Cisco 200-201 exam revealed answer (P. 13)

Question 121

Which technology on a host is used to isolate a running application from other application?

A. application allow list

B. application block list

C. host-based firewall

D. sandbox

Question 122

Refer to the exhibit. Which type of attack is being executed?

Image 200-201_122Q.png related to the Cisco 200-201 Exam

A. cross-site request forgery

B. command injection

C. SQL injection

D. cross-site scripting

Question 123

What is a difference between inline traffic interrogation and traffic mirroring?

A. Inline inspection acts on the original traffic data flow

B. Traffic mirroring passes live traffic to a tool for blocking

C. Traffic mirroring inspects live traffic for analysis and mitigation

D. Inline traffic copies packets for analysis and security

Question 124

A system administrator is ensuring that specific registry information is accurate. Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

A. file extension associations

B. hardware, software, and security settings for the system

C. currently logged in users, including folders and control panel settings

D. all users on the system, including visual settings

Question 125

Refer to the exhibit. Which packet contains a file that is extractable within Wireshark?

Image 200-201_125Q.png related to the Cisco 200-201 Exam

A. 2317

B. 1986

C. 2318

D. 2542

Question 126

Which regex matches only on all lowercase letters?

A. [a-z]+

B. [^a-z]+

C. a-z+

D. a*z+

Question 127

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

A. encapsulation

B. TOR

C. tunneling

D. NAT

Question 128

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

A. Modify the settings of the intrusion detection system.

B. Design criteria for reviewing alerts.

C. Redefine signature rules.

D. Adjust the alerts schedule.

Question 129

What is the impact of false positive alerts on business compared to true positive?

A. True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.

B. True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks identified as harmless.

C. False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.

D. False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.

Question 130

An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?

A. Firepower

B. Email Security Appliance

C. Web Security Appliance

D. Stealthwatch

Win IT Exam with Last Dumps 2023

Cisco 200-201 Exam

Page 13/24

Viewing Questions 121 130 out of 231 Questions

Which technology on a host is used to isolate a running application from other application?

A. application allow list

B. application block list

C. host-based firewall

D. sandbox

Refer to the exhibit. Which type of attack is being executed?

A. cross-site request forgery

B. command injection

C. SQL injection

D. cross-site scripting

What is a difference between inline traffic interrogation and traffic mirroring?

A. Inline inspection acts on the original traffic data flow

B. Traffic mirroring passes live traffic to a tool for blocking

C. Traffic mirroring inspects live traffic for analysis and mitigation

D. Inline traffic copies packets for analysis and security

A system administrator is ensuring that specific registry information is accurate. Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

A. file extension associations

B. hardware, software, and security settings for the system

C. currently logged in users, including folders and control panel settings

D. all users on the system, including visual settings

Refer to the exhibit. Which packet contains a file that is extractable within Wireshark?

A. 2317

B. 1986

C. 2318

D. 2542

Which regex matches only on all lowercase letters?

A. [a-z]+

B. [^a-z]+

C. a-z+

D. a*z+

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.

Which technology makes this behavior possible?

A. encapsulation

B. TOR

C. tunneling

D. NAT

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

A. Modify the settings of the intrusion detection system.

B. Design criteria for reviewing alerts.

C. Redefine signature rules.

D. Adjust the alerts schedule.

What is the impact of false positive alerts on business compared to true positive?

A. True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.

B. True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks identified as harmless.

C. False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.

D. False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.

An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?

A. Firepower

B. Email Security Appliance

C. Web Security Appliance

D. Stealthwatch