Endpoint logs indicate that a machine has obtained an unusual gateway address and unusual DNS servers via DHCP. Which type of attack is occurring?
A. evasion methods
B. phishing
C. man in the middle attack
D. command injection
Why should an engineer use a full packet capture to investigate a security breach?
A. It provides the full TCP streams for the engineer to follow the metadata to identify the incoming threat.
B. It collects metadata for the engineer to analyze, including IP traffic packet data that is sorted, parsed, and indexed.
C. It reconstructs the event allowing the engineer to identify the root cause by seeing what took place during the breach.
D. It captures the TCP flags set within each packet for the engineer to focus on suspicious packets to identify malicious activity.
What is session data used for in network security?
A. It contains the set of parameters used for fetching logs.
B. It tracks cookies within each session initiated from user.
C. It is the transaction log between monitoring software.
D. It is the summary of the transmission between two network devices.
Which risk approach eliminates activities posing a risk exposure?
A. risk acknowledgment
B. risk reduction
C. risk retention
D. risk avoidance
Which technique obtains information about how the system works without knowing it's design details?
A. DNS spoofing
B. DDOS attack
C. malware analysis
D. reverse engineering
Which SOC metric represents the time to stop the incident from causing further damage to systems or data?
A. Mean Time to Respond (MTTR)
B. Mean Time to Acknowledge (MTTA)
C. Mean Time to Contain (MTTC)
D. Mean Time to Detect (MTTR)
Where is a host-based intrusion detection system located?
A. on a dedicated proxy server monitoring egress traffic
B. on a tap switch port
C. on a span switch port
D. on an end-point as an agent
An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmalware2022-12-22.pcaps file. The engineer is trying to open the tcpdump in the Wireshark tool. What is the expected result?
A. The file is opened.
B. The tool does not support Linux.
C. The file does not support the
What is the difference between the ACK flag and the RST flag?
A. The ACK flag validates the next packets to be sent to a destination, and the RST flag is what the RST returns to indicate that the destination is reachable.
B. The RST flag establishes the communication, and the ACK flag cancels spontaneous connections that were not specifically sent to the expecting host.
C. The RST flag identifies the connection as reliable and trustworthy within the handshake process, and the ACK flag prepares a response by opening a session between the source and destination.
D. The ACK flag validates the receipt of the previous packet in the stream, and the same session is being closed by the RST flag.
A user received a suspicious email and reported it to the SOC team. After analysis, the team concluded that it was a spear phishing attack. According to the Diamond Model, how is the phishing email categorized?
A. capability
B. infrastructure
C. adversary
D. victim
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 200-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.