ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 35 discussion

Actual exam question from Cisco's 200-201
Question #: 35
Topic #: 1
[All 200-201 Questions]

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

  • A. The threat actor used a dictionary-based password attack to obtain credentials.
  • B. The threat actor gained access to the system by known credentials.
  • C. The threat actor used the teardrop technique to confuse and crash login services.
  • D. The threat actor used an unknown vulnerability of the operating system that went undetected.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by beowolf at May 2, 2021, 11:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
WISDOM2080
10 months, 2 weeks ago
B. The threat actor gained access to the system by known credentials.
upvoted 1 times
...
Antari8
1 year, 1 month ago
I think 'B' because if the threat actor know the right credential he can also delete logs file and seem to be never entered in to the system
upvoted 2 times
...
alhamry
1 year, 2 months ago
the question stated clearly that the suspicious activity "made unapproved changes, files are out of order, and several documents have been placed in the recycle bin." If the attacker used known credentials, then this will appear in the system logs under that credential. I am going with answer D
upvoted 1 times
...
drdecker100
1 year, 4 months ago
Selected Answer: B
If the attacker used valid credentials to access the employee's system, it would explain why there were no failed login attempts in the logs, and why there were no alerts from antivirus. In this scenario, the attacker would not need to use a dictionary-based password attack to obtain credentials or exploit an unknown vulnerability in the operating system. The fact that the security specialist found nothing suspicious in the system logs could also suggest that the attacker used legitimate credentials to access the system, making it difficult to detect the attack through traditional security monitoring methods.
upvoted 1 times
...
SecurityGuy
1 year, 9 months ago
Selected Answer: B
B is the correct answer for me. Certification exams are always tricky. Cisco wants you to overthink. So, I always go for the simplest but sensible answer during an exam.
upvoted 1 times
...
DLukynskyy
2 years, 3 months ago
I guess CIsco believes B to be the right answer
upvoted 2 times
...
halamah
2 years, 8 months ago
D IS CORRECT ZERO DAY ATTACK
upvoted 3 times
...
anonymous1966
2 years, 10 months ago
The simplest is almost always the right answer. Think of the real world. An user complaining this: two options: a cat on the keyboard (I know because I have one) or another person/bot with user credentials.
upvoted 2 times
SecurityGuy
1 year, 9 months ago
I agree with this, certification exams are always tricky. Cisco wants you to overthink. So, I always go for the simplest but sensible answer during an exam.
upvoted 1 times
...
anonymous1966
2 years, 10 months ago
So (B) is correct
upvoted 4 times
...
...
Kapside
3 years ago
A lot of these questions are horrible and could go either way in my opinion. I really hate the way these certs word questions and answers
upvoted 2 times
...
beowolf
3 years, 2 months ago
I think answer is D - zero day exploit
upvoted 4 times
Msal1134
3 years, 1 month ago
Zero day exploits can give you access... but not always undetected.... unless you're already know the credentials
upvoted 1 times
Leo_Visser
3 years ago
But it says in the question the engineer investigated the system logs, so if any logins where done with known credentials it would show up in there. So only conclusion can be that the attacker used an unknown way of entry which isn't captured in the system logs and monitoring software. So I agree D should be the right answer.
upvoted 5 times
jb372
2 years, 11 months ago
the question says "The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts." which means that a successful login with known credentials would have been ignored as valid system usage, and not dinspected as malicious. I believe the Given answer of _"KNOWN CREDENTIALS" is the correct answer
upvoted 13 times
alhamry
1 year, 2 months ago
the question stated clearly that the suspicious activity "made unapproved changes, files are out of order, and several documents have been placed in the recycle bin." If the attacker used known credentials, then this will appear in the system logs under that credential. I am going with answer D
upvoted 1 times
...
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel