New Year Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

200-201 Questions and Answers

Question # 6

Which regular expression is needed to capture the IP address 192.168.20.232?

A.

^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}

B.

^ (?:[0-9]f1,3}\.){1,4}

C.

^ (?:[0-9]{1,3}\.)'

D.

^ ([0-9]-{3})

Full Access
Question # 7

Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

A.

parameter manipulation

B.

heap memory corruption

C.

command injection

D.

blind SQL injection

Full Access
Question # 8

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

A.

detection and analysis

B.

post-incident activity

C.

vulnerability management

D.

risk assessment

E.

vulnerability scoring

Full Access
Question # 9

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

A.

data from a CD copied using Mac-based system

B.

data from a CD copied using Linux system

C.

data from a DVD copied using Windows system

D.

data from a CD copied using Windows

Full Access
Question # 10

What is the difference between a threat and a risk?

A.

Threat represents a potential danger that could take advantage of a weakness in a system

B.

Risk represents the known and identified loss or danger in the system

C.

Risk represents the nonintentional interaction with uncertainty in the system

D.

Threat represents a state of being exposed to an attack or a compromise, either physically or logically.

Full Access
Question # 11

Refer to the exhibit.

What is shown in this PCAP file?

A.

Timestamps are indicated with error.

B.

The protocol is TCP.

C.

The User-Agent is Mozilla/5.0.

D.

The HTTP GET is encoded.

Full Access
Question # 12

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

A.

Modify the settings of the intrusion detection system.

B.

Design criteria for reviewing alerts.

C.

Redefine signature rules.

D.

Adjust the alerts schedule.

Full Access
Question # 13

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

A.

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

B.

MAC is the strictest of all levels of control and DAC is object-based access

C.

DAC is controlled by the operating system and MAC is controlled by an administrator

D.

DAC is the strictest of all levels of control and MAC is object-based access

Full Access
Question # 14

Which metric is used to capture the level of access needed to launch a successful attack?

A.

privileges required

B.

user interaction

C.

attack complexity

D.

attack vector

Full Access
Question # 15

At which layer is deep packet inspection investigated on a firewall?

A.

internet

B.

transport

C.

application

D.

data link

Full Access
Question # 16

Which two components reduce the attack surface on an endpoint? (Choose two.)

A.

secure boot

B.

load balancing

C.

increased audit log levels

D.

restricting USB ports

E.

full packet captures at the endpoint

Full Access
Question # 17

A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

A.

installation

B.

reconnaissance

C.

weaponization

D.

delivery

Full Access
Question # 18

Drag and drop the security concept on the left onto the example of that concept on the right.

Full Access
Question # 19

What specific type of analysis is assigning values to the scenario to see expected outcomes?

A.

deterministic

B.

exploratory

C.

probabilistic

D.

descriptive

Full Access
Question # 20

An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?

A.

true negative

B.

false negative

C.

false positive

D.

true positive

Full Access
Question # 21

What does an attacker use to determine which network ports are listening on a potential target device?

A.

man-in-the-middle

B.

port scanning

C.

SQL injection

D.

ping sweep

Full Access
Question # 22

Refer to the exhibit.

Which application protocol is in this PCAP file?

A.

SSH

B.

TCP

C.

TLS

D.

HTTP

Full Access
Question # 23

Which system monitors local system operation and local network access for violations of a security policy?

A.

host-based intrusion detection

B.

systems-based sandboxing

C.

host-based firewall

D.

antivirus

Full Access
Question # 24

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

A.

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

B.

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

C.

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

D.

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Full Access
Question # 25

What is the virtual address space for a Windows process?

A.

physical location of an object in memory

B.

set of pages that reside in the physical memory

C.

system-level memory protection feature built into the operating system

D.

set of virtual memory addresses that can be used

Full Access
Question # 26

At a company party a guest asks QUESTION NO:s about the company’s user account format and password complexity. How is this type of conversation classified?

A.

Phishing attack

B.

Password Revelation Strategy

C.

Piggybacking

D.

Social Engineering

Full Access
Question # 27

Refer to the exhibit.

What is occurring in this network traffic?

A.

High rate of SYN packets being sent from a multiple source towards a single destination IP.

B.

High rate of ACK packets being sent from a single source IP towards multiple destination IPs.

C.

Flood of ACK packets coming from a single source IP to multiple destination IPs.

D.

Flood of SYN packets coming from a single source IP to a single destination IP.

Full Access