• Home
  • Articles
  • [Nov-2021] Cisco 200-201 Official Cert Guide PDF [Q26-Q45]

[Nov-2021] Cisco 200-201 Official Cert Guide PDF [Q26-Q45]

Share

[Nov-2021] Cisco 200-201 Official Cert Guide PDF

Exam 200-201: Understanding Cisco Cybersecurity Operations Fundamentals - Lead2Passed

NEW QUESTION 26
Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)

  • A. Initiator User
  • B. First Packet
  • C. Source Port
  • D. Ingress Security Zone
  • E. Initiator IP

Answer: C,E

 

NEW QUESTION 27
How does certificate authority impact a security system?

  • A. It validates domain identity of a SSL certificate
  • B. It authenticates domain identity when requesting SSL certificate
  • C. It validates client identity when communicating with the server
  • D. It authenticates client identity when requesting SSL certificate

Answer: A

 

NEW QUESTION 28
Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)

  • A. UDP port from which the traffic is sourced
  • B. destination IP address of the packet
  • C. UDP port to which the traffic is destined
  • D. TCP port from which the traffic was sourced
  • E. source IP address of the packet

Answer: B,E

Explanation:
Section: Network Intrusion Analysis

 

NEW QUESTION 29
Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

  • A. ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
  • B. ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods
  • C. ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods
  • D. ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Answer: C

 

NEW QUESTION 30
Refer to the exhibit.

Which type of log is displayed?

  • A. sys
  • B. NetFlow
  • C. IDS
  • D. proxy

Answer: B

 

NEW QUESTION 31
Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

Answer:

Explanation:

 

NEW QUESTION 32
Which two elements are assets in the role of attribution in an investigation? (Choose two.)

  • A. firewall logs
  • B. threat actor
  • C. context
  • D. session
  • E. laptop

Answer: B,C

 

NEW QUESTION 33
Drag and drop the technology on the left onto the data type the technology provides on the right.

Answer:

Explanation:

 

NEW QUESTION 34
What is the practice of giving an employee access to only the resources needed to accomplish their job?

  • A. organizational separation
  • B. separation of duties
  • C. need to know principle
  • D. principle of least privilege

Answer: D

Explanation:
Section: Security Concepts

 

NEW QUESTION 35
Which system monitors local system operation and local network access for violations of a security policy?

  • A. host-based intrusion detection
  • B. systems-based sandboxing
  • C. host-based firewall
  • D. antivirus

Answer: A

Explanation:
HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

 

NEW QUESTION 36
What is the difference between the rule-based detection when compared to behavioral detection?

  • A. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.
  • B. Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
  • C. Rule-Based systems have established patterns that do not change with new data, while behavioral changes.
  • D. Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.

Answer: A

 

NEW QUESTION 37
Refer to the exhibit.

Which type of log is displayed?

  • A. sys
  • B. NetFlow
  • C. IDS
  • D. proxy

Answer: B

 

NEW QUESTION 38
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

  • A. Tampered images are used in the incident recovery process
  • B. The image is untampered if the stored hash and the computed hash match
  • C. Untampered images are used in the security investigation process
  • D. Tampered images are used in the security investigation process
  • E. The image is tampered if the stored hash and the computed hash match

Answer: B,D

 

NEW QUESTION 39
What are two social engineering techniques? (Choose two.)

  • A. phishing
  • B. man-in-the-middle
  • C. DDoS attack
  • D. pharming
  • E. privilege escalation

Answer: A,D

 

NEW QUESTION 40
Refer to the exhibit.

Which kind of attack method is depicted in this string?

  • A. SQL injection
  • B. denial of service
  • C. man-in-the-middle
  • D. cross-site scripting

Answer: D

 

NEW QUESTION 41
Refer to the exhibit.

Which event is occurring?

  • A. A URL is being evaluated to see if it has a malicious binary
  • B. A binary on VM cuckoo1 is being submitted for evaluation
  • C. A binary is being submitted to run on VM cuckoo1
  • D. A binary named "submit" is running on VM cuckoo1.

Answer: C

Explanation:
https://cuckoo.readthedocs.io/en/latest/usage/submit/

 

NEW QUESTION 42
DRAG DROP
Drag and drop the technology on the left onto the data type the technology provides on the right.
Select and Place:

Answer:

Explanation:

 

NEW QUESTION 43
Which event is a vishing attack?

  • A. obtaining disposed documents from an organization
  • B. setting up a rogue access point near a public hotspot
  • C. impersonating a tech support agent during a phone call
  • D. using a vulnerability scanner on a corporate network

Answer: C

 

NEW QUESTION 44
What is a difference between inline traffic interrogation and traffic mirroring?

  • A. Traffic mirroring inspects live traffic for analysis and mitigation
  • B. Traffic mirroring passes live traffic to a tool for blocking
  • C. Inline inspection acts on the original traffic data flow
  • D. Inline traffic copies packets for analysis and security

Answer: C

Explanation:
Explanation
Inline traffic interrogation analyzes traffic in real time and has the ability to prevent certain traffic from being forwarded Traffic mirroring doesn't pass the live traffic instead it copies traffic from one or more source ports and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device

 

NEW QUESTION 45
......

Free 200-201 Exam Dumps to Improve Exam Score: https://www.lead2passed.com/Cisco/200-201-practice-exam-dumps.html

2021 Realistic 200-201 Dumps Exam Tips Test Pdf Exam Materials: https://drive.google.com/open?id=1dAClZJB_TYyD0dt9I_Ko-nMplJbWQFdt 

Related Articles

more
Cisco 200-201 Certification Practice Exam