Cisco Updated 200-201 Exam Questions and Answers by ben

The Uniform Resource Identifier (URI) is used to identify specific resources on the internet, including files. In the context of HTTP GET requests, the URI specifies the path to the file being requested.

This explanation is based on standard web protocols and practices, as the current page does not provide specific Cisco documentation.

Denial-of-service (DoS) attacks aim to disrupt the availability of systems, networks, or services by overwhelming resources or exploiting protocol weaknesses.

UDP flooding is a classic DoS attack where large volumes of UDP packets are sent to a target system, exhausting bandwidth and processing resources. Because UDP is connectionless, it is commonly abused for high-volume flooding attacks.

The ping of death is another well-known DoS attack that sends malformed or oversized ICMP packets to a target system. Older or unpatched systems may crash or become unresponsive when attempting to process these invalid packets.

Option B, Code Red, is a worm that exploited vulnerabilities in Microsoft IIS and could cause secondary DoS effects, but it is classified primarily as malware rather than a DoS attack type. Option C, man-in-the-middle, targets confidentiality and integrity, not availability. Option E refers to normal TCP behavior and is not an attack by itself.

Thus, the two denial-of-service attacks are UDP flooding and ping of death.

 In the incident response process, detection and analysis involve researching an attacking host through logs in a Security Information and Event Management (SIEM) system. This step helps in identifying, validating, and managing potential security incidents. References := Cisco CyberOps Associate - Module 3: Security Monitoring

The source IP address from an audit log that indicates a session which may have exploited a vulnerability is considered corroborative evidence. This type of evidence supports other evidence that suggests a security breach occurred. In the context of cybersecurity, corroborative evidence can help establish that an attack was carried out and can be used in conjunction with other data points to build a case during an investigation.

References := The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) training material discusses the types of data needed to investigate security incidents, which includes understanding the role of different types of evidence in building a security incident case1.