200-201 Free Practice Test

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

1. A. Untampered images are used in the security investigation process
2. B. Tampered images are used in the security investigation process
3. C. The image is tampered if the stored hash and the computed hash match
4. D. Tampered images are used in the incident recovery process
5. E. The image is untampered if the stored hash and the computed hash match

Correct Answer: AE
Cert Guide by Omar Santos, Chapter 9 - Introduction to digital Forensics. "When you collect evidence, you must protect its integrity. This involves making sure that nothing is added to the evidence and that nothing is deleted or destroyed (this is known as evidence preservation)."

Refer to the exhibit.

What is shown in this PCAP file?

1. A. Timestamps are indicated with error.
2. B. The protocol is TCP.
3. C. The User-Agent is Mozilla/5.0.
4. D. The HTTP GET is encoded.

Correct Answer: D

Which security monitoring data type requires the largest storage space?

1. A. transaction data
2. B. statistical data
3. C. session data
4. D. full packet capture

Correct Answer: D

Refer to the exhibit.

Which type of log is displayed?

1. A. IDS
2. B. proxy
3. C. NetFlow
4. D. sys

Correct Answer: A
You also see the 5-tuple in IPS events, NetFlow records, and other event data. In fact, on the exam you may need to differentiate between a firewall log versus a traditional IPS or IDS event. One of the things to remember is that traditional IDS and IPS use signatures, so an easy way to differentiate is by looking for a signature ID (SigID). If you see a signature ID, then most definitely the event is a traditional IPS or IDS event.

What is the difference between the rule-based detection when compared to behavioral detection?

1. A. Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.
2. B. Rule-Based systems have established patterns that do not change with new data, while behavioral changes.
3. C. Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
4. D. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.

Correct Answer: D