200-201 Exam Questions
563 real 200-201 exam questions with expert-verified answers and explanations. Page 9 of 12.
- Question #404Network Intrusion Analysis
Which two protocols are used for DDoS amplification attacks? (Choose two.)
DDoS amplificationDNS amplificationNTP amplificationDDoS attacks - Question #405Security Monitoring
An engineer must create a SIEM rule to test events and traffic for spikes and changes that occur in regular patterns to detect irregularities. Which rules achieve the desired resul...
SIEM rulesBehavioral analysisThreat detectionSecurity monitoring - Question #406Network Intrusion Analysis
Refer to the exhibit. What occurred on this system based on this output?
Log analysisSSHNetwork protocolsSystem events - Question #407Network Intrusion Analysis
Which type of evasion technique is accomplished by separating the traffic into smaller segments before transmitting across the network?
Evasion techniquesNetwork securityFragmentationIDS/IPS evasion - Question #408Host-Based Analysis
What is a Shellshock vulnerability?
ShellshockVulnerabilitiesCommand injectionHost exploitation - Question #409Network Intrusion Analysis
Refer to the exhibit. What is occurring in this network traffic?
Network traffic analysisICMP floodDenial of Service (DoS)Packet analysis - Question #410Security Concepts
What is the impact of encapsulation on the network?
Network encapsulationNetworking conceptsOSI model - Question #411Network Intrusion Analysis
An analyst performs traffic analysis to detect data exfiltration and identifies a high frequency of DNS requests in a small period of time. Which technology makes this behavior fea...
Data exfiltrationDNS tunnelingTraffic analysisNetwork protocols - Question #412Security Concepts
According to CVSS, what is the attack vector?
CVSSVulnerability assessmentAttack vector - Question #413Host-Based Analysis
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The se...
Log analysisIncident responseCredential theftHost compromise - Question #414Security Concepts
A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple a...
Threat actorSocial engineeringSecurity incident - Question #415Security Concepts
What is the relationship between a vulnerability and a threat?
ThreatVulnerabilityRisk management - Question #416Security Concepts
What is the principle of defense-in-depth?
Defense-in-depthSecurity architectureLayered security - Question #417Security Monitoring
What is the difference between the rule-based detection when compared to behavioral detection?
Intrusion detectionRule-based detectionBehavioral analysisSecurity monitoring - Question #418Security Concepts
What is the difference between attack surface and vulnerability management?
Attack surfaceVulnerability managementRisk reduction - Question #419Security Concepts
What technology should be used for the verified and secure exchange of public keys between entities Tom0123456789 and Dan9876543210?
Key exchangeCryptographyPublic key infrastructure - Question #420Security Concepts
How is symmetric encryption used for HTTPS connections?
HTTPSSymmetric encryptionTLS/SSLCryptography - Question #421Security Concepts
What is the difference between a vulnerability and an attack surface?
VulnerabilityAttack surfaceRisk management - Question #422Security Concepts
Which two elements are used by the defense-in-depth strategy? (Choose two.)
Defense-in-depthLeast privilegeFirewallsSecurity controls - Question #423Security Concepts
Which technology assures that the information transferred from point A to point B is unaltered and authentic?
Digital certificatesData integrityAuthenticityPKI - Question #424Security Concepts
What is a difference between authorization and authentication from an access control perspective?
AuthenticationAuthorizationAccess control - Question #425Security Concepts
What is a characteristic of a temporal score in CVSS?
CVSSVulnerability scoringTemporal score - Question #426Security Concepts
An engineer is working on the implementation of digital certificates for new critical web applications. One of the requirements is that the https connection must be validated and p...
Digital certificatesX.509HTTPSPKI - Question #427Security Concepts
What is the difference between vulnerability and risk?
VulnerabilityRiskRisk managementThreat - Question #428Security Concepts
Which scenario describes a social engineering attack?
Social engineeringPhishingSmishingAttack types - Question #429Host-Based Analysis
What is a difference between antivirus and antimalware security systems?
