Free Practice Questions for Cisco 200-201 Exam

Digital certificates are essential for decrypting ingress and egress perimeter traffic, as they provide the necessary encryption keys for secure communications. By using digital certificates, network security devices can inspect the decrypted traffic to detect any malicious outbound communications that may indicate command-and-control activity.

In the context of NIST SP800-61, a precursor is an event that indicates the potential occurrence of an incident. When an organization adjusts its security stance in response to online threats made by a known hacktivist group, the initial event—the threats—would be considered a precursor. It is an indication of a potential future attack or security incident34.

References :=

NIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide3.

Computer Security Incident Handling Guide - NIST

A host-based intrusion detection system (HIDS) monitors a computer system for suspicious activity by analyzing events occurring within that host. It can detect malicious activities and security policy violations by examining system calls, application logs, file-system modifications (such as rootkit installations), and other host activities. HIDS is an essential component in safeguarding the IT infrastructure against unauthorized access and security breaches.

References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course material covers the monitoring of alerts and breaches, and the understanding and following of established procedures for response to alerts converted to incidents, which includes the use of host-based intrusion detection systems

The -sP option in Nmap is used for host discovery without port scanning, which helps in identifying live hosts without triggering portscan alerts on IDS devices. It sends an ICMP echo request, a TCP SYN packet to port 443, a TCP ACK packet to port 80, and an ICMP timestamp request to each target IP address and waits for a response. Any responses are considered as indications of a live host. References := Cisco Cybersecurity Operations Fundamentals - Module 5: Endpoint Threat Analysis and Computer Forensics

Indirect evidence is evidence that does not directly prove a fact, but rather implies or infers it from other facts or circumstances. Indirect evidence is also known as circumstantial evidence or corroborating evidence. A video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor is an example of indirect evidence, because it does not directly show that the suspect was involved in the file transfer, but rather suggests a possible connection or correlation between the two events. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.3: Digital Forensics, Topic 5.3.1: Evidence, page 5-24.

 Application-level whitelisting is a security technology that allows only a set of pre-approved applications to run on a system, and blocks any other unauthorized or malicious programs. This can prevent malware, ransomware, zero-day exploits, and other threats from compromising the system. Application-level whitelisting is also known as application control or application allowlisting. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Host-Based Analysis, Lesson 3.2: Endpoint Security Technologies, Topic 3.2.3: Application Whitelisting, page 3-20.

A buffer overflow attack occurs when more data is written to a buffer than it is designed to hold. This excess data can overwrite adjacent memory locations, leading to the execution of malicious code or crashing the system. Buffer overflows are a common vulnerability that attackers exploit to gain unauthorized access to systems.

 In the context of phishing emails, the threat actor is the entity that is responsible for initiating the threat, which in this case is the sender of the phishing emails. The sender is impersonating the HR department to deceive the receiver into believing that the emails are legitimate