200-201 Free Practice Test

Which security monitoring data type requires the largest storage space?

1. A. transaction data
2. B. statistical data
3. C. session data
4. D. full packet capture

Correct Answer: D

Refer to the exhibit.

Which type of log is displayed?

1. A. IDS
2. B. proxy
3. C. NetFlow
4. D. sys

Correct Answer: A
You also see the 5-tuple in IPS events, NetFlow records, and other event data. In fact, on the exam you may need to differentiate between a firewall log versus a traditional IPS or IDS event. One of the things to remember is that traditional IDS and IPS use signatures, so an easy way to differentiate is by looking for a signature ID (SigID). If you see a signature ID, then most definitely the event is a traditional IPS or IDS event.

What is the difference between the rule-based detection when compared to behavioral detection?

1. A. Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.
2. B. Rule-Based systems have established patterns that do not change with new data, while behavioral changes.
3. C. Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
4. D. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.

Correct Answer: D

Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

1. A. forgery attack
2. B. plaintext-only attack
3. C. ciphertext-only attack
4. D. meet-in-the-middle attack

Correct Answer: C

Which security technology allows only a set of pre-approved applications to run on a system?

1. A. application-level blacklisting
2. B. host-based IPS
3. C. application-level whitelisting
4. D. antivirus

Correct Answer: C