200-201 Security Monitoring • Complete Question Bank
Complete 200-201 Security Monitoring question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```
Router# show ip access-lists
Extended IP access list BLOCK_MALICIOUS
10 deny tcp any host 203.0.113.5 eq 443
20 permit ip any any (2623 matches)
```Refer to the exhibit. ``` Mar 1 12:34:56 192.168.1.100 %ASA-4-106023: Deny tcp src outside:10.0.0.1/54321 dst inside:192.168.1.100/80 by access-group "OUTSIDE_IN" [0x0, 0x0] ```
Refer to the exhibit.
```
{
"event": "Process Creation",
"timestamp": "2024-08-01T10:00:00Z",
"hostname": "DESKTOP-ABC123",
"user": "jsmith",
"process": "C:\\Users\\jsmith\\Downloads\\invoice.exe",
"parent_process": "C:\\Windows\\explorer.exe"
}
```Refer to the exhibit. ``` Event: Firewall log entry Time: 2023-10-05 14:23:45 Source IP: 192.168.1.50 Destination IP: 203.0.113.5 Source Port: 49152 Destination Port: 443 Protocol: TCP Action: ALLOW Bytes: 1452 Flags: ACK ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Security Operations Center
Confidentiality, Integrity, Availability
Indicator of Compromise
Tactics, Techniques, and Procedures
Adversary, Capability, Infrastructure, Victim
Drag a concept onto its matching description — or click a concept then click the description.
Filters traffic based on security rules
Detects suspicious activity and alerts
Detects and blocks malicious traffic inline
Forwards packets between networks
Forwards frames within a LAN
Refer to the exhibit. <syslog> Mar 1 12:34:56 192.168.1.1 %ASA-4-106023: Deny tcp src inside:10.0.0.10/54321 dst outside:203.0.113.5/80 by access-group "OUTSIDE" [0x0, 0x0] Mar 1 12:34:57 192.168.1.1 %ASA-4-106023: Deny tcp src inside:10.0.0.10/54322 dst outside:203.0.113.5/80 by access-group "OUTSIDE" [0x0, 0x0] Mar 1 12:34:58 192.168.1.1 %ASA-4-106023: Deny tcp src inside:10.0.0.10/54323 dst outside:203.0.113.5/80 by access-group "OUTSIDE" [0x0, 0x0] </syslog>
Refer to the exhibit.
! Cisco ASDM configuration
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
dns-guard
!Refer to the exhibit. ! Output from show logging on Cisco IOS router Mar 1 10:00:00: %SEC-6-IPACCESSLOGP: list INBOUND denied tcp 10.0.0.2(12345) -> 192.168.1.1(80), 1 packet Mar 1 10:00:01: %SEC-6-IPACCESSLOGP: list INBOUND denied tcp 10.0.0.2(12346) -> 192.168.1.1(80), 1 packet Mar 1 10:00:02: %SEC-6-IPACCESSLOGP: list INBOUND denied tcp 10.0.0.2(12347) -> 192.168.1.1(80), 1 packet Mar 1 10:00:03: %SEC-6-IPACCESSLOGP: list INBOUND denied tcp 10.0.0.2(12348) -> 192.168.1.1(80), 1 packet
Refer to the exhibit. Mar 1 12:34:56.789: %ASA-4-106023: Deny udp src inside:10.1.1.10/12345 dst outside:203.0.113.5/53 by access-group "OUTSIDE_IN" [0x0, 0x0]
Refer to the exhibit. access-list INTERNET extended permit tcp any host 198.51.100.10 eq 443 access-list INTERNET extended deny ip any any
Refer to the exhibit.
{
"policy": "DNS Anomaly Detection",
"rule": {
"protocol": "udp",
"port": 53,
"threshold": 1000,
"window": 60,
"action": "alert"
}
}Sep 10 12:34:56: %SEC-6-IPACCESSLOGP: list 100 denied tcp 10.0.0.1(1234) -> 192.168.1.1(22), 1 packet Sep 10 12:34:57: %SEC-6-IPACCESSLOGP: list 100 denied tcp 10.0.0.1(1235) -> 192.168.1.1(22), 1 packet Sep 10 12:34:58: %SEC-6-IPACCESSLOGP: list 100 denied tcp 10.0.0.1(1236) -> 192.168.1.1(22), 1 packet
access-list 100 permit tcp any host 192.168.1.100 eq www access-list 100 permit tcp any host 192.168.1.100 eq 443 access-list 100 deny tcp any host 192.168.1.100 range 1 1023 access-list 100 permit ip any any
%ASA-4-106023: Deny tcp src outside:10.0.0.1/12345 dst inside:192.168.1.10/80 by access-group "outside" [0x0, 0x0] %ASA-4-106023: Deny tcp src outside:10.0.0.1/12346 dst inside:192.168.1.10/80 by access-group "outside" [0x0, 0x0] %ASA-4-106023: Deny tcp src outside:10.0.0.1/12347 dst inside:192.168.1.10/80 by access-group "outside" [0x0, 0x0]
Refer to the exhibit. %ASA-4-106023: Deny udp src outside:10.0.0.1/53 dst inside:192.168.1.100/12345 by access-group "OUTSIDE_IN" [0x0, 0x0]