[Feb-2023] 200-201 Certification with Actual Questions from Prep4SureReview Updated 200-201 Dumps PDF - 200-201 Real Valid Brain Dumps With 260 Questions! NEW QUESTION 153 An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic? A. false positive B. true positive C. true negative D. false negative Answer: D Explanation:ExplanationA [...]

All Products Contact now

[Feb-2023] 200-201 Certification with Actual Questions from Prep4SureReview [Q153-Q173]

Share

[Feb-2023] 200-201 Certification with Actual Questions from Prep4SureReview

Updated 200-201 Dumps PDF - 200-201 Real Valid Brain Dumps With 260 Questions!

NEW QUESTION 153
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?

  • A. false positive
  • B. true positive
  • C. true negative
  • D. false negative

Answer: D

Explanation:
Explanation
A false negative occurs when the security system (usually a WAF) fails to identify a threat. It produces a
"negative" outcome (meaning that no threat has been observed), even though a threat exists.

 

NEW QUESTION 154
What are the two differences between stateful and deep packet inspection? (Choose two )

  • A. Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.
  • B. Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports
  • C. Deep packet inspection is capable of malware blocking, and stateful inspection is not
  • D. Stateful inspection is capable of packet data inspections, and deep packet inspection is not
  • E. Deep packet inspection operates on Layer 3 and 4. and stateful inspection operates on Layer 3 of the OSI model

Answer: B,C

 

NEW QUESTION 155
Refer to the exhibit.

A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded What would have occurred with stronger data visibility?

  • A. Detailed information about the data in real time would have been provided
  • B. An extra level of security would have been in place
  • C. The traffic would have been monitored at any segment in the network.
  • D. Malicious traffic would have been blocked on multiple devices

Answer: D

 

NEW QUESTION 156
Which two components reduce the attack surface on an endpoint? (Choose two.)

  • A. secure boot
  • B. restricting USB ports
  • C. increased audit log levels
  • D. load balancing
  • E. full packet captures at the endpoint

Answer: A,B

 

NEW QUESTION 157
Drag and drop the technology on the left onto the data type the technology provides on the right.

Answer:

Explanation:

 

NEW QUESTION 158
Refer to the exhibit.

What is occurring in this network?

  • A. ARP cache poisoning
  • B. MAC flooding attack
  • C. DNS cache poisoning
  • D. MAC address table overflow

Answer: A

 

NEW QUESTION 159
Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

  • A. Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
  • B. Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
  • C. Host 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.
  • D. Host 152.46.6.91 is being identified as a watchlist country for data transfer.

Answer: C

 

NEW QUESTION 160
What does cyber attribution identify in an investigation?

  • A. threat actors of an attack
  • B. vulnerabilities exploited
  • C. cause of an attack
  • D. exploit of an attack

Answer: A

Explanation:
Explanation
https://www.techtarget.com/searchsecurity/definition/cyber-attribution

 

NEW QUESTION 161
What makes HTTPS traffic difficult to monitor?

  • A. signature detection time
  • B. packet header size
  • C. encryption
  • D. SSL interception

Answer: C

 

NEW QUESTION 162
Refer to the exhibit.

What does this output indicate?

  • A. Email ports are closed on the server.
  • B. FTP ports are open on the server.
  • C. SMB ports are closed on the server.
  • D. HTTPS ports are open on the server.

Answer: A

 

NEW QUESTION 163
Which type of access control depends on the job function of the user?

  • A. rule-based access control
  • B. discretionary access control
  • C. role-based access control
  • D. nondiscretionary access control

Answer: C

 

NEW QUESTION 164
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

  • A. Analyze the threat.
  • B. Recover from the threat.
  • C. Reduce the probability of similar threats.
  • D. Identify lessons learned from the threat.

Answer: C

 

NEW QUESTION 165
How does a certificate authority impact security?

  • A. It authenticates client identity when requesting an SSL certificate.
  • B. It validates client identity when communicating with the server.
  • C. It authenticates domain identity when requesting an SSL certificate.
  • D. It validates the domain identity of the SSL certificate.

Answer: D

 

NEW QUESTION 166
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

  • A. pivoting
  • B. fragmentation
  • C. stenography
  • D. encryption

Answer: C

 

NEW QUESTION 167
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
* If the process is unsuccessful, a negative value is returned.
* If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.
Which component results from this operation?

  • A. macros for managing CPU sets
  • B. parent directory name of a file pathname
  • C. process spawn scheduled
  • D. new process created by parent process

Answer: D

Explanation:
Explanation
There are two tasks with specially distinguished process IDs: swapper or sched has process ID 0 and is responsible for paging, and is actually part of the kernel rather than a normal user-mode process. Process ID 1 is usually the init process primarily responsible for starting and shutting down the system. Originally, process ID 1 was not specifically reserved for init by any technical measures: it simply had this ID as a natural consequence of being the first process invoked by the kernel. More recent Unix systems typically have additional kernel components visible as 'processes', in which case PID 1 is actively reserved for the init process to maintain consistency with older systems

 

NEW QUESTION 168
Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

  • A. parameter manipulation
  • B. command injection
  • C. heap memory corruption
  • D. blind SQL injection

Answer: D

 

NEW QUESTION 169
Which event is a vishing attack?

  • A. using a vulnerability scanner on a corporate network
  • B. obtaining disposed documents from an organization
  • C. impersonating a tech support agent during a phone call
  • D. setting up a rogue access point near a public hotspot

Answer: C

 

NEW QUESTION 170
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

  • A. best evidence
  • B. physical evidence
  • C. indirect evidence
  • D. prima facie evidence

Answer: C

Explanation:
Explanation
There are three general types of evidence:
--> Best evidence: can be presented in court in the original form (for example, an exact copy of a hard disk drive).
--> Corroborating evidence: tends to support a theory or an assumption deduced by some initial evidence. This corroborating evidence confirms the proposition.
--> Indirect or circumstantial evidence: extrapolation to a conclusion of fact (such as fingerprints, DNA evidence, and so on).

 

NEW QUESTION 171
Which two pieces of information are collected from the IPv4 protocol header? (Choose two.)

  • A. destination IP address of the packet
  • B. source IP address of the packet
  • C. TCP port from which the traffic was sourced
  • D. UDP port to which the traffic is destined
  • E. UDP port from which the traffic is sourced

Answer: A,B

Explanation:
Section: Network Intrusion Analysis

 

NEW QUESTION 172
Why is HTTPS traffic difficult to screen?

  • A. Digital certificates secure the session, and the data is sent at random intervals.
  • B. HTTPS is used internally and screening traffic (or external parties is hard due to isolation.
  • C. Traffic is tunneled to a specific destination and is inaccessible to others except for the receiver.
  • D. The communication is encrypted and the data in transit is secured.

Answer: D

 

NEW QUESTION 173
......

Pass Your 200-201 Exam Easily With 100% Exam Passing Guarantee: https://www.prep4surereview.com/200-201-latest-braindumps.html

100% Free 200-201 Exam Dumps Use Real CyberOps Associate Dumps: https://drive.google.com/open?id=1FJN8yTKNF20FGezo_sjEvzPQF1vfb2ME

Related Articles

more
Cisco 200-201 Certification Practice Exam

Prep4SureReview is engaged on providing valid & accurate IT Prep4sure materials & exam review to help candidates pass exams and get certifications successfully. The pass rate of Prep4sure materials is very high.

Latest Exam Review

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Prep4SureReview NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy