• Home
  • Articles
  • Last 200-201 practice test reviews Practice Test Cisco dumps [Q71-Q94]

Last 200-201 practice test reviews Practice Test Cisco dumps [Q71-Q94]

Share

Last 200-201 practice test reviews: Practice Test Cisco dumps

Try 200-201 Free Now! Real Exam Question Answers Updated [Jun 26, 2026]

NEW QUESTION # 71
Drag and drop the security concept on the left onto the example of that concept on the right.

Answer:

Explanation:


NEW QUESTION # 72
Refer to the exhibit.

Which application protocol is in this PCAP file?

  • A. TLS
  • B. TCP
  • C. SSH
  • D. HTTP

Answer: D


NEW QUESTION # 73
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

  • A. domain names
  • B. dropped files
  • C. file size
  • D. signatures
  • E. host IP addresses

Answer: A,E


NEW QUESTION # 74
What describes the impact of false-positive alerts compared to false-negative alerts?

  • A. A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised
  • B. A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
  • C. A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring
  • D. A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Answer: B

Explanation:
False positives and false negatives are terms used to describe the accuracy of security alerts. A false positive occurs when a security system incorrectly identifies benign activity as malicious, leading to unnecessary investigation and potential disruption of legitimate activities. Conversely, a false negative happens when a security system fails to detect actual malicious activity, allowing the attackers to proceed undetected. The impact of false positives is generally wasted time and resources investigating non-issues, while the impact of false negatives can be much more severe, potentially leading to undetected breaches and significant damage.


NEW QUESTION # 75
An analyst received an alert on their desktop computer showing that an attack was successful on the host.
After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

  • A. The computer has a HIDS installed on it.
  • B. The computer has a NIPS installed on it.
  • C. The computer has a NIDS installed on it.
  • D. The computer has a HIPS installed on it.

Answer: A

Explanation:
The discrepancy described suggests that the system had a Host Intrusion Detection System (HIDS) installed. HIDS are designed to monitor and analyze the internals of a computing system for signs of intrusion and policy violations. While they can detect unauthorized activities, they do not take direct action to stop an attack; this is typically the role of an intrusion prevention system. Therefore, the alert was generated, but no mitigation action was taken because the HIDS does not have the capability to intervene.
References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the functions and limitations of various security systems, including HIDS, and their role within a Security Operations Center (SOC)1.


NEW QUESTION # 76
Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email.
What is the state of this file?

  • A. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
  • B. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
  • C. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
  • D. The file has an embedded non-Windows executable but no suspicious features are identified.

Answer: A


NEW QUESTION # 77
Which tool is used by threat actors on a webpage to take advantage of the software vulnerabilities of a system to spread malware?

  • A. exploit kit
  • B. root kit
  • C. script kiddie kit
  • D. vulnerability kit

Answer: A


NEW QUESTION # 78
Which of these describes SOC metrics in relation to security incidents?

  • A. time it takes to assess the risks of the incident
  • B. time it takes to detect the incident
  • C. probability of compromise and impact caused by the incident
  • D. probability of outage caused by the incident

Answer: B

Explanation:
SOC metrics in relation to security incidents typically refer to the time it takes to detect the incident. These metrics are crucial for evaluating the effectiveness of incident response and remediation efforts by SOC teams. For example, metrics like the Mean Time to Detect (MTTD) enable organizations to assess how quickly they can identify a security incident, which is essential for reducing the impact of the incident on the organization.


NEW QUESTION # 79
Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

  • A. A policy violation is active for host 10.201.3.149.
  • B. A policy violation is active for host 10.10.101.24.
  • C. There are two active data exfiltration alerts.
  • D. A host on the network is sending a DDoS attack to another inside host.

Answer: C


NEW QUESTION # 80
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?

  • A. based on the most used applications
  • B. by most active source IP
  • C. based on the protocols used
  • D. by most used ports

Answer: B


NEW QUESTION # 81
Refer to the exhibit.

A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?

  • A. garbage flood attack attacker is sending garbage binary data to open ports
  • B. indicators of data exfiltration HTTP requests must be plain text
  • C. cache bypassing attack: attacker is sending requests for noncacheable content
  • D. indicators of denial-of-service attack due to the frequency of requests

Answer: C


NEW QUESTION # 82
Which two elements are used for profiling a network? (Choose two.)

  • A. listening ports
  • B. OS fingerprint
  • C. session duration
  • D. running processes
  • E. total throughput

Answer: A,B


NEW QUESTION # 83
Drag and drop the technology on the left onto the data type the technology provides on the right.

Answer:

Explanation:


NEW QUESTION # 84
What is an attack surface as compared to a vulnerability?

  • A. the sum of all paths for data into and out of the environment
  • B. an exploitable weakness in a system or its design
  • C. the individuals who perform an attack
  • D. any potential danger to an asset

Answer: A

Explanation:
An attack surface is the total sum of vulnerabilities that can be exploited to carry out a security attack. Attack surfaces can be physical or digital. The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access.


NEW QUESTION # 85
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

  • A. netsh
  • B. tcpdump
  • C. NetScout
  • D. SolarWinds

Answer: B


NEW QUESTION # 86
What do host-based firewalls protect workstations from?

  • A. unwanted traffic
  • B. viruses
  • C. malicious web scripts
  • D. zero-day vulnerabilities

Answer: A

Explanation:
Host-based firewalls are designed to protect individual workstations from unwanted traffic by filtering incoming and outgoing network communications based on predefined security rules. They can block unauthorized access attempts and prevent potentially harmful traffic from reaching the system.


NEW QUESTION # 87
Refer to the exhibit.

Which two elements in the table are parts of the 5-tuple? (Choose two.)

  • A. Ingress Security Zone
  • B. First Packet
  • C. Initiator IP
  • D. Source Port
  • E. Initiator User

Answer: C,D

Explanation:
The 5-tuple refers to the five different values that are used to define a specific communication session in a network. These values include the source IP address, destination IP address, source port, destination port, and the protocol in use. In this case, option D (Source Port) and option E (Initiator IP) are parts of the 5-tuple. Reference:= Cisco Cybersecurity Operations Fundamentals


NEW QUESTION # 88
Refer to the exhibit.

An attacker scanned the server using Nmap.
What did the attacker obtain from this scan?

  • A. Gathered information on processes running on the server
  • B. Gathered a list of Active Directory users.
  • C. Identified a firewall device preventing the port state from being returned
  • D. Identified open SMB ports on the server

Answer: C


NEW QUESTION # 89
Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

  • A. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
  • B. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
  • C. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
  • D. The file has an embedded non-Windows executable but no suspicious features are identified.

Answer: A


NEW QUESTION # 90
Refer to the exhibit.

What is occurring?

  • A. Review of session logs for performance optimization in a distributed application environment
  • B. Monitoring of encrypted and unencrypted web sessions for diagnostics.
  • C. Analysis of traffic flows during network capacity testing
  • D. Identifying possible malware communications and botnet activity

Answer: B


NEW QUESTION # 91
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

  • A. The image is untampered if the stored hash and the computed hash match
  • B. Tampered images are used in the security investigation process
  • C. Tampered images are used in the incident recovery process
  • D. The image is tampered if the stored hash and the computed hash match
  • E. Untampered images are used in the security investigation process

Answer: A,B


NEW QUESTION # 92
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

  • A. Run "ps -u" to find out who executed additional processes that caused a high load on a server.
  • B. Run "ps -ef" to understand which processes are taking a high amount of resources.
  • C. Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.
  • D. Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.

Answer: B

Explanation:
The "ps" command is used to display information about the processes running on a system. The "-ef" option shows the full format listing, which includes the process ID, the user, the CPU and memory usage, the command name, and other details. This can help the engineer identify which processes are consuming the most resources and causing the degraded performance of the server. The other options are either invalid or irrelevant, as they do not provide the necessary information or perform the required action. References := Cisco Cybersecurity Reference:https://unix.stackexchange.com/questions/62182/please-explain-this-output-of-ps-ef-command


NEW QUESTION # 93
Which event is a vishing attack?

  • A. using a vulnerability scanner on a corporate network
  • B. obtaining disposed documents from an organization
  • C. setting up a rogue access point near a public hotspot
  • D. impersonating a tech support agent during a phone call

Answer: D

Explanation:
Vishing is an attack where fraudsters impersonate legitimate entities via phone calls to deceive individuals into providing sensitive information or performing actions that compromise security. Reference:= Cisco Cybersecurity Source Documents


NEW QUESTION # 94
......

Get Ready to Pass the 200-201 exam with Cisco Latest Practice Exam : https://www.braindumpspass.com/Cisco/200-201-practice-exam-dumps.html

Get Prepared for Your 200-201 Exam With Actual Cisco Study Guide!: https://drive.google.com/open?id=1_7WNXV3yJphZLbQPMS2-bc35CiHuTllt

Related Articles

more
Cisco 200-201 Certification Practice Exam