Ask Question
Cisco 200-201 Practice Test - Questions Answers, Page 9
List of questions
Question 81
Syslog collecting software is installed on the server For the log containment, a disk with FAT type partition is used An engineer determined that log files are being corrupted when the 4 GB tile size is exceeded. Which action resolves the issue?
Add space to the existing partition and lower the retention penod.
Use FAT32 to exceed the limit of 4 GB.
Use the Ext4 partition because it can hold files up to 16 TB.
Use NTFS partition for log file containment
FAT is a file system that organizes and stores data on a disk. However, FAT has a limitation of 4 GB for the maximum file size, which means that any file larger than that will be corrupted. To resolve this issue, the engineer can use FAT32, which is an improved version of FAT that supports files up to 32 GB. Alternatively, the engineer can use other file systems that have higher file size limits, such as Ext4 or NTFS.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 5: Security Policies and Procedures, Lesson 5.1: Data Retention, Topic 5.1.1: Data Retention Policies and Procedures
Question 82
What ate two categories of DDoS attacks? (Choose two.)
split brain
scanning
phishing
reflected
direct
DDoS attacks are divided into two categories: reflected and direct. Reflected attacks use a third-party system to amplify the attack traffic and send it to the target. For example, an attacker can send a spoofed request to a DNS server, which will reply with a large amount of data to the target's IP address. Direct attacks send the attack traffic directly from the attacker's system or a botnet to the target. For example, an attacker can send a large number of SYN packets to the target's port, exhausting its resources.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.4: Denial-of-Service Attacks
Question 83
What is an advantage of symmetric over asymmetric encryption?
A key is generated on demand according to data type.
A one-time encryption key is generated for data transmission
It is suited for transmitting large amounts of data.
It is a faster encryption mechanism for sessions
Symmetric encryption is a type of encryption that uses the same key to encrypt and decrypt data. Asymmetric encryption is a type of encryption that uses a pair of keys: a public key and a private key. The public key can be used to encrypt data, but only the private key can decrypt it, and vice versa. An advantage of symmetric encryption over asymmetric encryption is that it is faster and more efficient for encrypting large amounts of data, such as in sessions or bulk transfers. Asymmetric encryption is slower and more computationally intensive, but it is more secure and suitable for key exchange or digital signatures.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 2: Security Monitoring, Lesson 2.3: Cryptography and PKI, Topic 2.3.1: Cryptography
Question 84
What are two denial-of-service (DoS) attacks? (Choose two)
port scan
SYN flood
man-in-the-middle
phishing
teardrop
SYN flood and teardrop are two types of denial-of-service (DoS) attacks, which aim to disrupt the availability of a service or a system by overwhelming it with malicious traffic or requests. A SYN flood attack exploits the TCP three-way handshake process by sending a large number of SYN packets to the target's port, without completing the connection. This causes the target to allocate resources for half-open connections, eventually exhausting its memory or bandwidth. A teardrop attack exploits the IP fragmentation process by sending malformed or overlapping IP fragments to the target, causing it to crash or reboot when trying to reassemble them.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.4: Denial-of-Service Attacks
Question 85
What is the difference between a threat and an exploit?
A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.
A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset
An exploit is an attack vector, and a threat is a potential path the attack must go through.
An exploit is an attack path, and a threat represents a potential vulnerability
A threat is a possible danger that might exploit a vulnerability to breach the security and cause harm to an asset. An asset is anything of value that needs to be protected, such as data, systems, or networks. A vulnerability is a weakness or flaw in the security that can be exploited by a threat. An exploit is a piece of code or a technique that takes advantage of a vulnerability to compromise the security and perform malicious actions on an asset.Reference:= Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.1: The CIA Triad and Security Concepts, Topic 1.1.3: Threats, Vulnerabilities, and Exploits
Question 86
Which action prevents buffer overflow attacks?
variable randomization
using web based applications
input sanitization
using a Linux operating system
Input sanitization involves cleaning up user input before processing it, ensuring that it does not contain malicious code intended for buffer overflow attacks or other types of security breaches.Reference:=New Cybersecurity Skills
Question 87
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
known-plaintext
replay
dictionary
man-in-the-middle
A man-in-the-middle attack occurs when a third party intercepts and potentially alters the communication between two parties (in this case, two IP phones) without them knowing. This type of attack can lead to eavesdropping, where the attacker can gain unauthorized access to sensitive data being communicated between the two parties.Reference:=Cisco Cybersecurity Operations Fundamentals - Module 5: Endpoint Threat Analysis and Computer Forensics
Question 88
Refer to the exhibit.
What should be interpreted from this packet capture?
81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.
192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.
192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.
81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.
The packet capture exhibit shows that the source IP address is 192.168.122.100 and it is sending a packet from source port 50272 to destination port 80 of destination IP address 81.179.179.69 using TCP protocol. The TCP protocol is indicated by the Protocol field which has the value 6. The source and destination ports are indicated by the SrcPort and DstPort fields respectively. The source and destination IP addresses are indicated by the SrcAddr and DstAddr fields respectively.Reference:=Cisco Cybersecurity Operations Fundamentals - Module 3: Network Data and Event Analysis
Question 89
What are the two characteristics of the full packet captures? (Choose two.)
Identifying network loops and collision domains.
Troubleshooting the cause of security and performance issues.
Reassembling fragmented traffic from raw data.
Detecting common hardware faults and identify faulty assets.
Providing a historical record of a network transaction.
Full packet captures are essential for troubleshooting security and performance issues as they provide detailed information on network traffic (option B). They also allow for reassembling fragmented traffic from raw data, enabling analysts to review complete transactions or sessions (option C).Reference:=Cisco Cybersecurity Operations Fundamentals - Module 3: Network Data and Event Analysis
Question 90
Refer to the exhibit.
An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
The file has an embedded non-Windows executable but no suspicious features are identified.
The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question