Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
200-201
Free trial
Verified
Question 51
Refer to the exhibit. What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?
- A: insert TCP subdissectors
- B: extract a file from a packet capture
- C: disable TCP streams
- D: unfragment TCP
Question 52
Which type of data collection requires the largest amount of storage space?
- A: alert data
- B: transaction data
- C: session data
- D: full packet capture
Question 53
An analyst discovers that a legitimate security alert has been dismissed.
Which signature caused this impact on network traffic?
- A: true negative
- B: false negative
- C: false positive
- D: true positive
Question 54
Which signature impacts network traffic by causing legitimate traffic to be blocked?
- A: false negative
- B: true positive
- C: true negative
- D: false positive
Question 55
Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)
- A: UDP port to which the traffic is destined
- B: TCP port from which the traffic was sourced
- C: source IP address of the packet
- D: destination IP address of the packet
- E: UDP port from which the traffic is sourced
Question 56
Which security principle is violated by running all processes as root or administrator?
- A: principle of least privilege
- B: role-based access control
- C: separation of duties
- D: trusted computing base
Question 57
Which HTTP header field is used in forensics to identify the type of browser used?
- A: referrer
- B: host
- C: user-agent
- D: accept-language
Question 58
Which event artifact is used to identify HTTP GET requests for a specific file?
- A: destination IP address
- B: TCP ACK
- C: HTTP status code
- D: URI
Question 59
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
- A: Tapping interrogation replicates signals to a separate port for analyzing traffic
- B: Tapping interrogations detect and block malicious traffic
- C: Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
- D: Inline interrogation detects malicious traffic but does not block the traffic
Question 60
At which layer is deep packet inspection investigated on a firewall?
- A: internet
- B: transport
- C: application
- D: data link
Question 61
DRAG DROP -
Drag and drop the access control models from the left onto its corresponding descriptions on the right.
Select and Place:
Question 62
DRAG DROP -
Drag and drop the event term from the left onto the description on the right.
Select and Place:
Question 63
Refer to the exhibit. What is occurring?
- A: insecure deserialization
- B: cross-site scripting attack
- C: XML External Entities attack
- D: regular GET requests
Question 64
What is a difference between data obtained from Tap and SPAN ports?
- A: SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
- B: Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
- C: SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
- D: Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination.
Question 65
DRAG DROP -
Drag and drop the data source from the left onto the data type on the right.
Select and Place:
That’s the end of your free questions
You’ve reached the preview limit for 200-201Consider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!