200-201 Exam Questions
563 real 200-201 exam questions with expert-verified answers and explanations. Page 8 of 12.
- Question #354Security Concepts
What is a Heartbleed vulnerability?
HeartbleedVulnerabilityInformation disclosure - Question #355Security Monitoring
Refer to the exhibit. What is the logical source device for these events?
IDS/IPSLog sourcesSecurity devices - Question #356Security Concepts
A user received a suspicious email and reported it to the SOC team. After analysis, the team concluded that it was a spear phishing attack. According to the Diamond Model, how is t...
Diamond ModelThreat intelligenceAdversary - Question #357Network Intrusion Analysis
What is the difference between the ACK flag and the RST flag?
TCP flagsACK flagRST flagNetwork protocols - Question #358Network Intrusion Analysis
An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmalware2022-12-22.pcaps file. The engineer...
tcpdumpWiresharkPacket capturepcap files - Question #359Host-Based Analysis
Where is a host-based intrusion detection system located?
HIDSEndpoint securityIDS deployment - Question #360Security Policies and Procedures
Which SOC metric represents the time to stop the incident from causing further damage to systems or data?
SOC metricsMTTCIncident response - Question #361Host-Based Analysis
Which technique obtains information about how the system works without knowing it's design details?
Reverse engineeringMalware analysisSystem analysis - Question #362Security Policies and Procedures
Which risk approach eliminates activities posing a risk exposure?
Risk managementRisk avoidanceRisk strategy - Question #363Network Intrusion Analysis
What is session data used for in network security?
Network sessionsSession dataNetwork security - Question #364Network Traffic Analysis / Security Monitoring and Analysis - understanding packet capture structure, protocol layering (IP, TCP, TLS), and the ability to identify source/destination addresses and ports within a captured network frame, commonly tested in CompTIA CySA+, Security+, or similar cybersecurity certifications.
Drag and Drop Question Refer to the exhibit. Drag and drop the element names from the left onto the corresponding pieces of the PCAP file on the right. Answer:
PCAP AnalysisNetwork ProtocolsOSI ModelPacket Inspection - Question #365Security Concepts
Drag and Drop Question Cisco's Zero Trust Architecture simplifies the Zero Trust journey into three critical areas. Drag the definitions onto the graphic to describe Zero Trust fro...
Zero Trust ArchitectureNetworking FundamentalsNetwork ProtocolsIP Addressing - Question #366Network Intrusion Analysis
Refer to the exhibit. Which tool was used to generate this data?
NetFlowFlow dataNetwork monitoringNetwork tools - Question #367Network Intrusion Analysis
Which evasion method involves performing actions slower than normal to prevent detection?
Evasion techniquesTiming attackIntrusion detection bypass - Question #368Network Intrusion Analysis
After a large influx of network traffic to externally facing devices, a security engineer begins investigating what appears to be a denial of service attack. When the packet captur...
SYN floodDoS attackPacket analysisNetwork attacks - Question #369Security Monitoring
What is a difference between SIEM and SOAR security systems?
SIEMSOARsecurity automation - Question #370Network Intrusion Analysis
What is the dataflow set in the NetFlow flow-record format?
NetFlownetwork forensics - Question #371Security Concepts
An employee received an email from a colleague's address asking for the password for the domain controller. The employee noticed a missing letter within the sender's address. What...
social engineeringphishingattack vectors - Question #372Security Monitoring
A security engineer must investigate a recent breach within the organization. An engineer noticed that a breached workstation is trying to connect to the domain "Ranso4676-mware41-...
Cyber Kill Chainincident responsemalware activity - Question #373Security Concepts
According to CVSS, what is attack complexity?
CVSSvulnerability assessmentattack complexity - Question #374Host-Based Analysis
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
disk forensicsdata integrityhashingincident investigation - Question #375Security Concepts
Which action matches the weaponization step of the Cyber Kill Chain Model?
Cyber Kill ChainWeaponizationMalware developmentAttack phases - Question #376Security Concepts
A security engineer must protect the company from known issues that trigger adware. Recently a new incident has been raised that could harm the system. Which security concepts are...
