Cisco 200-201 exam revealed answer (P. 18)

Win IT Exam with Last Dumps 2024

Cisco 200-201 Exam

Page 18/24

Viewing Questions 171 180 out of 231 Questions

75.00%

Question 171

Which type of evidence supports a theory or an assumption that results from initial evidence?

A. probabilistic

B. indirect

C. best

D. corroborative

Question 172

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

A. context

B. session

C. laptop

D. firewall logs

E. threat actor

Question 173

What is personally identifiable information that must be safeguarded from unauthorized access?

A. date of birth

B. driver's license number

C. gender

D. zip code

Question 174

In a SOC environment, what is a vulnerability management metric?

A. code signing enforcement

B. full assets scan

C. internet exposed devices

D. single factor authentication

Question 175

A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

A. CD data copy prepared in Windows

B. CD data copy prepared in Mac-based system

C. CD data copy prepared in Linux system

D. CD data copy prepared in Android-based system

Question 176

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

A. detection and analysis

B. post-incident activity

C. vulnerability management

D. risk assessment

E. vulnerability scoring

Question 177

DRAG DROP -Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Select and Place:

Image 200-201_177Q.png related to the Cisco 200-201 Exam

Image 200-201_177R.png related to the Cisco 200-201 Exam

Question 178

Refer to the exhibit. What does this output indicate?

Image 200-201_178Q.png related to the Cisco 200-201 Exam

A. HTTPS ports are open on the server.

B. SMB ports are closed on the server.

C. FTP ports are open on the server.

D. Email ports are closed on the server.

Question 179

DRAG DROP -Drag and drop the elements from the left into the correct order for incident handling on the right.
Select and Place:

Image 200-201_179Q.png related to the Cisco 200-201 Exam

Image 200-201_179R.jpg related to the Cisco 200-201 Exam

Question 180

Win IT Exam with Last Dumps 2024

Cisco 200-201 Exam

Page 18/24

Viewing Questions 171 180 out of 231 Questions

Which type of evidence supports a theory or an assumption that results from initial evidence?

A. probabilistic

B. indirect

C. best

D. corroborative

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

A. context

B. session

C. laptop

D. firewall logs

E. threat actor

What is personally identifiable information that must be safeguarded from unauthorized access?

A. date of birth

B. driver's license number

C. gender

D. zip code

In a SOC environment, what is a vulnerability management metric?

A. code signing enforcement

B. full assets scan

C. internet exposed devices

D. single factor authentication

A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

A. CD data copy prepared in Windows

B. CD data copy prepared in Mac-based system

C. CD data copy prepared in Linux system

D. CD data copy prepared in Android-based system

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

A. detection and analysis

B. post-incident activity

C. vulnerability management

D. risk assessment

E. vulnerability scoring

DRAG DROP -Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.Select and Place:

Refer to the exhibit. What does this output indicate?

A. HTTPS ports are open on the server.

B. SMB ports are closed on the server.

C. FTP ports are open on the server.

D. Email ports are closed on the server.

DRAG DROP -Drag and drop the elements from the left into the correct order for incident handling on the right.Select and Place:

Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?

A. The average time the SOC takes to register and assign the incident.

B. The total incident escalations per week.

C. The average time the SOC takes to detect and resolve the incident.

D. The total incident escalations per month.

DRAG DROP -Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Select and Place:

DRAG DROP -Drag and drop the elements from the left into the correct order for incident handling on the right.
Select and Place: