ExamGecko
Search Search Login
Home Home / Cisco / 200-201

Cisco 200-201 Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 81

Report
Export
Collapse

Syslog collecting software is installed on the server For the log containment, a disk with FAT type partition is used An engineer determined that log files are being corrupted when the 4 GB tile size is exceeded. Which action resolves the issue?

A.

Add space to the existing partition and lower the retention penod.

A.

Add space to the existing partition and lower the retention penod.

Answers
B.

Use FAT32 to exceed the limit of 4 GB.

B.

Use FAT32 to exceed the limit of 4 GB.

Answers
C.

Use the Ext4 partition because it can hold files up to 16 TB.

C.

Use the Ext4 partition because it can hold files up to 16 TB.

Answers
D.

Use NTFS partition for log file containment

D.

Use NTFS partition for log file containment

Answers
Suggested answer: B

Explanation:

FAT is a file system that organizes and stores data on a disk. However, FAT has a limitation of 4 GB for the maximum file size, which means that any file larger than that will be corrupted. To resolve this issue, the engineer can use FAT32, which is an improved version of FAT that supports files up to 32 GB. Alternatively, the engineer can use other file systems that have higher file size limits, such as Ext4 or NTFS.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 5: Security Policies and Procedures, Lesson 5.1: Data Retention, Topic 5.1.1: Data Retention Policies and Procedures

Question 82

Report
Export
Collapse

What ate two categories of DDoS attacks? (Choose two.)

A.

split brain

A.

split brain

Answers
B.

scanning

B.

scanning

Answers
C.

phishing

C.

phishing

Answers
D.

reflected

D.

reflected

Answers
E.

direct

E.

direct

Answers
Suggested answer: D, E

Explanation:

DDoS attacks are divided into two categories: reflected and direct. Reflected attacks use a third-party system to amplify the attack traffic and send it to the target. For example, an attacker can send a spoofed request to a DNS server, which will reply with a large amount of data to the target's IP address. Direct attacks send the attack traffic directly from the attacker's system or a botnet to the target. For example, an attacker can send a large number of SYN packets to the target's port, exhausting its resources.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.4: Denial-of-Service Attacks

Question 83

Report
Export
Collapse

What is an advantage of symmetric over asymmetric encryption?

A.

A key is generated on demand according to data type.

A.

A key is generated on demand according to data type.

Answers
B.

A one-time encryption key is generated for data transmission

B.

A one-time encryption key is generated for data transmission

Answers
C.

It is suited for transmitting large amounts of data.

C.

It is suited for transmitting large amounts of data.

Answers
D.

It is a faster encryption mechanism for sessions

D.

It is a faster encryption mechanism for sessions

Answers
Suggested answer: D

Explanation:

Symmetric encryption is a type of encryption that uses the same key to encrypt and decrypt data. Asymmetric encryption is a type of encryption that uses a pair of keys: a public key and a private key. The public key can be used to encrypt data, but only the private key can decrypt it, and vice versa. An advantage of symmetric encryption over asymmetric encryption is that it is faster and more efficient for encrypting large amounts of data, such as in sessions or bulk transfers. Asymmetric encryption is slower and more computationally intensive, but it is more secure and suitable for key exchange or digital signatures.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 2: Security Monitoring, Lesson 2.3: Cryptography and PKI, Topic 2.3.1: Cryptography

Question 84

Report
Export
Collapse

What are two denial-of-service (DoS) attacks? (Choose two)

A.

port scan

A.

port scan

Answers
B.

SYN flood

B.

SYN flood

Answers
C.

man-in-the-middle

C.

man-in-the-middle

Answers
D.

phishing

D.

phishing

Answers
E.

teardrop

E.

teardrop

Answers
Suggested answer: B, E

Explanation:

SYN flood and teardrop are two types of denial-of-service (DoS) attacks, which aim to disrupt the availability of a service or a system by overwhelming it with malicious traffic or requests. A SYN flood attack exploits the TCP three-way handshake process by sending a large number of SYN packets to the target's port, without completing the connection. This causes the target to allocate resources for half-open connections, eventually exhausting its memory or bandwidth. A teardrop attack exploits the IP fragmentation process by sending malformed or overlapping IP fragments to the target, causing it to crash or reboot when trying to reassemble them.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.4: Denial-of-Service Attacks

Question 85

Report
Export
Collapse

What is the difference between a threat and an exploit?

A.

A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.

A.

A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.

Answers
B.

A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset

B.

A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset

Answers
C.

An exploit is an attack vector, and a threat is a potential path the attack must go through.

C.

An exploit is an attack vector, and a threat is a potential path the attack must go through.

Answers
D.

An exploit is an attack path, and a threat represents a potential vulnerability

D.

An exploit is an attack path, and a threat represents a potential vulnerability

Answers
Suggested answer: B

Explanation:

A threat is a possible danger that might exploit a vulnerability to breach the security and cause harm to an asset. An asset is anything of value that needs to be protected, such as data, systems, or networks. A vulnerability is a weakness or flaw in the security that can be exploited by a threat. An exploit is a piece of code or a technique that takes advantage of a vulnerability to compromise the security and perform malicious actions on an asset.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.1: The CIA Triad and Security Concepts, Topic 1.1.3: Threats, Vulnerabilities, and Exploits

Question 86

Report
Export
Collapse

Which action prevents buffer overflow attacks?

A.

variable randomization

A.

variable randomization

Answers
B.

using web based applications

B.

using web based applications

Answers
C.

input sanitization

C.

input sanitization

Answers
D.

using a Linux operating system

D.

using a Linux operating system

Answers
Suggested answer: C

Explanation:

Input sanitization involves cleaning up user input before processing it, ensuring that it does not contain malicious code intended for buffer overflow attacks or other types of security breaches.Reference:=New Cybersecurity Skills

Question 87

Report
Export
Collapse

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

A.

known-plaintext

A.

known-plaintext

Answers
B.

replay

B.

replay

Answers
C.

dictionary

C.

dictionary

Answers
D.

man-in-the-middle

D.

man-in-the-middle

Answers
Suggested answer: D

Explanation:

A man-in-the-middle attack occurs when a third party intercepts and potentially alters the communication between two parties (in this case, two IP phones) without them knowing. This type of attack can lead to eavesdropping, where the attacker can gain unauthorized access to sensitive data being communicated between the two parties.Reference:=Cisco Cybersecurity Operations Fundamentals - Module 5: Endpoint Threat Analysis and Computer Forensics

Question 88

Report
Export
Collapse

Refer to the exhibit.

What should be interpreted from this packet capture?

A.

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

A.

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

Answers
B.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

B.

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

Answers
C.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

C.

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

Answers
D.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

D.

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Answers
Suggested answer: B

Explanation:

The packet capture exhibit shows that the source IP address is 192.168.122.100 and it is sending a packet from source port 50272 to destination port 80 of destination IP address 81.179.179.69 using TCP protocol. The TCP protocol is indicated by the Protocol field which has the value 6. The source and destination ports are indicated by the SrcPort and DstPort fields respectively. The source and destination IP addresses are indicated by the SrcAddr and DstAddr fields respectively.Reference:=Cisco Cybersecurity Operations Fundamentals - Module 3: Network Data and Event Analysis

Question 89

Report
Export
Collapse

What are the two characteristics of the full packet captures? (Choose two.)

A.

Identifying network loops and collision domains.

A.

Identifying network loops and collision domains.

Answers
B.

Troubleshooting the cause of security and performance issues.

B.

Troubleshooting the cause of security and performance issues.

Answers
C.

Reassembling fragmented traffic from raw data.

C.

Reassembling fragmented traffic from raw data.

Answers
D.

Detecting common hardware faults and identify faulty assets.

D.

Detecting common hardware faults and identify faulty assets.

Answers
E.

Providing a historical record of a network transaction.

E.

Providing a historical record of a network transaction.

Answers
Suggested answer: B, C

Explanation:

Full packet captures are essential for troubleshooting security and performance issues as they provide detailed information on network traffic (option B). They also allow for reassembling fragmented traffic from raw data, enabling analysts to review complete transactions or sessions (option C).Reference:=Cisco Cybersecurity Operations Fundamentals - Module 3: Network Data and Event Analysis

Question 90

Report
Export
Collapse

Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

A.

The file has an embedded executable and was matched by PEiD threat signatures for further analysis.

A.

The file has an embedded executable and was matched by PEiD threat signatures for further analysis.

Answers
B.

The file has an embedded non-Windows executable but no suspicious features are identified.

B.

The file has an embedded non-Windows executable but no suspicious features are identified.

Answers
C.

The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.

C.

The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.

Answers
D.

The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

D.

The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

Answers
Suggested answer: C
Total 331 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms