Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

200-201 by Cisco - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which system monitors local system operation and local network access for violations of a security policy?

A host-based intrusion detection
B systems-based sandboxing
C host-based firewall
D antivirus

Question 4

An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

A The computer has a HIPS installed on it.
B The computer has a NIPS installed on it.
C The computer has a HIDS installed on it.
D The computer has a NIDS installed on it.

Question 5

Question 6

What is a difference between tampered and untampered disk images?

A Tampered images have the same stored and computed hash.
B Untampered images are deliberately altered to preserve as evidence.
C Tampered images are used as evidence.
D Untampered images are used for forensic investigations.

Question 7

What is a sandbox interprocess communication service?

A A collection of rules within the sandbox that prevent the communication between sandboxes.
B A collection of network services that are activated on an interface, allowing for inter-port communication.
C A collection of interfaces that allow for coordination of activities among processes.
D A collection of host services that allow for communication between sandboxes.

Question 8

Question 9

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

A examination
B investigation
C collection
D reporting

Question 10

Which step in the incident response process researches an attacking host through logs in a SIEM?

A detection and analysis
B preparation
C eradication
D containment

Question 11

A malicious file has been identified in a sandbox analysis tool.
Which piece of information is needed to search for additional downloads of this file by other hosts?

A file type
B file size
C file name
D file hash value

Question 12

What is a difference between SOAR and SIEM?

A SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
B SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
C SOAR receives information from a single platform and delivers it to a SIEM
D SIEM receives information from a single platform and delivers it to a SOAR

Question 13

Question 14

Question 15

Which security technology allows only a set of pre-approved applications to run on a system?

A application-level blacklisting
B host-based IPS
C application-level whitelisting
D antivirus

Question 16

An investigator is examining a copy of an ISO file that is stored in CDFS format.
What type of evidence is this file?

A data from a CD copied using Mac-based system
B data from a CD copied using Linux system
C data from a DVD copied using Windows system
D data from a CD copied using Windows

Question 17

Which piece of information is needed for attribution in an investigation?

A proxy logs showing the source RFC 1918 IP addresses
B RDP allowed from the Internet
C known threat actor behavior
D 802.1x RADIUS authentication pass arid fail logs

Question 18

What does cyber attribution identify in an investigation?

A cause of an attack
B exploit of an attack
C vulnerabilities exploited
D threat actors of an attack

Question 19

A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

A best evidence
B prima facie evidence
C indirect evidence
D physical evidence

Question 20

DRAG DROP -
Drag and drop the type of evidence from the left onto the description of that evidence on the right.
Select and Place:

Question 21

Question 22

Question 23

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

A MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
B MAC is the strictest of all levels of control and DAC is object-based access
C DAC is controlled by the operating system and MAC is controlled by an administrator
D DAC is the strictest of all levels of control and MAC is object-based access

Question 24

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning. How should the analyst collect the traffic to isolate the suspicious host?

A based on the most used applications
B by most active source IP
C by most used ports
D based on the protocols used

Question 25

Which technology on a host is used to isolate a running application from other application?

A application allow list
B application block list
C host-based firewall
D sandbox

Page 1 of 13 • Questions 1-25 of 325

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which event is user interaction?

A gaining root access
B executing remote code
C reading and writing file permission
D opening a malicious file

An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?

A sequence numbers
B IP identifier
C 5-tuple
D timestamps

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

A A policy violation is active for host 10.10.101.24.
B A host on the network is sending a DDoS attack to another inside host.
C There are three active data exfiltration alerts.
D A policy violation is active for host 10.201.3.149.

An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?

A Base64 encoding
B transport layer security encryption
C SHA-256 hashing
D ROT13 encryption

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

A Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
B Host 152.46.6.91 is being identified as a watchlist country for data transfer.
C Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
D Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

A A policy violation is active for host 10.10.101.24.
B A host on the network is sending a DDoS attack to another inside host.
C There are two active data exfiltration alerts.
D A policy violation is active for host 10.201.3.149.

Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

A indirect
B circumstantial
C corroborative
D best

Refer to the exhibit. Which piece of information is needed to search for additional downloads of this file by other hosts?

A file header type
B file size
C file name
D file hash value

200-201Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25