Browse Exams Pricing

Exams200-201Questions

200-201 Exam Questions

563 real 200-201 exam questions with expert-verified answers and explanations. Page 10 of 12.

Question #454Network Intrusion Analysis
A security engineer must implement IPS inside a DMZ organization. One of the requirements is to be able to block suspicious traffic based on a triggered signature in real life. IPS...
IPS DeploymentInline ModeDMZ SecurityNetwork Segmentation
Question #455Security Monitoring
Refer to the exhibit. What is occurring?
Brute Force AttackLogin AttemptsAttack Identification
Question #456Security Monitoring
Refer to the exhibit. An engineer is analyzing events from a recent attack attempt on an organization where threat actors managed to target HR critical servers within the internal...
IPS AlertsIntrusion PreventionSecurity Event Analysis
Question #457Network Intrusion Analysis
What is a description of the use of full packet capture in security monitoring?
Full Packet Capture (FPC)Network ForensicsPayload AnalysisSecurity Monitoring
Question #458Host-Based Analysis
What is a sandbox interprocess communication service?
Sandbox TechnologyInterprocess Communication (IPC)Application Security
Question #459Security Policies and Procedures
A vulnerability analyst is performing the monthly scan data review. Output data is very big and getting bigger each month. The analyst decides to create a more efficient process to...
Vulnerability ManagementFalse PositivesTrue PositivesRemediation Workflow
Question #460Host-Based Analysis
Refer to the exhibit. A SOC analyst is examining the Windows security logs of one of the endpoints. What is the possible reason for this event log?
Windows Event LogsEndpoint ForensicsMalware DetectionSOC Analysis
Question #461Host-Based Analysis
A cyber security engineer is performing a forensic investigation on a system. What is evidence that data has been modified?
Digital ForensicsData IntegrityHashingEvidence Tampering
Question #462Host-Based Analysis
Refer to the exhibit. A SOC analyst is examining the Auth.log file logs of one the breached systems. What is the possible reason for this event log?
Linux LogsAuth.logBrute Force AttackSOC Analysis
Question #463Host-Based Analysis
What is the purpose of the endpoint sandboxing technology?
Endpoint SandboxingMalware AnalysisBehavioral AnalysisThreat Containment
Question #464Network Intrusion Analysis
An engineer configured regular expression ".*\.([Dd][Oo][Cc]|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]" on Cisco ASA firewall. What does this regular expression do?
Regular ExpressionsCisco ASAHTTP FilteringFile Extensions
Question #465Network Intrusion Analysis
Refer to the exhibit. What is occurring?
Malware CommunicationBotnet ActivityNetwork Traffic AnalysisC2 Detection
Question #466Network Intrusion Analysis
Refer to the exhibit. Which frame numbers contain a file that is extractable from Wireshark PCAP?
WiresharkPCAP AnalysisFile ExtractionNetwork Forensics
Question #467Network Intrusion Analysis
Refer to the exhibit. What kind of activity occurs in the network?
DNS FloodDoS AttackNetwork Traffic AnalysisAttack Identification
Question #468Network Intrusion Analysis
Refer to the exhibit. In the PCAP file, what is the MAC address of the server that has 443 port open?
WiresharkPCAP AnalysisMAC AddressPort 443Network Forensics
Question #469Network Intrusion Analysis
Refer to the exhibit. An engineer is analyzing DNS response packets that are larger than expected. The engineer looks closer and notices a lack of appropriate DNS queries. What is...
DNS AmplificationDoS AttackDNS Traffic AnalysisAttack Identification
Question #470Network Intrusion Analysis
Refer to the exhibit. An attacker infiltrated an organization's network and ran a scan to advance with the lateral movement technique. Which two elements from the scan assists the...
network scanninglateral movementreconnaissancevulnerability assessment
Question #471Network Intrusion Analysis
Refer to the exhibit. A network engineer received a report that a host is communicating with unknown domains on the internet. The network engineer collected packet capture but coul...
network tunnelingcovert channelsnetwork anomaliespacket analysis
Question #472Network Intrusion Analysis
A penetration tester runs the Nmap scan against the company server to uncover possible vulnerabilities and exploit them. Which two elements can the penetration tester identify from...
Nmapnetwork scanningvulnerability assessmentreconnaissance
Question #473Network Intrusion Analysis
Refer to the exhibit. An engineer must use a 5-tuple approach to isolate a compromised host in a grouped set of logs. Which data must the engineer use?
5-tuplenetwork forensicspacket analysislog analysis
Question #474Network Intrusion Analysis
Refer to the exhibit. What is occurring?
DDoSping floodnetwork attackstraffic analysis
Question #475Network Intrusion Analysis
Refer to the exhibit. What is a description of the initial tcp connection?
TCP handshakenetwork protocolspacket analysisconnection state
Question #476Network Intrusion Analysis
What is the difference between RST flag and ACK flag?
TCP flagsnetwork protocolsACKRST
Question #477Network Intrusion Analysis
Refer to the exhibit. An engineer must interpret the exhibit with a 5-tuple approach. What is occurring?
5-tuplenetwork forensicspacket analysisnetwork traffic
Question #478Network Intrusion Analysis
Refer to the exhibit. An engineer must identify the certificate components. Which TLS version must an engineer identify?
TLSSSL/TLS handshakecryptographynetwork protocols
Question #479Security Policies and Procedures
