Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 271:

  When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

  A. full packet capture
  B. NetFlow data
  C. session data
  D. firewall logs
  A. full packet capture

• Question 272:

  What matches the regular expression r(ege)+x?

  A. r(ege)x
  B. regeegex
  C. rx
  D. rege+x
  B. regeegex

• Question 273:

  What is the difference between the ACK flag and the RST flag?

  A. The ACK flag validates the next packets to be sent to a destination, and the RST flag is what the RST returns to indicate that the destination is reachable.
  B. The RST flag establishes the communication, and the ACK flag cancels spontaneous connections that were not specifically sent to the expecting host.
  C. The RST flag identifies the connection as reliable and trustworthy within the handshake process, and the ACK flag prepares a response by opening a session between the source and destination.
  D. The ACK flag validates the receipt of the previous packet in the stream, and the same session is being closed by the RST flag.
  D. The ACK flag validates the receipt of the previous packet in the stream, and the same session is being closed by the RST flag.

• Question 274:

  An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmalware2022-12-22.pcaps file. The engineer is trying to open the tcpdump in the Wireshark tool.

  What is the expected result?

  A. The file is opened.
  B. The tool does not support Linux.
  C. The file does not support the "-" character.
  D. The file has an incorrect extension.
  A. The file is opened.

• Question 275:

  A cyberattacker notices a security flaw in a software that a company is using. They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software.

  To which category of the Cyber Kill Chain model does this event belong?

  A. weaponization
  B. reconnaissance
  C. delivery
  D. exploitation
  A. weaponization

• Question 276:

  Which regular expression matches loopback IP address (127.0.0.1)?

  A. &127%0%0%1
  B. %127.0.0.1%
  C. 127\.0\.0\.1
  D. 127[.0.].0.\
  C. 127\.0\.0\.1

• Question 277:

  Refer to the exhibit.

  

  A SOC engineer is analyzing Cuckoo Sandbox report for a file that has been identified as suspicious by the endpoint security system.

  What is the state of the file?

  A. The file was identified as PE32 executable with a high level of entropy to bypass AV via encryption.
  B. The file was detected as an executable binary file, but no suspicious activity was detected and it is false positive.
  C. The file was detected as executable and was marked by the SSDeep hashing algorithm as suspicious.
  D. The file identified as an executable binary for Microsoft Word with macros creating hidden process via PowerShell.
  A. The file was identified as PE32 executable with a high level of entropy to bypass AV via encryption.

• Question 278:

  Refer to the exhibit.

  

  What information is depicted?

  A. IIS data
  B. NetFlow data
  C. network discovery event
  D. IPS event data
  B. NetFlow data

• Question 279:

  DRAG DROP

  Drag and drop the elements from the left into the correct order for incident handling on the right.

  Select and Place:

  

  

• Question 280:

  

  Refer to the exhibit. An engineer received a ticket to analyze unusual network traffic.

  What is occurring?

  A. data exfiltration
  B. regular network traffic; no suspicious activity
  C. denial-of-service attack
  D. cookie poisoning
  C. denial-of-service attack