200-201 Exam Questions

Total 181 Questions

Last Updated Exam : 16-Dec-2024

Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?


A.

NetScout


B.

tcpdump


C.

SolarWinds


D.

netsh





B.
  

tcpdump



Which security principle is violated by running all processes as root or administrator?


A.

principle of least privilege


B.

role-based access control


C.

separation of duties


D.

trusted computing base





A.
  

principle of least privilege



What are the two characteristics of the full packet captures? (Choose two.)


A.

Identifying network loops and collision domains.


B.

Troubleshooting the cause of security and performance issues.


C.

Reassembling fragmented traffic from raw data.


D.

Detecting common hardware faults and identify faulty assets.


E.

Providing a historical record of a network transaction.





C.
  

Reassembling fragmented traffic from raw data.



E.
  

Providing a historical record of a network transaction.



An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)


A.

signatures


B.

host IP addresses


C.

file size


D.

dropped files


E.

domain namesanalysis report shows that outbound callouts were made post infection.





B.
  

host IP addresses



E.
  

domain namesanalysis report shows that outbound callouts were made post infection.



Refer to the exhibit.

Which event is occurring?


A.

A binary named "submit" is running on VM cuckoo1.


B.

A binary is being submitted to run on VM cuckoo1


C.

A binary on VM cuckoo1 is being submitted for evaluation


D.

A URL is being evaluated to see if it has a malicious binary





C.
  

A binary on VM cuckoo1 is being submitted for evaluation



What is the virtual address space for a Windows process?


A.

physical location of an object in memory


B.

Bset of pages that reside in the physical memory


C.

system-level memory protection feature built into the operating system


D.

set of virtual memory addresses that can be used





D.
  

set of virtual memory addresses that can be used



Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)


A.

PCI


B.

GLBA


C.

HIPAA


D.

SOX


E.

COBIT





A.
  

PCI



C.
  

HIPAA



What is the function of a command and control server?


A.

It enumerates open ports on a network device


B.

It drops secondary payload into malware


C.

It is used to regain control of the network after a compromise


D.

It sends instruction to a compromised system





D.
  

It sends instruction to a compromised system



What is the practice of giving an employee access to only the resources needed to accomplish their job?


A.

principle of least privilege


B.

organizational separation


C.

separation of duties


D.

need to know principle





A.
  

principle of least privilege



An analyst received an alert on their desktop computer showing that an attack was successful on the host.
After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the
reason for this discrepancy?




A.

The computer has a HIPS installed on it.


B.

The computer has a NIPS installed on it.


C.

The computer has a HIDS installed on it.


D.

The computer has a NIDS installed on it.





C.
  

The computer has a HIDS installed on it.




Page 4 out of 19 Pages
Previous