ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 61

Report
Export
Collapse

When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

A.

server name, trusted subordinate CA, and private key

A.

server name, trusted subordinate CA, and private key

Answers
B.

trusted subordinate CA, public key, and cipher suites

B.

trusted subordinate CA, public key, and cipher suites

Answers
C.

trusted CA name, cipher suites, and private key

C.

trusted CA name, cipher suites, and private key

Answers
D.

server name, trusted CA, and public key

D.

server name, trusted CA, and public key

Answers
Suggested answer: D

Explanation:

When communicating via TLS, part of the handshake process involves presenting a certificate containing the server name, the name of the trusted CA that issued the certificate, and the public key of the server. The client can verify the validity of the certificate and use the public key to encrypt the data sent to the server.Reference:=Cisco Cybersecurity Source Documents

Question 62

Report
Export
Collapse

How does an SSL certificate impact security between the client and the server?

A.

by enabling an authenticated channel between the client and the server

A.

by enabling an authenticated channel between the client and the server

Answers
B.

by creating an integrated channel between the client and the server

B.

by creating an integrated channel between the client and the server

Answers
C.

by enabling an authorized channel between the client and the server

C.

by enabling an authorized channel between the client and the server

Answers
D.

by creating an encrypted channel between the client and the server

D.

by creating an encrypted channel between the client and the server

Answers
Suggested answer: D

Explanation:

An SSL certificate enables the establishment of a secure connection between the client and the server using the TLS protocol. The client and the server exchange keys and agree on a cipher suite to encrypt and decrypt the data transmitted over the network.Reference:=Cisco Cybersecurity Source Documents

Question 63

Report
Export
Collapse

Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

A.

forgery attack

A.

forgery attack

Answers
B.

plaintext-only attack

B.

plaintext-only attack

Answers
C.

ciphertext-only attack

C.

ciphertext-only attack

Answers
D.

meet-in-the-middle attack

D.

meet-in-the-middle attack

Answers
Suggested answer: C

Explanation:

When a stream cipher like RC4 is used twice with the same key, it becomes vulnerable to a ciphertext-only attack. In this type of attack, the attacker has access to several ciphertexts that are encrypted with the same key but does not know anything about the plaintexts. By analyzing these ciphertexts, an attacker can gain insights into the plaintext or even recover parts or all of it.Reference:= Cisco Cybersecurity source documents or study guide (I need to search for specific references as I don't have direct access to Cisco's proprietary content)

Question 64

Report
Export
Collapse

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

A.

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

A.

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Answers
B.

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

B.

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

Answers
C.

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

C.

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

Answers
D.

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

D.

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Answers
Suggested answer: C

Explanation:

During the negotiation phase of the TLS handshake, the client sends a ''ClientHello'' message to the server which includes information about TLS versions it supports, cipher-suites it supports and suggested compression methods. This initiates communication protocols for secure connection.Reference:= Cisco Cybersecurity source documents or study guide

Question 65

Report
Export
Collapse

Refer to the exhibit.

Which type of log is displayed?

A.

IDS

A.

IDS

Answers
B.

proxy

B.

proxy

Answers
C.

NetFlow

C.

NetFlow

Answers
D.

sys

D.

sys

Answers
Suggested answer: D

Explanation:

The exhibit displays a sys log which is used in computer systems for messaging logs. It provides messaging tracking services from different devices like routers, switches etc., which helps in tracking and identifying potential issues.Reference:= Cisco Cybersecurity source documents or study guide

Question 66

Report
Export
Collapse

Refer to the exhibit.

What information is depicted?

A.

IIS data

A.

IIS data

Answers
B.

NetFlow data

B.

NetFlow data

Answers
C.

network discovery event

C.

network discovery event

Answers
D.

IPS event data

D.

IPS event data

Answers
Suggested answer: B

Question 67

Report
Export
Collapse

What is the difference between the ACK flag and the RST flag in the NetFlow log session?

A.

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

A.

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

Answers
B.

The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

B.

The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

Answers
C.

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

C.

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

Answers
D.

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

D.

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

Answers
Suggested answer: D

Explanation:

In NetFlow log sessions within TCP connections; ACK flag is used for acknowledging that data has been successfully received while RST flag is used when there's an error or when closing a connection spontaneously without following standard procedures.Reference:= Cisco Cybersecurity source documents or study guide

Question 68

Report
Export
Collapse

Refer to the exhibit.

Which type of log is displayed?

A.

proxy

A.

proxy

Answers
B.

NetFlow

B.

NetFlow

Answers
C.

IDS

C.

IDS

Answers
D.

sys

D.

sys

Answers
Suggested answer: B

Explanation:

The exhibit shows a log that contains information such as the date, flow start, duration, protocol used, source and destination IP addresses and ports, packets, bytes, and flows. This type of detailed metadata is typically associated with NetFlow logs which are used for collecting IP traffic information and monitoring network traffic.Reference:=Cisco CyberOps Associate

Question 69

Report
Export
Collapse

How is NetFlow different from traffic mirroring?

A.

NetFlow collects metadata and traffic mirroring clones data.

A.

NetFlow collects metadata and traffic mirroring clones data.

Answers
B.

Traffic mirroring impacts switch performance and NetFlow does not.

B.

Traffic mirroring impacts switch performance and NetFlow does not.

Answers
C.

Traffic mirroring costs less to operate than NetFlow.

C.

Traffic mirroring costs less to operate than NetFlow.

Answers
D.

NetFlow generates more data than traffic mirroring.

D.

NetFlow generates more data than traffic mirroring.

Answers
Suggested answer: A

Explanation:

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It collects metadata of the IP traffic flowing across networking devices like routers and switches. On the other hand, Traffic mirroring involves capturing all the data packets that flow through a particular point in the network to analyze or inspect them later.Reference:=Cisco Cybersecurity Operations Fundamentals

Question 70

Report
Export
Collapse

What makes HTTPS traffic difficult to monitor?

A.

SSL interception

A.

SSL interception

Answers
B.

packet header size

B.

packet header size

Answers
C.

signature detection time

C.

signature detection time

Answers
D.

encryption

D.

encryption

Answers
Suggested answer: D

Explanation:

HTTPS uses SSL/TLS encryption to secure data transmission over the internet. This encryption makes it difficult to monitor HTTPS traffic because the data packets are encrypted making them unreadable to anyone trying to intercept or monitor the data without proper decryption keys.Reference:=Cisco CyberOps Associate

Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms