[Apr 26, 2025] Cisco 200-201 Exam Dumps Files, Q1/207: An employee reports that someone has logged into their system and made unapproved changes, files are

Join the discussion

Question 1/207

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

A. The threat actor used a dictionary-based password attack to obtain credentials.

B. The threat actor gained access to the system by known credentials.

C. The threat actor used the teardrop technique to confuse and crash login services.

D. The threat actor used an unknown vulnerability of the operating system that went undetected.

Add Comments

Other Question (207q): Q1. An employee reports that someone has logged into their system and made unapproved changes,...; Q2. Drag and drop the access control models from the left onto the correct descriptions on the...; Q3. Refer to the exhibit. (Exhibit) What is shown in this PCAP file?...; Q4. Which event is user interaction?; Q5. Which two elements of the incident response process are stated in NIST Special Publication...; Q6. A security analyst notices a sudden surge of incoming traffic and detects unknown packets ...; Q7. An offline audit log contains the source IP address of a session suspected to have exploit...; Q8. What is the practice of giving an employee access to only the resources needed to accompli...; Q9. What is sliding window anomaly detection?; Q10. Refer to the exhibit. (Exhibit) Which packet contains a file that is extractable within Wi...; Q11. An engineer configured regular expression "."\.(pd][Oo][Cc)|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTT...; Q12. Which event artifact is used to identify HTTP GET requests for a specific file?...; Q13. What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (...; Q14. An analyst discovers that a legitimate security alert has been dismissed. Which signature ...; Q15. Which metric in CVSS indicates an attack that takes a destination bank account number and ...; Q16. An analyst discovers that a legitimate security alert has been dismissed. Which signature ...; Q17. An organization's security team has detected network spikes coming from the internal netwo...; Q18. An employee reports that someone has logged into their system and made unapproved changes,...; Q19. Refer to the exhibit. (Exhibit) Which type of attack is being executed?...; Q20. Which metric in CVSS indicates an attack that takes a destination bank account number and ...; Q21. Which category relates to improper use or disclosure of PII data?...; Q22. Refer to the exhibit. (Exhibit) What is occurring?...; Q23. Refer to the exhibit. (Exhibit) What is shown in this PCAP file?...; Q24. What is a collection of compromised machines that attackers use to carry out a DDoS attack...; Q25. An analyst is exploring the functionality of different operating systems. What is a featur...; Q26. Refer to the exhibit. (Exhibit) An engineer received an event log file to review. Which te...; Q27. What is the difference between an attack vector and attack surface?...; Q28. Refer to the exhibit. (Exhibit) Which application protocol is in this PCAP file?...; Q29. What is threat hunting?; Q30. An engineer received an alert affecting the degraded performance of a critical server Anal...; Q31. Refer to the exhibit. (Exhibit) An engineer received an event log file to review. Which te...; Q32. Refer to the exhibit. (Exhibit) What should be interpreted from this packet capture?...; Q33. Which evasion technique is indicated when an intrusion detection system begins receiving a...; Q34. Refer to the exhibit. (Exhibit) What is occurring within the exhibit?...; Q35. Refer to the exhibit. (Exhibit) What is occurring in this network traffic?...; Q36. Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with...; Q37. What is a difference between an inline and a tap mode traffic monitoring?...; Q38. (Exhibit) Refer to the exhibit. Which type of log is displayed?...; Q39. Which evasion technique is indicated when an intrusion detection system begins receiving a...; Q40. A member of the SOC team is checking the dashboard provided by the Cisco Firepower Manager...; Q41. Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?...; Q42. What is an attack surface as compared to a vulnerability?...; Q43. What do the Security Intelligence Events within the FMC allow an administrator to do?...; Q44. Refer to the exhibit. (Exhibit) Which type of log is displayed?...; Q45. What are two differences in how tampered and untampered disk images affect a security inci...; Q46. What specific type of analysis is assigning values to the scenario to see expected outcome...; Q47. Refer to the exhibit. (Exhibit) What is the potential threat identified in this Stealthwat...; Q48. What is an example of social engineering attacks?...; Q49. Refer to the exhibit. (Exhibit) Which technology generates this log?...; Q50. Refer to the exhibit. (Exhibit) Which event is occurring?...; Q51. What are two social engineering techniques? (Choose two.)