Free Cisco 200-201 Exam Dumps and 200-201 Exam Questions

Question No: 1

DragDrop

Refer to the exhibit Drag and drop the element names from the left onto the corresponding pieces of the PCAP file on the right.

Question No: 2

MultipleChoice

Refer to the exhibit.

A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded What would have occurred with stronger data visibility?

Options

AThe traffic would have been monitored at any segment in the network.

BMalicious traffic would have been blocked on multiple devices

CAn extra level of security would have been in place

DDetailed information about the data in real time would have been provided

Question No: 3

MultipleChoice

Refer to the exhibit.

A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

Options

Afile header type

Bfile size

Cfile name

Dfile hash value

Question No: 4

MultipleChoice

Refer to the exhibit.

Refer to the exhibit. Where is the executable file?

Options

Ainfo

Btags

CMIME

Dname

Question No: 5

MultipleChoice

Refer to the exhibit.

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options

AWin32.polip.a.exe is an executable file and should be flagged as malicious.

BThe file is clean and does not represent a risk.

CCuckoo cleaned the malicious file and prepared it for usage.

DMD5 of the file was not identified as malicious.

Question No: 6

MultipleChoice

Refer to the exhibit.

Refer to the exhibit. An attacker scanned the server using Nmap. What did the attacker obtain from this scan?

Options

AIdentified a firewall device preventing the pert state from being returned.

BIdentified open SMB ports on the server

CGathered information on processes running on the server

DGathered a list of Active Directory users

Question No: 7

MultipleChoice

Refer to the exhibit.

An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?

Options

A10.0.0.2 sends GET/ HTTP/1.1 And Post request and the target responds with HTTP/1.1. 200 OC and HTTP/1.1 403 accordingly. This is an HTTP flood attempt.

B10.0.0.2 sends HTTP FORBIDDEN /1.1 And Post request, while the target responds with HTTP/1.1 200 Get and HTTP/1.1 403. This is an HTTP GET flood attack.

C10.128.0.2 sends POST/1.1 And POST requests, and the target responds with HTTP/1.1 200 Ok and HTTP/1.1 403 accordingly. This is an HTTP Reserve Bandwidth flood.

D10.128.0.2 sends HTTP/FORBIDDEN/ 1.1 and Get requests, and the target responds with HTTP/1.1 200 OK and HTTP/1.1 403. This is an HTTP cache bypass attack.

Question No: 8

MultipleChoice

Refer to the exhibit. Where is the executable file?

Options

Ainfo

Btags

CMIME

Dname

Question No: 9

MultipleChoice

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

Options

AWin32.polip.a.exe is an executable file and should be flagged as malicious.

BThe file is clean and does not represent a risk.

CCuckoo cleaned the malicious file and prepared it for usage.

DMD5 of the file was not identified as malicious.

Question No: 10

MultipleChoice

A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

Options

Afile header type

Bfile size

Cfile name

Dfile hash value