Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 191:

  A user received a malicious email attachment named "DS045-report1122345.exe" and executed it.

  In which step of the Cyber Kill Chain is this event?

  A. reconnaissance
  B. delivery
  C. weaponization
  D. installation
  D. installation

  ---

  Explanation

  The attachment is already executed. It should be Exploitation, but once it is not an option so it is installation.

• Question 192:

  What is indicated by an increase in IPv4 traffic carrying protocol 41 ?

  A. additional PPTP traffic due to Windows clients
  B. unauthorized peer-to-peer traffic
  C. deployment of a GRE network on top of an existing Layer 3 network
  D. attempts to tunnel IPv6 traffic through an IPv4 network
  D. attempts to tunnel IPv6 traffic through an IPv4 network

• Question 193:

  An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves.

  Which type of protected data is accessed by customers?

  A. IP data
  B. PII data
  C. PSI data
  D. PHI data
  A. IP data

• Question 194:

  A security incident occurred with the potential of impacting business services.

  Who performs the attack?

  A. malware author
  B. threat actor
  C. bug bounty hunter
  D. direct competitor
  B. threat actor

  ---

  Explanation

  References:

  https://www.paubox.com/blog/what-is-threat-actor/#:~:text=The%20term%20threat%20actor%20refers,CTA)%20when%20referencing%20cybersecurity%20issues

• Question 195:

  A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays.

  Which information must the engineer obtain for this analysis?

  A. total throughput on the interface of the router and NetFlow records
  B. output of routing protocol authentication failures and ports used
  C. running processes on the applications and their total network usage
  D. deep packet captures of each application flow and duration
  A. total throughput on the interface of the router and NetFlow records

  ---

  Explanation

  For high availability and responsiveness, especially where milliseconds of latency are critical, an engineer must analyze the network's performance in detail. Total throughput on the interface of the router will provide information on the bandwidth and traffic load, which is essential for understanding if the network can handle the current and projected traffic without delays. NetFlow records are crucial for this analysis as they provide data about the traffic flow across the network, which helps in identifying patterns, peak usage times, and types of traffic. This information is vital for making informed decisions to optimize traffic movement and minimize latency.

  References:

  Cisco's guide on Network Traffic Analysis.

  Cisco's white paper on Network Security Policy: Best Practices.

  Cisco's documentation on Implementation of High Availability

• Question 196:

  An analyst performs traffic analysis to detect data exfiltration and identifies a high frequency of DNS requests in a small period of time.

  Which technology makes this behavior feasible?

  A. access control list
  B. NAT
  C. encryption
  D. tunneling
  D. tunneling

• Question 197:

  Which security monitoring data type is associated with application server logs?

  A. transaction data
  B. statistical data
  C. session data
  D. alert data
  A. transaction data

• Question 198:

  A network engineer informed a security team of a large amount of traffic and suspicious activity from an unknown source to the company DMZ server The security team reviewed the data and identified a potential DDoS attempt According to NIST, at which phase of incident response is the security team?

  A. containment and eradication
  B. preparation
  C. recovery
  D. detection and analysis
  D. detection and analysis

• Question 199:

  Which two elements are assets in the role of attribution in an investigation? (Choose two.)

  A. context
  B. session
  C. laptop
  D. firewall logs
  E. threat actor
  C. laptop
  D. firewall logs

  ---

  Explanation

  The following are some factors that are used during attribution in an investigation: Assets, Threat actor, Indicators of Compromise (IoCs), Indicators of Attack (IoAs), Chain of custody

  Asset: This factor identifies which assets were compromised by a threat actor or hacker. An example of an asset can be an organization's domain controller (DC) that runs Active Directory Domain Services (AD DS). AD is a service that allows an administrator to manage user accounts, user groups, and policies across a Microsoft Windows environment. Keep in mind that an asset is anything that has value to an organization; it can be something physical, digital, or even people. Cisco Certified CyberOps Associate 200-201 Certification Guide

• Question 200:

  What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

  A. Tapping interrogation replicates signals to a separate port for analyzing traffic
  B. Tapping interrogations detect and block malicious traffic
  C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
  D. Inline interrogation detects malicious traffic but does not block the traffic
  A. Tapping interrogation replicates signals to a separate port for analyzing traffic

  ---

  Explanation

  A network TAP is a simple device that connects directly to the cabling infrastructure to split or copy packets for use in analysis, security, or general network management