What Actual 200-201 Exam Engine Is

NEW QUESTION 1
What describes the impact of false-positive alerts compared to false-negative alerts?

• A. A false negative is alerting for an XSS attac
• B. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised
• C. A false negative is a legitimate attack triggering a brute-force aler
• D. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring
• E. A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
• F. A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Answer: C

NEW QUESTION 2
How does statistical detection differ from rule-based detection?

• A. Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.
• B. Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules
• C. Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function Rule-based detection defines
• D. legitimate data over a period of time, and statistical detection works on a predefined set of rules

Answer: B

NEW QUESTION 3
An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom. What is the threat actor in this scenario?

• A. phishing email
• B. sender
• C. HR
• D. receiver

Answer: B

NEW QUESTION 4
Drag and drop the security concept on the left onto the example of that concept on the right.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

• A. signatures
• B. host IP addresses
• C. file size
• D. dropped files
• E. domain names

Answer: BE

NEW QUESTION 6
What is an attack surface as compared to a vulnerability?

• A. any potential danger to an asset
• B. the sum of all paths for data into and out of the environment
• C. an exploitable weakness in a system or its design
• D. the individuals who perform an attack

Answer: C

Explanation:
An attack surface is the total sum of vulnerabilities that can be exploited to carry out a security attack. Attack surfaces can be physical or digital. The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access.

NEW QUESTION 7
What is a description of a social engineering attack?

• A. fake offer for free music download to trick the user into providing sensitive data
• B. package deliberately sent to the wrong receiver to advertise a new product
• C. mistakenly received valuable order destined for another person and hidden on purpose
• D. email offering last-minute deals on various vacations around the world with a due date and a counter

Answer: D

NEW QUESTION 8
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

• A. fragmentation
• B. pivoting
• C. encryption
• D. stenography

Answer: C

Explanation:
https://techdifferences.com/difference-between-steganography-and-cryptography.html#:~:text=The%20steganog

NEW QUESTION 9
A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

• A. weaponization
• B. delivery
• C. exploitation
• D. reconnaissance

Answer: B

NEW QUESTION 10
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

• A. Tapping interrogation replicates signals to a separate port for analyzing traffic
• B. Tapping interrogations detect and block malicious traffic
• C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
• D. Inline interrogation detects malicious traffic but does not block the traffic

Answer: A

Explanation:
A network TAP is a simple device that connects directly to the cabling infrastructure to split or copy packets for use in analysis, security, or general network management

NEW QUESTION 11
Refer to the exhibit.

What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

• A. insert TCP subdissectors
• B. extract a file from a packet capture
• C. disable TCP streams
• D. unfragment TCP

Answer: D

NEW QUESTION 12
Which piece of information is needed for attribution in an investigation?

• A. proxy logs showing the source RFC 1918 IP addresses
• B. RDP allowed from the Internet
• C. known threat actor behavior
• D. 802.1x RADIUS authentication pass arid fail logs

Answer: C

Explanation:
Actually this is the most important thing: know who, what, how, why, etc.. attack the network.

NEW QUESTION 13
Which signature impacts network traffic by causing legitimate traffic to be blocked?

• A. false negative
• B. true positive
• C. true negative
• D. false positive

Answer: D

NEW QUESTION 14
Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

• A. 2317
• B. 1986
• C. 2318
• D. 2542

Answer: D

NEW QUESTION 15
Refer to the exhibit.

An attacker scanned the server using Nmap. What did the attacker obtain from this scan?

• A. Identified a firewall device preventing the pert state from being returned.
• B. Identified open SMB ports on the server
• C. Gathered information on processes running on the server
• D. Gathered a list of Active Directory users

Answer: C

NEW QUESTION 16
Refer to the exhibit.

An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command. How must the engineer interpret the results?

• A. The web application is receiving a common, legitimate traffic
• B. The engineer must gather more data.
• C. The web application server is under a denial-of-service attack.
• D. The server is under a man-in-the-middle attack between the web application and its database

Answer: C

NEW QUESTION 17
......