Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 200-201

Cisco® 200-201 Exam Practice Questions (P. 3)

  • Full Access (462 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
What is the difference between a threat and a risk?
  1. A
    Threat represents a potential danger that could take advantage of a weakness, while the risk is the likelihood of a compromise or damage of an asset.
  2. B
    Risk represents the known and identified loss or danger in the system, while threat is a non-identified impact of possible risks.
  3. C
    Risk is the unintentional possibility of damages or harm to infrastructure, while the threats are certain and intentional.
  4. D
    Threat is a state of being exposed to an attack or a compromise, while risk is the calculation of damage or potential loss affecting the organization from an exposure.

Correct Answer:
A

Question #22
Which attack method intercepts traffic on a switched network?
  1. A
    denial of service
  2. B
    ARP cache poisoning
  3. C
    DHCP snooping
  4. D
    command and control

Correct Answer:
C

Question #23
What does an attacker use to determine which network ports are listening on a potential target device?
  1. A
    man-in-the-middle
  2. B
    port scanning
  3. C
    SQL injection
  4. D
    ping sweep

Correct Answer:
B

Question #24
What is a purpose of a vulnerability management framework?
  1. A
    identifies, removes, and mitigates system vulnerabilities
  2. B
    detects and removes vulnerabilities in source code
  3. C
    conducts vulnerability scans on the network
  4. D
    manages a list of reported vulnerabilities

Correct Answer:
A

Question #25
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
  1. A
    the intellectual property that was stolen
  2. B
    the defense contractor who stored the intellectual property
  3. C
    the method used to conduct the attack
  4. D
    the foreign government that conducted the attack

Correct Answer:
D

Question #26
What is the practice of giving an employee access to only the resources needed to accomplish their job?
  1. A
    principle of least privilege
  2. B
    organizational separation
  3. C
    separation of duties
  4. D
    need to know principle

Correct Answer:
A

Question #27
Which metric is used to capture the level of access needed to launch a successful attack?
  1. A
    privileges required
  2. B
    user interaction
  3. C
    attack complexity
  4. D
    attack vector

Correct Answer:
A

Question #28
What is the difference between an attack vector and an attack surface?
  1. A
    An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
  2. B
    An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network.
  3. C
    An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
  4. D
    An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Correct Answer:
C

Question #29
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
  1. A
    integrity
  2. B
    confidentiality
  3. C
    availability
  4. D
    scope

Correct Answer:
A

Question #30
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?
  1. A
    reconnaissance
  2. B
    action on objectives
  3. C
    installation
  4. D
    exploitation

Correct Answer:
C

Previous Questions Next Questions

All Pages