Browse Exams Pricing

Exams200-201Questions

200-201 Exam Questions

563 real 200-201 exam questions with expert-verified answers and explanations. Page 4 of 12.

Question #152Security Concepts
Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?
load balancingapplication layer routingHTTP headers
Question #153Security Concepts
A CMS plugin creates two files that are accessible from the Internet: myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in...
Cyber Kill Chainreconnaissanceweb traffic analysis
Question #154Host-Based Analysis
What describes the usage of a rootkit in endpoint-based attacks?
rootkitmalwarepersistenceendpoint security
Question #155Security Concepts
The SOC team detected an ongoing port scan. After investigation, the team concluded that the scan was targeting the company servers. According to the Cyber Kill Chain model, which...
Cyber Kill Chainport scanningreconnaissance
Question #156Threats, Attacks and Vulnerabilities / Incident Response and Digital Forensics - Understanding evidence types and their roles in investigations (e.g., CompTIA Security+, CySA+, or CHFI exam objectives)
Drag and Drop Question Drag and drop the type of evidence from the left onto the description of that evidence on the right. Answer:
types of evidenceforensic investigationdigital forensicsevidence classification
Question #157Security Monitoring
Which statement describes threat hunting?
threat huntingproactive securityintrusion detection
Question #158Security Policies and Procedures
According to NIST, at which step of the incident response process should an organization apply lessons learned from practice?
NIST incident responseincident response lifecyclepost-incident
Question #160Network Intrusion Analysis
Refer to the exhibit. An engineer received a ticket to analyze unusual network traffic. What is occurring?
network traffic analysisDoS attacktraffic patterns
Question #161Network Intrusion Analysis
Refer to the exhibit. What is occurring?
DoS attacknetwork attack typestraffic analysis
Question #162Security Concepts
Which type of attack involves executing arbitrary commands on the operating system to escalate privileges?
command injectionprivilege escalationweb application attacks
Question #163Host-Based Analysis
A forensic investigator is analyzing a recent breach case. An external USB drive was discovered to be connected and transmitting the data outside of the organization, and the owner...
forensic evidenceindirect evidencedigital forensicsbreach investigation
Question #164Network Intrusion Analysis
Refer to the exhibit. What does this output indicate?
port scanningNmapnetwork reconnaissance
Question #165Security Policies and Procedures
Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?
SOC metricsKPIsincident response metrics
Question #166Host-Based Analysis
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results: - If the process is unsuccessful, a negative value is return...
Linux processesprocess creationoperating system fundamentals
Question #167Security Policies and Procedures
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the ap...
NIST incident responseincident response phasespost-incident actions
Question #168Network Intrusion Analysis
Refer to the exhibit. What is shown in this PCAP file?
PCAP analysisHTTP GETURL encodingnetwork forensics
Question #169Host-Based Analysis
What is a difference between tampered and untampered disk images?
disk forensicsdata integrityforensic imaging
Question #170Threat Intelligence and Incident Response - Understanding attack frameworks and intrusion event classification (e.g., CompTIA CySA+, Security+, or EC-Council CEH domain)
Drag and Drop Question Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model. Answer:
Cyber Kill ChainIntrusion PhasesThreat IntelligenceAttack Lifecycle
Question #171CompTIA Security+ / CySA+ - Incident Response: Understanding and applying the phases of the incident response process in the correct sequential order.
Drag and Drop Question Drag and drop the elements from the left into the correct order for incident handling on the right. Answer:
Incident ResponseNIST SP 800-61Security OperationsIncident Handling Lifecycle
Question #172Security Policies and Procedures
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Comput...
NIST incident handlingincident prioritizationIOCs
Question #173Host-Based Analysis
Which technology on a host is used to isolate a running application from other applications?
sandboxingapplication isolationendpoint security
Question #174Security Policies and Procedures
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software a...
incident responseNIST frameworkincident detection
Question #175Network Intrusion Analysis
Which data type is necessary to get information about source/destination ports?
network dataconnectivity datasource/destination ports
Question #176Security Concepts
Refer to the exhibit. Which type of attack is being executed?
SQL injectionweb application securityattack types
Question #177Security Concepts
Which attack represents the evasion technique of resource exhaustion?
denial of serviceresource exhaustionattack types
Question #178Network Intrusion Analysis
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
5-tuplenetwork forensicslog analysisnetwork protocols
Question #179Security Concepts
Which event is a vishing attack?
vishingsocial engineeringattack types
Question #180Network Intrusion Analysis
What is indicated by an increase in IPv4 traffic carrying protocol 41 ?
protocol 41IPv6 tunnelingnetwork protocolstraffic analysis
Question #181Security Monitoring
What is the impact of false positive alerts on business compared to true positive?
false positivetrue positivealert analysissecurity operations
Question #182Network Intrusion Analysis
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network sc...
network scanningtraffic analysisincident investigationsource IP
Question #183Security Policies and Procedures
What is an incident response plan?
incident responsesecurity planningorganizational security
Question #184Network Intrusion Analysis
An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server i...
TCP handshakenetwork troubleshootingprotocol analysisconnectivity issues
Question #185Security Concepts
A security incident occurred with the potential of impacting business services. Who performs the attack?
threat actorsecurity terminologyattackers
Question #186Security Policies and Procedures
Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?
forensic evidencelog evidenceCisco ASAevidence categorization
Question #187Security Policies and Procedures
What is vulnerability management?
vulnerability managementrisk managementsecurity practices
Question #188Security Concepts
A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?
cyber kill chainmalware deliveryemail securityattack lifecycle
Question #189Security Monitoring
An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices...
TLS decryptionC2 detectionNetwork security devices
Question #190Security Monitoring
What is a difference between data obtained from Tap and SPAN ports?
Network tapsSPAN portsTraffic acquisition
Question #191Security Concepts
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
CVSSintegrityCIA triadvulnerability scoring
Question #192Security Concepts
Refer to the exhibit. What is occurring within the exhibit?
cross-site scriptingXSSweb application securityattack types
Question #193Host-Based Analysis
Refer to the exhibit. Which component is identifiable in this exhibit?
Windows Registryhost analysisoperating system forensicsWindows components
Question #194Host-Based Analysis
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take t...
process monitoringLinux commandsresource utilizationtroubleshooting
Question #195Security Monitoring
What is a difference between an inline and a tap mode traffic monitoring?
traffic monitoringinline modetap modenetwork analysis
Question #196Security Monitoring
Which regular expression is needed to capture the IP address 192.168.20.232?
regular expressionsIP addressespattern matchinglog analysis
Question #197Security Concepts
How does a certificate authority impact security?
Certificate AuthoritySSL/TLSPKIdigital certificates
Question #198Security Monitoring
What is a difference between SIEM and SOAR?
SIEMSOARsecurity operationsincident response
Question #200CompTIA CySA+ / Security+ - Threat and Vulnerability Management: Understanding attack frameworks and threat actor methodology using the Cyber Kill Chain model
Drag and Drop Question Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model. Answer:
Cyber Kill ChainThreat IntelligenceIntrusion AnalysisAttack Lifecycle
Question #201Security Monitoring
What is a difference between signature-based and behavior-based detection?
intrusion detectionsignature-based detectionbehavior-based detectionIDS/IPS
Question #202Network Intrusion Analysis
Refer to the exhibit. An engineer received an event log file to review. Which technology generated the log?
log analysisfirewall logsnetwork devicesevent correlation
Question #203Security Monitoring
What is the difference between inline traffic interrogation and traffic mirroring?
traffic monitoringtraffic mirroringinline analysisnetwork analysis

PreviousPage 4 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.