...; Q52. What is a sandbox interprocess communication service?...; Q53. An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The anal...; Q54. What is a benefit of using asymmetric cryptography?...; Q55. What is the practice of giving an employee access to only the resources needed to accompli...; Q56. Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP...; Q57. What are the two characteristics of the full packet captures? (Choose two.)...; Q58. DRAG DROP Drag and drop the security concept on the left onto the example of that concept ...; Q59. A system administrator is ensuring that specific registry information is accurate. Which t...; Q60. Refer to the exhibit. (Exhibit) Which application protocol is in this PCAP file?...; Q61. What is an advantage of symmetric over asymmetric encryption?...; Q62. Which attack method is being used when an attacker tries to compromise a network with an a...; Q63. Refer to the exhibit. (Exhibit) Which application-level protocol is being targeted?...; Q64. Refer to the exhibit. (Exhibit) An analyst received this alert from the Cisco ASA device, ...; Q65. (Exhibit) Refer to the exhibit. What is the potential threat identified in this Stealthwat...; Q66. What is personally identifiable information that must be safeguarded from unauthorized acc...; Q67. What is the difference between the ACK flag and the RST flag?...; Q68. An analyst is using the SIEM platform and must extract a custom property from a Cisco devi...; Q69. Refer to the exhibit. (Exhibit) An engineer is analyzing a PCAP file after a recent breach...; Q70. Which evasion technique is indicated when an intrusion detection system begins receiving a...; Q71. Which two elements are assets in the role of attribution in an investigation? (Choose two....; Q72. What does cyber attribution identify in an investigation?...; Q73. At which layer is deep packet inspection investigated on a firewall?...; Q74. What is a sandbox interprocess communication service?...; Q75. Which technique is a low-bandwidth attack?; Q76. Drag and drop the access control models from the left onto the correct descriptions on the...; Q77. What is threat hunting?; Q78. A company receptionist received a threatening call referencing stealing assets and did not...; Q79. What is a difference between data obtained from Tap and SPAN ports?...; Q80. Which technology should be used to implement a solution that makes routing decisions based...; Q81. What is the difference between inline traffic interrogation and traffic mirroring?...; Q82. Which attack method intercepts traffic on a switched network?...; Q83. Refer to the exhibit. Where is the executable file?...; Q84. Refer to the exhibit. (Exhibit) Which kind of attack method is depicted in this string?...; Q85. An engineer needs to fetch logs from a proxy server and generate actual events according t...; Q86. A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web...; Q87. Which are two denial-of-service attacks? (Choose two.)...; Q88. A threat actor penetrated an organization's network. Using the 5-tuple approach, which dat...; Q89. What is an example of social engineering attacks?...; Q90. What describes the impact of false-positive alerts compared to false-negative alerts?...; Q91. What do host-based firewalls protect workstations from?...; Q92. A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mwa...; Q93. Which system monitors local system operation and local network access for violations of a ...; Q94. Drag and drop the elements from the left into the correct order for incident handling on t...; Q95. Which artifact is used to uniquely identify a detected file?...; Q96. What should an engineer use to aid the trusted exchange of public keys between user tom041...; Q97. Which security technology guarantees the integrity and authenticity of all messages transf...; Q98. What is the difference between a threat and an exploit?...; Q99. A developer is working on a project using a Linux tool that enables writing processes to o...; Q100. Refer to the exhibit. (Exhibit) What is the expected result when the "Allow subdissector t...; Q101. Drag and drop the uses on the left onto the type of security system on the right. (Exhibit...; Q102. (Exhibit) Refer to the exhibit. What is the expected result when the "Allow subdissector t...; Q103. Refer to the exhibit. Which application protocol is in this PCAP file?...; Q104. Which two compliance frameworks require that data be encrypted when it is transmitted over...; Q105. How does an attacker observe network traffic exchanged between two users?...; Q106. What is the difference between an attack vector and attack surface?...; Q107. Refer to the exhibit. (Exhibit) An engineer is analyzing this Cuckoo Sandbox report for a ...; Q108. Refer to the exhibit. (Exhibit) Which frame numbers contain a file that is extractable via...; Q109. A security engineer has a video of a suspect entering a data center that was captured on t...; Q110. (Exhibit) Refer to the exhibit. What information is depicted?...; Q111. An organization is cooperating with several third-party companies. Data exchange is on an ...; Q112. (Exhibit) Refer to the exhibit. Which packet contains a file that is extractable within Wi...; Q113. Refer to the exhibit. (Exhibit) What is the potential threat identified in this Stealthwat...; Q114. Refer to the exhibit. (Exhibit) Which type of log is displayed?...; Q115. Which two elements are used for profiling a network? (Choose two.)...; Q116. An engineer needs to configure network systems to detect command and control communication...; Q117. Which system monitors local system operation and local network access for violations of a ...; Q118. Which two measures are used by the defense-m-depth strategy? (Choose two)...; Q119. An engineer needs to fetch logs from a proxy server and generate actual events according t...; Q120. Endpoint logs indicate that a machine has obtained an unusual gateway address and unusual ...; Q121. Refer to the exhibit. (Exhibit) Which component is identifiable in this exhibit?...; Q122. Which attack method intercepts traffic on a switched network?...; Q123. Which process represents the application-level allow list?...; Q124. How does an attack surface differ from an attack vector?...; Q125. Refer to the exhibit. Which component is identifiable in this exhibit?...; Q126. While viewing packet capture data, an analyst sees that one IP is sending and receiving tr...; Q127. An analyst is investigating an incident in a SOC environment. Which method is used to iden...; Q128. Refer to the exhibit. (Exhibit) Which packet contains a file that is extractable within Wi...; Q129. What is an advantage of symmetric over asymmetric encryption?...; Q130. Drag and drop the definition from the left onto the phase on the right to classify intrusi...; Q131. Drag and drop the definition from the left onto the phase on the right to classify intrusi...; Q132. Refer to the exhibit. (Exhibit) Which two elements in the table are parts of the 5-tuple? ...; Q133. Which security principle requires more than one person is required to perform a critical t...; Q134. When trying to evade IDS/IPS devices, which mechanism allows the user to make the data inc...; Q135. What makes HTTPS traffic difficult to monitor?...; Q136. What is the relationship between a vulnerability and a threat?...; Q137. An engineer received an alert affecting the degraded performance of a critical server. Ana...; Q138. Which evasion technique is a function of ransomware?...; Q139. Drag and drop the definition from the left onto the phase on the right to classify intrusi...; Q140. A user received a targeted spear-phishing email and identified it as suspicious before ope...; Q141. An organization's security team has detected network spikes coming from the internal netwo...; Q142. An engineer receives a security alert that traffic with a known TOR exit node has occurred...; Q143. An engineer needs to fetch logs from a proxy server and generate actual events according t...; Q144. Refer to the exhibit. (Exhibit) Drag and drop the element name from the left onto the corr...; Q145. An engineer needs to configure network systems to detect command and control communication...; Q146. Which type of data collection requires the largest amount of storage space?...; Q147. Refer to the exhibit. (Exhibit) What is the expected result when the "Allow subdissector t...; Q148. An analyst is using the SIEM platform and must extract a custom property from a Cisco devi...; Q149. Refer to the exhibit. (Exhibit) Which application protocol is in this PCAP file?...; Q150. What is a collection of compromised machines that attackers use to carry out a DDoS attack...; Q151. Refer to the exhibit. (Exhibit) What is the potential threat identified in this Stealthwat...; Q152. Refer to the exhibit. (Exhibit) An engineer is reviewing a Cuckoo report of a file. What m...; Q153. Drag and drop the elements from the left into the correct order for incident handling on t...; Q154. What is the impact of encryption?; Q155. Why is encryption challenging to security monitoring?...; Q156. Drag and drop the type of evidence from the left onto the description of that evidence