Free Cisco 200-201 Actual Exam Questions - Question 11 Discussion

Makes sense to rule out A and B since those are more about specific activities, not the network impact. D feels right since TOR is mostly used to bypass firewalls, so I’d go with D.

D imo, TOR’s main use is to dodge restrictions like firewalls, so the primary impact is users bypassing security controls. While data exfiltration (C) is possible, the question seems more focused on the network-level effect rather than specific malicious activities. Since the alert flags TOR exit node traffic, it’s most likely highlighting someone going around firewall rules rather than an automatic sign of ransomware or copyright issues. Without explicit signs of data theft or malware, D fits best as the direct impact.

D, TOR mainly helps users avoid network filters, so firewall bypass fits best here.

Also, could be C since TOR's anonymity makes it perfect for sneaky data leaks.

D/C? I get why it’s D for bypassing controls, but TOR is also known for anonymizing data exfiltration. Without more context, it could be either circumvention or data leaving stealthily.

It’s D because TOR is often used to bypass network controls, so seeing exit node traffic usually means someone’s trying to get around the firewall restrictions. Doesn’t really suggest ransomware or data leaks directly.

D, since TOR is mainly used to avoid network restrictions, not necessarily for ransomware or data theft.

D imo. TOR traffic is typically used to bypass network restrictions, so the most straightforward impact here is users circumventing the firewall or other controls. Without evidence of data leaving or ransomware activity, jumping to exfiltration or malware seems like a stretch. B and A don’t directly fit what TOR exit node traffic usually implies in a corporate setting.

C/D? Could be exfiltration or just bypassing controls.

D