What High Value 200-201 Test Preparation Is

NEW QUESTION 1
What describes the concept of data consistently and readily being accessible for legitimate users?

• A. integrity
• B. availability
• C. accessibility
• D. confidentiality

Answer: B

NEW QUESTION 2
A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

• A. file extension associations
• B. hardware, software, and security settings for the system
• C. currently logged in users, including folders and control panel settings
• D. all users on the system, including visual settings

Answer: B

Explanation:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users

NEW QUESTION 3
An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

• A. Recover from the threat.
• B. Analyze the threat.
• C. Identify lessons learned from the threat.
• D. Reduce the probability of similar threats.

Answer: A

Explanation:
Per: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

NEW QUESTION 4
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

• A. confidentiality, identity, and authorization
• B. confidentiality, integrity, and authorization
• C. confidentiality, identity, and availability
• D. confidentiality, integrity, and availability

Answer: D

NEW QUESTION 5
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

• A. The computer has a HIPS installed on it.
• B. The computer has a NIPS installed on it.
• C. The computer has a HIDS installed on it.
• D. The computer has a NIDS installed on it.

Answer: C

NEW QUESTION 6
Refer to the exhibit.

Which frame numbers contain a file that is extractable via TCP stream within Wireshark?

• A. 7,14, and 21
• B. 7 and 21
• C. 14,16,18, and 19
• D. 7 to 21

Answer: B

NEW QUESTION 7
What is a purpose of a vulnerability management framework?

• A. identifies, removes, and mitigates system vulnerabilities
• B. detects and removes vulnerabilities in source code
• C. conducts vulnerability scans on the network
• D. manages a list of reported vulnerabilities

Answer: A

NEW QUESTION 8
Which data type is necessary to get information about source/destination ports?

• A. statistical data
• B. session data
• C. connectivity data
• D. alert data

Answer: B

Explanation:
Session data provides information about the five tuples; source IP address/port number, destination IP address/port number and the protocol
What is Connectivity Data? According to IBM - Connectivity data defines how entities are connected in the network. It includes connections between different devices, and VLAN-related connections within the same
device https://www.ibm.com/docs/en/networkmanager/4.2.0?topic=relationships-connectivity-data

NEW QUESTION 9
Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?

• A. evidence collection order
• B. data integrity
• C. data preservation
• D. volatile data collection

Answer: B

NEW QUESTION 10
Why is HTTPS traffic difficult to screen?

• A. HTTPS is used internally and screening traffic (or external parties is hard due to isolation.
• B. The communication is encrypted and the data in transit is secured.
• C. Digital certificates secure the session, and the data is sent at random intervals.
• D. Traffic is tunneled to a specific destination and is inaccessible to others except for the receiver.

Answer: B

NEW QUESTION 11
What is an incident response plan?

• A. an organizational approach to events that could lead to asset loss or disruption of operations
• B. an organizational approach to security management to ensure a service lifecycle and continuous improvements
• C. an organizational approach to disaster recovery and timely restoration of operational services
• D. an organizational approach to system backup and data archiving aligned to regulations

Answer: C

NEW QUESTION 12
Which utility blocks a host portscan?

• A. HIDS
• B. sandboxing
• C. host-based firewall
• D. antimalware

Answer: C

NEW QUESTION 13
Which technology on a host is used to isolate a running application from other applications?

• A. sandbox
• B. application allow list
• C. application block list
• D. host-based firewall

Answer: A

NEW QUESTION 14
An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?

• A. digital certificates
• B. static IP addresses
• C. signatures
• D. cipher suite

Answer: A

NEW QUESTION 15
How does an attack surface differ from an attack vector?

• A. An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.
• B. An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.
• C. An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.
• D. An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation

Answer: B

NEW QUESTION 16
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

• A. decision making
• B. rapid response
• C. data mining
• D. due diligence

Answer: D

NEW QUESTION 17
......