200-201 Exam Questions
563 real 200-201 exam questions with expert-verified answers and explanations. Page 3 of 12.
- Question #101Network Intrusion Analysis
What does an attacker use to determine which network ports are listening on a potential target device?
port scanningreconnaissancenetwork enumeration - Question #102Network Intrusion Analysis
What type of spoofing attack uses fake source IP addresses that are different than their real IP addresses?
IP spoofingspoofing attacksnetwork attacks - Question #103Security Policies and Procedures
What is a purpose of a vulnerability management framework?
vulnerability managementsecurity frameworksrisk mitigation - Question #104Network Intrusion Analysis
Refer to the exhibit. Which kind of attack method is depicted in this string?
cross-site scriptingweb application attacksattack signatures - Question #105Network Intrusion Analysis
Refer to the exhibit. Which packet contains a file that is extractable within Wireshark?
packet analysisWiresharkfile extractionnetwork forensics - Question #106Security Concepts
How does certificate authority impact a security system?
certificate authorityPKISSL/TLSdigital certificates - Question #107Security Monitoring
How is NetFlow different than traffic mirroring?
NetFlowtraffic mirroringnetwork monitoringdata collection - Question #108Security Policies and Procedures
What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?
least privilegeaccess controlsecurity principlesIAM - Question #109Security Monitoring
Which type of data collection requires the largest amount of storage space?
data collectionfull packet capturenetwork forensicsstorage requirements - Question #110Network Intrusion Analysis
Which HTTP header field is used in forensics to identify the type of browser used?
HTTP headersuser-agentnetwork forensicsweb traffic analysis - Question #111Security Monitoring
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
network flow analysisdata exfiltrationanomaly detectionStealthwatch - Question #112Host-Based Analysis
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applicat...
application whitelistingendpoint securityhost securitysecurity controls - Question #113Host-Based Analysis
What is the virtual address space for a Windows process?
virtual memoryWindows internalsprocess managementmemory forensics - Question #115Host-Based Analysis
Which access control model does SELinux use?
SELinuxaccess control modelsMACoperating system security - Question #116Security Policies and Procedures
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)
compliance frameworksdata encryptionPCI DSSHIPAA - Question #117Security Monitoring
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
IPFIXNetFlownetwork flow datanetwork monitoring standards - Question #118Security Monitoring
What do the Security Intelligence Events within the FMC allow an administrator to do?
FMCsecurity intelligencethreat intelligencedomain reputation - Question #119Host-Based Analysis
The target web application server is running as the root user and is vulnerable to command injection. Which result of a successful attack is true?
command injectionprivilege escalationweb application vulnerabilitiesroot privileges - Question #120Security Concepts
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this...
Threat AgentThreat ActorSecurity FundamentalsCybersecurity Concepts - Question #121Security Concepts
What is the practice of giving an employee access to only the resources needed to accomplish their job?
Least privilegeAccess controlSecurity principles - Question #122Security Concepts
Which metric is used to capture the level of access needed to launch a successful attack?
Vulnerability assessmentCVSSSecurity metricsAttack analysis - Question #123Security Concepts
What is the difference between an attack vector and attack surface?
attack vectorattack surfacevulnerability assessmentthreat landscape - Question #124Security Concepts
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
CVSSintegrityCIA triadvulnerability scoring - Question #125Host-Based Analysis
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and write...
attack kill chainweb server compromiseinstallation phasemalware deployment - Question #126Security Concepts
What specific type of analysis is assigning values to the scenario to see expected outcomes?
analysis typesdeterministic analysis - Question #127Security Concepts
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
encryptionIDS/IPS evasiondata confidentiality - Question #128Security Monitoring
Why is encryption challenging to security monitoring?
encryption challengessecurity monitoringevasion techniquesobfuscation - Question #129Security Concepts
What is an example of social engineering attacks?
social engineeringphishinghuman element - Question #130Network Intrusion Analysis
Refer to the exhibit. What is occurring in this network?
ARP cache poisoningnetwork attacksnetwork traffic analysisARP protocol - Question #131Security Monitoring
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
NetFlowTraffic baseliningNetwork monitoringNetwork telemetry - Question #132Security Concepts
Which action prevents buffer overflow attacks?
Buffer Overflow PreventionInput SanitizationApplication SecurityVulnerability Management - Question #133Security Concepts
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
Man-in-the-MiddleNetwork AttacksEavesdroppingAttack Types - Question #134Network Intrusion Analysis
Refer to the exhibit. What should be interpreted from this packet capture?
packet capture analysisTCP/IP fundamentalssource/destination portsIP addresses - Question #135Network Intrusion Analysis
What are the two characteristics of the full packet captures? (Choose two.)
packet capturePCAPnetwork forensicstroubleshooting - Question #136Host-Based Analysis
Refer to the exhibit. An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
sandbox analysismalware analysisCuckoo SandboxYARA rules - Question #137Network Intrusion Analysis
Refer to the exhibit. What is occurring in this network traffic?
SYN floodDoS attacknetwork traffic analysisTCP/IP - Question #138Host-Based Analysis
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?
digital forensicsCDFSevidence preservationfile systems - Question #139Security Policies and Procedures
Which incidence response step includes identifying all hosts affected by an attack?
incident responsedetection and analysisincident scoping - Question #140Network Intrusion Analysis
Which event artifact is used to identify HTTP GET requests for a specific file?
HTTP protocolURIweb server logsnetwork analysis - Question #141Host-Based Analysis
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occu...
HIDSHIPSIDS/IPSsecurity controls - Question #142Security Concepts
What does cyber attribution identify in an investigation?
cyber attributionthreat actorsincident response - Question #143Host-Based Analysis
Which system monitors local system operation and local network access for violations of a security policy?
HIDSIDShost securitysecurity monitoring - Question #144Security Monitoring
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
alert tuningIDS/IPS configurationfalse positivessecurity operations - Question #145Security Monitoring
What is the impact of false positive alerts on business compared to true positive?
false positivessecurity alertsbusiness impactsecurity operations - Question #146Security Monitoring
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?
network analyticsSIEMflow dataStealthwatch - Question #147Security Monitoring
Refer to the exhibit. Which technology generates this log?
firewall logslog analysisnetwork devices - Question #148Network Intrusion Analysis
Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers with...
Wiresharkpacket analysisnetwork filteringIP addressing - Question #149Network Intrusion Analysis
Which tool provides a full packet capture from network traffic?
packet capturenetwork analysis toolsWireshark - Question #150Network Intrusion Analysis
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engine...
network performancelatency analysisthroughputNetFlow - Question #151Security Monitoring
Refer to the exhibit. What is depicted in the exhibit?
sysloglog analysisUNIX logs