200-201 Free Practice Test

What makes HTTPS traffic difficult to monitor?

1. A. SSL interception
2. B. packet header size
3. C. signature detection time
4. D. encryption

Correct Answer: D

Refer to the exhibit.

Which kind of attack method is depicted in this string?

1. A. cross-site scripting
2. B. man-in-the-middle
3. C. SQL injection
4. D. denial of service

Correct Answer: A

Which piece of information is needed for attribution in an investigation?

1. A. proxy logs showing the source RFC 1918 IP addresses
2. B. RDP allowed from the Internet
3. C. known threat actor behavior
4. D. 802.1x RADIUS authentication pass arid fail logs

Correct Answer: C
Actually this is the most important thing: know who, what, how, why, etc.. attack the network.

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

1. A. Untampered images are used in the security investigation process
2. B. Tampered images are used in the security investigation process
3. C. The image is tampered if the stored hash and the computed hash match
4. D. Tampered images are used in the incident recovery process
5. E. The image is untampered if the stored hash and the computed hash match

Correct Answer: AE
Cert Guide by Omar Santos, Chapter 9 - Introduction to digital Forensics. "When you collect evidence, you must protect its integrity. This involves making sure that nothing is added to the evidence and that nothing is deleted or destroyed (this is known as evidence preservation)."

Refer to the exhibit.

What is shown in this PCAP file?

1. A. Timestamps are indicated with error.
2. B. The protocol is TCP.
3. C. The User-Agent is Mozilla/5.0.
4. D. The HTTP GET is encoded.

Correct Answer: D