• Home
  • Articles
  • [Dec-2024] Feel Cisco 200-201 Dumps PDF Will likely be The best Option [Q99-Q118]

[Dec-2024] Feel Cisco 200-201 Dumps PDF Will likely be The best Option [Q99-Q118]

Share

[Dec-2024] Feel Cisco 200-201 Dumps PDF Will likely be The best Option

200-201 exam torrent Cisco study guide

NEW QUESTION # 99
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2?
(Choose two.)

  • A. risk assessment
  • B. detection and analysis
  • C. post-incident activity
  • D. vulnerability scoring
  • E. vulnerability management

Answer: B,C

Explanation:
Section: Security Policies and Procedures
Explanation/Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf


NEW QUESTION # 100
Which element is included in an incident response plan as stated m NIST SP800-617

  • A. individual approach to incident response
  • B. security of sensitive information
  • C. consistent threat identification
  • D. approval of senior management

Answer: C


NEW QUESTION # 101
Refer to the exhibit.

Which type of attack is being executed?

  • A. command injection
  • B. cross-site scripting
  • C. cross-site request forgery
  • D. SQL injection

Answer: D


NEW QUESTION # 102
An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

  • A. data from a DVD copied using Windows system
  • B. data from a CD copied using Windows
  • C. data from a CD copied using Linux system
  • D. data from a CD copied using Mac-based system

Answer: D

Explanation:
CDFS stands for Compact Disc File System, which is a file system used by Mac OS to store data on CDs.
CDFS is also known as ISO 9660, which is a standard format for data interchange on optical discs. CDFS allows files to be accessed by different operating systems, such as Windows, Linux, and Mac OS. Therefore, an ISO file that is stored in CDFS format is data from a CD copied using Mac-based system. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 4: Network Intrusion Analysis, Lesson 4.4: File Type Analysis, Topic 4.4.1: File Systems, page 4-40.


NEW QUESTION # 103
Which event is user interaction?

  • A. executing remote code
  • B. gaining root access
  • C. opening a malicious file
  • D. reading and writing file permission

Answer: C

Explanation:
User interaction is any event that requires the user to perform an action that enables or facilitates a cyberattack. Opening a malicious file is an example of user interaction, as it can trigger the execution of malicious code or malware that can compromise the system or network. Gaining root access, executing remote code, and reading and writing file permissions are not user interactions, but rather actions that can be performed by an attacker after exploiting a vulnerability or bypassing security controls. Reference: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, More than 99% of cyberattacks rely on human interaction


NEW QUESTION # 104
Which items is an end-point application greylist used?

  • A. Items before being established as harmful or malicious
  • B. Items that have been established as authorized
  • C. Items that have been established as malicious
  • D. Items that have been installed with a baseline

Answer: A

Explanation:
A greylist in endpoint applications refers to a list of items that are not yet classified as either good (whitelisted) or bad (blacklisted).
The primary function of a greylist is to hold applications, processes, or files that are under observation due to their unknown status.
These items are neither trusted nor immediately flagged as harmful, allowing security teams to monitor them closely for any suspicious behavior.
By placing items on a greylist, security operations can prevent potential threats without disrupting legitimate processes, awaiting further analysis to determine their true nature.
Reference:
Cisco Cybersecurity Operations Fundamentals
Endpoint Security Best Practices
Greylisting Concepts in Cybersecurity


NEW QUESTION # 105
Which evasion technique is a function of ransomware?

  • A. encryption
  • B. encoding
  • C. extended sleep calls
  • D. resource exhaustion

Answer: A

Explanation:
Encryption is an evasion technique that is a function of ransomware, which is a type of malware that encrypts the victim's files or system and demands a ransom for the decryption key. Encryption is used by ransomware to prevent the victim from accessing their data and to avoid detection by antivirus or other security tools. Encryption can also be used by other types of malware to hide their communication, configuration, or payload from analysis. Reference:
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Network Intrusion Analysis, Lesson 3.4: Malware Cisco Certified CyberOps Associate Overview, Exam Topics, 3.4 Compare and contrast types of malware


NEW QUESTION # 106
Drag and drop the type of evidence from the left onto the description of that evidence on the right.

Answer:

Explanation:

Explanation:
Graphical user interface, application Description automatically generated


NEW QUESTION # 107
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

  • A. Base64 encoding
  • B. ROT13 encryption
  • C. SHA-256 hashing
  • D. transport layer security encryption

Answer: D


NEW QUESTION # 108
What is the relationship between a vulnerability and a threat?

