200-201 Host-Based Analysis • Timed 15 Questions
This is a timed practice session. You have 15 minutes to answer 15 questions — approximately 1 minute per question, matching real 200-201 exam pace. Answer every question before time expires.
Time remaining
15:00
Exam-pace drill
Allow 1 minute per question. On the real 200-201 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A security analyst is investigating a host that is suspected of being used as a pivot point in a network intrusion. The analyst needs to identify which process initiated an outbound connection to a known malicious IP address. Which host-based analysis approach should the analyst use to correlate the network connection to the specific process?