Cisco 200-201 Exam Questions

Correct Answer: To identify weaknesses and security flaws in a network or system.
Explanation: A vulnerability scanner is a tool used to automatically scan networks and systems for known security weaknesses and vulnerabilities.

Correct Answer: A privilege escalation
Explanation: A privilege escalation attack involves an attacker gaining higher-level permissions on a system than they initially had, such as creating a new administrative user account.

Correct Answer: Looking for IP addresses and domains associated with known threat actors
Explanation: Threat intelligence, which includes information on known threat actors, their tactics, techniques, and procedures (TTPs), is a crucial step in understanding the motive and capabilities behind an attack.

Correct Answer: To monitor and control incoming and outgoing network traffic based on a set of rules.
Explanation: A firewall is a network security system that acts as a barrier, monitoring and filtering traffic between a trusted internal network and an untrusted external network based on predefined security rules.

Correct Answer: A file hash that matches a known malware signature.
Explanation: An IOC is a piece of forensic data that indicates that an attack has occurred. A file hash that matches a known malicious signature is a clear sign that a system may be compromised.

Correct Answer: The security event log
Explanation: The Windows Security Event Log records security-related events on a system, including successful and failed logon attempts, which is a primary source for investigating brute-force attacks.

Correct Answer: To grant users only the minimum access permissions required to perform their job duties.
Explanation: The Principle of Least Privilege is a security concept in which a user is given the minimum level of access to data and resources needed to perform their job. This reduces the attack surface and potential for lateral movement.

Correct Answer: HTTP or HTTPS POST requests to suspicious domains
Explanation: Data exfiltration often occurs over common web protocols like HTTP or HTTPS to blend in with normal traffic. An attacker might use a POST request to send stolen data to a command-and-control server.

Correct Answer: To act as a decoy to lure and trap attackers and gather intelligence about their methods.
Explanation: A honeypot is a security mechanism that is designed to be an attractive target for attackers. It is a decoy system that has no production value and is used to gather intelligence on attacker tactics and techniques.

Correct Answer: It encrypts a user's files and demands a ransom payment for their decryption.
Explanation: Ransomware is a type of malware that locks or encrypts a victim's files, making them inaccessible, and demands a payment (ransom) to restore access.