[Sep-2020]Exam Pass 100%!Braindump2go 200-201 PDF Dumps 200-201 113Q Instant Download[Q40-Q60]
2020/Sep Latest Braindump2go 200-201 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 200-201 Real Exam Questions! QUESTION 40
Which type of data typically consists of connection level, application-specific records generated from network traffic? A. location data
B. statistical data
C. alert data
D. transaction data Answer: B QUESTION 41
What are three key components of a threat-centric SOC? (Choose three.) A. people
B. compliances
C. processes
D. regulations
E. technologies Answer: ACE QUESTION 42
An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs? A. sequence numbers
B. IP identifier
C. 5-tuple
D. timestamps Answer: C QUESTION 43
Refer to the exhibit. Which type of log is displayed?
 A. proxy
B. NetFlow
C. IDS
D. sys Answer: B QUESTION 44
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network? A. Tapping interrogation replicates signals to a separate port for analyzing traffic
B. Tapping interrogations detect and block malicious traffic
C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. Inline interrogation detects malicious traffic but does not block the traffic Answer: A QUESTION 45
Which two components reduce the attack surface on an endpoint? (Choose two.) A. secure boot
B. load balancing
C. increased audit log levels
D. restricting USB ports
E. full packet captures at the endpoint Answer: AD QUESTION 46
An analyst discovers that a legitimate security alert has been dismissed.
Which signature caused this impact on network traffic? A. true negative
B. false negative
C. false positive
D. true positive Answer: B QUESTION 47
Which event artifact is used to identity HTTP GET requests for a specific file? A. destination IP address
B. TCP ACK
C. HTTP status code
D. URI Answer: D QUESTION 48
Which security principle requires more than one person is required to perform a critical task? A. least privilege
B. need to know
C. separation of duties
D. due diligence Answer: C QUESTION 49
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.) A. Untampered images are used in the security investigation process
B. Tampered images are used in the security investigation process
C. The image is tampered if the stored hash and the computed hash match
D. Tampered images are used in the incident recovery process
E. The image is untampered if the stored hash and the computed hash match Answer: BE QUESTION 50
What makes HTTPS traffic difficult to monitor? A. SSL interception
B. packet header size
C. signature detection time
D. encryption Answer: D QUESTION 51
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using? A. Base64 encoding
B. transport layer security encryption
C. SHA-256 hashing
D. ROT13 encryption Answer: B QUESTION 52
What best describes the Security Operations Center (SOC)? A. The SOC is usually responsible for monitoring and maintaining the overall network infrastructure, its primary function is to ensure uninterrupted network service.
B. A SOC is related to the people, processes, and technologies that are involved in providing situational awareness through the detection, containment, and remediation of information security threats.
C. The SOC is responsible for the physical security of a building or installation location.
D. The SOC and NOC are the same entity, with different names. They are responsible for the health and security of the network infrastructure. Answer: B QUESTION 53
Which term represents a potential danger that could take advantage of a weakness in a system? A. vulnerability
B. risk
C. threat
D. exploit Answer: C QUESTION 54
Which artifact is used to uniquely identify a detected file? A. file timestamp
B. file extension
C. file size
D. file hash Answer: D QUESTION 55
How does an attacker observe network traffic exchanged between two users? A. port scanning
B. man-in-the-middle
C. command injection
D. denial of service Answer: B QUESTION 56
Refer to the exhibit. Which event is occurring?
 A. A binary named "submit" is running on VM cuckoo1.
B. A binary is being submitted to run on VM cuckoo1
C. A binary on VM cuckoo1 is being submitted for evaluation
D. A URL is being evaluated to see if it has a malicious binary Answer: C QUESTION 57
What is a benefit of agent-based protection when compared to agentless protection? A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously Answer: B QUESTION 58
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action? A. decision making
B. rapid response
C. data mining
D. due diligence Answer: A QUESTION 59
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.) A. signatures
B. host IP addresses
C. file size
D. dropped files
E. domain names Answer: BE QUESTION 60
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system? A. queries Linux devices that have Microsoft Services for Linux installed
B. deploys Windows Operating Systems in an automated fashion
C. is an efficient tool for working with Active Directory
D. has a Common Information Model, which describes installed hardware and software Answer: D
Resources From:1.2020 Latest Braindump2go 200-201 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/200-201.html 2.2020 Latest Braindump2go 200-201 PDF and 200-201 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1fTPALtM-eluHFw8sUjNGF7Y-ofOP3s-M?usp=sharing 3.2020 Free Braindump2go 200-201 PDF Download:
https://www.braindump2go.com/free-online-pdf/200-201-Dumps(43-55).pdf
https://www.braindump2go.com/free-online-pdf/200-201-PDF(30-42).pdf
https://www.braindump2go.com/free-online-pdf/200-201-PDF-Dumps(1-15).pdf
https://www.braindump2go.com/free-online-pdf/200-201-VCE(16-29).pdf
https://www.braindump2go.com/free-online-pdf/200-201-VCE-Dumps(56-69).pdf Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
|