Download Cisco.CertDumps.210-255.2018-01-13.1e.65q.vcex


Download Exam

File Info

Exam Implementing Cisco Cybersecurity Operations
Number 210-255
File Name Cisco.CertDumps.210-255.2018-01-13.1e.65q.vcex
Size 2.41 Mb
Posted January 13, 2018
Downloads 66


How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Coupon: EXAMFILESCOM
With discount: 20%


ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
 
 


Demo Questions

Question 1
 
  
  
Refer to the exhibit. We have performed a malware detection on the Cisco website. Which statement about the result is true?

  • A: The website has been marked benign on all 68 checks.
  • B: The threat detection needs to run again.
  • C: The website has 68 open threats.
  • D: The website has been marked benign on 0 checks.
Correct Answer: A
Example:https://www.virustotal.com/en/url/df05d8e27bd760c33dc709951a5840cc6578d78d544d869890b7b94ea21e46b0/analysis/1368183553/



Question 2
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

  • A: collection
  • B: examination
  • C: reporting
  • D: investigation
Correct Answer: A
The basic phases of the forensic process are: collection, examination, analysis, and reporting. During collection, data related to a specific event is identified, labeled, recorded, and collected, and its integrity is preserved. In the second phase, examination, forensic tools and techniques appropriate to the types of data that were collected are executed to identify and extract the relevant information from the collected data while protecting its integrity. Examination may use a combination of automated tools and manual processes. The next phase, analysis, involves analyzing the results of the examination to derive useful information that addresses the questions that were the impetus for performing the collection and examination. The final phase involves reporting the results of the analysis, which may include describing the actions performed, determining what other actions need to be performed, and recommending improvements to policies, guidelines, procedures, tools, and other aspects of the forensic process.
Reference:http://itlaw.wikia.com/wiki/Forensic_process



Question 3
 
  
  
Refer to the exhibit. A customer reports that they cannot access your organization’s website. Which option is a possible reason that the customer cannot access the website?

  • A: The server at 10.33.1.5 is using up too much bandwidth causing a denial-of-service.
  • B: The server at 10.67.10.5 has a virus.
  • C: A vulnerability scanner has shown that 10.67.10.5 has been compromised.
  • D: Web traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.
Correct Answer: D
Every firewall has its own database where it maintains the website reputation on terms of security, ease of access, performance etc and below certain score (generally 7 in case of Cisco), firewalls block access to the sites. For example, you can visit www.senderbase.org and enter name of any website and you will see the reputation of that website.



Question 4
You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and writes to a new php file on the webserver. Which category does this event fall under as defined in the Diamond Model of Intrusion?

  • A: delivery
  • B: reconnaissance
  • C: action on objectives
  • D: installation
  • E: exploitation
Correct Answer: D



Question 5
Which two options can be used by a threat actor to determine the role of a server? (Choose two.)

  • A: PCAP
  • B: tracert
  • C: running processes
  • D: hard drive configuration
  • E: applications
Correct Answer: CE



Question 6
Drag and drop the type of evidence from the left onto the correct description(s) of that evidence on the right. 



Correct Answer: Exam simulator is required



Question 7
Which process is being utilized when IPS events are removed to improve data integrity?

  • A: data normalization
  • B: data availability
  • C: data protection
  • D: data signature
Correct Answer: D



Question 8
In Microsoft Windows, as files are deleted the space they were allocated eventually is considered available for use by other files. This creates alternating used and unused areas of various sizes. What is this called?

  • A: network file storing
  • B: free space fragmentation
  • C: alternate data streaming
  • D: defragmentation
Correct Answer: B



Question 9
Which two components are included in a 5-tuple? (Choose two.)

  • A: port number
  • B: destination IP address
  • C: data packet
  • D: user name
  • E: host logs
Correct Answer: AB
A 5-tuple refers to a set of five different values that comprise a Transmission Control Protocol/Internet Protocol (TCP/IP) connection. It includes a source IP address/port number, destination IP address/port number and the protocol in use.



Question 10
Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?

  • A: confidentiality
  • B: integrity
  • C: availability
  • D: complexity
Correct Answer: B
There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.






CONNECT US


ProfExam
PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount..

Get Now!


HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen



HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset