200-201 Cisco Exam Questions and Free Practice Test

Question 7

What does an attacker use to determine which network ports are listening on a potential target device?

A. man-in-the-middle

B. port scanning

C. SQL injection

D. ping sweep

Correct Answer:B

Question 8

What is a difference between SOAR and SIEM?

A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

C. SOAR receives information from a single platform and delivers it to a SIEM

D. SIEM receives information from a single platform and delivers it to a SOAR

Correct Answer:A

Question 9

A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

A. CD data copy prepared in Windows

B. CD data copy prepared in Mac-based system

C. CD data copy prepared in Linux system

D. CD data copy prepared in Android-based system

Correct Answer:A

Question 10

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

A. examination

B. investigation

C. collection

D. reporting

Correct Answer:C

Question 11

An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.
200-201 dumps exhibit
Which obfuscation technique is the attacker using?

A. Base64 encoding

B. transport layer security encryption

C. SHA-256 hashing

D. ROT13 encryption

Correct Answer:B

Question 12

Refer to the exhibit.
200-201 dumps exhibit
Which two elements in the table are parts of the 5-tuple? (Choose two.)

A. First Packet

B. Initiator User

C. Ingress Security Zone

D. Source Port

E. Initiator IP

Correct Answer:DE

START 200-201 EXAM