200-201 Exam Questions
563 real 200-201 exam questions with expert-verified answers and explanations. Page 11 of 12.
- Question #504Network Intrusion Analysis
A suspicious user opened a connection from a compromised host inside an organization. Traffic was going through a router and the network administrator was able to identify this flo...
5-tuplenetwork flow datanetwork monitoringprotocol analysis - Question #505Host-Based Analysis
What is the difference between antimalware and antivirus solutions?
antimalwareantivirusendpoint securitythreat prevention - Question #506Network Intrusion Analysis
Refer to the exhibit. What type of event is occurring?
malware activitylateral movementnetwork forensicsevent analysis - Question #507Security Monitoring
An analyst see that this security alert "Default-Botnet-Communication-Detection-By-Endpoint" has been raised from the IPS. The analyst checks and finds that an endpoint communicate...
true positivefalse positivesecurity alertsincident validation - Question #508Security Concepts
What is the difference between authentication and authorization?
authenticationauthorizationaccess controlsecurity concepts - Question #509Security Monitoring
Refer to the exhibit. An engineer must map these events to the source technology that generated the event logs. To which technology do the generated logs belong?
event logslog analysisIPSsecurity technologies - Question #510Security Concepts
An engineer received a ticket to investigate a potentially malicious file detected by a malware scanner that was trying to execute multiple commands. During the initial review, the...
Cyber Kill Chainincident responsemalware analysisphishing - Question #511Security Policies and Procedures
Which management concept best describes developing, operating maintaining upgrading, and disposing of all resources?
asset managementIT governanceresource management - Question #512Security Concepts
What is a disadvantage of the asymmetric encryption system?
asymmetric encryptionsymmetric encryptioncryptography - Question #513Network Intrusion Analysis
Which data capture includes payload and header information?
packet capturenetwork analysisnetwork protocols - Question #514Security Concepts
If a web server accepts input from the user and passes it to a bash shell, to which attack method is it vulnerable?
command injectionweb vulnerabilitiesinput validation - Question #515Security Concepts
In digital communications, which method is recommended for securely exchanging public keys between users T0n2262144790 and D4n4126220794?
public key exchangePGPcryptographysecure communication - Question #516Security Concepts
Refer to the exhibit. The figure shows an X.509 certificate. Which field represents the digital cryptographic algorithm used by the issuer to sign the certificate?
X.509 certificatePKIdigital signature - Question #517Security Monitoring
A security analyst reviews the firewall and observes the large number of frequent events. The analyst starts the packet capture with the Wireshark and identifies that TCP port reus...
false positivesecurity monitoringincident responsefirewall logs - Question #518Network Intrusion Analysis
Which data type is used to recreate a binary file for malware analysis?
malware analysisforensicssession datanetwork forensics - Question #519Network Intrusion Analysis
Refer to the exhibit. A communication issue exists between hosts 192.168.0.11 and 32.253.101.190. What is a description of the initial tcp connection?
TCP handshakenetwork analysispacket capturenetwork protocols - Question #520Security Concepts
What is the key difference between mandatory access control (MAC) and discretionary access control (DAC)?
MACDACaccess controlsecurity models - Question #521Security Policies and Procedures
Which piece of information is part of the chain of custody during investigation?
chain of custodydigital forensicsevidence collection - Question #522Security Policies and Procedures
What is corroborating evidence?
corroborating evidencedigital forensicsevidence types - Question #523Security Concepts
What is the difference between an attack vector and an attack surface?
attack vectorattack surfacethreat modeling - Question #524Network Intrusion Analysis
Refer to the exhibit. Based on the .pcap file, which protocol's vulnerability has been exploited to establish a session?
packet analysisSMBnetwork vulnerabilitiesexploit - Question #525Security Monitoring
How does the approach of a behavioral detection system to identifying security threats compare to that of a rule-based detection system?
behavioral detectionrule-based detectionIDS/IPSsecurity monitoring - Question #526Security Concepts
What is the definition of threat intelligence in the context of cybersecurity?
Threat intelligenceCybersecurity conceptsThreat analysis - Question #527Network Intrusion Analysis
Refer to the exhibit. Based on the .pcap file, which DNS server is used to resolve cisco.com?
Packet capture (pcap)DNS resolutionNetwork traffic analysisWireshark - Question #528Security Concepts
What describes the public key infrastructure (PKI)?
PKI (Public Key Infrastructure)CryptographyDigital certificatesAuthentication - Question #529Security Policies and Procedures
Which access control should a chief information security officer select to protect extremely sensitive data categorized at various levels of confidentiality?
Access control modelsMAC (Mandatory Access Control)ConfidentialityData protection - Question #530Security Monitoring
Refer to the exhibit. A SOC team member receives a case from his colleague with notes attached. The artifacts and alerts associated with the case must be analyzed and a conclusion...