on ...; Q157. Which signature impacts network traffic by causing legitimate traffic to be blocked?...; Q158. What describes the impact of false-positive alerts compared to false-negative alerts?...; Q159. Refer to the exhibit. (Exhibit) A company's user HTTP connection to a malicious site was b...; Q160. What is the purpose of command and control for network-aware malware?...; Q161. Which type of evidence supports a theory or an assumption that results from initial eviden...; Q162. A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS ...; Q163. A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run i...; Q164. Which artifact is used to uniquely identify a detected file?...; Q165. What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (...; Q166. Drag and drop the technology on the left onto the data type the technology provides on the...; Q167. Refer to the exhibit. (Exhibit) During the analysis of a suspicious scanning activity inci...; Q168. Which data type is necessary to get information about source/destination ports?...; Q169. A malicious file has been identified in a sandbox analysis tool. (Exhibit) Which piece of ...; Q170. Drag and drop the definition from the left onto the phase on the right to classify intrusi...; Q171. Refer to the exhibit. During the analysis of a suspicious scanning activity incident, an a...; Q172. Syslog collecting software is installed on the server For the log containment, a disk with...; Q173. Drag and drop the definition from the left onto the phase on the right to classify intrusi...; Q174. A developer is working on a project using a Linux tool that enables writing processes to o...; Q175. Which incidence response step includes identifying all hosts affected by an attack?...; Q176. Refer to the exhibit. (Exhibit) What is occurring in this network?...; Q177. What is the practice of giving employees only those permissions necessary to perform their...; Q178. (Exhibit) Refer to the exhibit. What is the expected result when the "Allow subdissector t...; Q179. An organization has recently adjusted its security stance in response to online threats ma...; Q180. An analyst is investigating an incident in a SOC environment. Which method is used to iden...; Q181. Refer to the exhibit. (Exhibit) What is occurring?...; Q182. Refer to the exhibit. (Exhibit) What is the potential threat identified in this Stealthwat...; Q183. Which metric in CVSS indicates an attack that takes a destination bank account number and ...; Q184. Which security monitoring data type requires the largest storage space?...; Q185. Which type of data collection requires the largest amount of storage space?...; Q186. Refer to the exhibit. (Exhibit) A workstation downloads a malicious docx file from the Int...; Q187. Drag and drop the data source from the left onto the data type on the right. (Exhibit)...; Q188. What describes the defense-m-depth principle?; Q189. Refer to the exhibit. (Exhibit) What is shown in this PCAP file?...; Q190. What is a difference between inline traffic interrogation and traffic mirroring?...; Q191. Refer to the exhibit. (Exhibit) Which field contains DNS header information if the payload...; Q192. An engineer receives a security alert that traffic with a known TOR exit node has occurred...; Q193. Which vulnerability type is used to read, write, or erase information from a database?...; Q194. An engineer is working with the compliance teams to identify the data passing through the ...; Q195. A security incident occurred with the potential of impacting business services. Who perfor...; Q196. Which evasion method involves performing actions slower than normal to prevent detection?...; Q197. Why is encryption challenging to security monitoring?...; Q198. Drag and drop the definition from the left onto the phase on the right to classify intrusi...; Q199. Which two components reduce the attack surface on an endpoint? (Choose two.)...; Q200. Refer to the exhibit. An employee received an email from an unknown sender with an attachm...; Q201. At a company party a guest asks How is this type of conversation classified?...; Q202. Refer to the exhibit. (Exhibit) What is depicted in the exhibit?...; Q203. Which type of evidence supports a theory or an assumption that results from initial eviden...; Q204. A network engineer discovers that a foreign government hacked one of the defense contracto...; Q205. Drag and drop the security concept from the left onto the example of that concept on the r...; Q206. The SOC team has confirmed a potential indicator of compromise on an endpoint. The team ha...; Q207. Which process represents the application-level allow list?...

Join the discussion

Question 1/207

Add Comments

Download PDF File