200-201 Free Practice Test

Which technology prevents end-device to end-device IP traceability?

1. A. encryption
2. B. load balancing
3. C. NAT/PAT
4. D. tunneling

Correct Answer: C

What is a difference between an inline and a tap mode traffic monitoring?

1. A. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.
2. B. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.
3. C. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.
4. D. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

Correct Answer: D

Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?

1. A. src=10.11.0.0/16 and dst=10.11.0.0/16
2. B. ip.src==10.11.0.0/16 and ip.dst==10.11.0.0/16
3. C. ip.src=10.11.0.0/16 and ip.dst=10.11.0.0/16
4. D. src==10.11.0.0/16 and dst==10.11.0.0/16

Correct Answer: B

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

1. A. Untampered images are used in the security investigation process
2. B. Tampered images are used in the security investigation process
3. C. The image is tampered if the stored hash and the computed hash match
4. D. Tampered images are used in the incident recovery process
5. E. The image is untampered if the stored hash and the computed hash match

Correct Answer: AE
Cert Guide by Omar Santos, Chapter 9 - Introduction to digital Forensics. "When you collect evidence, you must protect its integrity. This involves making sure that nothing is added to the evidence and that nothing is deleted or destroyed (this is known as evidence preservation)."

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

1. A. ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
2. B. ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods
3. C. ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods
4. D. ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

Correct Answer: C