VulnerabilityThreatAdwareSecurity concepts - Question #377Network Intrusion Analysis
Refer to exhibit. An engineer is investigating an intrusion and is analyzing the pcap file. Which two key elements must an engineer consider? (Choose two.)
Packet analysisNetwork intrusion detectionSYN floodDDoS - Question #378Host-Based Analysis
For which items is an end-point application greylist used?
Application controlGreylistingEndpoint securityWhitelisting/Blacklisting - Question #379Security Concepts
How does rule-based detection differ from behavioral detection?
Intrusion Detection SystemsRule-based detectionBehavioral detection - Question #380Security Concepts
What is a description of a social engineering attack?
Social engineeringPhishing - Question #381Network Intrusion Analysis
A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many S...
TCP injectionPacket analysisNetwork anomaliesFull packet capture - Question #382Network Intrusion Analysis
Refer to the exhibit. Which attack is being attempted against a web application?
Command injectionWeb application attacks - Question #383Security Monitoring
What is the impact of false negative alerts when compared to true negative alerts?
False negativesTrue negativesAlert analysis - Question #384Security Concepts
What describes the framework that enables to control user access to critical information in the heterogenous technology environments?
Identity and Access ManagementUser access control - Question #385Security Policies and Procedures
A company plans to implement network segmentations and use IP address inventory management best practices. Servers and end-user devices are using the same VLANs and IP subnets with...
Network segmentationIP address managementVLANsNetwork security best practices - Question #386Security Monitoring
What does the SOC metric MTTC provide in incident analysis?
SOC metricsIncident analysisMTTC - Question #387Security Concepts
How is SQL injection prevented?
SQL injection preventionInput validationInput sanitization - Question #388Security Concepts
A vulnerability is discovered on a network. If successfully exploited, it will completely remove the ability of the system to limit disclosure of information to an unauthorized use...
CIA triadConfidentialityVulnerability assessmentImpact analysis - Question #389Security Concepts
What matches the regular expression r(ege)+x?
regular expressionsregex syntaxpattern matching - Question #390Security Monitoring
Which statement describes indicators of attack?
indicators of attackthreat detectionsecurity monitoring - Question #391Security Monitoring
Which type of data is used to detect anomalies in the network?
anomaly detectionnetwork data analysisstatistical data - Question #392Security Concepts
What is data encapsulation?
data encapsulationnetworking fundamentalsOSI model - Question #393Network Intrusion Analysis
Which type of attack uses a botnet to reflect requests off of an NTP server to overwhelm a target?
DDoSNTP amplificationbotnetdenial of service - Question #394Network Intrusion Analysis
An analyst performs traffic analysis to detect suspicious activity and identifies the multiple UDP connections through the same port. Which technology makes this behavior feasible?
NATtraffic analysisUDP connectionsnetwork protocols - Question #395Security Concepts
Which of these is a defense-in-depth strategy principle?
Defense-in-depthLeast privilegeSecurity principles - Question #396Security Monitoring
Which security monitoring data type is associated with application server logs?
Application logsSecurity monitoring dataTransaction data - Question #397Security Concepts
Which principle reduces the risk of attackers gaining access to sensitive data by compromising a low-level user account?
Least privilegeSecurity principlesAccess control - Question #398Security Monitoring
What is the impact of encryption on data visibility?
TLS 1.3Traffic decryptionSecurity monitoring challengesEncryption impact - Question #399Network Intrusion Analysis
During a quarterly vulnerability scan, a security analyst discovered unused uncommon ports open and in a listening state. Further investigation showed that the unknown application...
Cyber Kill ChainCommand and ControlIncident detection - Question #400Security Concepts
Which description is a defense-in-depth principal strategy?
Defense-in-depthNetwork segmentationVLANsNetwork security - Question #401Network Intrusion Analysis
What can be identified from the exhibit?
Packet capturetcpdumpNetwork analysis tools - Question #402Security Concepts
What is a description of a man-in-the-middle network attack?
Man-in-the-middle attackNetwork attacks - Question #403Security Concepts
What is a threat actor?
Threat actorsThreat intelligenceSecurity terminology