Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 421:

  A vulnerability is discovered on a network. If successfully exploited, it will completely remove the ability of the system to limit disclosure of information to an unauthorized user.

  Which concept and value describes this vulnerability?

  A. confidentiality, none
  B. availability, none
  C. availability, high
  D. confidentiality, high
  D. confidentiality, high

• Question 422:

  A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver.

  Which event category is described?

  A. reconnaissance
  B. action on objectives
  C. installation
  D. exploitation
  D. exploitation

  ---

  Explanation

  This event category is exploitation because the HTTP requests contain PHP code that attempts to execute commands on the web server and create a backdoor. Exploitation is the phase of the attack where the threat actor gains access to the target system and executes malicious code.

  References:

  https://learningnetworkstore.cisco.com/on-demand-e-learning/understanding-cisco-cybersecurity-operations-fundamentals-cbrops-v1-0/CSCU-LP-CBROPS-V1-028093.html(Module2,Lesson2.1.3)

• Question 423:

  What is sliding window anomaly detection?

  A. Detect changes in operations and management processes.
  B. Define response times for requests for owned applications.
  C. Apply lowest privilege/permission level to software.
  D. Identify uncommon patterns that do not fit usual behavior.
  D. Identify uncommon patterns that do not fit usual behavior.

• Question 424:

  DRAG DROP

  Drag and drop the access control models from the left onto the correct descriptions on the right.

  Select and Place:

  

  

• Question 425:

  A compliance analyst receives a complaint from a customer regarding personal data being unlawfully retained despite a deletion request. The company is based in Europe and must comply with GDPR. The only data collected is the email address [email protected].

  How should the compliance analyst act?

  A. Do not delete the data - the email address is not considered PII
  B. Delete the data regardless of where the customer is from
  C. Delete the data if the customer is from the EU
  D. Notify the legal team about a data compliance breach
  B. Delete the data regardless of where the customer is from

  ---

  Explanation

  Under the General Data Protection Regulation (GDPR), an email address that can be linked to an individual is classified as personal data, regardless of whether it contains a real name. The regulation grants individuals the right to erasure, also known as the "right to be forgotten," when they request deletion of their personal data and no lawful basis for retention exists. Because the company is based in Europe, GDPR applies to its data processing activities. Additionally, GDPR protections extend not only to EU citizens but also to any individual whose data is processed by an EU-based organization, depending on context. Therefore, deletion should not be conditional on the customer's geographic location.

  Option A is incorrect because email addresses are considered personal data under GDPR.

  Option C is incomplete and misleading because GDPR obligations are not limited only to confirmed EU residents in this scenario.

  Option D may be appropriate if systemic noncompliance is identified, but the immediate and correct action is to honor the deletion request. Cybersecurity and compliance documentation emphasizes minimizing data retention and responding promptly to data subject requests. As no lawful justification for retaining the email exists, it must be deleted.

  Therefore, the correct action is to delete the data regardless of where the customer is from.

• Question 426:

  Which type of attack is a blank email with the subject "price deduction" that contains a malicious attachment?

  A. integrity violation
  B. smishing
  C. phishing attack
  D. man-in-the-middle attack
  C. phishing attack

• Question 427:

  What is the practice of giving an employee access to only the resources needed to accomplish their job?

  A. principle of least privilege
  B. organizational separation
  C. separation of duties
  D. need to know principle
  A. principle of least privilege

• Question 428:

  What is a difference between authorization and authentication from an access control perspective?

  A. Authorization defines the author of a specific resource and authentication gives access to the resource itself
  B. Authentication is when the system validates if the user is valid, and authorization enforces and provides resources assigned and required.
  C. Authentication is responsible for accounting access on system resources and the authorization process defines if a user is allowed to author the resource
  D. Authorization tracks if a certain user is authenticated within the system, and authentication is responsible for identifying the authorization method
  B. Authentication is when the system validates if the user is valid, and authorization enforces and provides resources assigned and required.

• Question 429:

  What describes the difference when comparing attack surface and vulnerability in practice?

  A. Updating the OS reduces the attack surface, and installing separate optional patches remediates and solves vulnerabilities within the system.
  B. Patching SMB vulnerability is an attack surface reduction, and the open unused ports are the vulnerabilities within the system.
  C. A SMB server that can allow remote code execution is a vulnerability, and closing port 139 is an attack surface reduction.
  D. The attack surface is the SQL injection targeted on the database, and the database tables are the vulnerabilities that might be exploited.
  C. A SMB server that can allow remote code execution is a vulnerability, and closing port 139 is an attack surface reduction.

• Question 430:

  Which access control should a chief information security officer select to protect extremely sensitive data categorized at various levels of confidentiality?

  A. MAC; each object owner is responsible to provide access only to authorized users.
  B. MAC; access control decisions are centrally managed and minimize the human error probability.
  C. DAC; access control decisions are centrally managed and minimize the human error probability.
  D. DAC; each object owner is responsible to provide access only to authorized users.
  B. MAC; access control decisions are centrally managed and minimize the human error probability.