200-201 Exam Questions

Refer to the exhibit. A company employee is connecting to mail google.com from an endpoint device. The website is loaded but with an error. What is occurring?

An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?

What describes the concept of data consistently and readily being accessible for legitimate users?

Refer to the exhibit. Which frame numbers contain a file that is extractable via TCP stream within Wireshark?

Refer to the exhibit. Which stakeholders must be involved when a company workstation is compromised?

How does an attack surface differ from an attack vector?

A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders. After further investigation, the analyst learns that customers claim...

Which vulnerability type is used to read, write, or erase information from a database?

An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical i...

According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt S...

Syslog collecting software is installed on the server. For the log containment, a disk with FAT type partition is used. An engineer determined that log files are being corrupted wh...

What are two categories of DDoS attacks? (Choose two.)

What is an advantage of symmetric over asymmetric encryption?

What are two denial-of-service (DoS) attacks? (Choose two)

What is the difference between a threat and an exploit?

How does TOR alter data content during transit?

Drag and Drop Question Drag and drop the security concept from the left onto the example of that concept on the right. Answer:

What is a collection of compromised machines that attackers use to carry out a DDoS attack?

Which type of access control depends on the job function of the user?

The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At whic...

What describes the defense-in-depth principle?

Refer to the exhibit. A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded...

What is the impact of encryption?

An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist. Further analysis shows that the threat actor connected an externa...

Refer to the exhibit. During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events. Which technology provided these lo...

Refer to the exhibit. An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server. Which display filters should the analyst use to...

Refer to the exhibit. A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that t...

A company encountered a breach on its web servers using IIS 7.5. During the investigation, an engineer discovered that an attacker read and altered the data on a secure communicati...

What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?

Which technology prevents end-device to end-device IP traceability?

What are the two differences between stateful and deep packet inspection? (Choose two)

Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?

What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?

Which information must an organization use to understand the threats currently targeting the organization?

What is threat hunting?

An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter...

What describes the impact of false-positive alerts compared to false-negative alerts?

Refer to the exhibit. An engineer received a ticket about a slowed-down web application. The engineer runs the #netstat - an command. How must the engineer interpret the results?

When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

What is the difference between deep packet inspection and stateful inspection?

What is obtained using NetFlow?

How does statistical detection differ from rule-based detection?

Refer to the exhibit. What must be interpreted from this packet capture?

What is a benefit of using asymmetric cryptography?

An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and downl...

A security engineer notices confidential data being exfiltrated to a domain 'Ransome4144- mware73-978' address that is attributed to a known advanced persistent threat group. The e...

How does agentless monitoring differ from agent-based monitoring?

Which of these describes SOC metrics in relation to security incidents?

What is the difference between the ACK flag and the RST flag?

Refer to the exhibit. An engineer is analyzing a PCAP file after a recent breach. An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found w...