[2022] Pass 200-201 Exam – Real Questions & Answers [Q23-Q47]

NO.23 Which category relates to improper use or disclosure of PII data?

NO.24 Refer to the exhibit.

A company employee is connecting to mail google.com from an endpoint device. The website is loaded but with an error. What is occurring?

NO.25 Why is encryption challenging to security monitoring?

NO.26 What do the Security Intelligence Events within the FMC allow an administrator to do?

NO.27 A malicious file has been identified in a sandbox analysis tool.
Which piece of information is needed to search for additional downloads of this file by other hosts?

NO.28 What are the two differences between stateful and deep packet inspection? (Choose two )

NO.29 Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

NO.30 An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

NO.31 Which process is used when IPS events are removed to improve data integrity?

NO.32 When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

NO.33 Which two elements are used for profiling a network? (Choose two.)

NO.34 What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

NO.35 Drag and drop the security concept on the left onto the example of that concept on the right.

NO.36 Syslog collecting software is installed on the server For the log containment, a disk with FAT type partition is used An engineer determined that log files are being corrupted when the 4 GB tile size is exceeded. Which action resolves the issue?

NO.37 An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?

NO.38 Drag and drop the elements from the left into the correct order for incident handling on the right.

NO.39 A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

NO.40 Which type of evidence supports a theory or an assumption that results from initial evidence?

NO.41 An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?

NO.42

Refer to the exhibit. What should be interpreted from this packet capture?

NO.43 At which layer is deep packet inspection investigated on a firewall?

NO.44 What is a benefit of using asymmetric cryptography?

NO.45 Refer to the exhibit.

What should be interpreted from this packet capture?

NO.46 While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

NO.47 Which two elements are used for profiling a network? (Choose two.)