Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 211:

  If a web server accepts input from the user and passes it to a bash shell, to which attack method is it vulnerable?

  A. input validation
  B. hash collision
  C. integer overflow
  D. command injection
  D. command injection

• Question 212:

  What is a difference between data obtained from Tap and SPAN ports?

  A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
  B. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
  C. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
  D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination
  D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination

  ---

  Explanation

  Tap and SPAN are two methods of capturing network traffic for analysis. Tap (Test Access Point) is a hardware device that is inserted between two network devices and sends a copy of all traffic to a monitoring device. SPAN (Switched Port Analyzer) is a software feature that allows a network switch to replicate traffic from one or more source ports to a destination port, where a monitoring device is connected. Both methods provide visibility into network traffic, but Tap is more reliable and less intrusive than SPAN, as it does not affect the network performance or introduce errors.

  References:

  Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 68. Reference: (https://www.gigamon.com/resources/resource-library/white-paper/to-tap-or-to-span.html)

• Question 213:

  An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted.

  What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

  A. Recover from the threat.
  B. Analyze the threat.
  C. Identify lessons learned from the threat.
  D. Reduce the probability of similar threats.
  A. Recover from the threat.

  ---

  Explanation

  Per:

  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

• Question 214:

  A user received a targeted spear-phishing email and identified it as suspicious before opening the content.

  To which category of the Cyber Kill Chain model does to this type of event belong?

  A. weaponization
  B. delivery
  C. exploitation
  D. reconnaissance
  B. delivery

• Question 215:

  Refer to the exhibit.

  

  An attacker gained initial access to the company's network and ran an Nmap scan to advance with the lateral movement technique and to search the sensitive data.

  Which two elements can an attacker identify from the scan? (Choose two.)

  A. workload and the configuration details
  B. functionality and purpose of the server
  C. number of users and requests that the server is handling
  D. running services
  E. user accounts and SID
  B. functionality and purpose of the server
  D. running services

• Question 216:

  What specific type of analysis is assigning values to the scenario to see expected outcomes?

  A. deterministic
  B. exploratory
  C. probabilistic
  D. descriptive
  A. deterministic

• Question 217:

  What is the difference between vulnerability and risk?

  A. A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.
  B. A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself
  C. A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.
  D. A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit
  C. A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.

  ---

  Explanation

  Vulnerability refers to a weakness or flaw in a system that can be exploited by threats. Risk, on the other hand, is the potential for loss or damage when a threat exploits a vulnerability. The risk is essentially the impact or consequence of a vulnerability being exploited

• Question 218:

  Which two elements are used for profiling a network? (Choose two.)

  A. session duration
  B. total throughput
  C. running processes
  D. listening ports
  E. OS fingerprint
  A. session duration
  B. total throughput

  ---

  Explanation

  A network profile should include some important elements, such as the following:

  Total throughput the amount of data passing from a given source to a given destination in a given period of time Session duration the time between the establishment of a data flow and its termination Ports used a list of TCP or UDP processes that are available to accept data Critical asset address space the IP addresses or the logical location of essential systems or data Profiling data are data that system has gathered, these data helps for incident response and to detect incident Network profiling = throughput, sessions duration, port used, Critical Asset Address Space Host profiling = Listening ports, logged in accounts, running processes, running tasks,applications

• Question 219:

  Which evasion method is being used when TLS is observed between two endpoints?

  A. encryption
  B. obfuscation
  C. X.509 certificate authentication
  D. traffic insertion
  A. encryption

• Question 220:

  What is a sandbox interprocess communication service?

  A. A collection of rules within the sandbox that prevent the communication between sandboxes.
  B. A collection of network services that are activated on an interface, allowing for inter-port communication.
  C. A collection of interfaces that allow for coordination of activities among processes.
  D. A collection of host services that allow for communication between sandboxes.
  C. A collection of interfaces that allow for coordination of activities among processes.

  ---

  Explanation

  A sandbox interprocess communication service refers to the mechanisms that allow different processes within a sandboxed environment to communicate with each other. These interfaces are crucial for coordinating activities among processes, especially in a restricted environment like a sandbox where direct interaction with the operating system or other processes might be limited for security reasons. This communication is essential for complex applications that require different processes to work together to perform tasks.

  References:

  The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) material covers various security technologies and how they can be used to protect systems, which includes the use of sandboxing to isolate and monitor potentially malicious code