200-201 Online Practice Questions and Answers

At which layer is deep packet inspection investigated on a firewall?

A. internet

B. transport

C. application

D. data link

An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?

A. IP data

B. PII data

C. PSI data

D. PHI data

An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

A. Recover from the threat.

B. Analyze the threat.

C. Identify lessons learned from the threat.

D. Reduce the probability of similar threats.

A security incident occurred with the potential of impacting business services. Who performs the attack?

A. malware author

B. threat actor

C. bug bounty hunter

D. direct competitor

Why is encryption challenging to security monitoring?

A. Encryption analysis is used by attackers to monitor VPN tunnels.

B. Encryption is used by threat actors as a method of evasion and obfuscation.

C. Encryption introduces additional processing requirements by the CPU.

D. Encryption introduces larger packet sizes to analyze and store.

Refer to the exhibit.

What is occurring in this network?

A. ARP cache poisoning

B. DNS cache poisoning

C. MAC address table overflow

D. MAC flooding attack

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.

What is the initial event called in the NIST SP800-61?

A. online assault

B. precursor

C. trigger

D. instigator

Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?

A. replay

B. SQL injection

C. dictionary

D. cross-site scripting

What does the Zero Trust security model signify?

A. Zero Trust security means that no one is trusted by default from inside or outside the network.

B. Zero Trust addresses access control and states that an individual should have only the minimum access privileges necessary to perform specific tasks.

C. Zero Trust states that no users should be given enough privileges to misuse the system on their own.

D. Zero Trust states that unless a subject is given explicit access to an object, it should be denied access to that object.

Refer to the exhibit.

What does the message indicate?

A. an access attempt was made from the Mosaic web browser

B. a successful access attempt was made to retrieve the password file

C. a successful access attempt was made to retrieve the root of the website

D. a denied access attempt was made to retrieve the password file

Refer to the exhibit.

What should be interpreted from this packet capture?

A. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

C. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

D. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header. Which technology makes this behavior possible?

A. encapsulation

B. TOR

C. tunneling

D. NAT

Which type of evidence supports a theory or an assumption that results from initial evidence?

A. probabilistic

B. indirect

C. best

D. corroborative

What should an engineer use to aid the trusted exchange of public keys between user tom0411976943 and dan1968754032?

A. central key management server

B. web of trust

C. trusted certificate authorities

D. registration authority data

DRAG DROP

Drag and drop the data source from the left onto the data type on the right.

Select and Place: