[September-2021]200-201 Exam PDF and VCE Dumps 200-201 200Q Exam Files Free Download from Braindump2go[Q172-Q191]
September/2021 Latest Braindump2go 200-201 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 200-201 Real Exam Questions! QUESTION 172 The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event? A. Isolate the infected endpoint from the network. B. Perform forensics analysis on the infected endpoint. C. Collect public information on the malware behavior. D. Prioritize incident handling based on the impact. Answer: C QUESTION 173 Which technology on a host is used to isolate a running application from other applications? A. sandbox B. application allow list C. application block list D. host-based firewall Answer: A QUESTION 174 An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation? A. Recovery B. Detection C. Eradication D. Analysis Answer: B QUESTION 175 Which data type is necessary to get information about source/destination ports? A. statistical data B. session data C. connectivity data D. alert data Answer: C QUESTION 176 Refer to the exhibit. Which type of attack is being executed? A. SQL injection B. cross-site scripting C. cross-site request forgery D. command injection Answer: A QUESTION 177 Which attack represents the evasion technique of resource exhaustion? A. SQL injection B. man-in-the-middle C. bluesnarfing D. denial-of-service Answer: D QUESTION 178 A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs? A. event name, log source, time, source IP, and host name B. protocol, source IP, source port, destination IP, and destination port C. event name, log source, time, source IP, and username D. protocol, log source, source IP, destination IP, and host name Answer: B QUESTION 179 Which event is a vishing attack? A. obtaining disposed documents from an organization B. using a vulnerability scanner on a corporate network C. setting up a rogue access point near a public hotspot D. impersonating a tech support agent during a phone call Answer: D QUESTION 180 What is indicated by an increase in IPv4 traffic carrying protocol 41 ? A. additional PPTP traffic due to Windows clients B. unauthorized peer-to-peer traffic C. deployment of a GRE network on top of an existing Layer 3 network D. attempts to tunnel IPv6 traffic through an IPv4 network Answer: D QUESTION 181 What is the impact of false positive alerts on business compared to true positive? A. True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them. B. True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks Identified as harmless. C. False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately. D. False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged. Answer: C QUESTION 182 An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host? A. by most active source IP B. by most used ports C. based on the protocols used D. based on the most used applications Answer: C QUESTION 183 What is an incident response plan? A. an organizational approach to events that could lead to asset loss or disruption of operations B. an organizational approach to security management to ensure a service lifecycle and continuous improvements C. an organizational approach to disaster recovery and timely restoration ot operational services D. an organizational approach to system backup and data archiving aligned to regulations Answer: C QUESTION 184 An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue? A. incorrect TCP handshake B. incorrect UDP handshake C. incorrect OSI configuration D. incorrect snaplen configuration Answer: A QUESTION 185 A security incident occurred with the potential of impacting business services. Who performs the attack? A. malware author B. threat actor C. bug bounty hunter D. direct competitor Answer: A QUESTION 186 Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized? A. indirect B. circumstantial C. corroborative D. best Answer: D QUESTION 187 W[^t is vulnerability management? A. A security practice focused on clarifying and narrowing intrusion points. B. A security practice of performing actions rather than acknowledging the threats. C. A process to identify and remediate existing weaknesses. D. A process to recover from service interruptions and restore business-critical applications Answer: C QUESTION 188 A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event? A. installation B. reconnaissance C. weaponization D. delivery Answer: A QUESTION 189 An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task? A. digital certificates B. static IP addresses C. signatures D. cipher suite Answer: D QUESTION 190 What is a difference between data obtained from Tap and SPAN ports? A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis. B. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times. C. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility. D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination Answer: A QUESTION 191 Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number? A. availability B. confidentiality C. scope D. integrity Answer: D
Resources From:1.2021 Latest Braindump2go 200-201 Exam Dumps (PDF & VCE) Free Share: https://www.braindump2go.com/200-201.html 2.2021 Latest Braindump2go 200-201 PDF and 200-201 VCE Dumps Free Share: https://drive.google.com/drive/folders/1fTPALtM-eluHFw8sUjNGF7Y-ofOP3s-M?usp=sharing 3.2021 Free Braindump2go 200-201 Exam Questions Download: https://www.braindump2go.com/free-online-pdf/200-201-PDF-Dumps(172-191).pdf Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
|