200-201 Practice Test

What is the difference between statistical detection and rule-based detection models? 

A.

Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time

B.

Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis

C.

Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior

D.

Rule-based detection defines legitimate data of users over a period of time and
statistical detection defines it on an IF/THEN basis

Refer to the exhibit.
Which type of log is displayed?

A.

AIDS

B.

proxy

C.

NetFlow

D.

sys

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

A.

decision making

B.

rapid response

C.

data mining

D.

due diligence

Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?

A.

CSIRT

B.

BPSIRT

C.

public affairs

D.

management

What causes events on a Windows system to show Event Code 4625 in the log
messages?

A.

The system detected an XSS attack

B.

Someone is trying a brute force attack on the network

C.

Another device is gaining root access to the system

D.

A privileged user successfully logged into the system