Free Practice Questions for Cisco 200-201 Exam

The 5-tuple approach consists of protocol, source IP address, source port number, destination IP address, and destination port number to uniquely identify sessions between endpoints on a network. References := Cisco Cybersecurity Source Documents

Protected data refers to any information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. In the scenario described, the engineer must identify data that is considered protected under privacy laws and regulations. Personal Identifiable Information (PII) and Protected Health Information (PHI) are two types of data that are considered protected. PII includes any data that could potentially identify a specific individual, such as addresses and gender. PHI refers to any information about health status, provision of health care, or payment for health care that can be linked to an individual. This is what makes both PII and PHI crucial to be identified and protected in compliance with data protection regulations.

The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course provides insights into identifying protected data and the importance of safeguarding it within a network1.

 When a server is experiencing high CPU and memory load, the first step is to identify the processes that are consuming the most resources. The command “ps -ef” is used to display information about all the running processes, including their IDs, memory and CPU usage, and the commands that started them. This allows the engineer to pinpoint which processes are responsible for the high load and take appropriate action, such as terminating unnecessary processes or optimizing resource usage345. References: Various resources on server management and troubleshooting recommend using the “ps -ef” command as a starting point for investigating high resource usage on servers

What Are Ports 139 And 445? SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445. Port 139 - SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network. Port 445 - Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet. https://www.varonis.com/blog/smb-port SMB Ports 139 and 445 are open Email Ports 25 and 110 are closed Therefore "D. Email Ports are closed on the Server."

 A man-in-the-middle attack occurs when a third party intercepts and potentially alters the communication between two parties (in this case, two IP phones) without them knowing. This type of attack can lead to eavesdropping, where the attacker can gain unauthorized access to sensitive data being communicated between the two parties. References := Cisco Cybersecurity Operations Fundamentals - Module 5: Endpoint Threat Analysis and Computer Forensics

Defense-in-depth is a layered security strategy that aims to protect information and resources through multiple security measures.

One of its key principles is the concept of least privilege, which means providing users and systems with the minimum level of access necessary to perform their job functions.

By assigning only the necessary permissions, the attack surface is reduced, and the potential damage from a compromised account or system is minimized.

This principle helps in mitigating the risk of unauthorized access and limits the capabilities of an attacker if they gain access to an account.

References

Defense-in-Depth Strategy by NIST

Principle of Least Privilege in Cybersecurity

Layered Security Approach Explained

Exploitation - The targeted Environment is taken advantage of triggering the threat actor's code

Installation - Backdoor is placed on the victim system allowing the threat actor to maintain the persistence.

Command and Control - An outbound connection is established to an Internet-based controller server.

Actions and Objectives - The threat actor takes actions to violate data integrity and availability

The operation described is characteristic of the fork() system call in Linux, which is used to create a new process. The fork() system call generates a new process by duplicating the calling (parent) process. If the fork() is successful, the PID of the child process is returned to the parent process, and a 0 value is returned to the child process. If unsuccessful, a negative value is returned2.

References :=

How to create a process in Linux? - Online Tutorials Library