Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 171:

  Which description is a defense-in-depth principal strategy?

  A. isolating employees with access to critical data
  B. implementing VLANs to segment network traffic
  C. developing approval flow for new hires
  D. designing Active Directory groups
  B. implementing VLANs to segment network traffic

• Question 172:

  Which metric is used to capture the level of access needed to launch a successful attack?

  A. privileges required
  B. user interaction
  C. attack complexity
  D. attack vector
  A. privileges required

• Question 173:

  What is a Shellshock vulnerability?

  A. command injection
  B. cross site scripting
  C. heap overflow
  D. SQL injection
  A. command injection

• Question 174:

  Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

  A. NetScout
  B. tcpdump
  C. SolarWinds
  D. netsh
  B. tcpdump

  ---

  Explanation

• Question 175:

  Refer to exhibit.

  

  Which alert is identified from this packet?

  A. SSDP amplification
  B. SYN flood
  C. TCP fragmentation attack
  D. Fraggle attack
  B. SYN flood

• Question 176:

  A security team receives a ticket to investigate suspicious emails sent to company employees from known malicious domains. Further analysis shows that a targeted phishing attempt was successfully blocked by the company's email antivirus.

  At which step of the Cyber Kill Chain did the security team mitigate this attack?

  A. Delivery
  B. Actions on Objectives
  C. Command and Control
  D. Weaponization
  A. Delivery

  ---

  Explanation

  The Delivery phase of the Cyber Kill Chain is the stage where an attacker transmits a malicious payload to the target. In phishing attacks, this typically occurs through email messages containing malicious links or attachments sent to intended victims. In this scenario, the phishing emails were identified and blocked by the organization's email antivirus solution before they reached users or were interacted with. This indicates that the attack was mitigated during the delivery phase, as the malicious content was stopped in transit and never executed on the target systems. Weaponization refers to the creation of malicious payloads, which occurs before delivery. Command and Control involves establishing remote communication with compromised systems, which requires successful execution. Actions on Objectives represent the final stage where attackers achieve their goals, such as data theft or account compromise. Cybersecurity operations fundamentals emphasize that email security controls are designed to disrupt attacks as early as possible in the kill chain. Blocking phishing emails at delivery significantly reduces risk and prevents downstream compromise.

  Therefore, the correct answer is Delivery.

• Question 177:

  Which type of attack involves sending input commands to a web server to access data?

  A. SQL injection
  B. Denial of service
  C. Cross-site scripting
  D. DNS poisoning
  A. SQL injection

• Question 178:

  Which evasion technique is a function of ransomware?

  A. extended sleep calls
  B. encryption
  C. resource exhaustion
  D. encoding
  B. encryption

• Question 179:

  Which TCP flag is used to acknowledge receipt of data during a session?

  A. SYN
  B. ACK
  C. FIN
  D. RST
  B. ACK

  ---

  Explanation

  The ACK (Acknowledgment) flag in the TCP header is used to confirm that data has been successfully received. During a TCP session, each segment sent is acknowledged by the receiving host using the ACK flag along with an acknowledgment number indicating the next expected byte. This mechanism ensures reliable communication, as lost packets can be retransmitted when acknowledgments are not received. The SYN flag (A) is used to initiate a TCP connection, while FIN (C) is used to gracefully terminate a session. The RST flag (D) abruptly resets a connection when an error occurs or when an unexpected packet is received. Understanding TCP flags is essential in network analysis, as they help identify connection states and abnormal behaviors such as scanning or denial-of-service attacks. For example, an excessive number of SYN packets without corresponding ACKs may indicate a SYN flood attack.

• Question 180:

  What is the difference between the ACK flag and the RST flag in the NetFlow log session?

  A. The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete
  B. The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete
  C. The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection
  D. The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection
  D. The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection