The Secret Of Cisco 200-201 Test Engine

NEW QUESTION 1
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?

• A. best evidence
• B. corroborative evidence
• C. indirect evidence
• D. forensic evidence

Answer: B

NEW QUESTION 2
Refer to the exhibit.

An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server Which display filters should the analyst use to filter the FTP traffic?

• A. dstport == FTP
• B. tcp.port==21
• C. tcpport = FTP
• D. dstport = 21

Answer: B

NEW QUESTION 3
Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

• A. A policy violation is active for host 10.10.101.24.
• B. A host on the network is sending a DDoS attack to another inside host.
• C. There are three active data exfiltration alerts.
• D. A policy violation is active for host 10.201.3.149.

Answer: C

Explanation:
"EX" = exfiltration And there are three.
Also the "suspect long flow" and "suspect data heading" suggest, for example, DNS exfiltration
https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/smc_users_guide/SW_6 page 177.

NEW QUESTION 4
What is a difference between signature-based and behavior-based detection?

• A. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
• B. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
• C. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
• D. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Answer: B

Explanation:
Instead of searching for patterns linked to specific types of attacks, behavior-based IDS solutions monitor behaviors that may be linked to attacks, increasing the likelihood of identifying and mitigating a malicious action before the network is compromised.
https://accedian.com/blog/what-is-the-difference-between-signature-based-and-behavior-based-ids/

NEW QUESTION 5
Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

• A. Hypertext Transfer Protocol
• B. SSL Certificate
• C. Tunneling
• D. VPN

Answer: B

NEW QUESTION 6
What are the two characteristics of the full packet captures? (Choose two.)

• A. Identifying network loops and collision domains.
• B. Troubleshooting the cause of security and performance issues.
• C. Reassembling fragmented traffic from raw data.
• D. Detecting common hardware faults and identify faulty assets.
• E. Providing a historical record of a network transaction.

Answer: CE

NEW QUESTION 7
Which tool provides a full packet capture from network traffic?

• A. Nagios
• B. CAINE
• C. Hydra
• D. Wireshark

Answer: D

NEW QUESTION 8
Refer to the exhibit.

An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

• A. indirect
• B. circumstantial
• C. corroborative
• D. best

Answer: C

Explanation:
Indirect=circumstantail so there is no posibility to match A or B (only one answer is needed in this question). For suer it's not a BEST evidence - this FW data inform only of DROPPED traffic. If smth happend inside network, presented evidence could be used to support other evidences or make our narreation stronger but alone it's mean nothing.

NEW QUESTION 9
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?

• A. online assault
• B. precursor
• C. trigger
• D. instigator

Answer: B

Explanation:
A precursor is a sign that a cyber-attack is about to occur on a system or network. An indicator is the actual alerts that are generated as an attack is happening. Therefore, as a security professional, it's important to know where you can find both precursor and indicator sources of information.
The following are common sources of precursor and indicator information:
Security Information and Event Management (SIEM)
Anti-virus and anti-spam software
File integrity checking applications/software
Logs from various sources (operating systems, devices, and applications)
People who report a security incident https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

NEW QUESTION 10
How is attacking a vulnerability categorized?

• A. action on objectives
• B. delivery
• C. exploitation
• D. installation

Answer: C

NEW QUESTION 11
What is the difference between an attack vector and attack surface?

• A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
• B. An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.
• C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
• D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Answer: C

NEW QUESTION 12
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

• A. best evidence
• B. prima facie evidence
• C. indirect evidence
• D. physical evidence

Answer: C

Explanation:
There are three general types of evidence:
--> Best evidence: can be presented in court in the original form (for example, an exact copy of a hard disk drive).
--> Corroborating evidence: tends to support a theory or an assumption deduced by some initial evidence. This corroborating evidence confirms the proposition.
--> Indirect or circumstantial evidence: extrapolation to a conclusion of fact (such as fingerprints, DNA evidence, and so on).

NEW QUESTION 13
An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

• A. management and reporting
• B. traffic filtering
• C. adaptive AVC
• D. metrics collection and exporting
• E. application recognition

Answer: AE

NEW QUESTION 14
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

• A. forgery attack
• B. plaintext-only attack
• C. ciphertext-only attack
• D. meet-in-the-middle attack

Answer: C

NEW QUESTION 15
Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?

• A. The average time the SOC takes to register and assign the incident.
• B. The total incident escalations per week.
• C. The average time the SOC takes to detect and resolve the incident.
• D. The total incident escalations per month.

Answer: C

NEW QUESTION 16
Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 17
......