200-201 Free Exam Study Guide! (Updated 312 Questions) 200-201 Dumps for CyberOps Associate Certified Exam Questions and Answer NEW QUESTION # 132 Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes? A. AWS B. IIS C. Proxy server D. Load balancer Answer: D Explanation:Load Balancing: HTTP(S) [...]

All Products Contact now

200-201 Free Exam Study Guide! (Updated 312 Questions) [Q132-Q155]

Share

200-201 Free Exam Study Guide! (Updated 312 Questions)

200-201 Dumps for CyberOps Associate Certified Exam Questions and Answer

NEW QUESTION # 132
Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?

  • A. AWS
  • B. IIS
  • C. Proxy server
  • D. Load balancer

Answer: D

Explanation:
Load Balancing: HTTP(S) load balancing is one of the oldest forms of load balancing. This form of load balancing relies on layer 7, which means it operates in the application layer. This allows routing decisions based on attributes like HTTP header, uniform resource identifier, SSL session ID, and HTML form data.
Load balancing applies to layers 4-7 in the seven-layer Open System Interconnection (OSI) model. Its capabilities are: L4. Directing traffic based on network data and transport layer protocols, e.g., IP address and TCP port. L7. Adds content switching to load balancing, allowing routing decisions depending on characteristics such as HTTP header, uniform resource identifier, SSL session ID, and HTML form data.
GSLB. Global Server Load Balancing expands L4 and L7 capabilities to servers in different sites


NEW QUESTION # 133
What causes events on a Windows system to show Event Code 4625 in the log messages?

  • A. The system detected an XSS attack
  • B. Another device is gaining root access to the system
  • C. Someone is trying a brute force attack on the network
  • D. A privileged user successfully logged into the system

Answer: C


NEW QUESTION # 134
Refer to the exhibit.

What is occurring?

  • A. ARP poisoning
  • B. DNS amplification
  • C. ARP flood
  • D. DNS tunneling

Answer: D


NEW QUESTION # 135
Refer to the exhibit.

A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

  • A. corroborative evidence
  • B. best evidence
  • C. direct evidence
  • D. indirect evidence

Answer: D


NEW QUESTION # 136
Refer to the exhibit.

An attacker scanned the server using Nmap.
What did the attacker obtain from this scan?

  • A. Gathered information on processes running on the server
  • B. Identified open SMB ports on the server
  • C. Identified a firewall device preventing the port state from being returned
  • D. Gathered a list of Active Directory users.

Answer: C


NEW QUESTION # 137
Which two elements are used for profiling a network? (Choose two.)

  • A. running processes
  • B. total throughput
  • C. OS fingerprint
  • D. listening ports
  • E. session duration

Answer: B,E

Explanation:
Explanation
A network profile should include some important elements, such as the following:
Total throughput - the amount of data passing from a given source to a given destination in a given period of time Session duration - the time between the establishment of a data flow and its termination Ports used - a list of TCP or UDP processes that are available to accept data Critical asset address space - the IP addresses or the logical location of essential systems or data Profiling data are data that system has gathered, these data helps for incident response and to detect incident Network profiling = throughput, sessions duration, port used, Critical Asset Address Space Host profiling = Listening ports, logged in accounts, running processes, running tasks,applications


NEW QUESTION # 138
Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email.
What is the state of this file?

  • A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
  • B. The file has an embedded non-Windows executable but no suspicious features are identified.
  • C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
  • D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.

Answer: C


NEW QUESTION # 139
Refer to the exhibit.

Which technology produced the log?

  • A. proxy
  • B. firewall
  • C. IPS/IDS
  • D. antivirus

Answer: C


NEW QUESTION # 140
Drag and drop the elements from the left into the correct order for incident handling on the right.

Answer:

Explanation:


NEW QUESTION # 141
Refer to the exhibit.

Which stakeholders must be involved when a company workstation is compromised?

  • A. Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7
  • B. Employee 4, Employee 6, Employee 7
  • C. Employee 1, Employee 2, Employee 4, Employee 5
  • D. Employee 2, Employee 3, Employee 4, Employee 5

Answer: D


NEW QUESTION # 142
Refer to the exhibit.

In which Linux log file is this output found?

  • A. /var/log/dmesg
  • B. /var/log/auth.log
  • C. var/log/var.log
  • D. /var/log/authorization.log

Answer: B


NEW QUESTION # 143
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received.
Which technology should the engineer use to accomplish this task?

  • A. Stealthwatch
  • B. Email Security Appliance
  • C. Firepower
  • D. Web Security Appliance

Answer: A


NEW QUESTION # 144
Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D


NEW QUESTION # 145
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?

  • A. IPFIX
  • B. NetFlow
  • C. NFlow
  • D. SFlow

Answer: A


NEW QUESTION # 146
Drag and drop the security concept on the left onto the example of that concept on the right.

Answer:

Explanation:


NEW QUESTION # 147
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

  • A. prima facie evidence
  • B. physical evidence
  • C. best evidence
  • D. indirect evidence

Answer: D


NEW QUESTION # 148
Drag and drop the type of evidence from the left onto the description of that evidence on the right.

Answer:

Explanation:

Explanation:
Graphical user interface, application Description automatically generated


NEW QUESTION # 149
Refer to the exhibit.

What is depicted in the exhibit?

  • A. UNIX-based syslog
  • B. IIS logs
  • C. Apache logs
  • D. Windows Event logs

Answer: C


NEW QUESTION # 150
Drag and drop the event term from the left onto the description on the right.

Answer:

Explanation:


NEW QUESTION # 151
Which piece of information is needed for attribution in an investigation?

  • A. known threat actor behavior
  • B. proxy logs showing the source RFC 1918 IP addresses
  • C. 802.1x RADIUS authentication pass arid fail logs
  • D. RDP allowed from the Internet

Answer: A

Explanation:
Actually this is the most important thing: know who, what, how, why, etc.. attack the network.


NEW QUESTION # 152
What is the difference between an attack vector and attack surface?

  • A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
  • B. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network.
  • C. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.
  • D. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.

Answer: D


NEW QUESTION # 153
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?

  • A. piggybacking
  • B. tailgating
  • C. eavesdropping
  • D. social engineering

Answer: D

Explanation:
Section: Security Monitoring


NEW QUESTION # 154
Which vulnerability type is used to read, write, or erase information from a database?

  • A. cross-site request forgery
  • B. cross-site scripting
  • C. SQL injection
  • D. buffer overflow

Answer: C


NEW QUESTION # 155
......

Use Real 200-201 Dumps - 100% Free 200-201 Exam Dumps: https://www.guidetorrent.com/200-201-pdf-free-download.html

Realistic Verified 200-201 exam dumps Q&As - 200-201 Free Update: https://drive.google.com/open?id=1y0sip4_tiCU0A0d_sx3Ee20MHg2dEpul

Related Articles

more
Cisco 200-201 Certification Practice Exam