200-201 Free Practice Test

Which regular expression is needed to capture the IP address 192.168.20.232?

1. A. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}
2. B. ^ (?:[0-9]f1,3}\.){1,4}
3. C. ^ (?:[0-9]{1,3}\.)'
4. D. ^ ([0-9]-{3})

Correct Answer: A

Refer to the exhibit.

An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?

1. A. indirect
2. B. circumstantial
3. C. corroborative
4. D. best

Correct Answer: C
Indirect=circumstantail so there is no posibility to match A or B (only one answer is needed in this question). For suer it's not a BEST evidence - this FW data inform only of DROPPED traffic. If smth happend inside network, presented evidence could be used to support other evidences or make our narreation stronger but alone it's mean nothing.

In a SOC environment, what is a vulnerability management metric?

1. A. code signing enforcement
2. B. full assets scan
3. C. internet exposed devices
4. D. single factor authentication

Correct Answer: C

Which two elements of the incident response process are stated in NIST SP 800-61 r2? (Choose two.)

1. A. detection and analysis
2. B. post-incident activity
3. C. vulnerability scoring
4. D. vulnerability management
5. E. risk assessment

Correct Answer: AB

The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?

1. A. actions
2. B. delivery
3. C. reconnaissance
4. D. installation

Correct Answer: B