Free 200-201 Exam Braindumps (page: 23)

Page 22 of 66

Refer to the exhibit.



What is the potential threat identified in this Stealthwatch dashboard?

  1. A policy violation is active for host 10.10.101.24.
  2. A host on the network is sending a DDoS attack to another inside host.
  3. There are two active data exfiltration alerts.
  4. A policy violation is active for host 10.201.3.149.

Answer(s): C



Which security technology allows only a set of pre-approved applications to run on a system?

  1. application-level blacklisting
  2. host-based IPS
  3. application-level whitelisting
  4. antivirus

Answer(s): C



An investigator is examining a copy of an ISO file that is stored in CDFS format.
What type of evidence is this file?

  1. data from a CD copied using Mac-based system
  2. data from a CD copied using Linux system
  3. data from a DVD copied using Windows system
  4. data from a CD copied using Windows

Answer(s): B

Explanation:

CDfs is a virtual file system for Unix-like operating systems; it provides access to data and audio tracks on Compact Discs.
When the CDfs driver mounts a Compact Disc, it represents each track as a file. This is consistent with the Unix convention "everything is a file".


Reference:

https://en.wikipedia.org/wiki/CDfs



Which piece of information is needed for attribution in an investigation?

  1. proxy logs showing the source RFC 1918 IP addresses
  2. RDP allowed from the Internet
  3. known threat actor behavior
  4. 802.1x RADIUS authentication pass arid fail logs

Answer(s): C

Explanation:

Actually this is the most important thing: know who, what, how, why, etc.. attack the network.






Post your Comments and Discuss Cisco® 200-201 exam with other Community members:

200-201 Discussions & Posts