[Oct 18, 2023] 200-201 certification guide Q&A from Training Expert UpdateDumps [Q42-Q64]

[Oct 18, 2023] 200-201 certification guide Q&A from Training Expert UpdateDumps

200-201 Certification Overview Latest 200-201 PDF Dumps

NEW QUESTION # 42
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

• A. Recover from the threat.
• B. Identify lessons learned from the threat.
• C. Reduce the probability of similar threats.
• D. Analyze the threat.

Answer: C

NEW QUESTION # 43
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

• A. NAT
• B. encapsulation
• C. TOR
• D. tunneling

Answer: A

Explanation:
Explanation
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

NEW QUESTION # 44
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

• A. protocol, log source, source IP, destination IP, and host name
• B. protocol, source IP, source port, destination IP, and destination port
• C. event name, log source, time, source IP, and username
• D. event name, log source, time, source IP, and host name

Answer: B

NEW QUESTION # 45
Which security model assumes an attacker within and outside of the network and enforces strict verification before connecting to any system or resource within the organization?

• A. Object-capability
• B. Biba
• C. Zero Trust
• D. Take-Grant

Answer: C

Explanation:
Explanation
Zero Trust security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.

NEW QUESTION # 46
The target web application server is running as the root user and is vulnerable to command injection. Which result of a successful attack is true?

• A. cross-site scripting request forgery
• B. privilege escalation
• C. buffer overflow
• D. cross-site scripting

Answer: A

NEW QUESTION # 47
Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

• A. open ports of an email server
• B. open port of an FTP server
• C. open ports of a web server
• D. running processes of the server

Answer: A

NEW QUESTION # 48
What does an attacker use to determine which network ports are listening on a potential target device?

• A. port scanning
• B. ping sweep
• C. SQL injection
• D. man-in-the-middle

Answer: A

Explanation:
Explanation/Reference:

NEW QUESTION # 49
What is a collection of compromised machines that attackers use to carry out a DDoS attack?

• A. botnet
• B. command and control
• C. subnet
• D. VLAN

Answer: A

NEW QUESTION # 50
A user received a malicious attachment but did not run it. Which category classifies the intrusion?

• A. weaponization
• B. reconnaissance
• C. installation
• D. delivery

Answer: D

NEW QUESTION # 51
Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

• A. heap memory corruption
• B. blind SQL injection
• C. command injection
• D. parameter manipulation

Answer: B

NEW QUESTION # 52
Refer to the exhibit.

Which event is occurring?

• A. A binary named "submit" is running on VM cuckoo1.
• B. A binary on VM cuckoo1 is being submitted for evaluation
• C. A URL is being evaluated to see if it has a malicious binary
• D. A binary is being submitted to run on VM cuckoo1

Answer: D

Explanation:
https://cuckoo.readthedocs.io/en/latest/usage/submit/

NEW QUESTION # 53
Drag and drop the technology on the left onto the data type the technology provides on the right.

Answer:

Explanation:

NEW QUESTION # 54
What is the difference between indicator of attack (loA) and indicators of compromise (loC)?

• A. loA is the evidence that a security breach has occurred, and loC allows organizations to act before the vulnerability can be exploited.
• B. loA refers to the individual responsible for the security breach, and loC refers to the resulting loss.
• C. loC refers to the individual responsible for the security breach, and loA refers to the resulting loss.
• D. loC is the evidence that a security breach has occurred, and loA allows organizations to act before the vulnerability can be exploited.

Answer: D

NEW QUESTION # 55
Which category relates to improper use or disclosure of PII data?

• A. regulated
• B. legal
• C. compliance
• D. contractual

Answer: A

NEW QUESTION # 56
An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?

• A. IP data
• B. PSI data
• C. PII data
• D. PHI data

Answer: C

NEW QUESTION # 57
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

• A. Collect public information on the malware behavior.
• B. Isolate the infected endpoint from the network.
• C. Prioritize incident handling based on the impact.
• D. Perform forensics analysis on the infected endpoint.

Answer: A

NEW QUESTION # 58
Drag and drop the technology on the left onto the data type the technology provides on the right.

Answer:

Explanation:

NEW QUESTION # 59
W[^t is vulnerability management?

• A. A process to identify and remediate existing weaknesses.
• B. A process to recover from service interruptions and restore business-critical applications
• C. A security practice of performing actions rather than acknowledging the threats.
• D. A security practice focused on clarifying and narrowing intrusion points.

Answer: A

NEW QUESTION # 60
Which technology on a host is used to isolate a running application from other applications?

• A. application block list
• B. application allow list
• C. sandbox
• D. host-based firewall

Answer: C

NEW QUESTION # 61
What describes the concept of data consistently and readily being accessible for legitimate users?

• A. confidentiality
• B. accessibility
• C. integrity
• D. availability

Answer: D

NEW QUESTION # 62
Drag and drop the access control models from the left onto the correct descriptions on the right.

Answer:

Explanation:

NEW QUESTION # 63
What is an attack surface as compared to a vulnerability?

• A. the individuals who perform an attack
• B. the sum of all paths for data into and out of the application
• C. an exploitable weakness in a system or its design
• D. any potential danger to an asset

Answer: B

NEW QUESTION # 64
......

Cisco 200-201 Certification Exam is intended for individuals who are looking to start a career in cybersecurity or want to enhance their existing cybersecurity skills. 200-201 exam is suitable for security analysts, network administrators, security operations center (SOC) personnel, and anyone who is interested in understanding the basic concepts of cybersecurity. 200-201 exam tests the candidate's ability to identify security threats, evaluate network vulnerabilities, and implement effective security solutions.

 

The Best Cisco 200-201 Study Guides and Dumps of 2023: https://actualtest.updatedumps.com/Cisco/200-201-updated-exam-dumps.html