最新版を今すぐ試そう![2024年08月] 試験準備には欠かさない!200-201問題集 [Q42-Q62]

Share

最新版を今すぐ試そう![2024年08月] 試験準備には欠かさない!200-201問題集

有能な受験者がシミュレーション済みの200-201試験PDF問題を試そう

質問 # 42
Refer to the exhibit.

During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?

  • A. antivirus
  • B. IDS/IPS
  • C. proxy
  • D. firewall

正解:D


質問 # 43
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?

  • A. network NGFW
  • B. antivirus/antispyware software
  • C. host-based IDS
  • D. application whitelisting/blacklisting

正解:D

解説:
Application whitelisting/blacklisting is a technology used to control which applications are allowed to execute on a company's corporate PCs. Whitelisting allows only approved applications to run, while blacklisting prevents specific applications from running. This approach is effective for managing application usage across an enterprise.


質問 # 44
Drag and drop the technology on the left onto the data type the technology provides on the right.

正解:

解説:


質問 # 45
A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers A SOC analyst checked the endpoints and discovered that they are infected and became part of the botnet Endpoints are sending multiple DNS requests but with spoofed IP addresses of valid external sources What kind of attack are infected endpoints involved in1?

  • A. DNS amplification
  • B. DNS hijacking
  • C. DNS flooding
  • D. DNS tunneling

正解:A


質問 # 46
An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?

  • A. ^File: Clean$
  • B. File: Clean (.*)
  • C. ^Parent File Clean$
  • D. File: Clean

正解:D


質問 # 47
Which process represents the application-level allow list?

  • A. allowing specific files and deny everything else
  • B. allowing everything and denying specific executable files
  • C. allowing everything and denying specific applications protocols
  • D. allowing specific format files and deny executable files

正解:A

解説:
Application-level allow list refers to the practice of specifying an index of approved applications that are permitted to be executed in a system environment or network, which means only specific files are allowed while everything else is denied by default, enhancing security.


質問 # 48
What matches the regular expression c(rgr)+e?

  • A. crgrrgre
  • B. np+e
  • C. c(rgr)e
  • D. ce

正解:A

解説:
The regular expression c(rgr)+e matches strings where "rgr" occurs one or more times between "c" and "e".
The string "crgrrgre" fits this pattern as it has the sequence "rgr" repeated twice between "c" and "e". The plus sign (+) in the regular expression indicates that the preceding element must appear one or more times for a match to occur


質問 # 49
What is a difference between tampered and untampered disk images?

  • A. Untampered images are deliberately altered to preserve as evidence.
  • B. Tampered images have the same stored and computed hash.
  • C. Tampered images are used as evidence.
  • D. Untampered images are used for forensic investigations.

正解:C


質問 # 50
An engineer is investigating a case of the unauthorized usage of the "Tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?

  • A. all firewall alerts and resulting mitigations
  • B. all information and data within the datagram
  • C. tagged ports being used on the network
  • D. tagged protocols being used on the network

正解:C


質問 # 51
What are two denial-of-service (DoS) attacks? (Choose two)

  • A. teardrop
  • B. man-in-the-middle
  • C. port scan
  • D. phishing
  • E. SYN flood

正解:B、E


質問 # 52
What is a difference between tampered and untampered disk images?

  • A. Untampered images are deliberately altered to preserve as evidence.
  • B. Tampered images have the same stored and computed hash.
  • C. Untampered images are used for forensic investigations.
  • D. Tampered images are used as evidence.

正解:C

解説:
The difference between tampered and untampered disk images is:
* Tampered Images: These are disk images that have been altered or modified in some way after their initial creation. The stored hash and the computed hash will not match if the image has been tampered with.
* Untampered Images: These are disk images that have not been altered since their creation. They are considered authentic and reliable for forensic investigations. The stored hash and the computed hash will match, confirming that the image has remained unchanged.
Therefore, the correct answer is: D. Untampered images are used for forensic investigations.


質問 # 53
Refer to the exhibit.

Which kind of attack method is depicted in this string?

  • A. denial of service
  • B. SQL injection
  • C. man-in-the-middle
  • D. cross-site scripting

正解:D


質問 # 54
What ate two categories of DDoS attacks? (Choose two.)

  • A. direct
  • B. reflected
  • C. scanning
  • D. split brain
  • E. phishing

正解:A、B


質問 # 55
Which regex matches only on all lowercase letters?

  • A. [a−z]+
  • B. a*z+
  • C. a−z+
  • D. [^a−z]+

正解:A

解説:
Section: Network Intrusion Analysis


質問 # 56
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

  • A. The image is untampered if the stored hash and the computed hash match
  • B. Tampered images are used in the incident recovery process
  • C. Tampered images are used in the security investigation process
  • D. Untampered images are used in the security investigation process
  • E. The image is tampered if the stored hash and the computed hash match

正解:A、D

解説:
Untampered images are crucial for security investigations as they provide original evidence that has not been altered or corrupted; their integrity and authenticity can be verified by comparing the stored hash and the computed hash of the image. If they match, the image is untampered and can be used for analysis. Tampered images, on the other hand, are useless for security investigations as they may contain false or misleading information; their integrity and authenticity are compromised by the modification of the image data. Tampered images may be used for incident recovery purposes, such as restoring a system to a previous state, but not for forensic purposes. References := Cisco Cybersecurity Operations Fundamentals - Module 6: Security Incident Investigations


質問 # 57
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

  • A. confidentiality, integrity, and authorization
  • B. confidentiality, identity, and authorization
  • C. confidentiality, integrity, and availability
  • D. confidentiality, identity, and availability

正解:C


質問 # 58
What is threat hunting?

  • A. Pursuing competitors and adversaries to infiltrate their system to acquire intelligence data.
  • B. Focusing on proactively detecting possible signs of intrusion and compromise.
  • C. Managing a vulnerability assessment report to mitigate potential threats.
  • D. Attempting to deliberately disrupt servers by altering their availability

正解:B


質問 # 59
Refer to the exhibit.

What should be interpreted from this packet capture?

  • A. IP address 192.168.122.100/50272/81.179.179.69/80/6 is sending a packet from port 50272 of IP address
    192.168.122.100 that is going to port 80 of IP address 81.179.179.69 using IP protocol 6.
  • B. IP address 179.179.69/50272/192.168.122.100/80/6 is sending a packet from port 80 of IP address
    192.168.122.100 that is going to port 50272 of IP address 81.179.179.69 using IP protocol 6.
  • C. IP address 179.179.69/50272/192.168.122.100/80/6 is sending a packet from port 50272 of IP address
    192.168.122.100 that is going to port 80 of IP address 81.179.179.69 using IP protocol 6.
  • D. IP address 192.168.122.100/50272/81.179.179.69/80/6 is sending a packet from port 80 of IP address
    192.168.122.100 that is going to port 50272 of IP address 81.179.179.69 using IP protocol 6.7E503B693763E0113BE0CD2E4A16C9C4

正解:A


質問 # 60
Drag and drop the access control models from the left onto the correct descriptions on the right.

正解:

解説:


質問 # 61
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

  • A. exploitation
  • B. installation
  • C. action on objectives
  • D. reconnaissance

正解:B

解説:
Section: Security Concepts


質問 # 62
......

検証済み材料を使うならまず200-201テストエンジンを試そう:https://jp.fast2test.com/200-201-premium-file.html

合格するに必要な問題集は200-201試験:https://drive.google.com/open?id=1K24GG6WKrsOkcv5pdgx0JP8nkqPkU1rE

 


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어