Free Practice Questions for Cisco 200-201 Exam

Denial-of-service (DoS) attacks aim to disrupt the availability of systems, networks, or services by overwhelming resources or exploiting protocol weaknesses.

UDP flooding is a classic DoS attack where large volumes of UDP packets are sent to a target system, exhausting bandwidth and processing resources. Because UDP is connectionless, it is commonly abused for high-volume flooding attacks.

The ping of death is another well-known DoS attack that sends malformed or oversized ICMP packets to a target system. Older or unpatched systems may crash or become unresponsive when attempting to process these invalid packets.

Option B, Code Red, is a worm that exploited vulnerabilities in Microsoft IIS and could cause secondary DoS effects, but it is classified primarily as malware rather than a DoS attack type. Option C, man-in-the-middle, targets confidentiality and integrity, not availability. Option E refers to normal TCP behavior and is not an attack by itself.

Thus, the two denial-of-service attacks are UDP flooding and ping of death.

The “ps” command is used to display information about the processes running on a system. The “-ef” option shows the full format listing, which includes the process ID, the user, the CPU and memory usage, the command name, and other details. This can help the engineer identify which processes are consuming the most resources and causing the degraded performance of the server. The other options are either invalid or irrelevant, as they do not provide the necessary information or perform the required action. References := Cisco Cybersecurity

In the context of cybersecurity, an asset is anything that has value to the organization, its business operations and their continuity, including data and physical devices. In the role of attribution in an investigation, which is the process of associating an action or event with a particular individual or entity, certain assets are particularly relevant. A laptop © can be an asset because it may contain data or clues that can help trace the origin of a cyber attack. Similarly, identifying the threat actor (E) is crucial for attribution, as it involves understanding who is behind the attack and their motives, which can be essential for preventing future attacks and for legal proceedings.

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)1.

The defense-in-depth strategy is a layered approach to security that includes multiple defensive measures to protect against threats. Dividing the network into parts (B) helps isolate potential breaches, making it harder for an attacker to move laterally across the network. Implementing the patch management process (E) ensures that systems are up-to-date with the latest security patches, reducing vulnerabilities that attackers could exploit.

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) course

 In the context of incident response, the detection step involves identifying potential security incidents. The Security Operation Center (SOC) Analyst, which in this case is Employee 4, is typically responsible for monitoring and analyzing security alerts to detect suspicious activities such as brute-force attempts. Therefore, Employee 4 would be the stakeholder responsible for the incident response detection step. References: The role of a SOC Analyst in incident response is outlined in cybersecurity frameworks and bestpractices, which describe the responsibilities of various stakeholders in detecting and responding to security incidents.

 ARP cache poisoning is a type of attack that intercepts traffic on a switched network by sending spoofed ARP messages to associate the attacker’s MAC address with the IP address of a legitimate host or gateway. This way, the attacker can redirect the traffic intended for the legitimate host or gateway to his own device and perform a man-in-the-middle attack. References := Cisco Cybersecurity Operations Fundamentals

The file that is extractable via TCP stream within Wireshark is the one that has the Content-Type header set to application/octet-stream, which indicates binary data. Thisheader is present in frames 7, 14, and 21, which are part of the same TCP stream. The other frames have different Content-Type headers, such as text/html or image/jpeg, which are not extractable as binary files. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Network Intrusion Analysis, Lesson 3.2: Analyze Data from Common TCP/IP Protocols, Topic 3.2.3: HTTP

The logs indicating multiple local TCP connection events are typically provided by a firewall. Firewalls are responsible for monitoring and controlling incoming and outgoing network traffic based on predetermined security rules, and they generate logs that detail such events, which can be used for further analysis and incident response. References := Cisco Cybersecurity Operations Fundamentals