200-201 Cisco Exam Questions and Free Practice Test

Question 19

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

A. application identification number

B. active process identification number

C. runtime identification number

D. process identification number

Correct Answer:D

Question 20

Which type of data collection requires the largest amount of storage space?

A. alert data

B. transaction data

C. session data

D. full packet capture

Correct Answer:D

Question 21

Which incidence response step includes identifying all hosts affected by an attack'?

A. post-incident activity

B. detection and analysis

C. containment eradication and recovery

D. preparation

Correct Answer:A

Question 22

A user received a malicious attachment but did not run it. Which category classifies the intrusion?

A. weaponization

B. reconnaissance

C. installation

D. delivery

Correct Answer:D

Question 23

Refer to the exhibit.
200-201 dumps exhibit
Which application protocol is in this PCAP file?

A. SSH

B. TCP

C. TLS

D. HTTP

Correct Answer:B

Question 24

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

A. known-plaintext

B. replay

C. dictionary

D. man-in-the-middle

Correct Answer:D

START 200-201 EXAM