A. Identified a firewall device preventing the pert state from being returned. B. Identified open SMB ports on the server C. Gathered information on processes running on the server D. Gathered a list of Active Directory users
A. Identified a firewall device preventing the pert state from being returned.
Question 2:
What is the key difference between mandatory access control (MAC) and discretionary access control (DAC)?
A. DAC is controlled by the OS, and MAC is controlled by the owner of the access list. B. DAC is the most strict access control, and MAC is object-based access. C. MAC is controlled by the OS, and DAC is controlled by the owner of the access list. D. MAC is the most strict access control, and DAC is object-based access.
C. MAC is controlled by the OS, and DAC is controlled by the owner of the access list.
Question 3:
What are two types of cross site scripting attacks? (Choose two.)
A. directed B. encoded C. reflected D. stored E. cascaded
C. reflected D. stored
Question 4:
Refer to the exhibit.
The figure shows an X 509 certificate.
Which field represents the digital cryptographic algorithm used by the issuer to sign the certificate?
A. Signature Algorithm B. Timestamp C. Fingerprints D. Log Operator
A. Signature Algorithm
Question 5:
An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom.
What is the threat actor in this scenario?
A. phishing email B. sender C. HR D. receiver
B. sender
Question 6:
Refer to the exhibit.
Based on the .
pcap file, which DNS server is used to resolve cisco.com?
A. 224.0.0.251 B. 192.168.2.1 C. 72.163.4.185 D. 192.168.2.104
B. 192.168.2.1
Question 7:
At a company party a guest asks questions about the company's user account format and password complexity.
How is this type of conversation classified?
A. Phishing attack B. Password Revelation Strategy C. Piggybacking D. Social Engineering
D. Social Engineering
Explanation
Social engineering is the practice of manipulating or deceiving people into performing actions or divulging information that can compromise the security of the organization. Asking questions about the company's user account format and password complexity at a party is an example of social engineering, as the guest may be trying to gather information that can be used to launch a cyberattack.
What should be interpreted from this packet capture?
A. 192.168.7.138 is sending a packet from port 1983 to port 1983 of IP address 192.168.1.18 using UDP protocol. B. 192.168.7.138 is sending a packet from port 1983 to port 1983 of IP address 192.168.1.18 using TCP protocol. C. 192.168.1.18 is sending a packet from port 1983 to port 1983 of IP address 192.168.7.138 using UDP protocol. D. 192.168.1.18 is sending a packet from port 1983 to port 1983 of IP address 192.168.7.138 using TCP protocol.
C. 192.168.1.18 is sending a packet from port 1983 to port 1983 of IP address 192.168.7.138 using UDP protocol.
Question 9:
What is the primary function of NetFlow data in network security monitoring?
A. capturing full packet payloads B. identifying session metadata C. encrypting traffic flows D. blocking malicious connections
B. identifying session metadata
Explanation
NetFlow provides metadata about network traffic rather than full packet contents. This metadata includes source and destination IP addresses, ports, protocol, and session duration, often referred to as the 5-tuple. It allows analysts to understand communication patterns without needing to capture full packets, which can be resource-intensive. NetFlow is particularly useful for detecting anomalies such as unusual traffic spikes, data exfiltration patterns, or unauthorized communications. Unlike full packet capture (A), NetFlow does not include payload data. It does not perform encryption (C) or blocking (D); those functions are handled by other security tools like VPNs or firewalls. Its efficiency and scalability make it a key component in SOC environments for network visibility and behavioral analysis. By analyzing NetFlow data, analysts can quickly identify suspicious trends and pivot to deeper investigation if necessary.
Question 10:
What is a difference between SOAR and SIEM?
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not C. SOAR receives information from a single platform and delivers it to a SIEM D. SIEM receives information from a single platform and delivers it to a SOAR
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 200-201 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.