200-201 Online Practice Questions and Answers

Which type of data consists of connection level, application-specific records generated from network traffic?

A. transaction data

B. location data

C. statistical data

D. alert data

What is an incident response plan?

A. an organizational approach to events that could lead to asset loss or disruption of operations

B. an organizational approach to security management to ensure a service lifecycle and continuous improvements

C. an organizational approach to disaster recovery and timely restoration of operational services

D. an organizational approach to system backup and data archiving aligned to regulations

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. What is the initial event called in the NIST SP800-61?

A. online assault

B. precursor

C. trigger

D. instigator

What describes the defense-m-depth principle?

A. defining precise guidelines for new workstation installations

B. categorizing critical assets within the organization

C. isolating guest Wi-Fi from the focal network

D. implementing alerts for unexpected asset malfunctions

What are the two characteristics of the full packet captures? (Choose two.)

A. Identifying network loops and collision domains.

B. Troubleshooting the cause of security and performance issues.

C. Reassembling fragmented traffic from raw data.

D. Detecting common hardware faults and identify faulty assets.

E. Providing a historical record of a network transaction.

Which option describes indicators of attack?

A. blocked phishing attempt on a company

B. spam emails on an employee workstation

C. virus detection by the AV software

D. malware reinfection within a few minutes of removal

Refer to the exhibit.

A security analyst received a ticket about suspicious traffic from one of the workstations. During the investigation, the analyst discovered that the workstation is communicating with an external IP The analyst was not able to investigate further and escalated the case to a T2 security analyst. What are the two data visibility challenges that the security analyst should identify? (Choose two.)

A. A default user agent is present in the headers.

B. Traffic is not encrypted.

C. Encrypted data is being transmitted.

D. POST requests have a "Microsoft-IIS/7.5" server header.

E. HTTP requests and responses are sent in plaintext.

An engineer must create a SIEM rule to test events and traffic for spikes and changes that occur in regular patterns to detect irregularities. Which rules achieve the desired results?

A. anomaly

B. behavioral

C. threshold

D. availability

Which type of attack involves executing arbitrary commands on the operating system to escalate privileges?

A. Apache log

B. cross-site scripting

C. command injection

D. SQL injection

What is the impact of false negative alerts when compared to true negative alerts?

A. A false negative is someone trying to hack into the system and no alert is raised, and a true negative is an event that never happened and an alert was not raised.

B. A true negative is an alert for an exploit attempt when no attack was detected, and a false negative is when no attack happens and an alert is still raised.

C. A true negative is a legitimate attack that triggers a brute force alert, and a false negative is when no alert and no attack is occurring.

D. A false negative is an event that alerts for injection attack when no attack is happening, and a true negative is an attack that happens and an alert that is appropriately raised.