Free Cisco 200-201 Practice Exam with Questions & Answers | Set: 6

 Social engineering attacks are techniques that exploit human psychology and behavior to manipulate or deceive people into performing actions or divulging information that can compromise the security of the organization. An example of a social engineering attack is receiving an email from human resources requesting a visit to their secure website to update contact information. This could be a phishing attempt to trick the user into clicking on a malicious link or entering their credentials on a fake website that looks like the legitimate one. References := Cisco Cybersecurity Operations Fundamentals - Module 6: Security Incident Investigations

A Distributed Denial of Service (DDoS) attack involves multiple compromised devices (botnet) sending a large number of requests to a target server to overwhelm it.

In a specific type of DDoS attack known as an NTP amplification attack, the attacker exploits the Network Time Protocol (NTP) servers by sending small queries with a spoofed source IP address (the target’s IP).

The NTP server responds with a much larger reply to the target’s IP address, thereby amplifying the traffic directed at the target.

This reflection and amplification technique significantly increases the volume of traffic sent to the target, causing denial of service.

References

OWASP DDoS Attack Overview

NTP Amplification Attack Explained

Understanding Botnets and Distributed Attacks

 Full packet capture provides the complete recording of all the packets that are transmitted over the network. This data is essential for in-depth analysis during an investigation, as it allows investigators to reconstruct the session, observe the content of the traffic, and determine if data exfiltration has occurred.

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) study materials would typically cover the importance of full packet capture in network forensics and incident response.

A false positive in network security is when a benign action is incorrectly flagged as malicious, leading to legitimate traffic being blocked. This can disrupt normal network operations and access to services, as the security system mistakenly identifies normal behavior as a threat1.

References := The concept of false positives and their impact on network traffic is discussed in various cybersecurity resources, including Cisco’s own training materials and discussions on network security best practices1.

The output indicates that several ports are open on the server with IP address 172.18.104.139, including port 22/tcp for SSH, port 25/tcp for SMTP, port 110/tcp for POP3, and port 143/tcp for IMAP - these are typically associated with a web server. References := Cisco Cybersecurity Source Documents

The delivery phase of the Cyber Kill Chain model involves the transmission of the weapon to the targeted environment. In the case of a spear-phishing email, the delivery is the act of sending the email to the user. The email itself is the weapon, designed to exploit the recipient’s trust to cause a breach

Table Description automatically generated

The exhibit shows a SQL query that is attempting to bypass login controls by modifying the query to always return true. This is a common tactic used in SQL injection attacks where malicious SQL statements are inserted into an entry field for execution. References := Cisco Cybersecurity Source Documents

The command in the exhibit is a Snort rule that is configured to alert on TCP packets with the SYN flag set, where the source is not the home network (!$HOME_NET) and the destination is within the home network ($HOME_NET) on port 80. This rule is designed to detect potential SYN flood attacks targeting the internal network’s web server on port 80.

A man-in-the-middle attack is a type of cyberattack where an attacker intercepts and alters the communication between two parties who believe they are directly communicating with each other. In this case, the attacker is impersonating mail.google.com and presenting a fake certificate to the endpoint device. The endpoint device detects that the certificate is not issued by a trusted authority and displays an error message. The attacker can then monitor or modify the traffic between the endpoint device and mail.google.com. References:

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, Module 3: Host-Based Analysis, Lesson 3.2: Endpoint Security Technologies

200-201 CBROPS - Cisco, Exam Topics, 3.0 Host-Based Analysis, 3.2 Compare and contrast the functionality of these endpoint security technologies

Cisco Certified CyberOps Associate Overview - Cisco Learning Network, Videos, 3.2 Compare and contrast the functionality of these endpoint security technologies