[Sep-2020]Exam Pass 100%!Braindump2go 200-201 Dumps in PDF 200-201 113Q Instant Download[Q40-Q60]
2020/Sep Latest Braindump2go 200-201 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 200-201 Real Exam Questions!
Which type of data typically consists of connection level, application-specific records generated from network traffic?
A. location data
B. statistical data
C. alert data
D. transaction data
What are three key components of a threat-centric SOC? (Choose three.)
An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?
A. sequence numbers
B. IP identifier
Refer to the exhibit. Which type of log is displayed?
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. Tapping interrogation replicates signals to a separate port for analyzing traffic
B. Tapping interrogations detect and block malicious traffic
C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. Inline interrogation detects malicious traffic but does not block the traffic
Which two components reduce the attack surface on an endpoint? (Choose two.)
A. secure boot
B. load balancing
C. increased audit log levels
D. restricting USB ports
E. full packet captures at the endpoint
An analyst discovers that a legitimate security alert has been dismissed.
Which signature caused this impact on network traffic?
A. true negative
B. false negative
C. false positive
D. true positive
Which event artifact is used to identity HTTP GET requests for a specific file?
A. destination IP address
B. TCP ACK
C. HTTP status code
Which security principle requires more than one person is required to perform a critical task?
A. least privilege
B. need to know
C. separation of duties
D. due diligence
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
A. Untampered images are used in the security investigation process
B. Tampered images are used in the security investigation process
C. The image is tampered if the stored hash and the computed hash match
D. Tampered images are used in the incident recovery process
E. The image is untampered if the stored hash and the computed hash match
What makes HTTPS traffic difficult to monitor?
A. SSL interception
B. packet header size
C. signature detection time
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?
A. Base64 encoding
B. transport layer security encryption
C. SHA-256 hashing
D. ROT13 encryption
What best describes the Security Operations Center (SOC)?
A. The SOC is usually responsible for monitoring and maintaining the overall network infrastructure, its primary function is to ensure uninterrupted network service.
B. A SOC is related to the people, processes, and technologies that are involved in providing situational awareness through the detection, containment, and remediation of information security threats.
C. The SOC is responsible for the physical security of a building or installation location.
D. The SOC and NOC are the same entity, with different names. They are responsible for the health and security of the network infrastructure.
Which term represents a potential danger that could take advantage of a weakness in a system?
Which artifact is used to uniquely identify a detected file?
A. file timestamp
B. file extension
C. file size
D. file hash
How does an attacker observe network traffic exchanged between two users?
A. port scanning
C. command injection
D. denial of service
Refer to the exhibit. Which event is occurring?
A. A binary named “submit” is running on VM cuckoo1.
B. A binary is being submitted to run on VM cuckoo1
C. A binary on VM cuckoo1 is being submitted for evaluation
D. A URL is being evaluated to see if it has a malicious binary
What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
A. decision making
B. rapid response
C. data mining
D. due diligence
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)
B. host IP addresses
C. file size
D. dropped files
E. domain names
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
A. queries Linux devices that have Microsoft Services for Linux installed
B. deploys Windows Operating Systems in an automated fashion
C. is an efficient tool for working with Active Directory
D. has a Common Information Model, which describes installed hardware and software
1.2020 Latest Braindump2go 200-201 Exam Dumps (PDF & VCE) Free Share:
2.2020 Latest Braindump2go 200-201 PDF and 200-201 VCE Dumps Free Share:
3.2020 Free Braindump2go 200-201 PDF Download:
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!