This page was exported from Exam for engine [ http://blog.test4engine.com ] Export date:Mon Nov 18 4:30:58 2024 / +0000 GMT ___________________________________________________ Title: Free 200-201 Sample Questions and 100% Cover Real Exam Questions (Updated 260 Questions) [Q51-Q72] --------------------------------------------------- Free 200-201 Sample Questions and 100% Cover Real Exam Questions (Updated 260 Questions) Download Real Cisco 200-201 Exam Dumps Test Engine Exam Questions NO.51 Refer to the exhibit.What is the potential threat identified in this Stealthwatch dashboard?  Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.  Host 152.46.6.91 is being identified as a watchlist country for data transfer.  Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.  Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91. NO.52 Refer to the exhibit. Where is the executable file?  info  tags  MIME  name NO.53 A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?  CD data copy prepared in Windows  CD data copy prepared in Mac-based system  CD data copy prepared in Linux system  CD data copy prepared in Android-based system NO.54 What is a benefit of using asymmetric cryptography?  decrypts data with one key  fast data transfer  secure data transfer  encrypts data with one key NO.55 Refer to the exhibit. What is the expected result when the “Allow subdissector to reassemble TCP streams” feature is enabled?  insert TCP subdissectors  extract a file from a packet capture  disable TCP streams  unfragment TCP NO.56 What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)  Untampered images are used in the security investigation process  Tampered images are used in the security investigation process  The image is tampered if the stored hash and the computed hash match  Tampered images are used in the incident recovery process  The image is untampered if the stored hash and the computed hash match ExplanationCert Guide by Omar Santos, Chapter 9 – Introduction to digital Forensics. “When you collect evidence, you must protect its integrity. This involves making sure that nothing is added to the evidence and that nothing is deleted or destroyed (this is known as evidence preservation).”NO.57 Refer to the exhibit.A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?  indicators of denial-of-service attack due to the frequency of requests  garbage flood attack attacker is sending garbage binary data to open ports  indicators of data exfiltration HTTP requests must be plain text  cache bypassing attack: attacker is sending requests for noncacheable content NO.58 Drag and drop the security concept on the left onto the example of that concept on the right. NO.59 What is a difference between an inline and a tap mode traffic monitoring?  Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.  Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.  Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.  Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network. NO.60 According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim’s workstations using RDP exploits Malware exfiltrates the victim’s data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?  malware attack  ransomware attack  whale-phishing  insider threat NO.61 Refer to the exhibit.Which type of log is displayed?  IDS  proxy  NetFlow  sys ExplanationYou also see the 5-tuple in IPS events, NetFlow records, and other event data. In fact, on the exam you may need to differentiate between a firewall log versus a traditional IPS or IDS event. One of the things to remember is that traditional IDS and IPS use signatures, so an easy way to differentiate is by looking for a signature ID (SigID). If you see a signature ID, then most definitely the event is a traditional IPS or IDS event.NO.62 What is an attack surface as compared to a vulnerability?  any potential danger to an asset  the sum of all paths for data into and out of the application  an exploitable weakness in a system or its design  the individuals who perform an attack Section: Security MonitoringNO.63 What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?  TAPS interrogation is more complex because traffic mirroring applies additional tags to data and SPAN does not alter integrity and provides full duplex network.  SPAN results in more efficient traffic analysis, and TAPS is considerably slower due to latency caused by mirroring.  TAPS replicates the traffic to preserve integrity, and SPAN modifies packets before sending them to other analysis tools  SPAN ports filter out physical layer errors, making some types of analyses more difficult, and TAPS receives all packets, including physical errors. NO.64 An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?  ransomware communicating after infection  users downloading copyrighted content  data exfiltration  user circumvention of the firewall NO.65 What is the difference between the rule-based detection when compared to behavioral detection?  Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.  Rule-Based systems have established patterns that do not change with new data, while behavioral changes.  Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.  Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks. NO.66 What is a benefit of agent-based protection when compared to agentless protection?  It lowers maintenance costs  It provides a centralized platform  It collects and detects all traffic locally  It manages numerous devices simultaneously Section: Security ConceptsNO.67 Which type of access control depends on the job function of the user?  discretionary access control  nondiscretionary access control  role-based access control  rule-based access control NO.68 At a company party a guest asks questions about the company’s user account format and password complexity.How is this type of conversation classified?  Phishing attack  Password Revelation Strategy  Piggybacking  Social Engineering NO.69 Refer to the exhibit.Drag and drop the element name from the left onto the correct piece of the PCAP file on the right. NO.70 Refer to the exhibit.Which type of log is displayed?  IDS  proxy  NetFlow  sys NO.71 When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?  fragmentation  pivoting  encryption  stenography NO.72 An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.Which obfuscation technique is the attacker using?  Base64 encoding  transport layer security encryption  SHA-256 hashing  ROT13 encryption  Loading … Certification Path If you want to upgrade your CyberOps skills from associate to a professional level, you can continue your education by pursuing the Cisco Certified CyberOps Professional certificate, which will bring even more perks to your career.   New 200-201 exam dumps Use Updated Cisco Exam: https://www.test4engine.com/200-201_exam-latest-braindumps.html --------------------------------------------------- Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif https://blog.test4engine.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-04-11 15:34:53 Post date GMT: 2023-04-11 15:34:53 Post modified date: 2023-04-11 15:34:53 Post modified date GMT: 2023-04-11 15:34:53