Real 200-201 dumps Accurate Questions and Answers with Free and Fast Updates [Q131-Q156] | DumpsMaterials

  • Home
  • Articles
  • Real 200-201 dumps Accurate Questions and Answers with Free and Fast Updates [Q131-Q156]

Real 200-201 dumps Accurate Questions and Answers with Free and Fast Updates [Q131-Q156]

Share

Real 200-201 dumps Accurate Questions and Answers with Free and Fast Updates

Real 200-201 Quesions Pass Certification Exams Easily

NEW QUESTION # 131
Which security principle requires more than one person is required to perform a critical task?

  • A. need to know
  • B. separation of duties
  • C. least privilege
  • D. due diligence

Answer: B


NEW QUESTION # 132
What are two denial-of-service (DoS) attacks? (Choose two)

  • A. SYN flood
  • B. man-in-the-middle
  • C. teardrop
  • D. port scan
  • E. phishing

Answer: A,B


NEW QUESTION # 133
Which security principle is violated by running all processes as root or administrator?

  • A. separation of duties
  • B. principle of least privilege
  • C. trusted computing base
  • D. role-based access control

Answer: B


NEW QUESTION # 134
Which regular expression matches "color" and "colour"?

  • A. colou?r
  • B. col[09]+our
  • C. colo?ur
  • D. col[08]+our

Answer: A


NEW QUESTION # 135
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

  • A. pivoting
  • B. stenography
  • C. encryption
  • D. fragmentation

Answer: B

Explanation:
Section: Security Concepts


NEW QUESTION # 136
Refer to the exhibit.

What is occurring in this network traffic?

  • A. Flood of ACK packets coming from a single source IP to multiple destination IPs.
  • B. High rate of SYN packets being sent from a multiple source towards a single destination IP.
  • C. Flood of SYN packets coming from a single source IP to a single destination IP.
  • D. High rate of ACK packets being sent from a single source IP towards multiple destination IPs.

Answer: C


NEW QUESTION # 137
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

Answer:

Explanation:


NEW QUESTION # 138
Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C


NEW QUESTION # 139
Refer to the exhibit.

An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email.
What is the state of this file?

  • A. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
  • B. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
  • C. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
  • D. The file has an embedded non-Windows executable but no suspicious features are identified.

Answer: B


NEW QUESTION # 140
Drag and drop the elements from the left into the correct order for incident handling on the right.

Answer:

Explanation:


NEW QUESTION # 141
Drag and drop the uses on the left onto the type of security system on the right.

Answer:

Explanation:


NEW QUESTION # 142
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

  • A. CD data copy prepared in Windows
  • B. CD data copy prepared in Mac-based system
  • C. CD data copy prepared in Android-based system
  • D. CD data copy prepared in Linux system

Answer: D


NEW QUESTION # 143
Which of these describes SOC metrics in relation to security incidents?

  • A. time it takes to detect the incident
  • B. probability of compromise and impact caused by the incident
  • C. probability of outage caused by the incident
  • D. time it takes to assess the risks of the incident

Answer: A


NEW QUESTION # 144
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

  • A. DAC is controlled by the operating system and MAC is controlled by an administrator
  • B. DAC is the strictest of all levels of control and MAC is object-based access
  • C. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
  • D. MAC is the strictest of all levels of control and DAC is object-based access

Answer: D


NEW QUESTION # 145
What is a benefit of agent-based protection when compared to agentless protection?

  • A. It provides a centralized platform
  • B. It collects and detects all traffic locally
  • C. It manages numerous devices simultaneously
  • D. It lowers maintenance costs

Answer: A

Explanation:
Section: Security Concepts


NEW QUESTION # 146
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

  • A. post-incident activity
  • B. detection and analysis
  • C. containment, eradication, and recovery
  • D. preparation

Answer: B


NEW QUESTION # 147
Refer to the exhibit.

A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?

  • A. cache bypassing attack: attacker is sending requests for noncacheable content
  • B. indicators of denial-of-service attack due to the frequency of requests
  • C. indicators of data exfiltration HTTP requests must be plain text
  • D. garbage flood attack attacker is sending garbage binary data to open ports

Answer: A


NEW QUESTION # 148
What does cyber attribution identify in an investigation?

  • A. cause of an attack
  • B. exploit of an attack
  • C. threat actors of an attack
  • D. vulnerabilities exploited

Answer: C


NEW QUESTION # 149
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.
Which identifier tracks an active program?

  • A. application identification number
  • B. process identification number
  • C. runtime identification number
  • D. active process identification number

Answer: B


NEW QUESTION # 150
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?

  • A. social engineering
  • B. eavesdropping
  • C. tailgating
  • D. piggybacking

Answer: A


NEW QUESTION # 151
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?

  • A. Run "ps -ef" to understand which processes are taking a high amount of resources.
  • B. Run "ps -u" to find out who executed additional processes that caused a high load on a server.
  • C. Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.
  • D. Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.

Answer: A


NEW QUESTION # 152
Refer to the exhibit.

Which component is identifiable in this exhibit?

  • A. Windows PowerShell verb
  • B. local service in the Windows Services Manager
  • C. Windows Registry hive
  • D. Trusted Root Certificate store on the local machine

Answer: C


NEW QUESTION # 153
What are the two characteristics of the full packet captures? (Choose two.)

  • A. Identifying network loops and collision domains.
  • B. Detecting common hardware faults and identify faulty assets.
  • C. Providing a historical record of a network transaction.
  • D. Reassembling fragmented traffic from raw data.
  • E. Troubleshooting the cause of security and performance issues.

Answer: C,D


NEW QUESTION # 154
Refer to the exhibit.

What is occurring in this network traffic?

  • A. flood of SYN packets coming from a single source IP to a single destination IP
  • B. high rate of SYN packets being sent from a single source IP towards multiple destination IPs
  • C. high rate of SYN packets being sent from a multiple source towards a single destination IP
  • D. flood of ACK packets coming from a single source IP to multiple destination IPs

Answer: A


NEW QUESTION # 155
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

  • A. confidentiality, identity, and availability
  • B. confidentiality, identity, and authorization
  • C. confidentiality, integrity, and authorization
  • D. confidentiality, integrity, and availability

Answer: D


NEW QUESTION # 156
......

200-201 Dumps are Available for Instant Access: https://www.dumpsmaterials.com/200-201-real-torrent.html

Practice with these 200-201 dumps Certification Sample Questions: https://drive.google.com/open?id=1x6IPxwHnoY3KOQ5MsOpRjyBt91sZBy2J

Related Articles

more
Cisco 200-201 Certification Practice Exam

DumpsMaterials dumps materials and dumps PDF will be your best choice. Please rest assured that our dumps materials and study materials will help you pass exams surely.

Latest Dumps Materials

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpsMaterials NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy