ExamGecko
Search Search Login
Home Home / Cisco / 200-201
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
Refer to the exhibit. What should be interpreted from this packet capture?
What describes the impact of false-positive alerts compared to false-negative alerts?
What are two social engineering techniques? (Choose two.)

Question 94 - 200-201 discussion

Report
Export

An engineer is investigating a case of the unauthorized usage of the ''Tcpdump'' tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?

A.

tagged protocols being used on the network

Answers
A.

tagged protocols being used on the network

B.

all firewall alerts and resulting mitigations

Answers
B.

all firewall alerts and resulting mitigations

C.

tagged ports being used on the network

Answers
C.

tagged ports being used on the network

D.

all information and data within the datagram

Answers
D.

all information and data within the datagram

Suggested answer: D

Explanation:

The unauthorized usage of ''Tcpdump'' tool indicates that the malicious insider was attempting to obtain all information within datagrams passing through a specific interface on the network. Tcpdump allows users to capture packet data from a live network or read packets from a previously saved capture file.Reference:=Cisco CyberOps - Module 3: Network Data and Event Analysis

Show Answer
asked 07/10/2024
Abdul Majid Pasha
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms