What is the impact of encapsulation on the network?
A. Numerous local private addresses are mapped to a public one before the data is moved. B. Something significant is concealed from virtually separate networks. C. Web requests are taken on behalf of users and the response is collected from the web. D. Logically separate functions in the network are abstracted from their underlying structures.
D. Logically separate functions in the network are abstracted from their underlying structures.
Question 402:
Which security technology allows only a set of pre-approved applications to run on a system?
A. application-level blacklisting B. host-based IPS C. application-level whitelisting D. antivirus
C. application-level whitelisting
Question 403:
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?
A. encapsulation B. TOR C. tunneling D. NAT
D. NAT
Explanation
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
Question 404:
Which statement describes patch management?
A. scanning servers and workstations for missing patches and vulnerabilities B. process of appropriate distribution of system or software updates C. managing and keeping previous patches lists documented for audit purposes D. workflow of distributing mitigations of newly found vulnerabilities
B. process of appropriate distribution of system or software updates
Question 405:
What should an engineer use to aid the trusted exchange of public keys between user tom0411976943 and dan1968754032?
A. central key management server B. web of trust C. trusted certificate authorities D. registration authority data
C. trusted certificate authorities
Question 406:
Which attack represents the evasion technique of resource exhaustion?
A. SQL injection B. man-in-the-middle C. bluesnarfing D. denial-of-service
A user received a malicious attachment but did not run it.
Which category classifies the intrusion?
A. weaponization B. reconnaissance C. installation D. delivery
D. delivery
Question 408:
A security engineer must implement an Intrusion Prevention System (IPS) inside an organization's DMZ. One of the requirements is the ability to block suspicious traffic in real time based on a triggered signature. The IPS will be connected behind the DMZ firewalls directly to the core switches.
Which traffic integration method must be implemented to complete this project?
A. mirroring B. tap C. inline D. passive
C. inline
Explanation
An Intrusion Prevention System (IPS) is a security control designed to both detect and actively prevent malicious network activity. Unlike an Intrusion Detection System (IDS), which only monitors and alerts, an IPS must be able to block or drop traffic immediately when a threat is identified. This functional requirement directly determines the appropriate traffic integration method. Inline deployment places the IPS directly in the path of network traffic, meaning all packets must pass through the device before reaching their destination. This positioning allows the IPS to inspect packets in real time, compare them against known attack signatures, and take immediate action such as dropping packets, resetting connections, or blocking traffic altogether. Because the requirement explicitly states that suspicious traffic must be blocked in real life, inline integration is mandatory. The other options do not meet the operational requirements of an IPS.
Traffic mirroring (SPAN) sends a copy of traffic to a monitoring device but does not allow the IPS to influence or stop traffic flow. Network TAPs also duplicate traffic for analysis but are passive by design and incapable of enforcing security decisions. Passive deployments, by definition, only observe traffic and generate alerts without prevention capabilities. Placing the IPS inline behind the DMZ firewall and before the core switches ensures that malicious traffic can be stopped before it reaches internal network resources. This approach aligns with cybersecurity operations best practices for protecting sensitive network segments such as the DMZ. Therefore, inline traffic integration is the correct and verified solution.
Question 409:
What is a difference between tampered and untampered disk images?
A. Tampered images have the same stored and computed hash. B. Tampered images are used as evidence. C. Untampered images are used for forensic investigations. D. Untampered images are deliberately altered to preserve as evidence
B. Tampered images are used as evidence.
Question 410:
A security consultant must change the identity access management model fof their organization.
The new approach will put responsibility on the owner, who will decide whichusers will have access to which resources.
Which low-cost model must be used for this purpose?
A. mandatory access control, due to automate scaling B. discretionary access control due to easy maintenance C. discretionary access control, due to high security D. mandatory access control, due to low granularity
B. discretionary access control due to easy maintenance
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 200-201 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.