Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 131:

  How does agentless monitoring differ from agent-based monitoring?

  A. Agentless can access the data via API. while agent-base uses a less efficient method and accesses log data through WMI.
  B. Agent-based monitoring is less intrusive in gathering log data, while agentless requires open ports to fetch the logs
  C. Agent-based monitoring has a lower initial cost for deployment, while agentless monitoring requires resource-intensive deployment.
  D. Agent-based has a possibility to locally filter and transmit only valuable data, while agentless has much higher network utilization
  D. Agent-based has a possibility to locally filter and transmit only valuable data, while agentless has much higher network utilization

  ---

  Explanation

  Agent-based monitoring: With agent-based monitoring, software agents are installed on the monitored systems or devices. These agents collect data locally, perform filtering or preprocessing of the data, and then transmit the relevant or valuable information to the monitoring system. Agent-based monitoring allows for local processing and filtering, which can reduce network utilization by only transmitting essential data.

  Agentless monitoring: Agentless monitoring, on the other hand, does not require software agents to be installed on the monitored systems or devices. Instead, it relies on leveraging existing protocols and interfaces, such as APIs (Application Programming Interfaces) or SNMP (Simple Network Management Protocol), to remotely access and retrieve monitoring data from the target systems. Agentless monitoring generally involves higher network utilization as the monitoring system needs to gather data from remote systems over the network.

• Question 132:

  A suspicious user opened a connection from a compromised host inside an organization. Traffic was going through a router and the network administrator was able to identify this flow. The admin was following 5-tuple to collect needed data.

  Which information was gathered based on this approach?

  A. direct path
  B. user name
  C. protocol
  D. NAT
  D. NAT

• Question 133:

  Which type of detection identifies threats based on predefined patterns or signatures?

  A. behavior-based detection
  B. anomaly-based detection
  C. signature-based detection
  D. heuristic detection
  C. signature-based detection

  ---

  Explanation

  Signature-based detection identifies threats by comparing observed activity against a database of known attack patterns or signatures. This method is highly effective for detecting known threats with established characteristics, such as specific malware variants or exploit signatures. However, it is less effective against new or unknown threats, as it relies on prior knowledge. Behavior-based detection (A) focuses on identifying suspicious activities, while anomaly-based detection (B) identifies deviations from normal behavior. Heuristic detection (D) uses rules and analysis to identify potential threats. Signature-based detection is widely used in antivirus and IDS/IPS systems due to its accuracy and low false positive rate for known threats. However, it must be regularly updated to remain effective against evolving threats.

• Question 134:

  DRAG DROP

  Drag and drop the security concept on the left onto the example of that concept on the right.

  Select and Place:

  

  

• Question 135:

  Refer to the exhibit.

  

  Where is the executable file?

  A. info
  B. tags
  C. MIME
  D. name
  D. name

  ---

  Explanation

  The executable file is identified in the "name" section of the exhibit, which lists the file name "VAC-Bypass-Loader.exe". This indicates that the file is an executable, as denoted by the ".exe" extension commonly associated with executable files in Windows operating systems.

  The information provided is based on standard practices for identifying executable files within cybersecurity analysis reports and is consistent with Cisco's cybersecurity documentation.

• Question 136:

  Refer to the exhibit

  

  Which TLS version does this client support?

  A. 13
  B. 1.0 and 1.2
  C. 12
  D. 1.1 and 13
  B. 1.0 and 1.2

• Question 137:

  What is the difference between an attack vector and attack surface?

  A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
  B. An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.
  C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
  D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.
  C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.

• Question 138:

  One of the objectives of information security is to protect the CIA of information and systems.

  What does CIA mean in this context?

  A. confidentiality, identity, and authorization
  B. confidentiality, integrity, and authorization
  C. confidentiality, identity, and availability
  D. confidentiality, integrity, and availability
  D. confidentiality, integrity, and availability

• Question 139:

  Which type of attack involves intercepting and altering communication between two parties?

  A. denial-of-service
  B. man-in-the-middle
  C. phishing
  D. brute force
  B. man-in-the-middle

  ---

  Explanation

  A man-in-the-middle (MITM) attack occurs when an attacker intercepts communication between two parties and potentially alters the data being exchanged. This can allow the attacker to steal sensitive information such as credentials or inject malicious content. MITM attacks often exploit insecure networks or lack of encryption. Denial-of-service (A) disrupts availability, phishing (C) deceives users, and brute force (D) attempts to guess credentials. MITM attacks can be mitigated using encryption protocols like TLS, certificate validation, and secure network practices. Detecting MITM attacks may involve identifying unusual certificate changes or unexpected traffic patterns.

• Question 140:

  What is a difference between SIEM and SOAR?

  A. SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.
  B. SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.
  C. SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.
  D. SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.
  B. SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.

  ---

  Explanation

  References:

  https://www.cisco.com/c/en/us/products/security/what-is-a-security-platform.html

  siem is log managment soar is vulnerability managment that automat and response