Free Cisco 200-201 Exam Dumps and 200-201 Exam Questions

Question No: 1

MultipleChoice

Refer to the exhibit.

A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

Options

Afile header type

Bfile size

Cfile name

Dfile hash value

Question No: 2

MultipleChoice

Refer to the exhibit.

Refer to the exhibit. Where is the executable file?

Options

Ainfo

Btags

CMIME

Dname

Question No: 3

MultipleChoice

Refer to the exhibit.

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options

AWin32.polip.a.exe is an executable file and should be flagged as malicious.

BThe file is clean and does not represent a risk.

CCuckoo cleaned the malicious file and prepared it for usage.

DMD5 of the file was not identified as malicious.

Question No: 4

MultipleChoice

Refer to the exhibit.

Refer to the exhibit. An attacker scanned the server using Nmap. What did the attacker obtain from this scan?

Options

AIdentified a firewall device preventing the pert state from being returned.

BIdentified open SMB ports on the server

CGathered information on processes running on the server

DGathered a list of Active Directory users

Question No: 5

MultipleChoice

Refer to the exhibit.

An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?

Options

A10.0.0.2 sends GET/ HTTP/1.1 And Post request and the target responds with HTTP/1.1. 200 OC and HTTP/1.1 403 accordingly. This is an HTTP flood attempt.

B10.0.0.2 sends HTTP FORBIDDEN /1.1 And Post request, while the target responds with HTTP/1.1 200 Get and HTTP/1.1 403. This is an HTTP GET flood attack.

C10.128.0.2 sends POST/1.1 And POST requests, and the target responds with HTTP/1.1 200 Ok and HTTP/1.1 403 accordingly. This is an HTTP Reserve Bandwidth flood.

D10.128.0.2 sends HTTP/FORBIDDEN/ 1.1 and Get requests, and the target responds with HTTP/1.1 200 OK and HTTP/1.1 403. This is an HTTP cache bypass attack.

Question No: 6

MultipleChoice

Refer to the exhibit. Where is the executable file?

Options

Ainfo

Btags

CMIME

Dname

Question No: 7

MultipleChoice

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options

AWin32.polip.a.exe is an executable file and should be flagged as malicious.

BThe file is clean and does not represent a risk.

CCuckoo cleaned the malicious file and prepared it for usage.

DMD5 of the file was not identified as malicious.

Question No: 8

MultipleChoice

A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

Options

Afile header type

Bfile size

Cfile name

Dfile hash value

Question No: 9

MultipleChoice

Which incidence response step includes identifying all hosts affected by an attack'?

Options

Apost-incident activity

Bdetection and analysis

Ccontainment eradication and recovery

Dpreparation

Question No: 10

MultipleChoice

How is NetFlow different than traffic mirroring?

Options

ANetFlow collects metadata and traffic mirroring clones data

BTraffic mirroring impacts switch performance and NetFlow does not

CTraffic mirroring costs less to operate than NetFlow

DNetFlow generates more data than traffic mirroring