Pass Your Cisco 200-201 Exam with Correct 260 Questions and Answers [Q142-Q157]

Share

Pass Your Cisco 200-201 Exam with Correct 260 Questions and Answers

Latest [Aug 22, 2023] 2023 Realistic Verified 200-201 Dumps


The Cisco 200-201 exam covers a wide range of topics that are essential for cybersecurity professionals. These include security concepts, network security, endpoint protection, threat analysis, incident response, and compliance and regulations. 200-201 exam also tests the candidate's knowledge of cybersecurity technologies, tools, and techniques, as well as their ability to identify and respond to security threats in a timely and effective manner. Passing the Cisco 200-201 exam demonstrates that the candidate has a strong foundation in cybersecurity operations and is ready to take on more advanced roles in this field.

 

NEW QUESTION # 142
Which tool gives the ability to see session data in real time?

  • A. tcpdstat
  • B. trafshow
  • C. trafdump
  • D. tcptrace

Answer: D


NEW QUESTION # 143
Drag and drop the security concept from the left onto the example of that concept on the right.

Answer:

Explanation:

Explanation

Table Description automatically generated


NEW QUESTION # 144
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

  • A. encapsulation
  • B. NAT
  • C. TOR
  • D. tunneling

Answer: B

Explanation:
Explanation
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.


NEW QUESTION # 145
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

  • A. Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.
  • B. Run "ps -ef" to understand which processes are taking a high amount of resources.
  • C. Run "ps -u" to find out who executed additional processes that caused a high load on a server.
  • D. Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.

Answer: B


NEW QUESTION # 146
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?

  • A. tailgating
  • B. social engineering
  • C. piggybacking
  • D. eavesdropping

Answer: B

Explanation:
Section: Security Monitoring


NEW QUESTION # 147

Refer to the exhibit. What does the message indicate?

  • A. an access attempt was made from the Mosaic web browser
  • B. a successful access attempt was made to retrieve the root of the website
  • C. a successful access attempt was made to retrieve the password file
  • D. a denied access attempt was made to retrieve the password file

Answer: B

Explanation:
Section: Host-Based Analysis


NEW QUESTION # 148
What describes the impact of false-positive alerts compared to false-negative alerts?

  • A. A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
  • B. A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.
  • C. A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring
  • D. A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised

Answer: A


NEW QUESTION # 149
Refer to the exhibit.

Which application protocol is in this PCAP file?

  • A. TLS
  • B. SSH
  • C. TCP
  • D. HTTP

Answer: A


NEW QUESTION # 150
At which layer is deep packet inspection investigated on a firewall?

  • A. application
  • B. transport
  • C. internet
  • D. data link

Answer: A

Explanation:
Explanation
Deep packet inspection is a form of packet filtering usually carried out as a function of your firewall. It is applied at the Open Systems Interconnection's application layer. Deep packet inspection evaluates the contents of a packet that is going through a checkpoint.


NEW QUESTION # 151
Drag and drop the technology on the left onto the data type the technology provides on the right.

Answer:

Explanation:


NEW QUESTION # 152
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

  • A. fragmentation
  • B. encryption
  • C. pivoting
  • D. stenography

Answer: B

Explanation:
Explanation
https://techdifferences.com/difference-between-steganography-and-cryptography.html#:~:text=The%20steganog


NEW QUESTION # 153
Which HTTP header field is used in forensics to identify the type of browser used?

  • A. referrer
  • B. user-agent
  • C. accept-language
  • D. host

Answer: B

Explanation:
Explanation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0 In computing, a user agent is any software, acting on behalf of a user, which "retrieves, renders and facilitates end-user interaction with Web content".[1] A user agent is therefore a special kind of software agent.
https://en.wikipedia.org/wiki/User_agent#User_agent_identification
A user agent is a computer program representing a person, for example, a browser in a Web context.
https://developer.mozilla.org/en-US/docs/Glossary/User_agent


NEW QUESTION # 154
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is the impact of this traffic?

  • A. user circumvention of the firewall
  • B. users downloading copyrighted content
  • C. data exfiltration
  • D. ransomware communicating after infection

Answer: A


NEW QUESTION # 155
What is the difference between deep packet inspection and stateful inspection?

  • A. Stateful inspection verifies data at the transport layer and deep packet inspection verifies data at the application layer
  • B. Deep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4.
  • C. Stateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention.
  • D. Deep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention.

Answer: D


NEW QUESTION # 156
Which technology prevents end-device to end-device IP traceability?

  • A. encryption
  • B. load balancing
  • C. NAT/PAT
  • D. tunneling

Answer: C


NEW QUESTION # 157
......

Get 2023 Updated Free Cisco 200-201 Exam Questions and Answer: https://www.vceprep.com/200-201-latest-vce-prep.html

Pass 200-201 Exam Updated 260 Questions: https://drive.google.com/open?id=1sdLrJCtRNArIw7RckiNuCKRce1yuzihH