nerdexam
Exams200-201Questions#294
CiscoCisco

200-201 · Question #294

200-201 Question #294: Real Exam Question with Answer & Explanation

The correct answer is B: IPS/IDS. The log entry, with its specific format like '[1:2009363:1] ET POLICY PE EXE or DLL download HTTP', is characteristic of an Intrusion Detection/Prevention System (IDS/IPS).

Submitted by takeshi77· Mar 6, 2026Network Intrusion Analysis

Question

Refer to the exhibit. Which technology produced the log?

Options

  • Aantivirus
  • BIPS/IDS
  • Cfirewall
  • Dproxy

Explanation

The log entry, with its specific format like '[1:2009363:1] ET POLICY PE EXE or DLL download HTTP', is characteristic of an Intrusion Detection/Prevention System (IDS/IPS).

Common mistakes.

  • A. Antivirus software primarily performs endpoint scanning and remediation, not network traffic analysis and signature-based alerting in this format.
  • C. Firewalls primarily enforce access control rules based on IP addresses, ports, and protocols, and do not typically generate detailed content-based policy alerts with specific signature IDs like those shown.
  • D. A proxy server mediates network connections and logs requests, but it does not generate these types of signature-driven security alerts indicative of threat detection.

Concept tested. Log analysis, IDS/IPS identification

Reference. https://www.snort.org/documentation

Topics

#IDS/IPS#Security Logs#Intrusion Detection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions