Win IT Exam with Last Dumps 2024

Cisco 200-201 Exam

Page 22/24
Viewing Questions 211 220 out of 231 Questions

Question 211
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders. After further investigation, the analyst learns that customers claim that they cannot access company servers. According to NIST SP800-61, in which phase of the incident response process is the analyst?
A. preparation
B. post-incident activity
C. containment, eradication, and recovery
D. detection and analysis

Question 212
An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, `File: Clean.` Which regex must the analyst import?
A. File: Clean (.*)
B. ^Parent File: Clean$
C. File: Clean
D. ^File: Clean$

Question 213
What is an advantage of symmetric over asymmetric encryption?
A. It is a faster encryption mechanism for sessions.
B. A one-time encryption key is generated for data transmission.
C. A key is generated on demand according to data type.
D. It is suited for transmitting large amounts of data.

Question 214
Refer to the exhibit. During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events. Which technology provided these logs?
Image 200-201_214Q.png related to the Cisco 200-201 Exam
A. antivirus
C. firewall
D. proxy

Question 215
An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80. Internal employees use the FTP service to upload and download sensitive data. An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario?
A. RADIUS server
B. web application firewall
C. X.509 certificates
D. CA server

Question 216
Refer to the exhibit. A security analyst is investigating unusual activity from an unknown IP address. Which type of evidence is this file?
Image 200-201_216Q.png related to the Cisco 200-201 Exam
A. indirect evidence
B. best evidence
C. direct evidence
D. corroborative evidence

Question 217
Refer to the exhibit. An engineer received an event log file to review. Which technology generated the log?
Image 200-201_217Q.png related to the Cisco 200-201 Exam
B. firewall
C. proxy
D. NetFlow

Question 218
Refer to the exhibit. A workstation downloads a malicious .
docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the file event is recorded. What would have occurred with stronger data visibility?
Image 200-201_218Q.png related to the Cisco 200-201 Exam
A. An extra level of security would have been in place.
B. Malicious traffic would have been blocked on multiple devices.
C. The traffic would have been monitored at any segment in the network.
D. Detailed information about the data in real time would have been provided.

Question 219
Refer to the exhibit. Which frame numbers contain a file that is extractable via TCP stream within Wireshark?
Image 200-201_219Q.png related to the Cisco 200-201 Exam
A. 7 to 21
B. 7 and 21
C. 7, 14, and 21
D. 14, 16, 18, and 19

Question 220
Refer to the exhibit. What is occurring?
Image 200-201_220Q.jpg related to the Cisco 200-201 Exam
A. DNS tunneling
B. DNS amplification
C. ARP poisoning
D. ARP flood

Premium Version