Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 281:

  What is a difference between an inline and a tap mode traffic monitoring?

  A. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.
  B. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.
  C. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.
  D. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.
  D. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

  ---

  Explanation

  References:

  https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

• Question 282:

  What does an attacker use to determine which network ports are listening on a potential target device?

  A. man-in-the-middle
  B. port scanning
  C. SQL injection
  D. ping sweep
  B. port scanning

• Question 283:

  According to CVSS, what is the attack vector?

  A. set of steps taken by a threat actor before exploiting the vulnerability
  B. process by which an attacker tries to exploit an existing vulnerability
  C. context by which vulnerability exploitation is achievable
  D. practical demonstration of an attack to understand the required tools and resources
  C. context by which vulnerability exploitation is achievable

• Question 284:

  What is personally identifiable information that must be safeguarded from unauthorized access?

  A. date of birth
  B. driver's license number
  C. gender
  D. zip code
  B. driver's license number

  ---

  Explanation

  According to the Executive Office of the President, Office of Management and Budget (OMB), and the U.S. Department of Commerce, Office of the Chief Information Officer, PII refers to "information which can be used to distinguish or trace an individual's identity."

  The following are a few examples:

  - An individual's name

  - Social security number

  - Biological or personal characteristics, such as an image of distinguishing features, fingerprints, Xrays, voice signature, retina scan, and the geometry of the face

  - Date and place of birth

  - Mother's maiden name

  - Credit card numbers

  - Bank account numbers

  - Driver license number

  - Address information, such as email addresses or street addresses, and telephone numbers for businesses or personal use

  - Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide Omar Santos

• Question 285:

  Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

  A. CSIRT
  B. PSIRT
  C. public affairs
  D. management
  D. management

  ---

  Explanation

  In the context of NIST's incident response guidelines, management is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies. Management plays a key role in overseeing the incident response process to ensure that it is carried out effectively across all parts of the organization and that compliance with legal and regulatory requirements is maintained.

  References:

  NIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide1. InfraExam's discussion on incident response stakeholder responsibilities

• Question 286:

  An engineer configured regular expression ".*\.([Dd][Oo][Cc]|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]" on Cisco ASA firewall.

  What does this regular expression do?

  A. It captures .doc, .xls, and .pdf files in HTTP v1.0 and v1.1.
  B. It captures documents in an HTTP network session.
  C. It captures Word, Excel, and PowerPoint files in HTTP v1.0 and v1.1.
  D. It captures .doc, .xls, and .ppt files extensions in HTTP v1.0.
  C. It captures Word, Excel, and PowerPoint files in HTTP v1.0 and v1.1.

  ---

  Explanation

  The regular expression pattern captures file extensions like .doc, .xls, and .ppt (or variations in letter case, such as DOC, XLS, PPT) within HTTP traffic sessions, as indicated by the ".([Dd][Oo][Cc]|[Xx][LI][Ss]|[Pp][Pp][Tt])" part of the regex.

  Additionally, it specifies HTTP versions 1.0 and 1.1 by ending with " HTTP/1.[01]" to focus the matching on HTTP sessions using these versions.

• Question 287:

  Which type of attack involves inserting malicious scripts into web pages viewed by users?

  A. SQL injection
  B. cross-site scripting
  C. buffer overflow
  D. ARP poisoning
  B. cross-site scripting

  ---

  Explanation

  Cross-site scripting (XSS) is a web-based attack where an attacker injects malicious scripts into web pages that are then executed in the browsers of unsuspecting users. These scripts can steal session cookies, redirect users, or perform actions on behalf of the victim. XSS exploits vulnerabilities in web applications that fail to properly validate or sanitize user input. SQL injection (A) targets databases, buffer overflow (C) exploits memory vulnerabilities, and ARP poisoning (D) targets network communication. XSS is particularly dangerous because it leverages trusted websites to deliver malicious content. There are several types of XSS, including stored, reflected, and DOM-based. Preventing XSS involves input validation, output encoding, and implementing security headers such as Content Security Policy (CSP). Understanding XSS is critical for both developers and security analysts to protect web applications and users.

• Question 288:

  Which regular expression is needed to capture the IP address 192.168.20.232?

  A. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}
  B. ^ (?:[0-9]f1,3}\.){1,4}
  C. ^ (?:[0-9]{1,3}\.)'
  D. ^ ([0-9]-{3})
  A. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}

  ---

  Explanation

  The regular expression ^ (?:[0-9]{1,3}.){3}[0-9]{1,3} is needed to capture the IP address 192.168.20.232. This regex matches any string that starts with three groups of one to three digits followed by a dot, and ends with one group of one to three digits. The IP address 192.168.20.232 matches this pattern exactly. The other options are either invalid or do not match the IP address format.

  References:

  Cisco Cybersecurity Operations Fundamentals, Module 5: Security Policies and Procedures, Lesson 5.3: Data and Event Analysis, Topic 5.3.2: Regular Expressions Reference: (https://www.cisco.com/c/en/us/td/docs/security/security_management/cs-mars/4-3/user/guide/local_controller/appreexp.html)

• Question 289:

  What causes events on a Windows system to show Event Code 4625 in the log messages?

  A. The system detected an XSS attack
  B. Someone is trying a brute force attack on the network
  C. Another device is gaining root access to the system
  D. A privileged user successfully logged into the system
  B. Someone is trying a brute force attack on the network

• Question 290:

  Which action prevents buffer overflow attacks?

  A. variable randomization
  B. using web based applications
  C. input sanitization
  D. using a Linux operating system
  C. input sanitization

  ---

  Explanation

  Input sanitization involves cleaning up user input before processing it, ensuring that it does not contain malicious code intended for buffer overflow attacks or other types of security breaches.

  References:

  New Cybersecurity Skills