Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 181:

  Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)

  A. UDP port to which the traffic is destined
  B. TCP port from which the traffic was sourced
  C. source IP address of the packet
  D. destination IP address of the packet
  E. UDP port from which the traffic is sourced
  C. source IP address of the packet
  D. destination IP address of the packet

• Question 182:

  Which artifact is used to uniquely identify a detected file?

  A. file timestamp
  B. file extension
  C. file size
  D. file hash
  D. file hash

• Question 183:

  Refer to the exhibit.

  

  What should be interpreted from this packet capture?

  A. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.
  B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.
  C. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.
  D. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.
  B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

• Question 184:

  Refer to the exhibit.

  What is the logical source device for these events?

  

  A. proxy server
  B. IDS/IPS
  C. NetFlow collector
  D. web server
  B. IDS/IPS

• Question 185:

  An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN.

  What is causing this issue?

  A. incorrect TCP handshake
  B. incorrect UDP handshake
  C. incorrect OSI configuration
  D. incorrect snaplen configuration
  A. incorrect TCP handshake

  ---

  Explanation

  References:

  https://www.sciencedirect.com/topics/computer-science/three-way-handshake#:~:text=The%20TCP%20handshake,as%20shown%20in%20Figure%203.8

• Question 186:

  Refer to the exhibit.

  

  What is occurring?

  A. Identifying possible malware communications and botnet activity
  B. Monitoring of encrypted and unencrypted web sessions for diagnostics.
  C. Analysis of traffic flows during network capacity testing
  D. Review of session logs for performance optimization in a distributed application environment
  B. Monitoring of encrypted and unencrypted web sessions for diagnostics.

• Question 187:

  What is the difference between deep packet inspection and stateful inspection?

  A. Stateful inspection verifies contents at Layer 4. and deep packet inspection verifies connection at Layer 7.
  B. Stateful inspection is more secure than deep packet inspection on Layer 7.
  C. Deep packet inspection is more secure than stateful inspection on Layer 4.
  D. Deep packet inspection allows visibility on Layer 7, and stateful inspection allows visibility on Layer 4.
  D. Deep packet inspection allows visibility on Layer 7, and stateful inspection allows visibility on Layer 4.

• Question 188:

  What is a ransomware attack?

  A. It is a component of a malware attack used to establish a remote covert channel.
  B. It is malicious software that steals confidential data.
  C. It encrypts a victim's data and prevents access to it.
  D. The volume of data exceeds storage capacity.
  C. It encrypts a victim's data and prevents access to it.

  ---

  Explanation

  Ransomware is a form of malicious software designed to encrypt a victim's data and deny access until a ransom is paid. Once executed, ransomware typically encrypts files using strong cryptographic algorithms and displays a ransom note demanding payment, often in cryptocurrency, in exchange for a decryption key.

  Unlike spyware, which focuses on data theft, ransomware primarily targets availability and integrity by rendering data unusable. Modern ransomware variants may also exfiltrate data before encryption to apply additional pressure on victims through extortion.

  Option A describes command-and-control mechanisms, not ransomware.

  Option B refers to data-stealing malware such as spyware or trojans.

  Option D describes a storage issue, not a cyberattack. Cybersecurity operations fundamentals identify ransomware as one of the most impactful attack types due to its ability to disrupt business operations, cause financial loss, and damage organizational reputation. Therefore, the correct definition of a ransomware attack is that it encrypts a victim's data and prevents access, making

  Option C correct.

• Question 189:

  What is the difference between deep packet inspection and stateful inspection?

  A. Deep packet inspection is more secure than stateful inspection on Layer 4
  B. Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7
  C. Stateful inspection is more secure than deep packet inspection on Layer 7
  D. Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4
  D. Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

• Question 190:

  Which event is user interaction?

  A. gaining root access
  B. executing remote code
  C. reading and writing file permission
  D. opening a malicious file
  D. opening a malicious file