RansomwareIncident analysisFile encryptionData deletion - Question #531Network Intrusion Analysis
Refer to the exhibit. A security analyst examines Apache web server logs and notices the entries. Which security concern is occurring?
Web server logsApacheXMLRPC exploitVulnerability exploitation - Question #532Security Concepts
What is an evasion technique?
Evasion techniquesMalware concealmentSignature bypass - Question #533Security Concepts
What describes the difference when comparing attack surface and vulnerability in practice?
Attack surfaceVulnerabilityPatch managementRemediation - Question #534Security Policies and Procedures
A company had a recent breach and lost confidential data to a competitor. An internal investigation found out that a new junior accounting specialist logged in to the accounting se...
Digital forensicsEvidence typesDirect evidenceCorroborative evidence - Question #535Security Concepts
Which tool is used by threat actors on a webpage to take advantage of the software vulnerabilities of a system to spread malware?
Exploit kitsMalware distributionWeb exploits - Question #536Security Concepts
What is a difference between a threat and a vulnerability?
ThreatVulnerabilityRisk assessment - Question #537Security Monitoring
A company recently encountered a breach. Critical services went through a disturbance and the integrity of the data was altered. An engineer is investigating the issue and searchin...
Incident responseDetection and analysisSIEMLog investigation - Question #538Network Intrusion Analysis
Refer to the exhibit. A security engineer receives several alerts from the SNORT IPS/IDS reporting malicious traffic. What should the engineer understand by examining the SNORT log...
SNORTIPS/IDSNetwork intrusionEternalBlue exploitAlert analysis - Question #539Security Policies and Procedures
A data privacy officer at a marketing firm has received a request from a former client to delete all personally sensitive information held by the company. The firm operates globall...
Data privacyPII/PSIGDPR complianceData retention policy - Question #540Host-Based Analysis
Which type of attack involves sending input commands to a web server to access data?
SQL injectionWeb application attacksVulnerabilitiesServer attacks - Question #541Threat Intelligence and Incident Response - Understanding attack frameworks and models such as the Lockheed Martin Cyber Kill Chain to classify and analyze adversary behavior (relevant to CySA+, Security+, and CEH certification domains)
Drag and Drop Question Drag and drop the definitions from the left onto the phases on the right to classify intrusion events according to the Cyber Kill Chain model. Answer:
Cyber Kill ChainIntrusion DetectionThreat IntelligenceAttack Lifecycle - Question #542CompTIA Security+ / CySA+ - Security Operations: Identify and utilize appropriate data sources and tools for threat detection and network analysis
Drag and Drop Question Drag and drop the data sources from the left onto the corresponding data types on the right. Answer:
data sourcesnetwork monitoringsecurity toolslog analysis - Question #543Network Intrusion Analysis
In network security, which scenario highlights an advantage that deep packet inspection holds over traditional packet filtering?
Deep Packet Inspection (DPI)Packet filteringNetwork securityTraffic analysis - Question #544Security Policies and Procedures
While analyzing the process of a recent breach case, a forensic investigator determined that an external USB drive was connected to the laptop of the HR manager and personal data o...
Digital forensicsEvidence categoriesIncident responseData exfiltration - Question #545Security Monitoring
Refer to the exhibit. During an investigation of unauthorized data exfiltration from a company's network, these logs were collected. Which log entry would be considered the best ev...
data exfiltrationlog analysisweb proxy logsincident response - Question #546Security Monitoring
An engineer is examining a particular network traffic sample from multiple sources aggregated into an alert via the company SIEM. These observations are noted within said alert: an...
SIEM analysisdata exfiltrationincident detectionDLP alerts - Question #547Security Concepts
What is the name of the technology that searches and reports on known weaknesses and flaws that are present in the IT infrastructure of an organization?
vulnerability scanningvulnerability managementsecurity tools - Question #548Security Concepts
A security team received a ticket to investigate suspicious emails to company employees sent from a list of malicious domains. Further analysis showed that a targeted phishing atte...
Cyber Kill Chainphishingemail securityincident mitigation - Question #549Security Concepts
What is a ransomware attack?
ransomwaremalwaredata encryption - Question #550Network Intrusion Analysis
An analyst must choose one source of information for further troubleshooting. One key requirement is to use low storage space over the next 12 months and quickly determine the sour...
NetFlownetwork traffic analysisdata sources - Question #551Network Intrusion Analysis
An engineer must analyze a security event from last month. The engineer has access to a .pcap file collected from traffic mirroring and NetFlow data. The engineer must perform chec...
NetFlow.pcapnetwork traffic analysisincident response - Question #552Security Monitoring
A multinational organization uses a complex network infrastructure, incorporating various cloud services, different endpoints, and distributed networks with several network securit...
data visibilitylog aggregationSIEM challengescomplex infrastructure - Question #553Network Intrusion Analysis
An engineer must gather data for monitoring purposes from different network devices. The engineer must gather events from the local network and use that information for packet snif...
network tappacket sniffingdata collectiontraffic mirroring