200-201 Free Practice Test

Refer to the exhibit.

An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command. How must the engineer interpret the results?

1. A. The web application is receiving a common, legitimate traffic
2. B. The engineer must gather more data.
3. C. The web application server is under a denial-of-service attack.
4. D. The server is under a man-in-the-middle attack between the web application and its database

Correct Answer: C

A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs. Which technology should be used to accomplish this task?

1. A. application whitelisting/blacklisting
2. B. network NGFW
3. C. host-based IDS
4. D. antivirus/antispyware software

Correct Answer: A

What is the difference between inline traffic interrogation and traffic mirroring?

1. A. Inline interrogation is less complex as traffic mirroring applies additional tags to data.
2. B. Traffic mirroring copies the traffic rather than forwarding it directly to the analysis tools
3. C. Inline replicates the traffic to preserve integrity rather than modifying packets before sending them to other analysis tools.
4. D. Traffic mirroring results in faster traffic analysis and inline is considerably slower due to latency.

Correct Answer: A

An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist Further analysis shows that the threat actor connected an externa USB device to bypass security restrictions and steal data The engineer could not find an external USB device Which piece of information must an engineer use for attribution in an investigation?

1. A. list of security restrictions and privileges boundaries bypassed
2. B. external USB device
3. C. receptionist and the actions performed
4. D. stolen data and its criticality assessment

Correct Answer: C

Refer to the exhibit.

An engineer is analyzing a PCAP file after a recent breach An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access How did the attacker gain access?

1. A. by using the buffer overflow in the URL catcher feature for SSH
2. B. by using an SSH Tectia Server vulnerability to enable host-based authentication
3. C. by using an SSH vulnerability to silently redirect connections to the local host
4. D. by using brute force on the SSH service to gain access

Correct Answer: C