Win IT Exam with Last Dumps 2023


Cisco 200-201 Exam

Page 23/24
Viewing Questions 221 230 out of 231 Questions
95.83%

Question 221
Refer to the exhibit. An engineer is analyzing a PCAP file after a recent breach. An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access. How did the attacker gain access?
Image 200-201_221Q.png related to the Cisco 200-201 Exam
A. by using an SSH Tectia Server vulnerability to enable host-based authentication
B. by using brute force on the SSH service to gain access
C. by using the buffer overflow in the URL catcher feature for SSH
D. by using an SSH vulnerability to silently redirect connections to the local host

Question 222
What should an engineer use to aid the trusted exchange of public keys between user tom0426871442 and dan1968754032?
A. central key management server
B. web of trust
C. registration authority data
D. trusted certificate authorities

Question 223
Which tool gives the ability to see session data in real time?
A. tcpdstat
B. trafdump
C. trafshow
D. tcptrace

Question 224
Which security model assumes an attacker within and outside of the network and enforces strict verification before connecting to any system or resource within the organization?
A. Take-Grant
B. Object-capability
C. Zero Trust
D. Biba

Question 225
Why is HTTPS traffic difficult to screen?
A. HTTPS is used internally and screening traffic for external parties is hard due to isolation.
B. Digital certificates secure the session, and the data is sent at random intervals.
C. Traffic Is tunneled to a specific destination and is inaccessible to others except for the receiver.
D. The communication is encrypted and the data in transit is secured.

Question 226
A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?
A. exploitation
B. weaponization
C. reconnaissance
D. delivery

Question 227
Refer to the exhibit. An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret from the report?
Image 200-201_227Q.jpg related to the Cisco 200-201 Exam
A. The file will monitor user activity and send the information to an outside source.
B. The file will Insert itself into an application and execute when the application is run.
C. The file will appear legitimate by evading signature-based detection.
D. The file will not execute its behavior in a sandbox environment to avoid detection.

Question 228
What are two differences between tampered disk images and untampered disk images? (Choose two.)
A. The image is tampered if the stored hash and the computed hash are identical.
B. Tampered images are used as an element for the root cause analysis report.
C. Untampered images can be used as law enforcement evidence.
D. Tampered images are used in a security Investigation process.
E. The image is untampered if the existing stored hash matches the computed one.

Question 229
What is the difference between indicator of attack (IoA) and indicators of compromise (IoC)?
A. IoA refers to the individual responsible for the security breach, and IoC refers to the resulting loss.
B. IoA is the evidence that a security breach has occurred, and IoC allows organizations to act before the vulnerability can be exploited.
C. IoC refers to the individual responsible for the security breach, and IoA refers to the resulting loss.
D. IoC is the evidence that a security breach has occurred, and IoA allows organizations to act before the vulnerability can be exploited.

Question 230
According to the NIST SP 800-86, which two types of data are considered volatile? (Choose two.)
A. temporary files
B. login sessions
C. swap files
D. dump files
E. free space



Premium Version