ExamGecko
Search Search Login
Home Home / Cisco / 200-201
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
Which statement describes indicators of attack?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
What describes the impact of false-positive alerts compared to false-negative alerts?
What is a difference between SIEM and SOAR?
What is the difference between statistical detection and rule-based detection models?
What is the practice of giving an employee access to only the resources needed to accomplish their job?

Question 46 - 200-201 discussion

Report
Export

Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

A.

Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.

Answers
A.

Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.

B.

Host 152.46.6.91 is being identified as a watchlist country for data transfer.

Answers
B.

Host 152.46.6.91 is being identified as a watchlist country for data transfer.

C.

Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.

Answers
C.

Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.

D.

Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Answers
D.

Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Suggested answer: D

Explanation:

The exhibit shows a Stealthwatch dashboard displaying information on alarming hosts, alarms by type, and today's alarms. On the left side under ''Top Alarming Hosts,'' there are five host IP addresses listed with their respective categories indicating different types of alerts including 'Data Hoarding' and 'Exfiltration.' In ''Alarms by Type'' section at center top part of image shows bar graphs representing various alarm types including 'Crypto Violation' with their respective counts. On right side under ''Today's Alarms,'' there's a table showing the details of each alarm such as the host IP, the alarm type, the severity, and the time. The potential threat identified in this dashboard is that host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91, which is a sign of data exfiltration. Data exfiltration is the unauthorized transfer of data from a compromised system to an external destination, such as a command and control server or a malicious actor. This can result in data loss, breach of confidentiality, and damage to the organization's reputation and assets.Reference:= Cisco Cybersecurity Operations Fundamentals - Module 7: Network and Host Forensics

Show Answer
asked 07/10/2024
Nicola Pinotti
52 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms