This page was exported from Top Exam Collection [ http://blog.topexamcollection.com ]

Export date:Tue Apr 8 23:50:09 2025 / +0000 GMT

___________________________________________________


Title: 200-201 Practice Exam Tests Latest Updated on Jun-2022 [Q61-Q76]

---------------------------------------------------


 200-201 Practice Exam Tests Latest Updated on Jun-2022
Pass 200-201 Exam in First Attempt Guaranteed Dumps!


NO.61 Which security technology allows only a set of pre-approved applications to run on a system?
&nbsp;application-level blacklisting
&nbsp;host-based IPS
&nbsp;application-level whitelisting
&nbsp;antivirus
NO.62 Which two elements are used for profiling a network? (Choose two.)
&nbsp;session duration
&nbsp;total throughput
&nbsp;running processes
&nbsp;listening ports
&nbsp;OS fingerprint
ExplanationA network profile should include some important elements, such as the following:Total throughput &#8211; the amount of data passing from a given source to a given destination in a given period of time Session duration &#8211; the time between the establishment of a data flow and its termination Ports used &#8211; a list of TCP or UDP processes that are available to accept data Critical asset address space &#8211; the IP addresses or the logical location of essential systems or data Profiling data are data that system has gathered, these data helps for incident response and to detect incident Network profiling = throughput, sessions duration, port used, Critical Asset Address Space Host profiling = Listening ports, logged in accounts, running processes, running tasks,applicationsNO.63 Which type of data consists of connection level, application-specific records generated from network traffic?
&nbsp;transaction data
&nbsp;location data
&nbsp;statistical data
&nbsp;alert data
Section: Security MonitoringExplanation/Reference:NO.64 You have identified a malicious file in a sandbox analysis tool. Which piece of file information from the analysis is needed to search for additional downloads of this file by other hosts?
&nbsp;file name
&nbsp;file hash value
&nbsp;file type
&nbsp;file size
NO.65 What makes HTTPS traffic difficult to monitor?
&nbsp;SSL interception
&nbsp;packet header size
&nbsp;signature detection time
&nbsp;encryption
NO.66 What is personally identifiable information that must be safeguarded from unauthorized access?
&nbsp;date of birth
&nbsp;driver&#8217;s license number
&nbsp;gender
&nbsp;zip code
NO.67 Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
&nbsp;A policy violation is active for host 10.10.101.24.
&nbsp;A host on the network is sending a DDoS attack to another inside host.
&nbsp;There are two active data exfiltration alerts.
&nbsp;A policy violation is active for host 10.201.3.149.
Section: Host-Based AnalysisNO.68 How does an attack surface differ from an attack vector?
&nbsp;An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.
&nbsp;An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.
&nbsp;An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.
&nbsp;An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation
NO.69 A security incident occurred with the potential of impacting business services. Who performs the attack?
&nbsp;malware author
&nbsp;threat actor
&nbsp;bug bounty hunter
&nbsp;direct competitor
NO.70 An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.What is the initial event called in the NIST SP800-61?
&nbsp;online assault
&nbsp;precursor
&nbsp;trigger
&nbsp;instigator
ExplanationA precursor is a sign that a cyber-attack is about to occur on a system or network. An indicator is the actual alerts that are generated as an attack is happening. Therefore, as a security professional, it&#8217;s important to know where you can find both precursor and indicator sources of information.The following are common sources of precursor and indicator information:* Security Information and Event Management (SIEM)* Anti-virus and anti-spam software* File integrity checking applications/software* Logs from various sources (operating systems, devices, and applications)* People who report a security incidenthttps://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdfNO.71 One of the objectives of information security is to protect the CIA of information and systems.What does CIA mean in this context?
&nbsp;confidentiality, identity, and authorization
&nbsp;confidentiality, integrity, and authorization
&nbsp;confidentiality, identity, and availability
&nbsp;confidentiality, integrity, and availability
Section: Security ConceptsNO.72 A malicious file has been identified in a sandbox analysis tool.Which piece of information is needed to search for additional downloads of this file by other hosts?
&nbsp;file type
&nbsp;file size
&nbsp;file name
&nbsp;file hash value
NO.73 What is the practice of giving an employee access to only the resources needed to accomplish their job?
&nbsp;principle of least privilege
&nbsp;organizational separation
&nbsp;separation of duties
&nbsp;need to know principle
Section: Security ConceptsNO.74 What is a difference between SIEM and SOAR?
&nbsp;SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.
&nbsp;SlEM&#8217;s primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.
&nbsp;SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.
&nbsp;SOAR&#8217;s primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.
NO.75 Refer to the exhibit.Which technology generates this log?
&nbsp;NetFlow
&nbsp;IDS
&nbsp;web proxy
&nbsp;firewall
NO.76 An analyst is exploring the functionality of different operating systems.What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
&nbsp;queries Linux devices that have Microsoft Services for Linux installed
&nbsp;deploys Windows Operating Systems in an automated fashion
&nbsp;is an efficient tool for working with Active Directory
&nbsp;has a Common Information Model, which describes installed hardware and software
&nbsp;Loading &#8230;


CyberOps Associate Free Certification Exam Material from TopExamCollection with 242 Questions: https://www.topexamcollection.com/200-201-vce-collection.html


---------------------------------------------------


Images: https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif

https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif


---------------------------------------------------


---------------------------------------------------


Post date: 2022-06-14 23:03:27

Post date GMT: 2022-06-14 23:03:27

Post modified date: 2022-06-14 23:03:27

Post modified date GMT: 2022-06-14 23:03:27