200-201 Exam Questions
563 real 200-201 exam questions with expert-verified answers and explanations. Page 12 of 12.
- Question #554Host-Based Analysis
Refer to the exhibit. A security analyst wraps up the shift and passed open ticket notes to the night shift SOC team analyst. The ticket name in QUESTION 5is "Investigating suspici...
Windows persistenceregistry analysisTask Schedulerhost forensics - Question #555Host-Based Analysis
What is the difference between tampered and untampered disk images?
disk imagingforensicstampering - Question #556Security Monitoring
What is the purpose of a host-based intrusion detection system (HIDS)?
HIDSintrusion detectionsignature-based detectionanomaly detection - Question #557Host-Based Analysis
Refer to the exhibit. A SOC analyst received a message from SIEM about abnormal activity on the Windows server. The analyst checked the Windows event log and saw numerous Audit Fai...
Windows Event Logbrute-force attacklog analysissecurity incidents - Question #558Host-Based Analysis
What is a key difference between a tampered and an untampered disk image during a forensic investigation?
disk imagingforensic integrityhashingevidence tampering - Question #559Host-Based Analysis
Refer to the exhibit. A SOC engineer is analyzing this Cuckoo Sandbox report for a file that has been identified as suspicious by the endpoint security system. What is the state of...
Cuckoo Sandboxmalware analysisfile entropyAV evasion - Question #560Network Intrusion Analysis
Refer to the exhibit. What is occurring?
network protocolsSMTPencryptionpacket analysis - Question #561Network Intrusion Analysis
Refer to the exhibit. An engineer must interpret logs. What is occurring?
ARP poisoningnetwork attackspacket analysis - Question #562Security Concepts
What is data tunneling?
data tunnelingexfiltrationevasion techniquesmalware - Question #563Security Concepts
Which two attacks are denial-of-service attacks? (Choose two.)
DoS attacksUDP floodingPing of Deathnetwork attacks - Question #564Security Monitoring
Refer to the exhibit. An analyst receives an IDS alert pertaining to a possible data exfiltration attempt. An additional set of logs is collected from different systems and analyze...
evidence typesincident responselog analysisIDS alerts - Question #565Security Policies and Procedures
A compliance analyst has received a complaint from a customer regarding personal data being held by the company unlawfully, despite the customer's request for it to be deleted. The...
GDPRPIIdata privacycompliance - Question #566Security Policies and Procedures
A user reported that a mobile application is working very slowly. The DDOS tool reports high volume traffic. During which phase will CSIRT ensure that the incident does not continu...
incident responseCSIRTcontainmentDDoS