Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 221:

  Refer to the exhibit.

  

  A network engineer received a report that a host is communicating with unknown domains on the internet. The network engineer collected packet capture but could not determine the technique or the payload used.

  What technique is the attacker using?

  A. amplification
  B. teardrop
  C. session hijacking
  D. tunneling
  D. tunneling

• Question 222:

  A CMS plugin creates two files that are accessible from the Internet: myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, an HTTP POST must be sent with specific variables to exploitable.php. A security engineer notices traffic to the webserver that consists of only HTTP GET requests to myplugin.html.

  Which category does this activity fall under?

  A. exploitation
  B. reconnaissance
  C. installation
  D. weaponization
  B. reconnaissance

• Question 223:

  What are the two differences between stateful and deep packet inspection? (Choose two )

  A. Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports
  B. Deep packet inspection is capable of malware blocking, and stateful inspection is not
  C. Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates on Layer 3 of the OSI model
  D. Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.
  E. Stateful inspection is capable of packet data inspections, and deep packet inspection is not
  A. Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports
  B. Deep packet inspection is capable of malware blocking, and stateful inspection is not

  ---

  Explanation

  A: Stateful inspection tracks the state of network connections, such as TCP streams, to determine if a packet is part of an established connection.

  B: Deep packet inspection examines the data part (payload) of a packet and can identify, block, or reroute packets with specific types of malware. Stateful inspection does not inspect the payload for malware.

• Question 224:

  What is a threat actor?

  A. an external party, typically a business partner with the capability to accidentally or intentionally compromise computer systems
  B. an internal individual, typically an insider with the capability to accidentally or intentionally compromise computer systems
  C. an individual or group that is external or internal and may include nation-states, hacktivists, organized crime, and trusted insiders
  D. an unauthorized person, such as script kiddies or hackers who attempt to breach network systems
  C. an individual or group that is external or internal and may include nation-states, hacktivists, organized crime, and trusted insiders

• Question 225:

  An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow.

  Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

  A. management and reporting
  B. traffic filtering
  C. adaptive AVC
  D. metrics collection and exporting
  E. application recognition
  D. metrics collection and exporting
  E. application recognition

  ---

  Explanation

  Cisco Application Visibility and Control (AVC) provides features like metrics collection and exporting (D) for visibility on TCP bandwidth usage, response time, and latency. Application recognition (E) combined with deep packet inspection helps in identifying unknown software by its network traffic flow.

• Question 226:

  What is the dataflow set in the NetFlow flow-record format?

  A. Dataflow set is a collection of HEX records.
  B. Dataflow set provides basic information about the packet, such as the NetFlow version.
  C. Dataflow set is a collection of binary patterns.
  D. Dataflow set is a collection of data records.
  D. Dataflow set is a collection of data records.

  ---

  Explanation

  In the NetFlow flow-record format, a dataflow set is a collection of data records that follow the template FlowSet in an export packet. Each data record corresponds to a flow and contains values for the fields defined in the template FlowSet.

  This allows for efficient organization and retrieval of flow information by NetFlow collectors.

• Question 227:

  Refer to the exhibit.

  

  A communication issue exists between hosts 192.168.0.11 and 34.253.101.190.

  What is a description of the initial TCP connection?

  A. Handshake has been established
  B. Fin flag is not set
  C. Reset flag is not set
  D. Acknowledge is not set
  D. Acknowledge is not set

• Question 228:

  Which vulnerability type is used to read, write, or erase information from a database?

  A. cross-site scripting
  B. cross-site request forgery
  C. buffer overflow
  D. SQL injection
  D. SQL injection

• Question 229:

  What does the Zero Trust security model signify?

  A. Zero Trust security means that no one is trusted by default from inside or outside the network.
  B. Zero Trust addresses access control and states that an individual should have only the minimum access privileges necessary to perform specific tasks.
  C. Zero Trust states that no users should be given enough privileges to misuse the system on their own.
  D. Zero Trust states that unless a subject is given explicit access to an object, it should be denied access to that object.
  A. Zero Trust security means that no one is trusted by default from inside or outside the network.

• Question 230:

  Refer to the exhibit.

  

  Based on the .

  pcap file, which protocol's vulnerability has been exploited to establish a session?

  A. SMB
  B. TCP
  C. Negotiate
  D. IP
  A. SMB