  • A. A vulnerability is a calculation of the potential loss caused by a threat
  • B. A threat exploits a vulnerability
  • C. A threat is a calculation of the potential loss caused by a vulnerability
  • D. A vulnerability exploits a threat

Answer: B


NEW QUESTION # 109
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received.
Which technology should the engineer use to accomplish this task?

  • A. Email Security Appliance
  • B. Firepower
  • C. Stealthwatch
  • D. Web Security Appliance

Answer: C

Explanation:
Stealthwatch is the technology that an engineer should use to fetch logs from a proxy server and generate actual events based on the data received. Cisco Secure Network Analytics, formerly known as Stealthwatch, provides the capability to configure proxy server logs so that the Flow Collector can receive the information. The Stealthwatch Management Console then displays this information on the Flow Proxy Records page, which includes URLs and application names of the traffic inside a network going through the proxy server1.
References :=
* Cisco Secure Network Analytics Proxy Log Configuration Guide


NEW QUESTION # 110
Which piece of information is needed for attribution in an investigation?

  • A. RDP allowed from the Internet
  • B. known threat actor behavior
  • C. proxy logs showing the source RFC 1918 IP addresses
  • D. 802.1x RADIUS authentication pass arid fail logs

Answer: B

Explanation:
Actually this is the most important thing: know who, what, how, why, etc.. attack the network.


NEW QUESTION # 111
What is the difference between vulnerability and risk?

  • A. A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit
  • B. A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.
  • C. A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself
  • D. A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.

Answer: D

Explanation:
Vulnerability refers to a weakness or flaw in a system that can be exploited by threats. Risk, on the other hand, is the potential for loss or damage when a threat exploits a vulnerability. The risk is essentially the impact or consequence of a vulnerability being exploited


NEW QUESTION # 112
What are the two characteristics of the full packet captures? (Choose two.)

  • A. Reassembling fragmented traffic from raw data.
  • B. Detecting common hardware faults and identify faulty assets.
  • C. Identifying network loops and collision domains.
  • D. Providing a historical record of a network transaction.
  • E. Troubleshooting the cause of security and performance issues.

Answer: A,E

Explanation:
Full packet captures are essential for troubleshooting security and performance issues as they provide detailed information on network traffic (option B). They also allow for reassembling fragmented traffic from raw data, enabling analysts to review complete transactions or sessions (option C). References := Cisco Cybersecurity Operations Fundamentals - Module 3: Network Data and Event Analysis


NEW QUESTION # 113
Refer to the exhibit.

An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret from the report?

  • A. The file will monitor user activity and send the information to an outside source.
  • B. The file will insert itself into an application and execute when the application is run.
  • C. The file will appear legitimate by evading signature-based detection.
  • D. The file will not execute its behavior in a sandbox environment to avoid detection.

Answer: D


NEW QUESTION # 114
Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

  • A. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
  • B. The file has an embedded non-Windows executable but no suspicious features are identified.
  • C. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
  • D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

Answer: A


NEW QUESTION # 115
What is an attack surface as compared to a vulnerability?

  • A. the individuals who perform an attack
  • B. an exploitable weakness in a system or its design
  • C. any potential danger to an asset
  • D. the sum of all paths for data into and out of the application

Answer: D


NEW QUESTION # 116
Refer to the exhibit.

An attacker scanned the server using Nmap.
What did the attacker obtain from this scan?

  • A. Identified a firewall device preventing the port state from being returned
  • B. Gathered a list of Active Directory users.
  • C. Gathered information on processes running on the server
  • D. Identified open SMB ports on the server

Answer: A


NEW QUESTION # 117
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
If the process is unsuccessful, a negative value is returned.
If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.
Which component results from this operation?

  • A. macros for managing CPU sets
  • B. parent directory name of a file pathname
  • C. new process created by parent process
  • D. process spawn scheduled

Answer: C

Explanation:
The operation described is characteristic of the fork() system call in Linux, which is used to create a new process. The fork() system call generates a new process by duplicating the calling (parent) process. If the fork() is successful, the PID of the child process is returned to the parent process, and a 0 value is returned to the child process. If unsuccessful, a negative value is returned2.
Reference:
How to create a process in Linux? - Online Tutorials Library


NEW QUESTION # 118
......

Use Valid New 200-201 Test Notes & 200-201 Valid Exam Guide: https://www.premiumvcedump.com/Cisco/valid-200-201-premium-vce-exam-dumps.html

200-201 Actual Questions Answers PDF 100% Cover Real Exam Questions: https://drive.google.com/open?id=1LcWlJRdhvi8apz8DbSEkMVjUeUQF1kw4

Related Articles

more
Cisco 200-201 Certification Practice Exam