Free Cisco 200-201 Actual Exam Questions - Question 12 Discussion

Question No. 12
How is NetFlow different from traffic mirroring?
Select one option, then reveal solution.
US
SH
Saad H.
2026-02-14

It’s C for me. Even if spam is active, knowing how attackers gather info helps predict and block future campaigns earlier, making reconnaissance a key phase to disrupt planning and reduce spam effectiveness.

0
MX
Michael X.
2026-02-05

It’s B. If the spam’s actively coming through, cutting it off during delivery stops it from reaching users and reduces the chance of further infection or spreading.

0
MX
Michael X.
2026-02-02

Option A; stopping attacker actions post-installation can directly disrupt spam operations.

0
MX
Michael X.
2026-01-28

D imo, if the spam’s already active, blocking at installation stops the payload from taking hold. Delivery’s great, but once it’s past that, you gotta focus deeper in the chain.

0
ND
Naveed D.
2026-01-27

Good point about stopping spam early. I’d say C (reconnaissance) is less practical since the attack’s already launched, so focusing on B (delivery) makes more sense to block spam before it causes damage.

0
CA
Chris A.
2026-01-25

If they’re trying to stop the campaign early, reconnaissance (C) is too early, so I’d go with delivery (B).

0
CA
Chris A.
2026-01-22

It’s B because delivery is when the spam actually reaches the target, so stopping it there prevents further attack steps. If you block delivery, the malware can’t get installed or executed later.

0
JM
Jason M.
2026-01-15

Is this about stopping the spam before it reaches users or after it's already on their systems? That might change whether it’s B or D.

0