Cisco 200-201 exam revealed answer (P. 12)

Question 111

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

Image 200-201_111Q.jpg related to the Cisco 200-201 Exam

A. A policy violation is active for host 10.10.101.24.

B. A host on the network is sending a DDoS attack to another inside host.

C. There are two active data exfiltration alerts.

D. A policy violation is active for host 10.201.3.149.

Question 112

Which security technology allows only a set of pre-approved applications to run on a system?

A. application-level blacklisting

B. host-based IPS

C. application-level whitelisting

D. antivirus

Question 113

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

A. data from a CD copied using Mac-based system

B. data from a CD copied using Linux system

C. data from a DVD copied using Windows system

D. data from a CD copied using Windows

Question 114

Which piece of information is needed for attribution in an investigation?

A. proxy logs showing the source RFC 1918 IP addresses

B. RDP allowed from the Internet

C. known threat actor behavior

D. 802.1x RADIUS authentication pass arid fail logs

Question 115

What does cyber attribution identify in an investigation?

A. cause of an attack

B. exploit of an attack

C. vulnerabilities exploited

D. threat actors of an attack

Question 116

A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this?

A. best evidence

B. prima facie evidence

C. indirect evidence

D. physical evidence

Question 117

DRAG DROP - Drag and drop the type of evidence from the left onto the description of that evidence on the right. Select and Place:

Image 200-201_117Q.png related to the Cisco 200-201 Exam

Image 200-201_117R.png related to the Cisco 200-201 Exam

Question 118

Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

Image 200-201_118Q.png related to the Cisco 200-201 Exam

A. indirect

B. circumstantial

C. corroborative

D. best

Question 119

Refer to the exhibit. Which piece of information is needed to search for additional downloads of this file by other hosts?

Image 200-201_119Q.png related to the Cisco 200-201 Exam

A. file header type

B. file size

C. file name

D. file hash value

Question 120

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning. How should the analyst collect the traffic to isolate the suspicious host?

Win IT Exam with Last Dumps 2023

Cisco 200-201 Exam

Page 12/24

Viewing Questions 111 120 out of 231 Questions

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

A. A policy violation is active for host 10.10.101.24.

B. A host on the network is sending a DDoS attack to another inside host.

C. There are two active data exfiltration alerts.

D. A policy violation is active for host 10.201.3.149.

Which security technology allows only a set of pre-approved applications to run on a system?

A. application-level blacklisting

B. host-based IPS

C. application-level whitelisting

D. antivirus

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

A. data from a CD copied using Mac-based system

B. data from a CD copied using Linux system

C. data from a DVD copied using Windows system

D. data from a CD copied using Windows

Which piece of information is needed for attribution in an investigation?

A. proxy logs showing the source RFC 1918 IP addresses

B. RDP allowed from the Internet

C. known threat actor behavior

D. 802.1x RADIUS authentication pass arid fail logs

What does cyber attribution identify in an investigation?

A. cause of an attack

B. exploit of an attack

C. vulnerabilities exploited

D. threat actors of an attack

A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this?

A. best evidence

B. prima facie evidence

C. indirect evidence

D. physical evidence

DRAG DROP - Drag and drop the type of evidence from the left onto the description of that evidence on the right. Select and Place:

Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

A. indirect

B. circumstantial

C. corroborative

D. best

Refer to the exhibit. Which piece of information is needed to search for additional downloads of this file by other hosts?

A. file header type

B. file size

C. file name

D. file hash value

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning. How should the analyst collect the traffic to isolate the suspicious host?

A. based on the most used applications

B. by most active source IP

C. by most used ports

D. based on the protocols used