Win IT Exam with Last Dumps 2024

Cisco 200-201 Exam

Page 12/24
Viewing Questions 111 120 out of 231 Questions

Question 111
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
Image 200-201_111Q.jpg related to the Cisco 200-201 Exam
A. A policy violation is active for host
B. A host on the network is sending a DDoS attack to another inside host.
C. There are two active data exfiltration alerts.
D. A policy violation is active for host

Question 112
Which security technology allows only a set of pre-approved applications to run on a system?
A. application-level blacklisting
B. host-based IPS
C. application-level whitelisting
D. antivirus

Question 113
An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?
A. data from a CD copied using Mac-based system
B. data from a CD copied using Linux system
C. data from a DVD copied using Windows system
D. data from a CD copied using Windows

Question 114
Which piece of information is needed for attribution in an investigation?
A. proxy logs showing the source RFC 1918 IP addresses
B. RDP allowed from the Internet
C. known threat actor behavior
D. 802.1x RADIUS authentication pass arid fail logs

Question 115
What does cyber attribution identify in an investigation?
A. cause of an attack
B. exploit of an attack
C. vulnerabilities exploited
D. threat actors of an attack

Question 116
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence

Question 117
DRAG DROP - Drag and drop the type of evidence from the left onto the description of that evidence on the right. Select and Place:
Image 200-201_117Q.png related to the Cisco 200-201 Exam
Image 200-201_117R.png related to the Cisco 200-201 Exam

Question 118
Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?
Image 200-201_118Q.png related to the Cisco 200-201 Exam
A. indirect
B. circumstantial
C. corroborative
D. best

Question 119
Refer to the exhibit. Which piece of information is needed to search for additional downloads of this file by other hosts?
Image 200-201_119Q.png related to the Cisco 200-201 Exam
A. file header type
B. file size
C. file name
D. file hash value

Question 120
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning. How should the analyst collect the traffic to isolate the suspicious host?
A. based on the most used applications
B. by most active source IP
C. by most used ports
D. based on the protocols used

Premium Version