The SOC team has confirmed a potential indicator of compromise on an isolated endpoint. The team has narrowed the potential malware type to a new trojan family. According to the NI...
incident responseNIST SP 800-61malware analysissecurity operations
Question #480Security Concepts
An OSINT team scans the target hosts, gathers information regarding the adversary online services, and equips the red team with the obtained information. Which step in the kill cha...
Cyber Kill ChainreconnaissanceOSINTpenetration testing
Question #481Security Policies and Procedures
A group of company-owned endpoints were infected by ransomware via phishing email. Which two stakeholders must be involved in the containment phase? (Choose two.)
incident responseransomwareincident managementstakeholder communication
Question #482Security Policies and Procedures
A member of the SOC team is checking the dashboard provided by the Cisco Firepower Manager for further isolation actions. According to NIST.SP800-61, in which phase of incident res...
NIST SP 800-61incident responsesecurity operationsdetection and analysis
Question #483Security Policies and Procedures
A software development company develops high-end technology for the customer that will go through the HIPAA audit program. The technology will be hosted on the cloud, and the healt...
PIIPHIdata classificationregulatory complianceHIPAA
Question #484Security Policies and Procedures
A network engineer informed a security team of a large amount of traffic and suspicious activity from an unknown source to the company DMZ server. The security team reviewed the da...
NIST SP 800-61incident responsedetection and analysisDDoS
Question #485Security Concepts
A security consultant must change the identity access management model for their organization. The new approach will put responsibility on the owner, who will decide which users wi...
access control modelsDACIAMsecurity principles
Question #486Security Concepts
What describes the vulnerability management process?
vulnerability managementrisk managementsecurity lifecycle
Question #487Security Concepts
An organization had a major incident recently where their servers were attacked and the data integrity was breached. An attacker used a vulnerability on TLS version 1.2 and perform...
TLSMiTM attackprotocol downgradecryptographic protocolssecure configuration
Question #488Security Policies and Procedures
A security team received a ticket regarding a potentially malicious file found on a company server. A security team confirmed that the file is malicious and identified it as a new...
incident responseNIST SP 800-61containmentmalware incident
Question #489Security Concepts
What does the Zero Trust security model signify?
Zero Trustsecurity modelsnetwork securityaccess control
Question #490Security Concepts
What describes the impact of TOR on data visibility?
TORanonymity networksdata visibilitynetwork encryption
Question #491Security Architecture and Network Defense - understanding the distinctions between host-based and network-based security controls and their respective use cases (CompTIA Security+/CySA+ Domain: Security Operations and Architecture)
Drag and Drop Question Drag and drop the uses on the left onto the type of security system on the right. Answer:
Endpoint SecurityIDS/IPSHost-Based SecurityNetwork Security
Question #492Host-Based Analysis
Refer to the exhibit. Which set of actions must an engineer perform to identify and fix this issue?
certificate managementclient authenticationPKIserver configuration
Question #493Network Intrusion Analysis
Refer to the exhibit, which TLS version does this client support?
TLS versionsnetwork protocolsprotocol analysis
Question #494Host-Based Analysis
An engineer is sharing folders and files with different departments and got this error: "No such file or directory". What must the engineer verify next?
file system errorssymlinkstroubleshootingfile sharing
Question #495Security Concepts
What is a difference between rule-based and role-based access control mechanisms?
access controlRBACrule-based access control
Question #496Network Intrusion Analysis
A large load of data is being transferred to an external destination via UDP 53 port. Which obfuscation technique is used?
DNS tunnelingobfuscationexfiltrationnetwork protocols
Question #497Security Concepts
Which regular expression matches loopback IP address (127.0.0.1)?
regular expressionsregexIP addressing
Question #498Security Monitoring
What is the role of indicator of compromise in an investigation?
IOCincident responsethreat detectionmalicious activity
Question #499Security Monitoring
What is the benefit of processing statistical data for security systems?
statistical analysissecurity monitoringbaselininganomaly detection
Question #500Host-Based Analysis
A security specialist is investigating an incident regarding a recent major breach in the organization. The accounting data from a 24-month period is affected due to a trojan detec...
forensic evidencedata integrityhashingincident response
Question #501Security Concepts
According to CVSS, which condition is required for attack complexity metrics?
CVSSvulnerability assessmentattack complexityman-in-the-middle
Question #502Network Intrusion Analysis
What are two differences and benefits of packet filtering, stateful firewalling, and deep packet inspections? (Choose two.)
firewall typespacket filteringstateful inspectiondeep packet inspection
Question #503Host-Based Analysis
What is the advantage of agent-based protection compared to agentless protection?
endpoint protectionagent-based securityagentless securityhost monitoring

PreviousPage 10 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.