Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 381:

  What is the purpose of hashing in data integrity verification?

  A. to encrypt data
  B. to compress data
  C. to generate a unique digest
  D. to transmit data securely
  C. to generate a unique digest

  ---

  Explanation

  Hashing is used to generate a fixed-length unique digest (hash value) from input data. This digest acts as a fingerprint of the data, allowing verification of its integrity. If the data changes, even slightly, the resulting hash will be different. This makes hashing useful for detecting tampering or corruption. Hashing is not encryption (A) because it is one-way and cannot be reversed. It does not compress data (B) or transmit data securely (D). Common hashing algorithms include SHA- 256 and MD5 (though MD5 is no longer considered secure). In forensic investigations, hashes are used to verify that evidence has not been altered. Maintaining data integrity is critical for trust and reliability in cybersecurity operations.

• Question 382:

  A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.

  Which identifier tracks an active program?

  A. application identification number
  B. active process identification number
  C. runtime identification number
  D. process identification number
  D. process identification number

• Question 383:

  Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

  A. forgery attack
  B. plaintext-only attack
  C. ciphertext-only attack
  D. meet-in-the-middle attack
  C. ciphertext-only attack

  ---

  Explanation

  When a stream cipher like RC4 is used twice with the same key, it becomes vulnerable to a ciphertext-only attack. In this type of attack, the attacker has access to several ciphertexts that are encrypted with the same key but does not know anything about the plaintexts. By analyzing these ciphertexts, an attacker can gain insights into the plaintext or even recover parts or all of it.

  References:

  Cisco Cybersecurity source documents or study guide (I need to search for specific references as I don't have direct access to Cisco's proprietary content)

• Question 384:

  A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format.

  Which type of evidence is this file?

  A. CD data copy prepared in Windows
  B. CD data copy prepared in Mac-based system
  C. CD data copy prepared in Linux system
  D. CD data copy prepared in Android-based system
  C. CD data copy prepared in Linux system

• Question 385:

  An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

  

  Which obfuscation technique is the attacker using?

  A. Base64 encoding
  B. TLS encryption
  C. SHA-256 hashing
  D. ROT13 encryption
  B. TLS encryption

  ---

  Explanation

  ROT13 is considered weak encryption and is not used with TLS (HTTPS:443).

  Source:

  https://en.wikipedia.org/wiki/ROT13

• Question 386:

  After a large influx of network traffic to externally facing devices, a security engineer begins investigating what appears to be a denial of service attack. When the packet capture data is reviewed, the engineer notices that the traffic is a single SYN packet to each port.

  Which type of attack is occurring?

  A. traffic fragmentation
  B. port scanning
  C. host profiling
  D. SYN flood
  B. port scanning

• Question 387:

  Which incidence response step includes identifying all hosts affected by an attack?

  A. detection and analysis
  B. post-incident activity
  C. preparation
  D. containment, eradication, and recovery
  A. detection and analysis

  ---

  Explanation

  The correct answer is A, detection and analysis.

  The detection and analysis phase of an incident response process involves identifying and confirming the presence of a security incident. This includes identifying all hosts that may have been affected by the attack. During this phase, incident responders collect and analyze information about the incident, such as network traffic, system logs, and other data, to determine the nature and scope of the incident. This information is used to develop an initial understanding of the incident, including which hosts have been affected.

• Question 388:

  DRAG DROP

  Refer to the exhibit.

  

  Drag and drop the element names from the left onto the corresponding pieces of the PCAP file on the right.

  Select and Place:

  

  

• Question 389:

  How is attacking a vulnerability categorized?

  A. action on objectives
  B. delivery
  C. exploitation
  D. installation
  C. exploitation

  ---

  Explanation

  Attacking a vulnerability is categorized as exploitation, which is the third phase of the cyberattack lifecycle. Exploitation is the process of taking advantage of a vulnerability in a system, application, or network to gain access, escalate privileges, or execute commands. Action on objectives, delivery, and installation are other phases of the cyberattack lifecycle, but they do not involve attacking a vulnerability. Action on objectives is the final phase, where the attacker achieves their goal, such as stealing data, disrupting services, or destroying assets. Delivery is the second phase, where the attacker delivers the malicious payload, such as malware, phishing email, or malicious link, to the target. Installation is the fourth phase, where the attacker installs the malicious payload on the compromised system or network to maintain persistence or spread laterally.

  References:

  What is a Cyberattack? | IBM, Recognizing the seven stages of a cyber-attack -DNV

• Question 390:

  Which signature impacts network traffic by causing legitimate traffic to be blocked?

  A. false negative
  B. true positive
  C. true negative
  D. false positive
  D. false positive