Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 351:

  DRAG DROP

  Drag and drop the security concept from the left onto the example of that concept on the right.

  Select and Place:

  

  

• Question 352:

  What is the functionality of an IDS?

  A. forensic tool used to perform an in-depth analysis and debugging
  B. software or device which monitors and identifies malicious network activity
  C. device or software that detects and blocks suspicious files
  D. endpoint protection software that prevents viruses and malware
  B. software or device which monitors and identifies malicious network activity

• Question 353:

  Which HTTP header field is used in forensics to identify the type of browser used?

  A. referrer
  B. host
  C. user-agent
  D. accept-language
  C. user-agent

  ---

  Explanation

  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0 In computing, a user agent is any software, acting on behalf of a user, which "retrieves, renders and facilitates end-user interaction with Web content".[1] A user agent is therefore a special kind of software agent.

  https://en.wikipedia.org/wiki/User_agent#User_agent_identification

  A user agent is a computer program representing a person, for example, a browser in a Web context.

  https://developer.mozilla.org/en-US/docs/Glossary/User_agent

• Question 354:

  Which two protocols are used for DDoS amplification attacks? (Choose two.)

  A. HTTP
  B. DNS
  C. TCP
  D. ICMPv6
  E. NTP
  B. DNS
  E. NTP

• Question 355:

  An engineer is working on a ticket for an incident from the incident management team. A week ago, an external web application was targeted by a DDoS attack. Server resources were exhausted and after two hours, it crashed. An engineer was able to identify the attacker and technique used. Three hours after the attack, the server was restored and the engineer recommended implementing mitigation by Blackhole filtering and transferred the incident ticket back to the IR team.

  According to NIST.SP800-61, at which phase of the incident response did the engineer finish work?

  A. post-incident activity
  B. preparation
  C. detection and analysis
  D. containment, eradication, and recovery
  D. containment, eradication, and recovery

• Question 356:

  Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

  A. syslog messages
  B. full packet capture
  C. NetFlow
  D. firewall event logs
  C. NetFlow

  ---

  Explanation

  NetFlow provides a more efficient way of recording and analyzing network traffic patterns over an extended period of time compared to syslog messages, full packet capture, or firewall event logs. It collects metadata about traffic flows traversing the network devices which can be used for understanding normal baseline behavior as well as identifying anomalies.

  References:

  Cisco Certified CyberOps Associate Overview

• Question 357:

  What describes the concept of data consistently and readily being accessible for legitimate users?

  A. integrity
  B. availability
  C. accessibility
  D. confidentiality
  B. availability

  ---

  Explanation

  Availability is one of the three pillars of the CIA triad, a model that defines the principles of information security. Availability describes the concept of data consistently and readily being accessible for legitimate users. Availability ensures that the network and systems are operational and resilient to disruptions, such as denial-of-service attacks, hardware failures, or natural disasters. Availability also involves maintaining backup and recovery procedures, load balancing, and redundancy mechanisms.

  References:

  Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, Module 1: Security Concepts, Lesson 1.1: Security Principles 200-201 CBROPS - Cisco, Exam Topics, 1.0 Security Concepts, 1.1 Explain the CIA triad Cisco Certified CyberOps Associate Overview - Cisco Learning Network, Videos, 1.1 Explain the CIA triad

• Question 358:

  Refer to the exhibit.

  

  What type of event is occurring?

  A. Legitimate web browsing activity
  B. Distributed Denial of Service (DDoS) attack
  C. User trying to access a file share
  D. Malware attempting to spread laterally
  D. Malware attempting to spread laterally

• Question 359:

  Refer to the exhibit.

  

  Which field contains DNS header information if the payload is a query or response?

  A. ID
  B. Z
  C. QR
  D. TC
  C. QR

• Question 360:

  Which of these is a defense-in-depth strategy principle?

  A. Identify the minimum resource required per employee.
  B. Provide the minimum permissions needed to perform job functions.
  C. Disable administrative accounts to avoid unauthorized changes.
  D. Assign the least network privileges to segment network permissions.
  B. Provide the minimum permissions needed to perform job functions.