Cisco 600-199 Actual Free Exam Questions & Community Discussion

Exam Code/Number: 600-199
Exam Name/Title: Securing Cisco Networks with Threat Detection and Analysis
Certification Provider: Cisco
Corresponding Certification: Network Management

Exam Questions: 58
Updated On: Jun 03, 2026

Question #13

Which action is recommended to prevent an incident from spreading?

A. Reboot the system.

B. Reboot the switch.

C. Reboot the router.

D. Shut down the switch port.

Discussion 0

Correct Answer: D Vote an answer

Question #14

What is the most effective way to save the data on a system for later forensic use?

A. Use a hard duplicator with write-block capabilities.

B. Copy the files to another disk.

C. Copy the disk file by file.

D. Shut down the system.

Discussion 0

Correct Answer: A Vote an answer

Question #15

Which source should be used to recommend preventative measures against security vulnerabilities regardless of operating system or platform?

A. Common Vulnerabilities and Exposure website

B. Mozilla Foundation security advisories

C. zero-day attack wiki

D. Cisco PSIRT notices

E. Microsoft security bulletins

Discussion 0

Correct Answer: A Vote an answer

Question #16

Refer to the exhibit.

What does the tcpdump command do?

A. Capture all packets sourced from TCP port 1514, resolve DNS names, print all TCP packets with the SYN flag not equaling 0, and print the Ethernet header and all version information.

B. Capture up to 1514 bytes, do not resolve DNS names, print only TCP packets containing the SYN flag, and print the Ethernet header and be very verbose.

C. Capture all packets sourced from TCP port 1514, resolve DNS names, print all TCP packets except those containing the SYN flag, and print the Ethernet header and all version information.

D. Capture up to 1514 bytes, do not resolve DNS names, print all TCP packets except for those containing the SYN flag, and print the Ethernet header and be very verbose.

Discussion 0

Correct Answer: B Vote an answer

Question #17

Which four tools are used during an incident to collect data? (Choose four.)

A. ABC

B. Microsoft Windows 7

C. ASA

D. TCPDump

E. Sniffer

F. FTK

G. EnCase

Discussion 0

Correct Answer: D,E,F,G Vote an answer

Question #18

Which event is actionable?

A. SSH login failed

B. traffic flow started

C. Telnet login failed

D. reverse shell detected

Discussion 0

Correct Answer: D Vote an answer

Download Free Cisco 600-199 Demo

Simply submit your e-mail address below to get started with our free demo of your Cisco 600-199 exam.