Weekend Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

200-201 Questions and Answers

Question # 6

Which event is a vishing attack?

A.

obtaining disposed documents from an organization

B.

using a vulnerability scanner on a corporate network

C.

setting up a rogue access point near a public hotspot

D.

impersonating a tech support agent during a phone call

Full Access
Question # 7

How is NetFlow different from traffic mirroring?

A.

NetFlow collects metadata and traffic mirroring clones data.

B.

Traffic mirroring impacts switch performance and NetFlow does not.

C.

Traffic mirroring costs less to operate than NetFlow.

D.

NetFlow generates more data than traffic mirroring.

Full Access
Question # 8

When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

Which information is available on the server certificate?

A.

server name, trusted subordinate CA, and private key

B.

trusted subordinate CA, public key, and cipher suites

C.

trusted CA name, cipher suites, and private key

D.

server name, trusted CA, and public key

Full Access
Question # 9

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

Full Access
Question # 10

Which metric is used to capture the level of access needed to launch a successful attack?

A.

privileges required

B.

user interaction

C.

attack complexity

D.

attack vector

Full Access
Question # 11

An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.

Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

A.

signatures

B.

host IP addresses

C.

file size

D.

dropped files

E.

domain names

Full Access
Question # 12

Refer to the exhibit.

What is occurring?

A.

ARP flood

B.

DNS amplification

C.

ARP poisoning

D.

DNS tunneling

Full Access
Question # 13

A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

A.

installation

B.

reconnaissance

C.

weaponization

D.

delivery

Full Access
Question # 14

Which artifact is used to uniquely identify a detected file?

A.

file timestamp

B.

file extension

C.

file size

D.

file hash

Full Access
Question # 15

What is a difference between an inline and a tap mode traffic monitoring?

A.

Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.

B.

Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

C.

Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.

D.

Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

Full Access
Question # 16

The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?

A.

actions

B.

delivery

C.

reconnaissance

D.

installation

Full Access
Question # 17

At a company party a guest asks questions about the company’s user account format and password complexity. How is this type of conversation classified?

A.

Phishing attack

B.

Password Revelation Strategy

C.

Piggybacking

D.

Social Engineering

Full Access
Question # 18

What is a difference between SOAR and SIEM?

A.

SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

B.

SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

C.

SOAR receives information from a single platform and delivers it to a SIEM

D.

SIEM receives information from a single platform and delivers it to a SOAR

Full Access
Question # 19

Drag and drop the uses on the left onto the type of security system on the right.

Full Access
Question # 20

An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist Further analysis shows that the threat actor connected an externa USB device to bypass security restrictions and steal data The engineer could not find an external USB device Which piece of information must an engineer use for attribution in an investigation?

A.

list of security restrictions and privileges boundaries bypassed

B.

external USB device

C.

receptionist and the actions performed

D.

stolen data and its criticality assessment

Full Access
Question # 21

Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

A.

Hypertext Transfer Protocol

B.

SSL Certificate

C.

Tunneling

D.

VPN

Full Access
Question # 22

An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?

A.

File: Clean

B.

^Parent File Clean$

C.

File: Clean (.*)

D.

^File: Clean$

Full Access
Question # 23

Syslog collecting software is installed on the server For the log containment, a disk with FAT type partition is used An engineer determined that log files are being corrupted when the 4 GB tile size is exceeded. Which action resolves the issue?

A.

Add space to the existing partition and lower the retention penod.

B.

Use FAT32 to exceed the limit of 4 GB.

C.

Use the Ext4 partition because it can hold files up to 16 TB.

D.

Use NTFS partition for log file containment

Full Access
Question # 24

Which step in the incident response process researches an attacking host through logs in a SIEM?

A.

detection and analysis

B.

preparation

C.

eradication

D.

containment

Full Access
Question # 25

What makes HTTPS traffic difficult to monitor?

A.

SSL interception

B.

packet header size

C.

signature detection time

D.

encryption

Full Access
Question # 26

According to the NIST SP 800-86. which two types of data are considered volatile? (Choose two.)

A.

swap files

B.

temporary files

C.

login sessions

D.

dump files

E.

free space

Full Access
Question # 27

What is the practice of giving an employee access to only the resources needed to accomplish their job?

A.

principle of least privilege

B.

organizational separation

C.

separation of duties

D.

need to know principle

Full Access
Question # 28

How does a certificate authority impact security?

A.

It validates client identity when communicating with the server.

B.

It authenticates client identity when requesting an SSL certificate.

C.

It authenticates domain identity when requesting an SSL certificate.

D.

It validates the domain identity of the SSL certificate.

Full Access
Question # 29

What describes a buffer overflow attack?

A.

injecting new commands into existing buffers

B.

fetching data from memory buffer registers

C.

overloading a predefined amount of memory

D.

suppressing the buffers in a process

Full Access
Question # 30

Refer to the exhibit.

What is occurring in this network traffic?

A.

High rate of SYN packets being sent from a multiple source towards a single destination IP.

B.

High rate of ACK packets being sent from a single source IP towards multiple destination IPs.

C.

Flood of ACK packets coming from a single source IP to multiple destination IPs.

D.

Flood of SYN packets coming from a single source IP to a single destination IP.

Full Access
Question # 31

What is rule-based detection when compared to statistical detection?

A.

proof of a user's identity

B.

proof of a user's action

C.

likelihood of user's action

D.

falsification of a user's identity

Full Access
Question # 32

An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario'?

A.

X 509 certificates

B.

RADIUS server

C.

CA server

D.

web application firewall

Full Access
Question # 33

A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?

A.

the intellectual property that was stolen

B.

the defense contractor who stored the intellectual property

C.

the method used to conduct the attack

D.

the foreign government that conducted the attack

Full Access
Question # 34

Refer to the exhibit.

An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command. How must the engineer interpret the results?

A.

The web application is receiving a common, legitimate traffic

B.

The engineer must gather more data.

C.

The web application server is under a denial-of-service attack.

D.

The server is under a man-in-the-middle attack between the web application and its database

Full Access
Question # 35

What is the impact of false positive alerts on business compared to true positive?

A.

True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

B.

True positive alerts are blocked by mistake as potential attacks affecting application availability.

C.

False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

D.

False positive alerts are blocked by mistake as potential attacks affecting application availability.

Full Access
Question # 36

What are the two characteristics of the full packet captures? (Choose two.)

A.

Identifying network loops and collision domains.

B.

Troubleshooting the cause of security and performance issues.

C.

Reassembling fragmented traffic from raw data.

D.

Detecting common hardware faults and identify faulty assets.

E.

Providing a historical record of a network transaction.

Full Access
Question # 37

Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

A.

availability

B.

confidentiality

C.

scope

D.

integrity

Full Access
Question # 38

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

A.

decision making

B.

rapid response

C.

data mining

D.

due diligence

Full Access
Question # 39

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

A.

Modify the settings of the intrusion detection system.

B.

Design criteria for reviewing alerts.

C.

Redefine signature rules.

D.

Adjust the alerts schedule.

Full Access