Free Cisco 200-201 Practice Exam with Questions & Answers | Set: 12

 Separation of duties is a security principle that requires more than one person to perform a critical task, such as authorizing a transaction, approving a budget, or granting access to sensitive data. Separation of duties reduces the risk of fraud, error, abuse, or conflict of interest by preventing any single person from having too much power or privilege. Least privilege, need to know, and due diligence are other security principles, but they do not require more than one person to perform a critical task. References: Separation of Duty (SOD) - Glossary | CSRC - NIST Computer Security …, Separation of Duties | Imperva

NIST SP 800-61 r2 outlines a structured incident handling lifecycle composed of four phases: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, and Post-Incident Activity. Detection and Analysis involve identifying and investigating incidents, while Post-Incident Activity focuses on lessons learned and evidence retention for future reference.

 SP 800-61 Rev. 2, Computer Security Incident Handling Guide | CSRC, Computer Security Incident Handling Guide - NIST, We Read NIST SP 800-61 so You Don’t Have to.

 A TCP handshake is a three-way exchange of messages between a client and a server to establish a TCP connection. The client initiates the handshake by sending a SYN packet with a sequence number to the server. The server responds with a SYN-ACK packet with its own sequence number and an acknowledgment number that is the client’s sequence number plus one. The client completes the handshake by sending an ACK packet with an acknowledgment number that is the server’s sequence number plus one. If the remote server is not receiving an SYN-ACK packet from the local server, it means that the TCP handshake is not completed and the connection is not established. This could be causedby various factors, such as network congestion, firewall rules, packet filtering, or misconfiguration of the TCP parameters on either end. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 177; TCP 3-Way Handshake Process - GeeksforGeeks

Attacking a vulnerability is categorized as exploitation, which is the third phase of the cyberattack lifecycle. Exploitation is the process of taking advantage of a vulnerability in a system, application, or network to gain access, escalate privileges, or execute commands. Action on objectives, delivery, and installation are other phases of the cyberattack lifecycle, but they do not involve attacking a vulnerability. Action on objectives is the final phase, where the attacker achieves their goal, such as stealing data, disrupting services, or destroying assets. Delivery is the second phase, where the attacker delivers the malicious payload, such as malware, phishing email, or malicious link, to the target. Installation is the fourth phase, where the attacker installs the malicious payload on the compromised system or network to maintain persistence or spread laterally. References: What is a Cyberattack? | IBM, Recognizing the seven stages of a cyber-attack - DNV

 During the negotiation phase of the TLS handshake, the client sends a “ClientHello” message to the server which includes information about TLS versions it supports, cipher-suites it supports and suggested compression methods. This initiates communication protocols for secure connection. References := Cisco Cybersecurity source documents or study guide

Asymmetric cryptography, also known as public key cryptography, involves two keys: a public key for encryption and a private key for decryption. This method ensures that even if the public key is known, only the holder of the private key can decrypt the message, thus providing a secure way to transfer data. References: Asymmetric encryption is beneficial for secure data transfer because it allows message authentication, non-repudiation, and detects tampering, although it is slower than symmetric encryption

Transport Layer Security (TLS) is a cryptographic protocol designed to provide confidentiality, integrity, and authentication for network communications. Older versions of TLS, including TLS 1.2, are susceptible to downgrade attacks when not properly configured. In a downgrade attack, an attacker forces communicating parties to fall back to a weaker or less secure protocol version, enabling man-in-the-middle exploitation.

TLS 1.3 was specifically designed to mitigate these risks by removing insecure cryptographic algorithms, eliminating legacy handshake mechanisms, and enforcing stronger cipher suites. It also reduces the attack surface by simplifying the handshake process and providing built-in protections against downgrade attacks.

Option B is insufficient because monitoring alone does not prevent cryptographic weaknesses. Option C may improve general security posture but does not directly address protocol-level downgrade vulnerabilities. Option D significantly weakens security and would increase exposure.

Cybersecurity best practices and operations documentation strongly recommend disabling outdated TLS versions and enforcing TLS 1.3 wherever possible to ensure robust protection against MITM and downgrade attacks.

Therefore, upgrading to TLS 1.3 or higher is the correct preventive action.