties can access. Encryption can be used to protect data in transit or at rest from unauthorized access or modification.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 4, Lesson 4.1.1)

Question 54

Report
Export
Collapse

Why is encryption challenging to security monitoring?

A.

Encryption analysis is used by attackers to monitor VPN tunnels.

A.

Encryption analysis is used by attackers to monitor VPN tunnels.

Answers
B.

Encryption is used by threat actors as a method of evasion and obfuscation.

B.

Encryption is used by threat actors as a method of evasion and obfuscation.

Answers
C.

Encryption introduces additional processing requirements by the CPU.

C.

Encryption introduces additional processing requirements by the CPU.

Answers
D.

Encryption introduces larger packet sizes to analyze and store.

D.

Encryption introduces larger packet sizes to analyze and store.

Answers
Suggested answer: B

Explanation:

Encryption is challenging to security monitoring because it can be used by threat actors as a method of evasion and obfuscation. Encryption can prevent security devices from inspecting the content or payload of the network traffic, making it difficult to detect malicious activity or signatures. Encryption can also hide the source and destination of the traffic, making it hard to trace the origin or destination of the attack.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 4, Lesson 4.1.1)

Question 55

Report
Export
Collapse

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

A.

The threat actor used a dictionary-based password attack to obtain credentials.

A.

The threat actor used a dictionary-based password attack to obtain credentials.

Answers
B.

The threat actor gained access to the system by known credentials.

B.

The threat actor gained access to the system by known credentials.

Answers
C.

The threat actor used the teardrop technique to confuse and crash login services.

C.

The threat actor used the teardrop technique to confuse and crash login services.

Answers
D.

The threat actor used an unknown vulnerability of the operating system that went undetected.

D.

The threat actor used an unknown vulnerability of the operating system that went undetected.

Answers
Suggested answer: B

Explanation:

The lack of data visibility needed to detect the attack is caused by the threat actor gaining access to the system by known credentials. This means that the threat actor either obtained the employee's username and password through phishing, social engineering, or other means, or used a compromised account that had legitimate access to the system. This would explain why there were no suspicious logs, alerts, or failed login attempts, as the threat actor appeared to be a normal user.Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html (Module 2, Lesson 2.1.2)

Question 56

Report
Export
Collapse

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

A.

company assets that are threatened

A.

company assets that are threatened

Answers
B.

customer assets that are threatened

B.

customer assets that are threatened

Answers
C.

perpetrators of the attack

C.

perpetrators of the attack

Answers
D.

victims of the attack

D.

victims of the attack

Answers
Suggested answer: C

Explanation:

In this scenario, the threat actor refers to the individuals or entities responsible for the attack that resulted in a breach of assets and sensitive information. The receptionist received a threatening call but did not take action, leading to an actual breach within 48 hours.Reference: The explanation is inferred from general cybersecurity knowledge as specific details are not provided in the Cisco Cybersecurity documents linked.

Question 57

Report
Export
Collapse

What is the relationship between a vulnerability and a threat?

A.

A threat exploits a vulnerability

A.

A threat exploits a vulnerability

Answers
B.

A vulnerability is a calculation of the potential loss caused by a threat

B.

A vulnerability is a calculation of the potential loss caused by a threat

Answers
C.

A vulnerability exploits a threat

C.

A vulnerability exploits a threat

Answers
D.

A threat is a calculation of the potential loss caused by a vulnerability

D.

A threat is a calculation of the potential loss caused by a vulnerability

Answers
Suggested answer: A

Explanation:

A vulnerability refers to a weakness or flaw in a system that can be exploited by threats (such as hackers or malware) to gain unauthorized access, cause damage, etc. Threats exploit these vulnerabilities to impact the confidentiality, integrity, or availability of information and systems.Reference:Cisco Cybersecurity Associate

Question 58

Report
Export
Collapse

What are two social engineering techniques? (Choose two.)

A.

privilege escalation

A.

privilege escalation

Answers
B.

DDoS attack

B.

DDoS attack

Answers
C.

phishing

C.

phishing

Answers
D.

man-in-the-middle

D.

man-in-the-middle

Answers
E.

pharming

E.

pharming

Answers
Suggested answer: C, E

Explanation:

Social engineering techniques often involve manipulating individuals into divulging confidential information or performing actions that compromise security. Phishing involves sending fraudulent messages (often emails) that appear to be from reputable sources with the goal of stealing sensitive data or installing malware. Pharming redirects the traffic of a legitimate website to another fraudulent website without the user's knowledge, aiming to collect the user's credentials.Reference:=Cisco Cybersecurity Source Documents

Question 59

Report
Export
Collapse

Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

A.

open ports of a web server

A.

open ports of a web server

Answers
B.

open port of an FTP server

B.

open port of an FTP server

Answers
C.

open ports of an email server

C.

open ports of an email server

Answers
D.

running processes of the server

D.

running processes of the server

Answers
Suggested answer: A

Explanation:

The output indicates that several ports are open on the server with IP address 172.18.104.139, including port 22/tcp for SSH, port 25/tcp for SMTP, port 110/tcp for POP3, and port 143/tcp for IMAP - these are typically associated with a web server.Reference:=Cisco Cybersecurity Source Documents

Question 60

Report
Export
Collapse

How does certificate authority impact a security system?

A.

It authenticates client identity when requesting SSL certificate

A.

It authenticates client identity when requesting SSL certificate

Answers
B.

It validates domain identity of a SSL certificate

B.

It validates domain identity of a SSL certificate

Answers
C.

It authenticates domain identity when requesting SSL certificate

C.

It authenticates domain identity when requesting SSL certificate

Answers
D.

It validates client identity when communicating with the server

D.

It validates client identity when communicating with the server

Answers
Suggested answer: B

Explanation:

A Certificate Authority (CA) is responsible for issuing digital certificates to validate the identity of the certificate holder and provide a means to establish secure communications over networks like the Internet.Reference:=Cisco Cybersecurity Source Documents

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms