2025/November Latest Braindump2go 200-201 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 200-201 Real Exam Questions!
QUESTION 390
Which statement describes indicators of attack?
A. A malicious file is detected by the AV software.
B. Internal hosts communicate with countries outside of the business range.
C. Phishing attempts on an organization are blocked by mail AV.
D. Critical patches are missing.
Answer: B
Explanation:
Indicators of Attack (IoA) refer to observable behaviors or artifacts that suggest a security breach or ongoing attack.
When internal hosts communicate with countries outside the business range, it may indicate data exfiltration or command-and-control communication to an external threat actor. Unlike Indicators of Compromise (IoC) which indicate that a system has already been compromised, IoAs are often used to identify malicious activity in its early stages. Monitoring for unusual outbound connections is a crucial aspect of detecting advanced persistent threats (APTs) and other sophisticated attacks.
QUESTION 391
Which type of data is used to detect anomalies in the network?
A. statistical data
B. metadata
C. transaction data
D. alert data
Answer: A
Explanation:
Statistical data is crucial for detecting anomalies within a network because it provides a baseline of normal behavior.
Anomaly detection involves comparing current network data against historical statistical data to identify deviations from expected patterns.
This method helps in identifying unusual activities that could signify a security threat, such as unusual login attempts, data transfers, or access patterns. Statistical data analysis tools use metrics such as mean, variance, and standard deviation to flag anomalies, aiding in proactive threat detection.
QUESTION 392
What is data encapsulation?
A. Data is encrypted backwards, which makes it unusable.
B. Multiple hosts can be supported with only a few public IP addresses.
C. A protocol of the sending host adds additional data to the packet header.
D. Browsing history is erased automatically with every session.
Answer: C
Explanation:
Data encapsulation is a process in networking where the protocol stack of the sending host adds headers (and sometimes trailers) to the data.
Each layer of the OSI or TCP/IP model adds its own header to the data as it passes down the layers, preparing it for transmission over the network.
For example, in the TCP/IP model, data starts at the application layer and is encapsulated at each subsequent layer (Transport, Internet, and Network Access) before being transmitted. This encapsulation ensures that the data is correctly formatted and routed to its destination, where the headers are stripped off in reverse order by the receiving host.
QUESTION 393
Which type of attack uses a botnet to reflect requests off of an NTP server to overwhelm a target?
A. replay
B. distributed denial of service
C. denial of service
D. man-in-the-middle
Answer: B
Explanation:
A Distributed Denial of Service (DDoS) attack involves multiple compromised devices (botnet) sending a large number of requests to a target server to overwhelm it. In a specific type of DDoS attack known as an NTP amplification attack, the attacker exploits the Network Time Protocol (NTP) servers by sending small queries with a spoofed source IP address (the target’s IP).
The NTP server responds with a much larger reply to the target’s IP address, thereby amplifying the traffic directed at the target.
This reflection and amplification technique significantly increases the volume of traffic sent to the target, causing denial of service.
QUESTION 394
An analyst performs traffic analysis to detect suspicious activity and identifies the multiple UDP connections through the same port. Which technology makes this behavior feasible?
A. TOR
B. ACL
C. P2P
D. NAT
Answer: D
QUESTION 395
Which of these is a defense-in-depth strategy principle?
A. Identify the minimum resource required per employee.
B. Provide the minimum permissions needed to perform job functions.
C. Disable administrative accounts to avoid unauthorized changes.
D. Assign the least network privileges to segment network permissions.
Answer: B
Explanation:
This principle is known as the Principle of Least Privilege, which is a core element of defense-in-depth strategies. It ensures users have only the access necessary to perform their tasks, limiting potential damage from compromised accounts or insider threats.
Defense-in-depth involves multiple layers of security controls, including administrative controls like policies enforcing least privilege, to reduce vulnerabilities and contain threats.
QUESTION 396
Which security monitoring data type is associated with application server logs?
A. transaction data
B. statistical data
C. session data
D. alert data
Answer: A
QUESTION 397
Which principle reduces the risk of attackers gaining access to sensitive data by compromising a low-level user account?
A. separation of duties
B. limited access
C. least privilege
D. privilege separation
Answer: C
QUESTION 398
What is the impact of encryption on data visibility?
A. TLS 1.3 traffic cannot be decrypted and monitored.
B. Traffic decryption causes high CPU load on monitoring systems.
C. Traffic decryption is needed for deep inspection of SSL traffic via NGFW.
D. IPsec encryption of traffic is vulnerable to man-in-the-middle attacks.
Answer: A
QUESTION 399
During a quarterly vulnerability scan, a security analyst discovered unused uncommon ports open and in a listening state. Further investigation showed that the unknown application was communicating with an external IP address on an encrypted channel. A deeper analysis revealed a command and control communication on an infected server. At which step of the Cyber Kill Chain was the attack detected?
A. Exploitation
B. Actions on Objectives
C. Weaponization
D. Delivery
Answer: B
QUESTION 400
Which description is a defense-in-depth principal strategy?
A. isolating employees with access to critical data
B. implementing VLANs to segment network traffic
C. developing approval flow for new hires
D. designing Active Directory groups
Answer: B
QUESTION 401
What can be identified from the exhibit?
A. NetFlow data
B. spoofed TCP reset packets
C. DNS hijacking
D. tcpdump data
Answer: D
QUESTION 402
What is a description of a man-in-the-middle network attack?
A. After attackers penetrate a network, they can use privilege escalation to expand their reach.
B. Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic at networks or servers.
C. It involves attackers intercepting traffic, either between a network and external sites or within a network.
D. Attackers replicate malicious traffic as legitimate and bypass network protection solutions.
Answer: C
QUESTION 403
What is a threat actor?
A. an external party, typically a business partner with the capability to accidentally or intentionally compromise computer systems
B. an internal individual, typically an insider with the capability to accidentally or intentionally compromise computer systems
C. an individual or group that is external or internal and may include nation-states, hacktivists, organized crime, and trusted insiders
D. an unauthorized person, such as script kiddies or hackers who attempt to breach network systems
Answer: C
QUESTION 404
Which two protocols are used for DDoS amplification attacks? (Choose two.)
A. HTTP
B. DNS
C. TCP
D. ICMPv6
E. NTP
Answer: BE
QUESTION 405
An engineer must create a SIEM rule to test events and traffic for spikes and changes that occur in regular patterns to detect irregularities. Which rules achieve the desired results?
A. anomaly
B. behavioral
C. threshold
D. availability
Answer: B
QUESTION 406
Refer to the exhibit. What occurred on this system based on this output?
A. A user connected to the system using remote access VPN.
B. A user connected to the system after 450 attempts.
C. A user connected to the system using SSH using source port 55796.
D. A user created a new HTTP session using the SHA256 hashing algorithm.
Answer: C
QUESTION 407
Which type of evasion technique is accomplished by separating the traffic into smaller segments before transmitting across the network?
A. encryption
B. tunneling
C. proxies
D. fragmentation
Answer: D
QUESTION 408
What is a Shellshock vulnerability?
A. command injection
B. cross site scripting
C. heap overflow
D. SQL injection
Answer: A
QUESTION 409
Refer to the exhibit. What is occurring in this network traffic?
A. legitimate network traffic
B. flood of SYN-ACK packets
C. ICMP flood
D. flood of SYN packets
Answer: C
QUESTION 410
What is the impact of encapsulation on the network?
A. Numerous local private addresses are mapped to a public one before the data is moved.
B. Something significant is concealed from virtually separate networks.
C. Web requests are taken on behalf of users and the response is collected from the web.
D. Logically separate functions in the network are abstracted from their underlying structures.
Answer: D
QUESTION 411
An analyst performs traffic analysis to detect data exfiltration and identifies a high frequency of DNS requests in a small period of time. Which technology makes this behavior feasible?
A. access control list
B. NAT
C. encryption
D. tunneling
Answer: D
QUESTION 412
According to CVSS, what is the attack vector?
A. set of steps taken by a threat actor before exploiting the vulnerability
B. process by which an attacker tries to exploit an existing vulnerability
C. context by which vulnerability exploitation is achievable
D. practical demonstration of an attack to understand the required tools and resources
Answer: C
QUESTION 413
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?
A. The threat actor used a dictionary-based password attack to obtain credentials.
B. The threat actor gained access to the system by known credentials.
C. The threat actor used the teardrop technique to confuse and crash login services.
D. The threat actor used an unknown vulnerability of the operating system that went undetected.
Answer: B
Explanation:
If a threat actor gains access to a system using legitimate or known credentials, security logs might not capture this as an anomaly or suspicious activity. When an attacker uses valid credentials, the system interprets the login as legitimate, causing the lack of failed login attempts or unusual login activity in the logs. This method of unauthorized access using valid credentials could bypass traditional security monitoring or detection systems, making it challenging to detect the attack solely based on system logs or failed login attempts.
QUESTION 414
A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?
A. company assets that are threatened
B. customer assets that are threatened
C. perpetrators of the attack
D. victims of the attack
Answer: C
Explanation:
The threat actor refers to the individual, group, or entity behind the attack or security breach. In this scenario, the threatening call made to the company receptionist was likely a precursor to a social engineering attack. Despite dismissing the call as a social engineering attempt, within 48 hours, multiple assets were breached, compromising the confidentiality of sensitive information. Therefore, the threat actor or perpetrators of the attack are the individuals or group responsible for breaching the company’s assets and compromising sensitive information.
QUESTION 415
What is the relationship between a vulnerability and a threat?
A. A threat exploits a vulnerability
B. A vulnerability is a calculation of the potential loss caused by a threat
C. A vulnerability exploits a threat
D. A threat is a calculation of the potential loss caused by a vulnerability
Answer: A
Explanation:
A vulnerability represents a weakness or flaw in a system, application, or network that could potentially be exploited by a threat actor or an external entity. Meanwhile, a threat refers to anything that has the potential to cause harm, exploit vulnerabilities, or compromise the security of a system or organization. Threats exploit vulnerabilities, taking advantage of the weaknesses present in systems or networks to cause damage, gain unauthorized access, or carry out malicious activities.
QUESTION 416
What is the principle of defense-in-depth?
A. Agentless and agent-based protection for security are used.
B. Several distinct protective layers are involved.
C. Access control models are involved.
D. Authentication, authorization, and accounting mechanisms are used.
Answer: B
Explanation:
Defense-in-depth is a cybersecurity strategy that involves the implementation of multiple layers of security controls, mechanisms, and safeguards throughout an organization’s IT infrastructure. The principle aims to create a layered defense approach, where various security measures are employed at different levels within the network, systems, applications, and data to mitigate risks and protect against diverse threats. This strategy involves using a combination of technical, administrative, and physical controls, such as firewalls, intrusion detection systems, antivirus software, access controls, encryption, employee training, and more, to provide redundancy and enhance overall security posture.
QUESTION 417
What is the difference between the rule-based detection when compared to behavioral detection?
A. Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.
B. Rule-Based systems have established patterns that do not change with new data, while behavioral changes.
C. Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
D. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.
Answer: B
Explanation:
Rule-Based Detection: Rule-based systems rely on predefined rules or signatures to identify known patterns or specific characteristics associated with known threats or attacks. These rules are static and typically do not change unless updated manually. They search for exact matches with predetermined signatures, which means they might not detect new or unknown threats unless the rules are updated to include these patterns. Behavioral Detection: Behavioral systems focus on identifying abnormal behaviors or deviations from normal patterns within a system or network.
Instead of relying on specific signatures, they analyze the behavior of users, applications, or systems and flag any deviations that might indicate potential threats or anomalies. Behavioral detection systems can adapt and evolve based on new data and changing patterns of activities, enabling them to potentially detect unknown or novel threats by identifying unusual behaviors, regardless of specific signatures.
QUESTION 418
What is the difference between attack surface and vulnerability management?
A. Vulnerability management is to create strong user access protocols, and the attack surface is to defend against buffer overflow attacks.
B. Attack surface reduction is to block all ports except port 80, and vulnerability management is to correct programming bugs in a code.
C. Vulnerability management is to protect backups, and attack surface is to find critical OS drawback that results in remote code execution.
D. Attack surface reduction is to defend against SQL injection attacks, and vulnerability management is to use strong authentication policies.
Answer: B
Explanation:
The attack surface refers to all the possible entry points (e.g., open ports, services, exposed APIs, applications) through which an attacker could exploit a system. Attack surface reduction involves minimizing these entry points to reduce the risk of an attack. For example, blocking all unnecessary ports except essential ones (like port 80 for HTTP traffic) reduces the avenues an attacker can use.
Vulnerability management is the process of identifying, assessing, and mitigating vulnerabilities (weaknesses or flaws) in a system, such as software bugs, configuration issues, or outdated systems. Correcting programming bugs, such as fixing buffer overflow vulnerabilities or patching software, is part of vulnerability management.
QUESTION 419
What technology should be used for the verified and secure exchange of public keys between entities Tom0123456789 and Dan9876543210?
A. Password-Authenticated Key Exchange
B. Encrypted Key Exchange
C. Key Encapsulation Mechanism
D. Initial Key Sharing
Answer: A
Explanation:
Password-Authenticated Key Exchange (PAKE) is a cryptographic protocol that allows two parties to securely establish a shared key (or exchange public keys) based on a password, without exposing the password to attackers, even if they are able to observe the communication. It ensures that the exchange of keys is secure and authenticated, preventing man-in-the-middle attacks or impersonation.
PAKE is useful when you need to verify the identity of the entities (in this case, Tom0123456789 and Dan9876543210) and securely exchange keys using a password as part of the authentication process.
While Encrypted Key Exchange (EKE) is a method for secure key exchange, it is more specific to encrypting the actual exchange of keys and might not necessarily provide password authentication.
Key Encapsulation Mechanism (KEM) is a technique used in post-quantum cryptography for securely transmitting a symmetric key, but it does not involve verifying entities through passwords.
Initial Key Sharing is a more general term and does not refer to a specific cryptographic protocol. It lacks the security guarantees provided by a PAKE protocol.
QUESTION 420
How is symmetric encryption used for HTTPS connections?
A. The symmetric key is used for encryption.
B. Encryption is based on RSA-2048.
C. The symmetric encryption algorithm uses public/private certificates.
D. The key exchange process is reliable and secure.
Answer: A
Explanation:
In an HTTPS connection, symmetric encryption is used for the actual encryption of data once the connection has been established. Here’s how it works:
Key Exchange: During the initial handshake (using protocols like TLS), a symmetric key is securely exchanged or negotiated between the client and server. This key is then used for encrypting and decrypting the data exchanged during the session. Symmetric Encryption: Once the handshake is complete, all data transferred between the client and server is encrypted using the symmetric key.
This ensures fast, efficient encryption because symmetric encryption algorithms (like AES) are faster than asymmetric ones.
QUESTION 421
What is the difference between a vulnerability and an attack surface?
A. A vulnerability is unsanitized user input sent to exploit a web application, and the browser is the attack surface for the web application.
B. The attack surface is the SQL injection targeted on the database, and the database is the vulnerability that might be exploited.
C. The attack surface is a sum of measured risks for a particular asset, and the vulnerability is an unmeasured exploitable risk.
D. A vulnerability is the risk of exploiting a weakness in the application, and the target application itself is the attack surface.
Answer: D
Explanation:
A vulnerability refers to a specific weakness in a system, application, or network that could be exploited by an attacker to cause harm. For example, a software flaw, misconfiguration, or lack of input validation could be vulnerabilities.
An attack surface is the total set of points (interfaces, applications, or devices) in a system or network that an attacker can use to try to exploit vulnerabilities. This includes web applications, network interfaces, or even users themselves.
QUESTION 422
Which two elements are used by the defense-in-depth strategy? (Choose two.)
A. distributed database management system
B. least privilege principle
C. firewalls
D. packet segmentation
E. single unified security solution
Answer: BC
Explanation:
The defense-in-depth strategy is a layered security approach that involves using multiple security measures to protect systems and data. It is designed to ensure that if one layer of defense fails, other layers still provide protection.
Least privilege ensures that users and systems have limited access, so even if one part of the system is compromised, the impact is minimized.
Firewalls protect the perimeter and internal segments of the network, stopping attackers from easily reaching critical areas. Together, they address different layers: access control (least privilege) and network security (firewalls).
While distributed database management system is may provide resilience and efficiency in handling data, it is not directly related to security or defense- in-depth. It focuses on data availability and management, not protection.
While network segmentation is an important security measure, packet segmentation is not a recognized term or strategy related to defense-in-depth. Packet segmentation refers to splitting data packets for transmission, which is a networking concept rather than a security mechanism.
Defense-in-depth relies on multiple layers of security rather than a single solution. A unified solution contradicts the core idea of having multiple, independent layers of defense.
Resources From:
1.2025 Latest Braindump2go 200-201 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/200-201.html
2.2025 Latest Braindump2go 200-201 PDF and 200-201 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1fTPALtM-eluHFw8sUjNGF7Y-ofOP3s-M?usp=sharing
3.2025 Free Braindump2go 200-201 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/200-201-VCE-Dumps(390-422).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!