Browse Exams Pricing

Exams200-201Questions

200-201 Exam Questions

563 real 200-201 exam questions with expert-verified answers and explanations. Page 6 of 12.

Question #254Network Intrusion Analysis
Refer to the exhibit. Which field contains DNS header information if the payload is a query or a response?
DNS protocolpacket analysisnetwork headers
Question #255Network Intrusion Analysis
Refer to the exhibit. What is occurring?
network attacksDNS tunnelingpacket analysis
Question #256Security Concepts
What is the difference between vulnerability and risk?
vulnerabilityrisksecurity concepts
Question #257Security Concepts
An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom. What is the threat actor in this scenario?
threat actorphishingemail security
Question #258Host-Based Analysis
Refer to the exhibit. A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?
forensicsevidence typesincident investigation
Question #259CompTIA CySA+ (CS0-003) Domain 1: Security Operations - Understanding and categorizing data sources used in security monitoring and threat analysis, including log data, packet captures, flow data, and alert data.
Drag and Drop Question Drag and drop the data source from the left onto the data type on the right. Answer:
Data SourcesNetwork Security MonitoringSecurity AnalyticsThreat Detection
Question #260Security Monitoring
A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of eve...
cyber kill chainspear-phishingdelivery phase
Question #261Host-Based Analysis
According to the NIST SP 800-86, which two types of data are considered volatile? (Choose two.)
NISTvolatile dataforensicsmemory analysis
Question #262Host-Based Analysis
Refer to the exhibit. An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret from the report?
malware analysissandbox analysisCuckoo Sandboxevasion techniques
Question #263Security Monitoring
What is the difference between deep packet inspection and stateful inspection?
Deep Packet InspectionStateful FirewallNetwork SecurityOSI Model
Question #264Security Concepts
What should an engineer use to aid the trusted exchange of public keys between user tom0411976943 and dan1968754032?
Public Key InfrastructureCertificate AuthoritiesKey Exchange
Question #265Security Monitoring
Which tool gives the ability to see session data in real time?
Network Monitoring ToolsSession Datatrafshow
Question #266Security Concepts
What is a description of a social engineering attack?
Social EngineeringPhishingUser Awareness
Question #267Security Concepts
What describes a buffer overflow attack?
Buffer OverflowMemory ExploitationVulnerability
Question #268Security Concepts
Which are two denial-of-service attacks? (Choose two.)
Denial of ServicePing of DeathUDP Flood
Question #269Host-Based Analysis
Refer to the exhibit. Where is the executable file?
File analysisMIME typesExecutable files
Question #270Security Concepts
Why is HTTPS traffic difficult to screen?
HTTPSEncryptionTraffic analysisNetwork security
Question #271Host-Based Analysis
Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for fur...
Cuckoo SandboxMalware analysisPhishing analysisThreat interpretation
Question #272Security Policies and Procedures
Which two elements of the incident response process are stated in NIST SP 800-61 r2? (Choose two.)
NIST SP 800-61Incident response phasesDetectionPost-incident activity
Question #273Security Concepts
Which security model assumes an attacker within and outside of the network and enforces strict verification before connecting to any system or resource within the organization?
Zero TrustSecurity modelsNetwork security
Question #274Security Concepts
An employee received an email from a colleague's address asking for the password for the domain controller. The employee noticed a missing letter within the sender's address. What...
Insider threatSocial engineeringPhishing
Question #275Security Concepts
What is the difference between indicator of attack (loA) and indicators of compromise (loC)?
IoCIoAThreat detectionSecurity indicators
Question #276Network Intrusion Analysis
Refer to the exhibit. An attacker scanned the server using Nmap. What did the attacker obtain from this scan?
NmapNetwork scanningPort scanningReconnaissance
Question #277Security Concepts
What are the three critical security principles or goals of the CIA triad?
CIA triadConfidentialityIntegrityAvailability
Question #278Security Monitoring
What is the difference between SIEM and SOAR?
SIEMSOARSecurity operationsEvent management
