A Review Of Actual 200-201 Test Questions

NEW QUESTION 1
Which type of evidence supports a theory or an assumption that results from initial evidence?

• A. probabilistic
• B. indirect
• C. best
• D. corroborative

Answer: D

NEW QUESTION 2
What are the two characteristics of the full packet captures? (Choose two.)

• A. Identifying network loops and collision domains.
• B. Troubleshooting the cause of security and performance issues.
• C. Reassembling fragmented traffic from raw data.
• D. Detecting common hardware faults and identify faulty assets.
• E. Providing a historical record of a network transaction.

Answer: CE

NEW QUESTION 3
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

• A. CSIRT
• B. PSIRT
• C. public affairs
• D. management

Answer: D

NEW QUESTION 4
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.
Which information is available on the server certificate?

• A. server name, trusted subordinate CA, and private key
• B. trusted subordinate CA, public key, and cipher suites
• C. trusted CA name, cipher suites, and private key
• D. server name, trusted CA, and public key

Answer: D

NEW QUESTION 5
Drag and drop the access control models from the left onto the correct descriptions on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 6
Which action prevents buffer overflow attacks?

• A. variable randomization
• B. using web based applications
• C. input sanitization
• D. using a Linux operating system

Answer: C

NEW QUESTION 7
Which incidence response step includes identifying all hosts affected by an attack'?

• A. post-incident activity
• B. detection and analysis
• C. containment eradication and recovery
• D. preparation

Answer: A

NEW QUESTION 8
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

• A. signatures
• B. host IP addresses
• C. file size
• D. dropped files
• E. domain names

Answer: BE

NEW QUESTION 9
Which two components reduce the attack surface on an endpoint? (Choose two.)

• A. secure boot
• B. load balancing
• C. increased audit log levels
• D. restricting USB ports
• E. full packet captures at the endpoint

Answer: AD

NEW QUESTION 10
Which type of data consists of connection level, application-specific records generated from network traffic?

• A. transaction data
• B. location data
• C. statistical data
• D. alert data

Answer: A

NEW QUESTION 11
Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

• A. 2317
• B. 1986
• C. 2318
• D. 2542

Answer: D

NEW QUESTION 12
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?

• A. application whitelisting/blacklisting
• B. network NGFW
• C. host-based IDS
• D. antivirus/antispyware software

Answer: A

NEW QUESTION 13
Refer to the exhibit.

What should be interpreted from this packet capture?

• A. IP address 179.179.69/50272/192.168.122.100/80/6 is sending a packet from port 80 of IP address 192.168.122.100 that is going to port 50272 of IP address 81.179.179.69 using IP protocol 6.
• B. IP address 192.168.122.100/50272/81.179.179.69/80/6 is sending a packet from port 50272 of IP address 192.168.122.100 that is going to port 80 of IP address 81.179.179.69 using IP protocol 6.
• C. IP address 192.168.122.100/50272/81.179.179.69/80/6 is sending a packet from port 80 of IP address 192.168.122.100 that is going to port 50272 of IP address 81.179.179.69 using IP protocol 6.7E503B693763E0113BE0CD2E4A16C9C4
• D. IP address 179.179.69/50272/192.168.122.100/80/6 is sending a packet from port 50272 of IP address 192.168.122.100 that is going to port 80 of IP address 81.179.179.69 using IP protocol 6.

Answer: B

NEW QUESTION 14
Which event is user interaction?

• A. gaining root access
• B. executing remote code
• C. reading and writing file permission
• D. opening a malicious file

Answer: D

NEW QUESTION 15
Which system monitors local system operation and local network access for violations of a security policy?

• A. host-based intrusion detection
• B. systems-based sandboxing
• C. host-based firewall
• D. antivirus

Answer: C

NEW QUESTION 16
What does an attacker use to determine which network ports are listening on a potential target device?

• A. man-in-the-middle
• B. port scanning
• C. SQL injection
• D. ping sweep

Answer: B

NEW QUESTION 17
Which regex matches only on all lowercase letters?

• A. [az]+
• B. [^az]+
• C. az+
• D. a*z+

Answer: A

NEW QUESTION 18
Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

• A. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
• B. Host 152.46.6.91 is being identified as a watchlist country for data transfer.
• C. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
• D. Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.

Answer: D

NEW QUESTION 19
How is attacking a vulnerability categorized?

• A. action on objectives
• B. delivery
• C. exploitation
• D. installation

Answer: C

NEW QUESTION 20
......