200-201 Free Practice Test

Refer to the exhibit.

In which Linux log file is this output found?

1. A. /var/log/authorization.log
2. B. /var/log/dmesg
3. C. var/log/var.log
4. D. /var/log/auth.log

Correct Answer: D

A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?

1. A. installation
2. B. reconnaissance
3. C. weaponization
4. D. delivery

Correct Answer: D

Refer to the exhibit.

What is occurring in this network traffic?

1. A. High rate of SYN packets being sent from a multiple source towards a single destination IP.
2. B. High rate of ACK packets being sent from a single source IP towards multiple destination IPs.
3. C. Flood of ACK packets coming from a single source IP to multiple destination IPs.
4. D. Flood of SYN packets coming from a single source IP to a single destination IP.

Correct Answer: D

What is a difference between signature-based and behavior-based detection?

1. A. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
2. B. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
3. C. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
4. D. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Correct Answer: B
Instead of searching for patterns linked to specific types of attacks, behavior-based IDS solutions monitor behaviors that may be linked to attacks, increasing the likelihood of identifying and mitigating a malicious action before the network is compromised.
https://accedian.com/blog/what-is-the-difference-between-signature-based-and-behavior-based-ids/

Which security model assumes an attacker within and outside of the network and enforces strict verification
before connecting to any system or resource within the organization?

1. A. Biba
2. B. Object-capability
3. C. Take-Grant
4. D. Zero Trust

Correct Answer: D
Zero Trust security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.