Cisco 200-201

Which event is user interaction?. gaining root access. executing remote code. reading and writing file permission. opening a malicious file.

Which security principle requires more than one person is required to perform a critical task?. least privilege. need to know. separation of duties. due diligence.

How is attacking a vulnerability categorized?. action on objectives. delivery. exploitation. installation.

What is a benefit of agent-based protection when compared to agentless protection?. It lowers maintenance costs. It provides a centralized platform. It collects and detects all traffic locally. It manages numerous devices simultaneously.

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?. decision making. rapid response. data mining. due diligence.

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?. confidentiality, identity, and authorization. confidentiality, integrity, and authorization. confidentiality, identity, and availability. confidentiality, integrity, and availability.

What is rule-based detection when compared to statistical detection?. proof of a user's identity. proof of a user's action. likelihood of user's action. falsification of a user's identity.

An engineer configured regular expression ".*\.([Dd][Oo][Cc]|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]" on Cisco ASA firewall. What does this regular expression do?. It captures .doc, .xls, and .pdf files in HTTP v1.0 and v1.1. It captures documents in an HTTP network session. It captures Word, Excel, and PowerPoint files in HTTP v1.0 and v1.1. It captures .doc, .xls, and .ppt files extensions in HTTP v1.0.

Which process is used when IPS events are removed to improve data integrity?. data availability. data normalization. data signature. data protection.

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?. sequence numbers. IP identifier. 5-tuple. timestamps.

What is a difference between SOAR and SIEM?. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not. SOAR receives information from a single platform and delivers it to a SIEM. SIEM receives information from a single platform and delivers it to a SOAR.

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator. MAC is the strictest of all levels of control and DAC is object-based access. DAC is controlled by the operating system and MAC is controlled by an administrator. DAC is the strictest of all levels of control and MAC is object-based access.

What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?. least privilege. need to know. integrity validation. due diligence.

What is the virtual address space for a Windows process?. physical location of an object in memory. set of pages that reside in the physical memory. system-level memory protection feature built into the operating system. set of virtual memory addresses that can be used.

Which security principle is violated by running all processes as root or administrator?. principle of least privilege. role-based access control. separation of duties. trusted computing base.

What is the function of a command and control server?. It enumerates open ports on a network device. It drops secondary payload into malware. It is used to regain control of the network after a compromise. It sends instruction to a compromised system.

What is the difference between deep packet inspection and stateful inspection?. Deep packet inspection is more secure than stateful inspection on Layer 4. Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7. Stateful inspection is more secure than deep packet inspection on Layer 7. Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4.

Which evasion technique is a function of ransomware?. extended sleep calls. encryption. resource exhaustion. encoding.

What is the difference between statistical detection and rule-based detection models?. Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time. Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis. Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior. Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis.

What is the difference between a threat and a risk?. Threat represents a potential danger that could take advantage of a weakness, while the risk is the likelihood of a compromise or damage of an asset. Risk represents the known and identified loss or danger in the system, while threat is a non-identified impact of possible risks. Risk is the unintentional possibility of damages or harm to infrastructure, while the threats are certain and intentional. hreat is a state of being exposed to an attack or a compromise, while risk is the calculation of damage or potential loss affecting the organization from an exposure.

Which attack method intercepts traffic on a switched network?. denial of service. ARP cache poisoning. DHCP snooping. command and control.

What does an attacker use to determine which network ports are listening on a potential target device?. man-in-the-middle. port scanning. SQL injection. ping sweep.

What is a purpose of a vulnerability management framework?. identifies, removes, and mitigates system vulnerabilities. detects and removes vulnerabilities in source code. conducts vulnerability scans on the network. manages a list of reported vulnerabilities.

A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?. the intellectual property that was stolen. the defense contractor who stored the intellectual property. the method used to conduct the attack. the foreign government that conducted the attack.

What is the practice of giving an employee access to only the resources needed to accomplish their job?. principle of least privilege. organizational separation. separation of duties. need to know principle.

Which metric is used to capture the level of access needed to launch a successful attack?. privileges required. user interaction. attack complexity. attack vector.

What is the difference between an attack vector and an attack surface?. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?. integrity. confidentiality. availability. scope.