Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 111:

  Refer to the exhibit.

  

  What is occurring in this network traffic?

  A. High rate of SYN packets being sent from a multiple source towards a single destination IP.
  B. High rate of ACK packets being sent from a single source IP towards multiple destination IPs.
  C. Flood of ACK packets coming from a single source IP to multiple destination IPs.
  D. Flood of SYN packets coming from a single source IP to a single destination IP.
  D. Flood of SYN packets coming from a single source IP to a single destination IP.

• Question 112:

  Why is encryption challenging to security monitoring?

  A. Encryption analysis is used by attackers to monitor VPN tunnels.
  B. Encryption is used by threat actors as a method of evasion and obfuscation.
  C. Encryption introduces additional processing requirements by the CPU.
  D. Encryption introduces larger packet sizes to analyze and store.
  B. Encryption is used by threat actors as a method of evasion and obfuscation.

  ---

  Explanation

  Encryption is challenging to security monitoring because it can be used by threat actors as a method of evasion and obfuscation. Encryption can prevent security devices from inspecting the content or payload of the network traffic, making it difficult to detect malicious activity or signatures. Encryption can also hide the source and destination of the traffic, making it hard to trace the origin or destination of the attack.

  References:

  https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html(Module4,Lesson4.1.1)

• Question 113:

  An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication.

  Which technology must the engineer implement in this scenario'?

  A. X 509 certificates
  B. RADIUS server
  C. CA server
  D. web application firewall
  A. X 509 certificates

• Question 114:

  What is the impact of encryption on data visibility?

  A. TLS 1.3 traffic cannot be decrypted and monitored.
  B. Traffic decryption causes high CPU load on monitoring systems.
  C. Traffic decryption is needed for deep inspection of SSL traffic via NGFW.
  D. IPsec encryption of traffic is vulnerable to man-in-the-middle attacks.
  A. TLS 1.3 traffic cannot be decrypted and monitored.

• Question 115:

  Refer to the exhibit.

  

  What does the output indicate about the server with the IP address 172.18.104.139?

  A. open ports of a web server
  B. open port of an FTP server
  C. open ports of an email server
  D. running processes of the server
  C. open ports of an email server

• Question 116:

  Which information must an organization use to understand the threats currently targeting the organization?

  A. threat intelligence
  B. risk scores
  C. vendor suggestions
  D. vulnerability exposure
  A. threat intelligence

• Question 117:

  Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

  A. ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
  B. ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods
  C. ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods
  D. ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
  C. ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

• Question 118:

  Which security principle ensures that no single individual has complete control over a critical process?

  A. least privilege
  B. separation of duties
  C. need to know
  D. due diligence
  B. separation of duties

  ---

  Explanation

  Separation of duties is a security principle that divides responsibilities among multiple individuals to prevent fraud, errors, or abuse. By requiring more than one person to complete critical tasks, it reduces the risk of insider threats and ensures checks and balances. Least privilege (A) limits access rights. Need to know (C) restricts information access. Due diligence (D) refers to responsible investigation and care. Separation of duties is commonly implemented in financial systems, administrative controls, and security operations. For example, one person may approve a transaction while another executes it. This principle enhances accountability and reduces the likelihood of unauthorized actions going unnoticed.

• Question 119:

  Refer to the exhibit.

  

  An engineer must map these events to the source technology that generated the event logs.

  To which technology do the generated logs belong?

  A. proxy
  B. antivirus
  C. IPS
  D. firewall
  C. IPS

• Question 120:

  What describes the framework that enables to control user access to critical information in the heterogenous technology environments?

  A. vulnerability scanner
  B. configuration management
  C. mobile device management
  D. identity and access management
  D. identity and access management