200-201 Free Practice Test

Which system monitors local system operation and local network access for violations of a security policy?

1. A. host-based intrusion detection
2. B. systems-based sandboxing
3. C. host-based firewall
4. D. antivirus

Correct Answer: A
HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

What is a benefit of using asymmetric cryptography?

1. A. decrypts data with one key
2. B. fast data transfer
3. C. secure data transfer
4. D. encrypts data with one key

Correct Answer: C

Which piece of information is needed for attribution in an investigation?

1. A. proxy logs showing the source RFC 1918 IP addresses
2. B. RDP allowed from the Internet
3. C. known threat actor behavior
4. D. 802.1x RADIUS authentication pass arid fail logs

Correct Answer: C
Actually this is the most important thing: know who, what, how, why, etc.. attack the network.

An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

1. A. signatures
2. B. host IP addresses
3. C. file size
4. D. dropped files
5. E. domain names

Correct Answer: BE

A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

1. A. event name, log source, time, source IP, and host name
2. B. protocol, source IP, source port, destination IP, and destination port
3. C. event name, log source, time, source IP, and username
4. D. protocol, log source, source IP, destination IP, and host name

Correct Answer: B