nerdexam
Exams200-201Questions#259
CiscoCisco

200-201 · Question #259

200-201 Question #259: Real Exam Question with Answer & Explanation

The correct arrangement maps each data source to its corresponding data type: NetFlow provides full packet capture session/flow data (metadata about network conversations), IPS generates alert-based data (intrusion detection/prevention events), Wireshark captures full packet data

Submitted by femi9· Mar 6, 2026CompTIA CySA+ (CS0-003) Domain 1: Security Operations - Understanding and categorizing data sources used in security monitoring and threat analysis, including log data, packet captures, flow data, and alert data.

Question

Drag and Drop Question Drag and drop the data source from the left onto the data type on the right. Answer:

Explanation

The correct arrangement maps each data source to its corresponding data type: NetFlow provides full packet capture session/flow data (metadata about network conversations), IPS generates alert-based data (intrusion detection/prevention events), Wireshark captures full packet data (raw packet-level detail for deep inspection), and server logs provide log-based data (application/system event records). Each tool is purpose-built for its respective data type - NetFlow for summarized flow metadata, IPS for signature-based alerts, Wireshark for raw packet capture, and server logs for application-level event tracking.

Topics

#Data Sources#Network Security Monitoring#Security Analytics#Threat Detection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions