200-201 Online Practice Questions and Answers

Which action prevents buffer overflow attacks?

A. variable randomization

B. using web based applications

C. input sanitization

D. using a Linux operating system

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

A. company assets that are threatened

B. customer assets that are threatened

C. perpetrators of the attack

D. victims of the attack

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

A. application identification number

B. active process identification number

C. runtime identification number

D. process identification number

What is threat hunting?

A. Managing a vulnerability assessment report to mitigate potential threats.

B. Focusing on proactively detecting possible signs of intrusion and compromise.

C. Pursuing competitors and adversaries to infiltrate their system to acquire intelligence data.

D. Attempting to deliberately disrupt servers by altering their availability

Refer to the exhibit.

Which technology produced the log?

A. antivirus

B. IPS/IDS

C. firewall

D. proxy

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

B. MAC is the strictest of all levels of control and DAC is object-based access

C. DAC is controlled by the operating system and MAC is controlled by an administrator

D. DAC is the strictest of all levels of control and MAC is object-based access

Which of these describes SOC metrics in relation to security incidents?

A. time it takes to detect the incident

B. time it takes to assess the risks of the incident

C. probability of outage caused by the incident

D. probability of compromise and impact caused by the incident

What is an example of social engineering attacks?

A. receiving an unexpected email from an unknown person with an attachment from someone in the same company

B. receiving an email from human resources requesting a visit to their secure website to update contact information

C. sending a verbal request to an administrator who knows how to change an account password

D. receiving an invitation to the department's weekly WebEx meeting

A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.

Which technology should be used to accomplish this task?

A. application whitelisting/blacklisting

B. network NGFW

C. host-based IDS

D. antivirus/antispyware software

DRAG DROP

Drag and drop the uses on the left onto the type of security system on the right.

Select and Place: