Updated Apr-2024 200-201 Free Exam Files Downloaded Instantly
Practice Exams and Training Solutions for Certifications
NEW QUESTION # 78
What are two denial of service attacks? (Choose two.)
- A. MITM
- B. UDP flooding
- C. code red
- D. ping of death
- E. TCP connections
Answer: B,D
NEW QUESTION # 79
What does cyber attribution identify in an investigation?
- A. threat actors of an attack
- B. vulnerabilities exploited
- C. cause of an attack
- D. exploit of an attack
Answer: A
Explanation:
https://www.techtarget.com/searchsecurity/definition/cyber-attribution
NEW QUESTION # 80
What is an incident response plan?
- A. an organizational approach to events that could lead to asset loss or disruption of operations
- B. an organizational approach to disaster recovery and timely restoration ot operational services
- C. an organizational approach to system backup and data archiving aligned to regulations
- D. an organizational approach to security management to ensure a service lifecycle and continuous improvements
Answer: B
NEW QUESTION # 81
What is a difference between signature-based and behavior-based detection?
- A. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
- B. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
- C. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.
- D. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
Answer: C
NEW QUESTION # 82
What are two denial-of-service (DoS) attacks? (Choose two)
- A. SYN flood
- B. phishing
- C. teardrop
- D. man-in-the-middle
- E. port scan
Answer: A,D
NEW QUESTION # 83
Refer to the exhibit.
Which component is identifiable in this exhibit?
- A. Trusted Root Certificate store on the local machine
- B. Windows PowerShell verb
- C. local service in the Windows Services Manager
- D. Windows Registry hive
Answer: D
NEW QUESTION # 84
W[^t is vulnerability management?
- A. A process to identify and remediate existing weaknesses.
- B. A security practice of performing actions rather than acknowledging the threats.
- C. A process to recover from service interruptions and restore business-critical applications
- D. A security practice focused on clarifying and narrowing intrusion points.
Answer: A
NEW QUESTION # 85
Which security technology allows only a set of pre-approved applications to run on a system?
- A. antivirus
- B. host-based IPS
- C. application-level whitelisting
- D. application-level blacklisting
Answer: C
Explanation:
Section: Host-Based Analysis
NEW QUESTION # 86
Refer to the exhibit.
Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
Answer:
Explanation:
NEW QUESTION # 87
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Answer:
Explanation:
NEW QUESTION # 88
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?
- A. Perform forensics analysis on the infected endpoint.
- B. Collect public information on the malware behavior.
- C. Isolate the infected endpoint from the network.
- D. Prioritize incident handling based on the impact.
Answer: B
NEW QUESTION # 89
Which evasion technique is a function of ransomware?
- A. encryption
- B. extended sleep calls
- C. encoding
- D. resource exhaustion
Answer: A
Explanation:
Section: Security Concepts
NEW QUESTION # 90
What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?
- A. need to know
- B. due diligence
- C. least privilege
- D. integrity validation
Answer: C
Explanation:
Section: Security Concepts
NEW QUESTION # 91
Which type of data must an engineer capture to analyze payload and header information?
- A. alert data
- B. frame check sequence
- C. full packet
- D. session logs
Answer: C
NEW QUESTION # 92
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Answer:
Explanation:
Explanation:
Exploitation - The targeted Environment is taken advantage of triggering the threat actor's code Installation - Backdoor is placed on the victim system allowing the threat actor to maintain the persistence.
Command and Control - An outbound connection is established to an Internet-based controller server.
Actions and Objectives - The threat actor takes actions to violate data integrity and availability
NEW QUESTION # 93
Refer to the exhibit.
What does this output indicate?
- A. Email ports are closed on the server.
- B. SMB ports are closed on the server.
- C. HTTPS ports are open on the server.
- D. FTP ports are open on the server.
Answer: A
NEW QUESTION # 94
......
Q&As with Explanations Verified & Correct Answers: https://freepdf.passtorrent.com/200-201-latest-torrent.html