ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 110 discussion

Actual exam question from Cisco's 200-201
Question #: 110
Topic #: 1
[All 200-201 Questions]


Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

  • A. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
  • B. Host 152.46.6.91 is being identified as a watchlist country for data transfer.
  • C. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
  • D. Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by andrewdh at Dec. 3, 2020, 2:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
anonymous1966
Highly Voted 3 years, 8 months ago
The question is very simple. "D" is correct. Subject = 10.201.3.149 Peer = 152.46.6.91 1st search: Subject --- 6.42 MB --> Peer Peer --- 132.53 MB --> Subject 2nd search: Subject --- 4.13 MB --> Peer Peer --- 96.26 MB --> Subject 132.53/6.42 = 20.64 96.26/4.13 = 22.34
upvoted 10 times
AVT
3 years, 5 months ago
Great explanation, just to clarify: 1st search: Subject --- 6.42 MB --> Peer Peer --- 126.11 MB --> Subject Total Bytes on 1st search: 132.53 MB 2nd search: Subject --- 4.13 MB --> Peer Peer --- 92.13 MB --> Subject Total Bytes on 2nd search: 96.26 MB 126.11/6.42 = 19.64 92.13/4.13 = 22.30
upvoted 9 times
...
...
andrewdh
Highly Voted 4 years, 5 months ago
Is it just me or is Answer D the only feasible answer but the wrong way around? It is Host 152.46.6.149 that is receiving 19 times more data than the "subject" at 10.201.3.149
upvoted 8 times
bren_
4 years, 4 months ago
are you sure the byte and bytes rate are about the download and not about the upload?
upvoted 1 times
...
...
d3vm3t
Most Recent 9 months ago
A. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443. Incorrect: The application shown is UDP, not TCP/443. B. Host 152.46.6.91 is being identified as a watchlist country for data transfer. Incorrect: The dashboard doesn’t indicate anything about a watchlist country. The peer IP shows "United States" as the host group, which doesn't imply a threat. C. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy. Incorrect: The dashboard does not show any indication of traffic being denied by an Advanced Network Control policy.
upvoted 1 times
...
macxwhale
1 year, 10 months ago
at https://www.youtube.com/watch?v=Yvp1hapurj4&t=9s for the answer D
upvoted 2 times
...
hoek
4 years, 4 months ago
I also think this is B.
upvoted 3 times
...
Fafabeans
4 years, 4 months ago
Could it be the watchlist country answer? Maybe because the host group listed is the United States?
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago