ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 102 discussion

Actual exam question from Cisco's 200-201
Question #: 102
Topic #: 1
[All 200-201 Questions]


Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?

  • A. A policy violation is active for host 10.10.101.24.
  • B. A host on the network is sending a DDoS attack to another inside host.
  • C. There are three active data exfiltration alerts.
  • D. A policy violation is active for host 10.201.3.149.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by s1m0n at March 17, 2021, 8:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
s1m0n
Highly Voted 2 years, 2 months ago
Believe should be C --> How can a (one) host send a DDoS that should be DoS
upvoted 24 times
beowolf
2 years, 2 months ago
you are right, I too vote for C
upvoted 7 times
...
fejec
1 year, 9 months ago
also "Source DDoS" counter is zero. "C" is correct.
upvoted 7 times
...
...
anonymous1966
Highly Voted 1 year, 9 months ago
Obviously is "C" "EX" = exfiltration And there are three. Also the "suspect long flow" and "suspect data heading" suggest, for example, DNS exfiltration
upvoted 8 times
...
Eng_ahmedyoussef
Most Recent 8 months ago
Selected Answer: C
C is the correct answer. there are 3 EX (exfiltration)
upvoted 2 times
...
weganos
9 months ago
Selected Answer: C
I think the answer is C.
upvoted 1 times
...
adodoccletus
11 months, 2 weeks ago
"C" is correct
upvoted 1 times
...
tor_bap
1 year, 5 months ago
Selected Answer: C
it's should be C
upvoted 2 times
...
qz999
1 year, 9 months ago
The question requires a single answer, and clearly there are three active exfiltration alerts. So a second choice cannot be made, and as mentioned by s1m0n below, a single host by definition would not be the sole machine in a DDoS attack. Answer choice C is best.
upvoted 4 times
...
snahta
1 year, 10 months ago
Thanks for the useful information. I am searching this type of information about this from long time but didn't find the exact one that i wanted.
upvoted 2 times
...
gnuga
1 year, 10 months ago
DDOS attacker should have DS attibute, and it is not there DDoS Source Alarm Category Index: DS Indicates that a host has been identified as the source of a DDoS attack. The following security events are associated with the DDoS Source alarm. https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/smc_users_guide/SW_6_9_0_SMC_Users_Guide_DV_1_2.pdf page 177. I vote for C.
upvoted 2 times
gnuga
1 year, 10 months ago
There is one with DT flagged, indicated as a target. Alarm Category Index: DT Indicates that a host has been identified as the target of a DDoS attack
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel