Cisco 200-201 Test Bank

Correct Answer: To provide a set of guidelines and best practices for managing cybersecurity risk
Explanation: A security governance framework provides a structured approach for an organization to manage its cybersecurity risk, helping them to improve their overall security posture.

Correct Answer: Attribute-Based Access Control (ABAC)
Explanation: ABAC is a flexible access control model that grants or denies access based on a set of attributes associated with the user, resource, and environment.

Correct Answer: A geolocalization tool or service
Explanation: A geolocalization tool or service uses a database of IP addresses to determine the geographic location of a network connection, which can be useful for identifying the source of an attack.

Correct Answer: To secretly record a user's keystrokes to steal passwords or other sensitive information
Explanation: A keylogger is a type of spyware that records every keystroke a user makes, allowing an attacker to capture sensitive information like usernames, passwords, and credit card numbers.

Correct Answer: An Acceptable Use Policy (AUP)
Explanation: An Acceptable Use Policy (AUP) is a document that outlines what is and is not considered appropriate use of an organization's network and computing resources.

Correct Answer: A Cross-Site Scripting (XSS) attack
Explanation: An XSS attack involves an attacker injecting malicious scripts into web pages viewed by other users. This is evident in web server logs by the presence of script tags or other unusual code in user-submitted form data.

Correct Answer: An IDS detects but does not block malicious traffic, while an IPS detects and actively blocks it.
Explanation: An Intrusion Detection System (IDS) is a passive tool that monitors network traffic and generates an alert. An Intrusion Prevention System (IPS) is an active tool that performs the same function but can also block the malicious traffic in real time.

Correct Answer: SYN
Explanation: The SYN (synchronize) flag is the first flag sent in the three-way handshake to initiate a TCP connection between two hosts.

Correct Answer: To show running processes and their status Explanation: The ps (process status) command is a fundamental host-based analysis tool on Linux that provides a snapshot of all currently running processes.

Correct Answer: Rootkit
Explanation: A rootkit is a type of malware that is designed to gain administrative control over a computer system while actively hiding its presence from the user and from other security software.