200-201 | ExamData

Question#121

Which event artifact is used to identify HTTP GET requests for a specific file?

A. destination IP address
B. TCP ACK
C. HTTP status code
D. URI

Discover Answer

D

Question#122

What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

A. Tapping interrogation replicates signals to a separate port for analyzing traffic
B. Tapping interrogations detect and block malicious traffic
C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. Inline interrogation detects malicious traffic but does not block the traffic

Discover Answer

A

Question#123

At which layer is deep packet inspection investigated on a firewall?

A. internet
B. transport
C. application
D. data link

Discover Answer

C

Question#124

DRAG DROP -
Drag and drop the access control models from the left onto its corresponding descriptions on the right.
Select and Place:

Discover Answer

Question#125

DRAG DROP -
Drag and drop the event term from the left onto the description on the right.
Select and Place:

Discover Answer

Reference:
https://www.cisco.com/c/en/us/support/docs/security/ips-4200-series-sensors/13876-f-pos.html

Question#126

Refer to the exhibit. What is occurring?

A. insecure deserialization
B. cross-site scripting attack
C. XML External Entities attack
D. regular GET requests

Discover Answer

D
Reference:
https://www.tutorialspoint.com/http/http_requests.htm

Question#127

What is a difference between data obtained from Tap and SPAN ports?

A. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
B. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
C. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination.

Discover Answer

D
Reference:
https://www.gigamon.com/resources/resource-library/white-paper/to-tap-or-to-span.html

Question#128

DRAG DROP -
Drag and drop the data source from the left onto the data type on the right.
Select and Place:

Discover Answer

Question#129

A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

A. event name, log source, time, source IP, and username
B. event name, log source, time, source IP, and host name
C. protocol, log source, source IP, destination IP, and host name
D. protocol, source IP, source port destination IP, and destination port

Discover Answer

D
Reference:
https://blogs.cisco.com/security/the-dreaded-5-tuple

Question#130

What is a difference between an inline and a tap mode traffic monitoring?

A. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.
B. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.
C. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.
D. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

Discover Answer

C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/ inline_sets_and_passive_interfaces_for_firepower_threat_defense.html