Free Cisco 200-201 Practice Exam with Questions & Answers | Set: 10

 Application-level whitelisting is a security technology that allows only a set of pre-approved applications to run on a system, and blocks any other unauthorized or malicious programs. This can prevent malware, ransomware, zero-day exploits, and other threats from compromising the system. Application-level whitelisting is also known as application control or application allowlisting. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Host-Based Analysis, Lesson 3.2: Endpoint Security Technologies, Topic 3.2.3: Application Whitelisting, page 3-20.

In modern enterprise environments, organizations rely on a wide range of technologies, including cloud platforms, on-premises systems, endpoint tools, and network security devices. One of the primary challenges in such environments is inconsistent data aggregation across these heterogeneous technologies.

Different tools generate logs in varying formats, structures, and levels of detail. Normalizing, correlating, and aggregating this data into a unified view is complex and often requires significant effort, tooling, and tuning. Without consistent aggregation, security teams struggle to correlate events across systems, detect advanced threats, and build a complete incident timeline.

While different protocols, duplicate alerts, and retention limits are valid concerns, they are secondary effects of poor data aggregation. Cybersecurity operations documentation consistently identifies data normalization and aggregation as foundational challenges in large, distributed environments.

Therefore, inconsistent data aggregation is the primary obstacle to achieving effective organization-wide visibility.

An untampered disk image is one that has not been altered since its creation. This is verified by comparing the stored hash of the image at the time of creation with a newly computed hash; if they match, the image is considered untampered. Tampered images, on the other hand, may be used during the root cause analysis process to understand how and what was altered12. References: The differences between tampered and untampered disk images are discussed in cybersecurity literature, including Cisco’scertification guides, which explain the importance of hash matching for verifying the integrity of disk images

 The regex [a−z]+ matches one or more lowercase letters from a to z. The plus sign (+) indicates that the preceding character set [a−z] can appear one or more times, thus matching strings of only lowercase letters1.

References := This explanation is consistent with standard regex syntax as described in various programming and scripting languages documentation

Exploitation - The targeted Environment is taken advantage of triggering the threat actor's code

Installation - Backdoor is placed on the victim system allowing the threat actor to maintain the persistence.

Command and Control - An outbound connection is established to an Internet-based controller server.

Actions and Objectives - The threat actor takes actions to violate data integrity and availability

Role-Based Access Control (RBAC) is an approach to restricting system access to authorized users based on their roles within an organization. It depends on the job functions that individual users have as part of their responsibilities and is designed to reduce administrative work by assigning roles based on job competency, authority, and responsibility. References: Cisco Cybersecurity Operations Fundamentals, Module 1: Security Concepts, Lesson 1.2: Data Protection, Topic 1.2.2: Access Control Models

The correct display filter for analyzing FTP traffic in a PCAP file is “tcp.port==21”. This filter will show all TCP packets where the port number is 21, which is the standard port for FTP control messages.

The logs indicating multiple local TCP connection events are typically provided by a firewall. Firewalls are responsible for monitoring and controlling incoming and outgoing network traffic based on predetermined security rules, and they generate logs that detail such events, which can be used for further analysis and incident response. References := Cisco Cybersecurity Operations Fundamentals

Traffic with a known TOR exit node is often associated with data exfiltration, where sensitive information is transferred from within the network to an external location. TOR networks are used to anonymize the traffic, making it difficult to trace back to the source. References := Cisco Cybersecurity Operations Fundamentals - Module 2: Security Monitoring