Ask Question
Cisco 200-201 Practice Test - Questions Answers, Page 8
List of questions
Question 71
How does an attacker observe network traffic exchanged between two users?
port scanning
man-in-the-middle
command injection
denial of service
A man-in-the-middle (MITM) attack occurs when an attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. In this scenario, an attacker can observe network traffic exchanged between two users by placing themselves in between their communication channel.Reference:= Cisco Blogs - New Cybersecurity and Cloud Skills to Protect Companies from Cybersecurity Attacks of the Future
Question 72
Which type of data consists of connection level, application-specific records generated from network traffic?
transaction data
location data
statistical data
alert data
Transaction data consists of connection level, application-specific records generated from network traffic. It provides information about the source, destination, protocol, and application of each network connection. Transaction data can be used to identify anomalies, malicious activities, and user behaviors on the network.Reference:= Cisco CyberOps Engineer
Question 73
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?
ransomware communicating after infection
users downloading copyrighted content
data exfiltration
user circumvention of the firewall
Traffic with a known TOR exit node is often associated with data exfiltration, where sensitive information is transferred from within the network to an external location. TOR networks are used to anonymize the traffic, making it difficult to trace back to the source.Reference:= Cisco Cybersecurity Operations Fundamentals - Module 2: Security Monitoring
Question 74
What is an example of social engineering attacks?
receiving an unexpected email from an unknown person with an attachment from someone in the same company
receiving an email from human resources requesting a visit to their secure website to update contact information
sending a verbal request to an administrator who knows how to change an account password
receiving an invitation to the department's weekly WebEx meeting
Social engineering attacks are techniques that exploit human psychology and behavior to manipulate or deceive people into performing actions or divulging information that can compromise the security of the organization. An example of a social engineering attack is receiving an email from human resources requesting a visit to their secure website to update contact information. This could be a phishing attempt to trick the user into clicking on a malicious link or entering their credentials on a fake website that looks like the legitimate one.Reference:= Cisco Cybersecurity Operations Fundamentals - Module 6: Security Incident Investigations
Question 75
Refer to the exhibit.
What is occurring in this network?
ARP cache poisoning
DNS cache poisoning
MAC address table overflow
MAC flooding attack
The exhibit shows a network diagram with a switch, a router, and two hosts. The switch has a MAC address table that maps the MAC addresses of the connected devices to the corresponding ports. A MAC flooding attack is a type of attack that aims to overload the switch's MAC address table by sending a large number of frames with spoofed source MAC addresses. This causes the switch to enter a fail-open mode, where it broadcasts all incoming frames to all ports, effectively turning it into a hub. This allows the attacker to sniff the traffic between the hosts and the router, or launch other attacks such as ARP spoofing or man-in-the-middle
Question 76
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
syslog messages
full packet capture
NetFlow
firewall event logs
NetFlow provides a more efficient way of recording and analyzing network traffic patterns over an extended period of time compared to syslog messages, full packet capture, or firewall event logs. It collects metadata about traffic flows traversing the network devices which can be used for understanding normal baseline behavior as well as identifying anomalies.Reference:=Cisco Certified CyberOps Associate Overview
Question 77
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?
post-incident activity
detection and analysis
preparation
containment, eradication, and recovery
The analyst is in the detection and analysis phase of the incident response process according to NIST SP800-61. In this phase, events are detected and analyzed to determine whether they constitute incidents that require a response. It involves monitoring security events or data collection, correlation, and analysis of log entries and network flow data, among others. The goal is to identify incidents quickly so that appropriate actions can be taken.Reference:= NIST SP800-61, Computer Security Incident Handling Guide, Section 3.2: Detection and Analysis
Question 78
Which vulnerability type is used to read, write, or erase information from a database?
cross-site scripting
cross-site request forgery
buffer overflow
SQL injection
SQL injection is a type of vulnerability that allows an attacker to execute malicious SQL statements on a database server. This can result in reading, writing, or erasing information from the database, as well as bypassing authentication, executing commands, or compromising the server. SQL injection exploits the lack of input validation or output encoding in web applications that interact with databases.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.2: Web Application Attacks
Question 79
An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?
IP data
PII data
PSI data
PHI data
IP data stands for Intellectual Property data, which is any data that represents the creations of the mind, such as inventions, patents, designs, or artistic works. IP data is protected by law and has commercial value for its owners. In this case, the automotive company has a database of IP data for their engines and technical information, which customers can access after they register and identify themselves.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.2: Data Protection, Topic 1.2.1: Data Types
Question 80
According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim's workstations using RDP exploits Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?
malware attack
ransomware attack
whale-phishing
insider threat
Ransomware is a type of malware that encrypts the victim's data and demands a ransom for the decryption key. The attacker may also threaten to publish or delete the data if the ransom is not paid. In this case, the Egregor malware is distributed through a Cobalt Strike, which is a penetration testing tool that can be used to deploy payloads on compromised systems. The malware exfiltrates the victim's data to a command and control server and uses it as leverage to extort money from the victim.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.3: Malware Attacks
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question