AntivirusAntimalwareEndpoint securityMalware types - Question #430Security Concepts
An employee of a company receives an email with an attachment. They notice that this email is from a suspicious source, and they decide not to open the attached file. After further...
Cyber Kill Chainmalwareemail security - Question #431Security Concepts
What is the effect of TOR on data visibility?
TORnetwork anonymityencryption - Question #432Security Monitoring
What is the difference between true positive and false negative?
true positivefalse negativealert classification - Question #433Security Concepts
What is the difference between attack surface and vulnerability?
vulnerabilityattack surfacesecurity definitions - Question #434Security Concepts
Which system should be implemented to authenticate and secure the distribution of public keys in a scenario involving users identified as Tom4140299040 and Dan2091400494?
public key infrastructurekey agreement protocolcryptography - Question #435Network Intrusion Analysis
What are two differences and benefits of packet filtering, stateful firewalling, and deep packet inspections? (Choose two.)
firewallpacket filteringstateful inspectiondeep packet inspection - Question #436Host-Based Analysis
Developers must implement tasks on remote Windows environments. They decided to use scripts for enterprise applications through PowerShell. Why does the functionality not work?
PowerShellWMIWindows securityremote management - Question #437Security Concepts
What is a vulnerability?
vulnerabilitysecurity definitions - Question #438Network Intrusion Analysis
What does this regular expression do? \b(192|172).(168|1[6-9]|2[0-9]|3[0-1]).[0-9]{1,3}.[0-9]{1.3}\b
regular expressionsprivate IP addressesnetwork ranges - Question #439Security Concepts
Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?
SSL certificateHTTPSweb securityintegrity - Question #440Network Intrusion Analysis
An engineer is investigating a case of the unauthorized usage of the "Tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interfa...
Tcpdumppacket sniffingnetwork traffic analysis - Question #441Security Concepts
At a company party a guest asks questions about the company's user account format and password complexity. How is this type of conversation classified?
social engineeringinformation gatheringhuman factor - Question #442Security Monitoring
Which security monitoring data type requires the largest storage space?
security monitoringlog managementpacket capturestorage - Question #443Network Intrusion Analysis
What are two denial of service attacks? (Choose two.)
Denial of Service (DoS)Ping of DeathUDP floodingNetwork attacks - Question #444Network Intrusion Analysis
An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap. Which command will accomplish t...
NmapHost discoveryNetwork scanningIDS evasion - Question #445Security Policies and Procedures
An engineer must verify vulnerabilities found in the scanning process. The engineer checks the impact of those findings to the organization and compares the results with known thre...
Vulnerability managementRisk assessmentThreat intelligenceSecurity policies - Question #446Network Intrusion Analysis
A security engineer must determine why a new core application does not work as desired. The client can send requests toward the application server but receives no response. One of...
Network monitoringPacket captureTAP deviceSPAN port - Question #447Network Intrusion Analysis
Which difficulty occurs when log messages are compared from two devices separated by a Layer 3 device that performs Network Address Translation?
Log analysisNAT (Network Address Translation)IP addressesNetwork troubleshooting - Question #448Security Monitoring
What is the difference between statistical detection and rule-based detection models?
Intrusion Detection Systems (IDS)Statistical anomaly detectionRule-based detectionSecurity monitoring - Question #449Host-Based Analysis
What are indicators of attack?
Indicators of Attack (IoA)Host-based forensicsThreat detectionRegistry changes - Question #450Security Concepts
What is the role of indicators of compromise during the attribution process?
Indicators of Compromise (IoC)Threat AttributionIncident Detection - Question #451Security Concepts
What is the role of indicator of attack in an investigation?
Indicators of Attack (IoA)Proactive DetectionIncident Investigation - Question #452Network Intrusion Analysis
Refer to the exhibit. Which type of data filtering is provided?
Data FilteringMail SecurityEmail Filtering - Question #453Network Intrusion Analysis
An engineer must profile new servers that have been released recently and must identify running web services on nonstandard ports. Why is the probe returning no result?
Firewall RulesPort ScanningNetwork ProfilingWeb Services