200-201 exam

DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right. View AnswerAnswer:

Refer to the exhibit. Which type of log is displayed?A . IDSB . proxyC . NetFlowD . sysView AnswerAnswer: D

Which two components reduce the attack surface on an endpoint? (Choose two.)A . secure bootB . load balancingC . increased audit log levelsD . restricting USB portsE . full packet captures at the endpointView AnswerAnswer: A,D

DRAG DROP Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the PCAP file on the right. View AnswerAnswer:

In a SOC environment, what is a vulnerability management metric?A . code signing enforcementB . full assets scanC . internet exposed devicesD . single factor authenticationView AnswerAnswer: D

What is the practice of giving an employee access to only the resources needed to accomplish their job?A . principle of least privilegeB . organizational separationC . separation of dutiesD . need to know principleView AnswerAnswer: A

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. What is the initial event called in the NIST SP800-61?A . online assaultB . precursorC . triggerD . instigatorView AnswerAnswer: B

What is the difference between the ACK flag and the RST flag in the NetFlow log session?A . The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is completeB . The ACK flag confirms the beginning of the...

Refer to the exhibit. What is occurring in this network traffic?A . high rate of SYN packets being sent from a multiple source towards a single destination IPB . high rate of SYN packets being sent from a single source IP towards multiple destination IPsC . flood of ACK packets...

Which event artifact is used to identify HTTP GET requests for a specific file?A . destination IP addressB . URIC . HTTP status codeD . TCP ACKView AnswerAnswer: B