600-199 Exam Details

  • Exam Code
    :600-199
  • Exam Name
    :Securing Cisco Networks with Threat Detection and Analysis
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :58 Q&As
  • Last Updated
    :Dec 14, 2021

Cisco 600-199 Online Questions & Answers

  • Question 11:

    A server administrator tells you that the server network is potentially under attack. Which piece of information is critical to begin your network investigation?

    A. cabinet location of the servers
    B. administrator password for the servers
    C. OS that is used on the servers
    D. IP addresses/subnets used for the servers

  • Question 12:

    Which three symptoms are best used to detect a TCP SYN flood attack? (Choose three.)

    A. high memory utilization on target server
    B. large number of sockets in SYN_RECV state on target server
    C. network monitoring devices report large number of unACKed SYNs sent to target server
    D. target server crashes repeatedly
    E. user experience with target server is slow or unresponsive

  • Question 13:

    Which data is the most useful to determine if a network attack was occurring from inbound Internet traffic?

    A. syslogs from all core switches
    B. NetfFow data from border firewall(s)
    C. VPN connection logs
    D. DNS request logs
    E. Apache server logs

  • Question 14:

    Refer to the exhibit.

    Which protocol is used in this network traffic flow?

    A. SNMP
    B. SSH
    C. DNS
    D. Telnet

  • Question 15:

    In a network security policy, which procedure should be documented ahead of time to speed the communication of a network attack?

    A. restoration plans for compromised systems
    B. credentials for packet capture devices
    C. Internet service provider contact information
    D. risk analysis tool credentials
    E. a method of communication and who to contact

  • Question 16:

    Which four tools are used during an incident to collect data? (Choose four.)

    A. Sniffer
    B. TCPDump
    C. FTK
    D. EnCase
    E. ABC
    F. ASA
    G. Microsoft Windows 7

  • Question 17:

    What does the acronym "CSIRT" stand for?

    A. Computer Security Identification Response Team
    B. Cisco Security Incident Response Team
    C. Cisco Security Identification Response Team
    D. Computer Security Incident Response Team

  • Question 18:

    What is the most important reason for documenting an incident?

    A. It could be used as evidence for a criminal case.
    B. It could be used to identify the person responsible for allowing it into the network.
    C. To train others on what they should not do.
    D. To use it for future incident response handling.

  • Question 19:

    Given a Linux machine running only an SSH server, which chain of alarms would be most concerning?

    A. brute force login attempt from outside of the network, followed by an internal network scan
    B. root login attempt followed by brute force login attempt
    C. Microsoft RPC attack against the server
    D. multiple rapid login attempts

  • Question 20:

    Where should you report suspected security vulnerability in Cisco router software?

    A. Cisco TAC
    B. Cisco IOS Engineering
    C. Cisco PSIRT
    D. Cisco SIO

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 600-199 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.