Cisco 200-201 exam revealed answer (P. 10)

Question 91

Refer to the exhibit. Which event is occurring?

Image 200-201_91Q.png related to the Cisco 200-201 Exam

A. A binary named "submit" is running on VM cuckoo1.

B. A binary is being submitted to run on VM cuckoo1

C. A binary on VM cuckoo1 is being submitted for evaluation

D. A URL is being evaluated to see if it has a malicious binary

Question 92

Refer to the exhibit. In which Linux log file is this output found?

Image 200-201_92Q.png related to the Cisco 200-201 Exam

A. /var/log/authorization.log

B. /var/log/dmesg

C. var/log/var.log

D. /var/log/auth.log

Question 93

An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection. Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

A. signatures

B. host IP addresses

C. file size

D. dropped files

E. domain names

Question 94

An analyst is exploring the functionality of different operating systems. What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

A. queries Linux devices that have Microsoft Services for Linux installed

B. deploys Windows Operating Systems in an automated fashion

C. is an efficient tool for working with Active Directory

D. has a Common Information Model, which describes installed hardware and software

Question 95

What causes events on a Windows system to show Event Code 4625 in the log messages?

A. The system detected an XSS attack

B. Someone is trying a brute force attack on the network

C. Another device is gaining root access to the system

D. A privileged user successfully logged into the system

Question 96

Refer to the exhibit. What does the message indicate?

Image 200-201_96Q.png related to the Cisco 200-201 Exam

A. an access attempt was made from the Mosaic web browser

B. a successful access attempt was made to retrieve the password file

C. a successful access attempt was made to retrieve the root of the website

D. a denied access attempt was made to retrieve the password file

Question 97

Refer to the exhibit. This request was sent to a web application server driven by a database.

Image 200-201_97Q.png related to the Cisco 200-201 Exam

Which type of web server attack is represented?

A. parameter manipulation

B. heap memory corruption

C. command injection

D. blind SQL injection

Question 98

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

A. application identification number

B. active process identification number

C. runtime identification number

D. process identification number

Question 99

An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise. Which kind of evidence is this IP address?

A. best evidence

B. corroborative evidence

C. indirect evidence

D. forensic evidence

Question 100

Win IT Exam with Last Dumps 2023

Cisco 200-201 Exam

Page 10/24

Viewing Questions 91 100 out of 231 Questions

Refer to the exhibit. Which event is occurring?

A. A binary named "submit" is running on VM cuckoo1.

B. A binary is being submitted to run on VM cuckoo1

C. A binary on VM cuckoo1 is being submitted for evaluation

D. A URL is being evaluated to see if it has a malicious binary

Refer to the exhibit. In which Linux log file is this output found?

A. /var/log/authorization.log

B. /var/log/dmesg

C. var/log/var.log

D. /var/log/auth.log

An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection. Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

A. signatures

B. host IP addresses

C. file size

D. dropped files

E. domain names

An analyst is exploring the functionality of different operating systems. What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

A. queries Linux devices that have Microsoft Services for Linux installed

B. deploys Windows Operating Systems in an automated fashion

C. is an efficient tool for working with Active Directory

D. has a Common Information Model, which describes installed hardware and software

What causes events on a Windows system to show Event Code 4625 in the log messages?

A. The system detected an XSS attack

B. Someone is trying a brute force attack on the network

C. Another device is gaining root access to the system

D. A privileged user successfully logged into the system

Refer to the exhibit. What does the message indicate?

A. an access attempt was made from the Mosaic web browser

B. a successful access attempt was made to retrieve the password file

C. a successful access attempt was made to retrieve the root of the website

D. a denied access attempt was made to retrieve the password file

Refer to the exhibit. This request was sent to a web application server driven by a database.

Which type of web server attack is represented?

A. parameter manipulation

B. heap memory corruption

C. command injection

D. blind SQL injection

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

A. application identification number

B. active process identification number

C. runtime identification number

D. process identification number

An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise. Which kind of evidence is this IP address?

A. best evidence

B. corroborative evidence

C. indirect evidence

D. forensic evidence

Which system monitors local system operation and local network access for violations of a security policy?

A. host-based intrusion detection

B. systems-based sandboxing

C. host-based firewall

D. antivirus