Cisco 200-201 Free Practice Questions

NEW QUESTION 1
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?

• A. ransomware communicating after infection
• B. users downloading copyrighted content
• C. data exfiltration
• D. user circumvention of the firewall

Answer: D

NEW QUESTION 2
What is the difference between a threat and a risk?

• A. Threat represents a potential danger that could take advantage of a weakness in a system
• B. Risk represents the known and identified loss or danger in the system
• C. Risk represents the nonintentional interaction with uncertainty in the system
• D. Threat represents a state of being exposed to an attack or a compromise either physically or logically

Answer: A

NEW QUESTION 3
Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 4
At which layer is deep packet inspection investigated on a firewall?

• A. internet
• B. transport
• C. application
• D. data link

Answer: C

NEW QUESTION 5
What are two social engineering techniques? (Choose two.)

• A. privilege escalation
• B. DDoS attack
• C. phishing
• D. man-in-the-middle
• E. pharming

Answer: CE

NEW QUESTION 6
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

• A. Base64 encoding
• B. transport layer security encryption
• C. SHA-256 hashing
• D. ROT13 encryption

Answer: B

NEW QUESTION 7
A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

• A. file extension associations
• B. hardware, software, and security settings for the system
• C. currently logged in users, including folders and control panel settings
• D. all users on the system, including visual settings

Answer: B

NEW QUESTION 8
Which security technology allows only a set of pre-approved applications to run on a system?

• A. application-level blacklisting
• B. host-based IPS
• C. application-level whitelisting
• D. antivirus

Answer: C

NEW QUESTION 9
Which process is used when IPS events are removed to improve data integrity?

• A. data availability
• B. data normalization
• C. data signature
• D. data protection

Answer: B

NEW QUESTION 10
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

• A. CD data copy prepared in Windows
• B. CD data copy prepared in Mac-based system
• C. CD data copy prepared in Linux system
• D. CD data copy prepared in Android-based system

Answer: A

NEW QUESTION 11
Which type of evidence supports a theory or an assumption that results from initial evidence?

• A. probabilistic
• B. indirect
• C. best
• D. corroborative

Answer: D

NEW QUESTION 12
Which evasion technique is a function of ransomware?

• A. extended sleep calls
• B. encryption
• C. resource exhaustion
• D. encoding

Answer: B

NEW QUESTION 13
What specific type of analysis is assigning values to the scenario to see expected outcomes?

• A. deterministic
• B. exploratory
• C. probabilistic
• D. descriptive

Answer: A

NEW QUESTION 14
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

• A. best evidence
• B. prima facie evidence
• C. indirect evidence
• D. physical evidence

Answer: C

NEW QUESTION 15
Which two elements are assets in the role of attribution in an investigation? (Choose two.)

• A. context
• B. session
• C. laptop
• D. firewall logs
• E. threat actor

Answer: AE

NEW QUESTION 16
What is the difference between deep packet inspection and stateful inspection?

• A. Deep packet inspection is more secure than stateful inspection on Layer 4
• B. Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7
• C. Stateful inspection is more secure than deep packet inspection on Layer 7
• D. Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

Answer: D

NEW QUESTION 17
The target web application server is running as the root user and is vulnerable to command injection. Which result of a successful attack is true?

• A. cross-site scripting
• B. cross-site scripting request forgery
• C. privilege escalation
• D. buffer overflow

Answer: B

NEW QUESTION 18
Refer to the exhibit.

Which kind of attack method is depicted in this string?

• A. cross-site scripting
• B. man-in-the-middle
• C. SQL injection
• D. denial of service

Answer: A

NEW QUESTION 19
Which two elements are used for profiling a network? (Choose two.)

• A. total throughout
• B. session duration
• C. running processes
• D. OS fingerprint
• E. listening ports

Answer: DE

NEW QUESTION 20
What does an attacker use to determine which network ports are listening on a potential target device?

• A. man-in-the-middle
• B. port scanning
• C. SQL injection
• D. ping sweep

Answer: B

NEW QUESTION 21
......