This page was exported from New Braindump2go Exam Dumps
[
https://www.eccouncildumps.com
]
Export date: Thu Mar 28 12:20:05 2024 / +0000 GMT
September/2021 Latest Braindump2go 200-201 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 200-201 Real Exam Questions! QUESTION 172 A. Isolate the infected endpoint from the network. Answer: C QUESTION 173 A. sandbox Answer: A QUESTION 174 A. Recovery Answer: B QUESTION 175 A. statistical data Answer: C QUESTION 176 A. SQL injection Answer: A QUESTION 177 A. SQL injection Answer: D QUESTION 178 A. event name, log source, time, source IP, and host name Answer: B QUESTION 179 A. obtaining disposed documents from an organization Answer: D QUESTION 180 A. additional PPTP traffic due to Windows clients Answer: D QUESTION 181 A. True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them. Answer: C QUESTION 182 A. by most active source IP Answer: C QUESTION 183 A. an organizational approach to events that could lead to asset loss or disruption of operations Answer: C QUESTION 184 A. incorrect TCP handshake Answer: A QUESTION 185 A. malware author Answer: A QUESTION 186 A. indirect Answer: D QUESTION 187 A. A security practice focused on clarifying and narrowing intrusion points. Answer: C QUESTION 188 A. installation Answer: A QUESTION 189 A. digital certificates Answer: D QUESTION 190 A. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis. Answer: A QUESTION 191 A. availability Answer: D 1.2021 Latest Braindump2go 200-201 Exam Dumps (PDF & VCE) Free Share: 2.2021 Latest Braindump2go 200-201 PDF and 200-201 VCE Dumps Free Share: 3.2021 Free Braindump2go 200-201 Exam Questions Download: Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family.
According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?
B. Perform forensics analysis on the infected endpoint.
C. Collect public information on the malware behavior.
D. Prioritize incident handling based on the impact.
Which technology on a host is used to isolate a running application from other applications?
B. application allow list
C. application block list
D. host-based firewall
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred.
According to the NIST Incident Handling Guide, what is the next phase of this investigation?
B. Detection
C. Eradication
D. Analysis
Which data type is necessary to get information about source/destination ports?
B. session data
C. connectivity data
D. alert data
Refer to the exhibit. Which type of attack is being executed?
B. cross-site scripting
C. cross-site request forgery
D. command injection
Which attack represents the evasion technique of resource exhaustion?
B. man-in-the-middle
C. bluesnarfing
D. denial-of-service
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
B. protocol, source IP, source port, destination IP, and destination port
C. event name, log source, time, source IP, and username
D. protocol, log source, source IP, destination IP, and host name
Which event is a vishing attack?
B. using a vulnerability scanner on a corporate network
C. setting up a rogue access point near a public hotspot
D. impersonating a tech support agent during a phone call
What is indicated by an increase in IPv4 traffic carrying protocol 41 ?
B. unauthorized peer-to-peer traffic
C. deployment of a GRE network on top of an existing Layer 3 network
D. attempts to tunnel IPv6 traffic through an IPv4 network
What is the impact of false positive alerts on business compared to true positive?
B. True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks Identified as harmless.
C. False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.
D. False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?
B. by most used ports
C. based on the protocols used
D. based on the most used applications
What is an incident response plan?
B. an organizational approach to security management to ensure a service lifecycle and continuous improvements
C. an organizational approach to disaster recovery and timely restoration ot operational services
D. an organizational approach to system backup and data archiving aligned to regulations
An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN.
What is causing this issue?
B. incorrect UDP handshake
C. incorrect OSI configuration
D. incorrect snaplen configuration
A security incident occurred with the potential of impacting business services. Who performs the attack?
B. threat actor
C. bug bounty hunter
D. direct competitor
Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced.
How should this type of evidence be categorized?
B. circumstantial
C. corroborative
D. best
W[^t is vulnerability management?
B. A security practice of performing actions rather than acknowledging the threats.
C. A process to identify and remediate existing weaknesses.
D. A process to recover from service interruptions and restore business-critical applications
A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?
B. reconnaissance
C. weaponization
D. delivery
An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?
B. static IP addresses
C. signatures
D. cipher suite
What is a difference between data obtained from Tap and SPAN ports?
B. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
C. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
B. confidentiality
C. scope
D. integrity
Resources From:
https://www.braindump2go.com/200-201.html
https://drive.google.com/drive/folders/1fTPALtM-eluHFw8sUjNGF7Y-ofOP3s-M?usp=sharing
https://www.braindump2go.com/free-online-pdf/200-201-PDF-Dumps(172-191).pdf
Post date: 2021-09-15 06:54:01
Post date GMT: 2021-09-15 06:54:01
Post modified date: 2021-09-15 06:54:01
Post modified date GMT: 2021-09-15 06:54:01
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com