200-201 exam

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?A . ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methodsB . ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methodsC . ClientHello, TLS versions it supports, cipher-suites...

Which attack method intercepts traffic on a switched network?A . denial of serviceB . ARP cache poisoningC . DHCP snoopingD . command and controlView AnswerAnswer: B Explanation: ARP cache poisoning is a type of attack that intercepts traffic on a switched network by sending spoofed ARP messages to associate the...

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?A . company assets that are threatenedB...

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?A . application identification numberB . active process identification numberC . runtime identification numberD . process identification numberView AnswerAnswer: D Explanation: In the context of Linux systems, each...

Which security technology allows only a set of pre-approved applications to run on a system?A . application-level blacklistingB . host-based IPSC . application-level whitelistingD . antivirusView AnswerAnswer: C Explanation: Application-level whitelisting is a security technology that allows only a set of pre-approved applications to run on a system, and blocks...

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)A . Untampered images are used in the security investigation processB . Tampered images are used in the security investigation processC . The image is tampered if the stored hash and the computed hash...

How is attacking a vulnerability categorized?A . action on objectivesB . deliveryC . exploitationD . installationView AnswerAnswer: C Explanation: Attacking a vulnerability is categorized as exploitation, which is the third phase of the cyberattack lifecycle. Exploitation is the process of taking advantage of a vulnerability in a system, application, or...

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?A . MAC is controlled by the discretion of the owner and DAC is controlled by an administratorB . MAC is the strictest of all levels of control and DAC is object-based accessC . DAC is controlled...

What causes events on a Windows system to show Event Code 4625 in the log messages?A . The system detected an XSS attackB . Someone is trying a brute force attack on the networkC . Another device is gaining root access to the systemD . A privileged user successfully logged...

An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?A . ransomware communicating after infectionB . users downloading copyrighted contentC . data exfiltrationD . user circumvention of the firewallView AnswerAnswer: C Explanation: Traffic with...