Question #279Host-Based Analysis
Refer to the exhibit. A SOC engineer is analyzing the provided Cuckoo Sandbox report for a file that has been downloaded from an URL, received via email. What is the state of this...
Cuckoo SandboxMalware analysisYARA rulesThreat intelligence
Question #280Security Concepts
Refer to the exhibit. An engineer needs to identify certificate information on server1234567890. What does the exhibit indicate?
CryptographyCertificatesECCKey exchange
Question #281Host-Based Analysis
Which of these describes volatile evidence?
Digital forensicsVolatile dataMemory forensics
Question #282Host-Based Analysis
What are two differences between tampered disk images and untampered disk images? (Choose two.)
Digital forensicsDisk imagingHashingEvidence integrity
Question #283Network Intrusion Analysis
What is the functionality of an IDS?
IDSIntrusion detectionNetwork securitySecurity tools
Question #284Security Concepts
What is a description of "phishing" as a social engineering attack?
PhishingSocial engineeringEmail securityAttack types
Question #285Network Intrusion Analysis
Which technique describes altering the data content and avoiding identification?
ObfuscationTunnelingEvasion techniquesData security
Question #286Security Monitoring
Which CVSS metric group identifies other components that are affected by a successful security attack?
CVSSVulnerability assessmentScope metric
Question #287Security Policies and Procedures
Refer to the exhibit. A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source. After the attacker produces many of failed login entries it successf...
Incident response rolesDetection phaseSOCBrute-force
Question #288Security Policies and Procedures
An engineer is working on a ticket for an incident from the incident management team. A week ago, an external web application was targeted by a DDoS attack. Server resources were e...
NIST SP 800-61Incident responseContainmentRecovery
Question #289Security Concepts
What is the difference between attack surface and vulnerability?
attack surfacevulnerabilitysecurity definitions
Question #290Security Concepts
What is a scareware attack?
scarewaremalware typessocial engineering
Question #291Security Concepts
What is the communication channel established from a compromised machine back to the attacker?
command and controlC2malware communication
Question #292Host-Based Analysis
During which phase of the forensic process are tools and techniques used to extract information from the collected data?
forensic processexamination phasedata extraction
Question #293Network Intrusion Analysis
An information security analyst inspects the .pcap file and observes encrypted unusual SSH traffic flow over nonstandard ports Which technology makes this behavior feasible?+
network tunnelingencrypted SSHnon-standard portstraffic analysis
Question #294Network Intrusion Analysis
Refer to the exhibit. Which technology produced the log?
IDS/IPSSecurity LogsIntrusion Detection
Question #295Security Concepts
What is the role of NAT in data visibility?
NATIP AddressingNetwork VisibilityObfuscation
Question #296Security Concepts
What is the purpose of command and control for network-aware malware?
MalwareCommand and ControlBotnet
Question #297Security Policies and Procedures
Which element is included in an incident response plan as stated in NIST.SP800-617
Incident ResponseNIST SP 800-61Security Policies
Question #298Network Intrusion Analysis
Refer to exhibit. Which alert is identified from this packet?
SYN FloodDenial of ServicePacket AnalysisTCP Handshake
Question #299Security Policies and Procedures
Which statement describes patch management?
Patch ManagementVulnerability ManagementSoftware Updates
Question #300Security Concepts
A user received a malicious email attachment named "DS045-report1122345.exe" and executed it. In which step of the Cyber Kill Chain is this event?
Cyber Kill ChainMalware ExecutionInstallation
Question #301Security Monitoring
What is sliding window anomaly detection?
Anomaly DetectionBehavioral AnalysisThreat Detection
Question #302Network Intrusion Analysis
Refer to the exhibit. What should be interpreted from this packet capture?
Packet AnalysisTCP/IPNetwork ProtocolsWireshark
Question #303Security Concepts
Which type of attack is a blank email with the subject "price deduction" that contains a malicious attachment?
PhishingEmail SecurityMalicious Attachment

PreviousPage 6 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.