The Realest Study Materials 200-201 Dumps Updated Apr 04, 2023 [Q93-Q115]

The Realest Study Materials 200-201 Dumps Updated Apr 04, 2023

LATEST 200-201 Exam Practice Material

NEW QUESTION # 93
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is the impact of this traffic?

A. user circumvention of the firewall
B. ransomware communicating after infection
C. data exfiltration
D. users downloading copyrighted content

Answer: A

NEW QUESTION # 94
According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim's workstations using RDP exploits Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?

A. whale-phishing
B. malware attack
C. insider threat
D. ransomware attack

Answer: D

NEW QUESTION # 95
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

A. Perform forensics analysis on the infected endpoint.
B. Prioritize incident handling based on the impact.
C. Collect public information on the malware behavior.
D. Isolate the infected endpoint from the network.

Answer: C

NEW QUESTION # 96
Refer to the exhibit.

What does the message indicate?

A. a denied access attempt was made to retrieve the password file
B. a successful access attempt was made to retrieve the password file
C. an access attempt was made from the Mosaic web browser
D. a successful access attempt was made to retrieve the root of the website

Answer: D

NEW QUESTION # 97
What is a difference between SIEM and SOAR?

A. SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.
B. SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.
C. SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.
D. SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.

Answer: C

NEW QUESTION # 98
Which event is a vishing attack?

A. obtaining disposed documents from an organization
B. setting up a rogue access point near a public hotspot
C. impersonating a tech support agent during a phone call
D. using a vulnerability scanner on a corporate network

Answer: C

NEW QUESTION # 99

Refer to the exhibit. Which application protocol is in this PCAP file?

A. SSH
B. HTTP
C. TCP
D. TLS

Answer: C

NEW QUESTION # 100
What is a difference between data obtained from Tap and SPAN ports?

A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
B. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
C. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination
D. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.

Answer: A

NEW QUESTION # 101
Refer to the exhibit.

Which type of log is displayed?

A. sys
B. proxy
C. IDS
D. NetFlow

Answer: D

NEW QUESTION # 102
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
* If the process is unsuccessful, a negative value is returned.
* If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.
Which component results from this operation?

A. new process created by parent process
B. process spawn scheduled
C. macros for managing CPU sets
D. parent directory name of a file pathname

Answer: A

NEW QUESTION # 103
Refer to the exhibit.

What should be interpreted from this packet capture?

A. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.
B. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.
C. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.
D. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Answer: A

NEW QUESTION # 104
Drag and drop the access control models from the left onto the correct descriptions on the right.

Answer:

Explanation:

NEW QUESTION # 105
Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

A. A policy violation is active for host 10.10.101.24.
B. There are three active data exfiltration alerts.
C. A host on the network is sending a DDoS attack to another inside host.
D. A policy violation is active for host 10.201.3.149.

Answer: B

Explanation:
Explanation
"EX" = exfiltration
And there are three.
Also the "suspect long flow" and "suspect data heading" suggest, for example, DNS exfiltration
https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/smc_users_guide/SW_6 page 177.

NEW QUESTION # 106
Refer to the exhibit.

Which kind of attack method is depicted in this string?

A. denial of service
B. SQL injection
C. man-in-the-middle
D. cross-site scripting

Answer: D

NEW QUESTION # 107
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

Answer:

Explanation:

Explanation
Delivery: This step involves transmitting the weapon to the target.
Weaponization: In this step, the intruder creates a malware weapon like a virus, worm or such in order to exploit the vulnerabilities of the target. Depending on the target and the purpose of the attacker, this malware can exploit new, undetected vulnerabilities (also known as the zero-day exploits) or it can focus on a combination of different vulnerabilities.
Reconnaissance: In this step, the attacker / intruder chooses their target. Then they conduct an in-depth research on this target to identify its vulnerabilities that can be exploited.

NEW QUESTION # 108
Refer to the exhibit.

What does the message indicate?

A. a denied access attempt was made to retrieve the password file
B. a successful access attempt was made to retrieve the password file
C. an access attempt was made from the Mosaic web browser
D. a successful access attempt was made to retrieve the root of the website

Answer: D

NEW QUESTION # 109
In a SOC environment, what is a vulnerability management metric?

A. full assets scan
B. code signing enforcement
C. single factor authentication
D. internet exposed devices

Answer: D

NEW QUESTION # 110
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

A. availability
B. integrity
C. confidentiality
D. scope

Answer: B

NEW QUESTION # 111
During which phase of the forensic process are tools and techniques used to extract information from the collected data?

A. examination
B. reporting
C. collection
D. investigation

Answer: C

NEW QUESTION # 112
Refer to the exhibit.

What must be interpreted from this packet capture?

A. IP address 192.168.88.149 is communicating with 192.168 88.12 with a source port 80 to destination port 49098 using TCP protocol.
B. IP address 192.168.88.149 is communicating with 192.168.88.12 with a source port 49098 to destination port 80 using TCP protocol.
C. IP address 192.168.88 12 is communicating with 192 168 88 149 with a source port 74 to destination port 49098 using TCP protocol
D. IP address 192.168.88.12 is communicating with 192 168 88 149 with a source port 49098 to destination port 80 using TCP protocol.

Answer: D

NEW QUESTION # 113
What is the difference between deep packet inspection and stateful inspection?

A. Deep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4.
B. Stateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention.
C. Stateful inspection verifies data at the transport layer and deep packet inspection verifies data at the application layer
D. Deep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention.

Answer: D

NEW QUESTION # 114
Drag and drop the security concept from the left onto the example of that concept on the right.