200-201 exam

An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication. Which obfuscation technique is the attacker using?A . Base64 encoding...

An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which...

Refer to the exhibit. Which type of log is displayed?A . IDS B. proxy C. NetFlow D. sysView AnswerAnswer: A Explanation: You also see the 5-tuple in IPS events, NetFlow records, and other event data. In fact, on the exam you may need to differentiate between a firewall log versus...

An engineer must compare NIST vs ISO frameworks. The engineer deeded to compare as readable documentation and also to watch a comparison video review. Using Windows 10 OS. the engineer started a browser and searched for a NIST document and then opened a new tab in the same browser and...

Refer to the exhibit. What is occurring in this network?A . ARP cache poisoning B. DNS cache poisoning C. MAC address table overflow D. MAC flooding attackView AnswerAnswer: A

What is the difference between a threat and a risk?A . Threat represents a potential danger that could take advantage of a weakness in a system B. Risk represents the known and identified loss or danger in the system C. Risk represents the nonintentional interaction with uncertainty in the system...

How does agentless monitoring differ from agent-based monitoring?A . Agentless can access the data via API. while agent-base uses a less efficient method and accesses log data through WMI. B. Agent-based monitoring is less intrusive in gathering log data, while agentless requires open ports to fetch the logs C. Agent-based...

A system administrator is ensuring that specific registry information is accurate. Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?A . file extension associations B. hardware, software, and security settings for the system C. currently logged in users, including folders and control panel settings D. all users on the...

An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data...

An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next...