200-201 Free Practice Test

Refer to the exhibit.

What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?

1. A. insert TCP subdissectors
2. B. extract a file from a packet capture
3. C. disable TCP streams
4. D. unfragment TCP

Correct Answer: D

An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

1. A. The computer has a HIPS installed on it.
2. B. The computer has a NIPS installed on it.
3. C. The computer has a HIDS installed on it.
4. D. The computer has a NIDS installed on it.

Correct Answer: C

What is the difference between the ACK flag and the RST flag?

1. A. The RST flag approves the connection, and the ACK flag terminates spontaneous connections.
2. B. The ACK flag confirms the received segment, and the RST flag terminates the connection.
3. C. The RST flag approves the connection, and the ACK flag indicates that a packet needs to be resent
4. D. The ACK flag marks the connection as reliable, and the RST flag indicates the failure within TCP Handshake

Correct Answer: B

Which event is user interaction?

1. A. gaining root access
2. B. executing remote code
3. C. reading and writing file permission
4. D. opening a malicious file

Correct Answer: D

How does statistical detection differ from rule-based detection?

1. A. Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.
2. B. Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules
3. C. Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function Rule-based detection defines
4. D. legitimate data over a period of time, and statistical detection works on a predefined set of rules

Correct Answer: B