Home

Home / Cisco / 200-201

Question list

List of questions

Question 1

(0)

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

Question 2

(0)

Refer to the exhibit. Which application protocol is in this PCAP file?

Question 3

(0)

Which piece of information is needed for attribution in an investigation?

Question 4

(0)

What does cyber attribution identify in an investigation?

Question 5

(0)

What is a purpose of a vulnerability management framework?

Question 6

(0)

A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?

Question 7

(0)

What is the practice of giving an employee access to only the resources needed to accomplish their job?

Question 8

(0)

Which metric is used to capture the level of access needed to launch a successful attack?

Question 9

(0)

What is the difference between an attack vector and attack surface?

Question 10

(0)

What is the principle of defense-in-depth?

Open VPLUS File

Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)

Which security principle is violated by running all processes as root or administrator?

DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.

An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?

A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)

Which statement describes indicators of attack?

What is a difference between SIEM and SOAR?

What describes the impact of false-positive alerts compared to false-negative alerts?

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

What is the difference between statistical detection and rule-based detection models?

Question 28 - 200-201 discussion

Report

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

A.

sequence numbers

B.

IP identifier

C.

5-tuple

D.

timestamps

Show Answer

asked 07/10/2024

MOHAMED RIAZ MOHAMED IBRAHIM

40 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first