Get the latest Cisco 200-201 exam dumps to help you prepare for the exam easily, you need more practice and practice every day. Following are some new Cisco 200-201 exam questions. Complete Cisco 200-201 exam dumps questions and answers: https://www.pass4itsure.com/200-201.html (PDF + VCE).
[Free 200-201 practice test] Cisco 200-201 exam questions answers q1-q15
QUESTION 1
DRAG DROP
Drag and drop the access control models from the left onto the correct descriptions on the right.
Select and Place:
QUESTION 2
Which two elements are used for profiling a network? (Choose two.)
A. session duration
B. total throughput
C. running processes
D. listening ports
E. OS fingerprint
Correct Answer: DE
QUESTION 3
At which layer is deep packet inspection investigated on a firewall?
A. internet
B. transport
C. application
D. data link
Correct Answer: C
QUESTION 4
DRAG DROP
Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
QUESTION 5
One of the objectives of information security is to protect the CIA of information and systems.
What does CIA mean in this context?
A. confidentiality, identity, and authorization
B. confidentiality, integrity, and authorization
C. confidentiality, identity, and availability
D. confidentiality, integrity, and availability
Correct Answer: D
QUESTION 6
What is the difference between an attack vector and attack surface?
A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies
vulnerabilities that are independent of user actions.
B. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an
attack can take to penetrate the network.
C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which
attacks are possible with these vulnerabilities.
D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using
several methods against the identified vulnerabilities.
Correct Answer: C
QUESTION 7
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company\\’s corporate PCs.
Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?
A. application whitelisting/blacklisting
B. network NGFW
C. host-based IDS
D. antivirus/antispyware software
Correct Answer: A
QUESTION 8
What is a purpose of a vulnerability management framework?
A. identifies, removes, and mitigates system vulnerabilities
B. detects and removes vulnerabilities in source code
C. conducts vulnerability scans on the network
D. manages a list of reported vulnerabilities
Correct Answer: A
QUESTION 9
Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?
A. The average time the SOC takes to register and assign the incident.
B. The total incident escalations per week.
C. The average time the SOC takes to detect and resolve the incident.
D. The total incident escalations per month.
Correct Answer: C
QUESTION 10
What is the relationship between a vulnerability and a threat?
A. A threat exploits a vulnerability
B. A vulnerability is a calculation of the potential loss caused by a threat
C. A vulnerability exploits a threat
D. A threat is a calculation of the potential loss caused by a vulnerability
Correct Answer: A
QUESTION 11
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
A. Untampered images are used in the security investigation process
B. Tampered images are used in the security investigation process
C. The image is tampered if the stored hash and the computed hash match
D. Tampered images are used in the incident recovery process
E. The image is untampered if the stored hash and the computed hash match
Correct Answer: BE
QUESTION 12
An engineer discovered a breach, identified the threat\\’s entry point, and removed access. The engineer was able to
identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step
the engineer should take according to the NIST SP 800-61 Incident handling guide?
A. Recover from the threat.
B. Analyze the threat.
C. Identify lessons learned from the threat.
D. Reduce the probability of similar threats.
Correct Answer: B
QUESTION 13
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the
same data center were transferred to a competitor. Which type of evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence
Correct Answer: C
QUESTION 14
What is the practice of giving an employee access to only the resources needed to accomplish their job?
A. principle of least privilege
B. organizational separation
C. separation of duties
D. need to know principle
Correct Answer: A
QUESTION 15
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its
integrity?
A. examination
B. investigation
C. collection
D. reporting
Correct Answer: C
[Free 200-201 PDF] Cisco 200-201 dumps pdf download
free 200-201 dumps pdf https://drive.google.com/file/d/13zAYB136wOM6aF_Bhk0y84vZ3FmkyvAH/view?usp=sharing
Pass4itSure provides updated Cisco 200-201 dumps as 200-201 practice test and 200-201 pdf. 100% same braindumps with actual 200-201 exam! Please click https://www.pass4itsure.com/200-201.html (Q&As: 153). Trust Pass4itSure and start preparing, good luck!
