CiscoCisco
200-201 · Question #551
200-201 Question #551: Real Exam Question with Answer & Explanation
Sign in or unlock 200-201 to reveal the answer and full explanation for question #551. The question stem and answer options stay visible for context.
Submitted by tarun92· Mar 6, 2026Network Intrusion Analysis
Question
An engineer must analyze a security event from last month. The engineer has access to a .pcap file collected from traffic mirroring and NetFlow data. The engineer must perform checks quickly on a busy network segment without knowing details. Which source of data must be used for analysis?
Options
- A.pcap file because it is easy to track all activity for the last month
- BNetFlow because it has all needed data
- Cboth sources, first NetFlow because collection is easy, then .pcap
- Dboth sources, first .pcap based on a simple query, then NetFlow
Unlock 200-201 to see the answer
You've previewed enough free 200-201 questions. Unlock 200-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#NetFlow#.pcap#network traffic analysis#incident response