After attackers gain access to a system, what method can they use to expand their access to other systems without exploiting vulnerabilities on other systems in the network?
A. change the network gateway address to the attacker's command and control server
B. establish a Metasploit session to 127.0.0.1 and pass the user's account hash to it
C. take advantage of domain trust to make connections to a partner network
D. block employees from visiting social media web sites on the company network
What policy change could limit the ability of attackers to escalate privileges on computers?
A. eliminate hashes from computers
B. enforce complex passwords that do not incorporate portions of the employee ID, employee name, or company name
C. only run Linux operating systems for the enterprise
D. block employees from visiting social media web sites on the company network
If an attacker uses phishing to obtain user credentials for an employee without administrator access and needs to install a rootkit backdoor that requires system level access, what might be the attacker's next course of action to gain the administrator privileges?
A. set a scheduled task to install the rootkit the following day under the current user account
B. try to brute force that user's password for an RDP connection to the user's workstation
C. change the IP address of the user's computer from DHCP-assigned to static.
D. attempt to extract local administrator credentials stored on the machine in running memory or the registry
What is the best source of data for analysis of a system that is potentially compromised by a rootkit?
A. checking for running processes using command line tools on the system
B. using static binaries in a trusted toolset imported to the machine to check running processes
C. reviewing active network connections with netstat or nbtstat
D. taking a forensic image of the machine
What is the main purpose of an exploit kit for malicious actors?
A. continuously changing the IP addresses for the command and control infrastructure
B. sending updates and new commands to all the endpoint bots in a DDoS botnet
C. scanning potential victim computer for vulnerable applications so that malware can be delivered
D. encrypting malware to hinder the reverse engineering efforts of incident response teams
What is the difference between spear phishing and whaling?
A. There is no difference. Both are targeted phishing.
B. Spear phishing focuses on voice services and whaling is primarily sent through SMS messages.
C. Both are targeted phishing, but only whaling targets individuals in executive positions.
D. Spear phishing involves email, and whaling involves DNS cache poisoning.
What portion of the following URI is known as the query?
http://www.cisco.com/users/accounts/66cgdoj7c7gg_main/type?source=learning
A. learning
B. cisco.com
C. http://
D. source=learning
Which statement about the difference between a denial-of-service attack and a distributed denial-of service attack is true?
A. DDos attacks are lunched from one host, and DOS attacks are lunched from multiple hosts
B. Dos attacks only use flooding to compromise a network, and DDOS attacks m=only use other methods?
C. Dos attacks are lunched from one host, and DDOS attacks are lunched from multiple hosts
D. Dos attacks are launched from one host, and DDOS attacks are lunched from multiple hosts.
E. Dos attacks and DDOS attacks have no differences?
Choose the most difficult stage of an endpoint attack.
A. acquiring access to an endpoint inside the network
B. propagating a botnet once you have access to the systems
C. acquiring a list of ports open on a targeted computer
D. delivering a phishing email to employees
What are two characteristics of an advanced persistent threat (APT) that differentiate it from prolific malware attacks such as the MyDoom worm? (Choose two.)
A. targeted attack against specific company, sector, or data
B. consumes high system resources and network traffic
C. compiles copies of itself on each machine to match architecture
D. internal reconnaissance for lateral movement
E. often destructive to infected machines and intended to cause havoc
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.