200-201 Dumps (V17.02) Helps You Balance Knowledge and Confidence: Continue to Read Our 200-201 Free Dumps (Part 3, Q81-Q120) Online

1. What is a benefit of agent-based protection when compared to agentless protection?

2. When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

3. What causes events on a Windows system to show Event Code 4625 in the log messages?

4. Which type of data consists of connection level, application-specific records generated from network traffic?

5. A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information.

What is the threat actor in this incident?

6. Which utility blocks a host portscan?

7. What is the difference between the ACK flag and the RST flag in the NetFlow log session?

8. DRAG DROP

Drag and drop the access control models from the left onto the correct descriptions on the right.

9. An investigator is examining a copy of an ISO file that is stored in CDFS format.

What type of evidence is this file?

10. What is the practice of giving an employee access to only the resources needed to accomplish their job?

11. An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

12. Which security technology allows only a set of pre-approved applications to run on a system?

13. Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email.

What is the state of this file?

14. Refer to the exhibit.

What is occurring in this network traffic?

15. Refer to the exhibit.

What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

16. What is the principle of defense-in-depth?

17. A user received a malicious attachment but did not run it.

Which category classifies the intrusion?

18. What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

19. Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

20. Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

21. DRAG DROP

Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

22. Which step in the incident response process researches an attacking host through logs in a SIEM?

23. Which process is used when IPS events are removed to improve data integrity?

24. An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow.

Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)

25. What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

26. An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap.

Which command will accomplish this goal?

27. An engineer is investigating a case of the unauthorized usage of the “Tcpdump” tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface.

What type of information did the malicious insider attempt to obtain?

28. What is an attack surface as compared to a vulnerability?

29. Which signature impacts network traffic by causing legitimate traffic to be blocked?

30. An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.

Which kind of evidence is this IP address?

31. Why is encryption challenging to security monitoring?

32. Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

33. Refer to the exhibit.

What does the output indicate about the server with the IP address 172.18.104.139?

34. One of the objectives of information security is to protect the CIA of information and systems.

What does CIA mean in this context?

35. What are two denial of service attacks? (Choose two.)

36. Refer to the exhibit.

Which event is occurring?

37. Refer to the exhibit.

Which kind of attack method is depicted in this string?

38. DRAG DROP

Drag and drop the technology on the left onto the data type the technology provides on the right.

39. Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

40. Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)