All 200-201 Test Inside Cisco Questions

Denial-of-service (DoS) attacks aim to disrupt the availability of systems, networks, or services by overwhelming resources or exploiting protocol weaknesses.

UDP flooding is a classic DoS attack where large volumes of UDP packets are sent to a target system, exhausting bandwidth and processing resources. Because UDP is connectionless, it is commonly abused for high-volume flooding attacks.

The ping of death is another well-known DoS attack that sends malformed or oversized ICMP packets to a target system. Older or unpatched systems may crash or become unresponsive when attempting to process these invalid packets.

Option B, Code Red, is a worm that exploited vulnerabilities in Microsoft IIS and could cause secondary DoS effects, but it is classified primarily as malware rather than a DoS attack type. Option C, man-in-the-middle, targets confidentiality and integrity, not availability. Option E refers to normal TCP behavior and is not an attack by itself.

Thus, the two denial-of-service attacks are UDP flooding and ping of death.

In digital forensics, hash values are used to verify the integrity of disk images. When a disk image is created, cryptographic hash functions such as MD5 or SHA-256 are calculated and recorded. These hashes act as a digital fingerprint of the data at the time of acquisition.

An untampered disk image maintains the same hash value throughout the investigation, proving that the data has not been altered. A tampered disk image, however, will produce a different hash value because even the smallest modification to the data changes the resulting hash. This difference immediately indicates that the integrity of the evidence has been compromised.

Options A, C, and D are incorrect because encryption, access permissions, and compression do not define whether an image is tampered. Cybersecurity and forensic documentation consistently emphasizes hash verification as the primary method for validating forensic integrity.

Therefore, the key difference is that a tampered image has a different hash value, making Option B correct.

The /var/log/auth.log file contains information about authentication and authorization events on a Linux system, such as successful and failed logins, sudo commands, and SSH sessions. The output in the exhibit shows a failed login attempt from a user named “root” using SSH. References: