Cisco Cisco Certifications 210-250 Questions & Answers

• Question 631:

  What are the four characteristics of an SOC runbook? (Choose four.)

  A. A runbook is a collection of plays, and each play generates a report from some set of data sources.

  B. The runbook describes the security architecture and technical details of protective measures.

  C. Instead of being a rigid framework that stifles creativity, the open-ended nature of the runbook allows security analysts to document ideas and explore ways of achieving objectives.

  D. The runbook is a living document that is always up to the task of handling tomorrow's security challenges.

  E. Plays should also evolve over time as attack methods evolve.

  F. The runbook is a fixed set of standard operating procedures that cannot be changed easily.

  Correct Answer: ACDE

• Question 632:

  What method can be used to reduce the complexity of SOC operations?

  A. Run ad-hoc analysis.

  B. Implement runbook automation.

  C. Have entry-level analysts perform tasks such as malware reverse engineering so that analysts with more extensive analytical skills can focus on higher-level tasks.

  D. Use highly skilled security analysts to evaluate security events.

  Correct Answer: B

• Question 633:

  Which statement best describes malware reverse engineering?

  A. a method to understand how malware behaves

  B. a group of techniques that improve malware

  C. a set of processes that seem backwards to most engineers, that measure the impact of a compromise

  D. a suite of tools that are used to measure threat vectors and risk analysis

  Correct Answer: A

• Question 634:

  Which node of the diamond model refers to the tools or techniques that an adversary uses?

  A. adversary

  B. capability

  C. infrastructure

  D. victim

  Correct Answer: B

  

• Question 635:

  What is a practical usage of the diamond model?

  A. to separate events from larger activities

  B. to provide knowledge of the adversary

  C. analytical pivoting

  D. to stop CnC domains

  Correct Answer: C

• Question 636:

  Which process continues to be recorded in the process table after it has ended and the status is returned to the parent?

  A. Daemon

  B. Child

  C. Orphan

  D. Zombie

  Correct Answer: D

• Question 637:

  What helps an analyst thoroughly respond to the complexity of security threat events?

  A. system event logs

  B. an SIEM tool

  C. centralized "plays"

  D. a runbook

  Correct Answer: D

• Question 638:

  What are two benefits of using a runbook? (Choose two.)

  A. A runbook can reduce the time that is needed to resolve security threats.

  B. Plays are usually created and updated by a single person for consistency.

  C. Runbooks provide a fixed set of plays for analyzing security events.

  D. Runbooks offer flexibility.

  Correct Answer: AD

• Question 639:

  What is one method of understanding how malware operates?

  A. deep packet analysis

  B. review logging data

  C. compare attacks with known techniques

  D. reverse engineer software

  Correct Answer: D

• Question 640:

  Who is generally responsible for reverse engineering malware software?

  A. entry level personnel

  B. security software engineers

  C. malware specialists

  D. a team of personnel from multiple specialty technologies

  Correct Answer: C