Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

200-201Free trial

By cisco

Verified

25Q per page

Question 26

Refer to the exhibit. Which type of attack is being executed?

A: cross-site request forgery
B: command injection
C: SQL injection
D: cross-site scripting

—

Question 27

What is a difference between inline traffic interrogation and traffic mirroring?

A: Inline inspection acts on the original traffic data flow
B: Traffic mirroring passes live traffic to a tool for blocking
C: Traffic mirroring inspects live traffic for analysis and mitigation
D: Inline traffic copies packets for analysis and security

—

Question 28

A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

A: file extension associations
B: hardware, software, and security settings for the system
C: currently logged in users, including folders and control panel settings
D: all users on the system, including visual settings

—

Question 29

Refer to the exhibit. Which packet contains a file that is extractable within Wireshark?

A: 2317
B: 1986
C: 2318
D: 2542

—

Question 30

Which regex matches only on all lowercase letters?

A: [aגˆ’z]+
B: [^aגˆ’z]+
C: aגˆ’z+
D: a*z+

—

Question 31

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

A: encapsulation
B: TOR
C: tunneling
D: NAT

—

Question 32

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

A: Modify the settings of the intrusion detection system.
B: Design criteria for reviewing alerts.
C: Redefine signature rules.
D: Adjust the alerts schedule.

—

Question 33

What is the impact of false positive alerts on business compared to true positive?

A: True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.
B: True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks identified as harmless.
C: False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.
D: False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.

—

Question 34

What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

A: least privilege
B: need to know
C: integrity validation
D: due diligence

—

Question 35

An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?

A: Firepower
B: Email Security Appliance
C: Web Security Appliance
D: Stealthwatch

—

Question 36

Refer to the exhibit. Which technology generates this log?

A: NetFlow
B: IDS
C: web proxy
D: firewall

—

Question 37

Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?

A: src=10.11.0.0/16 and dst=10.11.0.0/16
B: ip.src==10.11.0.0/16 and ip.dst==10.11.0.0/16
C: ip.src=10.11.0.0/16 and ip.dst=10.11.0.0/16
D: src==10.11.0.0/16 and dst==10.11.0.0/16

—

Question 38

Which tool provides a full packet capture from network traffic?

A: Nagios
B: CAINE
C: Hydra
D: Wireshark

—

Question 39

A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?

A: total throughput on the interface of the router and NetFlow records
B: output of routing protocol authentication failures and ports used
C: running processes on the applications and their total network usage
D: deep packet captures of each application flow and duration

—

Question 40

Refer to the exhibit. What is depicted in the exhibit?

A: Windows Event logs
B: Apache logs
C: IIS logs
D: UNIX-based syslog

—

Question 41

Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?

A: AWS
B: IIS
C: Load balancer
D: Proxy server

—

Question 42

Which regular expression matches "color" and "colour"?

A: colo?ur
B: col[0גˆ’8]+our
C: colou?r
D: col[0גˆ’9]+our

—

Question 43

Which artifact is used to uniquely identify a detected file?

A: file timestamp
B: file extension
C: file size
D: file hash

—

Question 44

A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?

A: application whitelisting/blacklisting
B: network NGFW
C: host-based IDS
D: antivirus/antispyware software

—

Question 45

What is the virtual address space for a Windows process?

A: physical location of an object in memory
B: set of pages that reside in the physical memory
C: system-level memory protection feature built into the operating system
D: set of virtual memory addresses that can be used

—

Question 46

Which utility blocks a host portscan?

A: HIDS
B: sandboxing
C: host-based firewall
D: antimalware

—

Question 47

Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

A: resource exhaustion
B: tunneling
C: traffic fragmentation
D: timing attack

—

Question 48

DRAG DROP -
Drag and drop the technology on the left onto the data type the technology provides on the right.
Select and Place:

—

Question 49

Refer to the exhibit. Which application protocol is in this PCAP file?

A: SSH
B: TCP
C: TLS
D: HTTP

—

Question 50

DRAG DROP -

Refer to the exhibit. Drag and drop the element name from the left onto the appropriate piece of the PCAP file on the right.
Select and Place:

—

Page 2 of 13 • Questions 26-50 of 325

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!