Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 291:

  What is a characteristic of a temporal score in CVSS?

  A. It can change over time
  B. It depends on the environment
  C. It has a vendor fixed value
  D. It is defined by impacted users
  B. It depends on the environment

• Question 292:

  Which tool gives the ability to see session data in real time?

  A. tcpdstat
  B. trafdump
  C. tcptrace
  D. trafshow
  D. trafshow

  ---

  Explanation

  "trafshow" is a tool that provides real-time information about network traffic sessions. The tool captures and displays network packets and session data, allowing a network administrator to monitor network activity and troubleshoot problems.

  "tcpdstat" and "tcptrace" are also network analysis tools, but they do not provide real-time monitoring. "trafdump" is not a valid tool name.

• Question 293:

  What describes the public key infrastructure (PKI)?

  A. PKI verifies the identity of the user and sender and creates secure communication channels using asymmetric encryption.
  B. PKI ensures packet loss prevention and creates secure communication channels using symmetric encryption.
  C. PKI verifies the identity of the user and sender and creates secure communication channels using symmetric encryption.
  D. PKI ensures packet loss prevention and creates secure communication channels using asymmetric encryption.
  A. PKI verifies the identity of the user and sender and creates secure communication channels using asymmetric encryption.

• Question 294:

  Refer to the exhibit.

  

  An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email.

  What is the state of this file?

  A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
  B. The file has an embedded non-Windows executable but no suspicious features are identified.
  C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
  D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
  C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.

• Question 295:

  How does certificate authority impact a security system?

  A. It authenticates client identity when requesting SSL certificate
  B. It validates domain identity of a SSL certificate
  C. It authenticates domain identity when requesting SSL certificate
  D. It validates client identity when communicating with the server
  B. It validates domain identity of a SSL certificate

  ---

  Explanation

  A Certificate Authority (CA) is responsible for issuing digital certificates to validate the identity of the certificate holder and provide a means to establish secure communications over networks like the Internet.

  References:

  Cisco Cybersecurity Source Documents

• Question 296:

  An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.

  What is the initial event called in the NIST SP800-61?

  A. online assault
  B. precursor
  C. trigger
  D. instigator
  B. precursor

  ---

  Explanation

  A precursor is a sign that a cyber-attack is about to occur on a system or network. An indicator is the actual alerts that are generated as an attack is happening. Therefore, as a security professional, it's important to know where you can find both precursor and indicator sources of information.

  The following are common sources of precursor and indicator information:

  Security Information and Event Management (SIEM) Anti-virus and anti-spam software File integrity checking applications/software Logs from various sources (operating systems, devices, and applications) People who report a security incident

  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

• Question 297:

  An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.

  What is the impact of this traffic?

  A. ransomware communicating after infection
  B. users downloading copyrighted content
  C. data exfiltration
  D. user circumvention of the firewall
  D. user circumvention of the firewall

• Question 298:

  Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?

  A. The average time the SOC takes to register and assign the incident.
  B. The total incident escalations per week.
  C. The average time the SOC takes to detect and resolve the incident.
  D. The total incident escalations per month.
  C. The average time the SOC takes to detect and resolve the incident.

• Question 299:

  An engineer must create a SIEM rule to test events and traffic for spikes and changes that occur in regular patterns to detect irregularities.

  Which rules achieve the desired results?

  A. anomaly
  B. behavioral
  C. threshold
  D. availability
  B. behavioral

• Question 300:

  When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

  A. fragmentation
  B. pivoting
  C. encryption
  D. stenography
  C. encryption

  ---

  Explanation

  https://techdifferences.com/difference-between-steganography-and-cryptography.html#:~:text=The%20steganography%20and%20cryptography%20are,the%20structure%20of%20the%20message.