What is a chronological documentation of evidence also known as?
A. chain of custody
B. forensic analysis
C. investigative custodial control
D. custody control
When tuning an IPS, which three determinations should help you decide whether a rule should be disabled? (Choose three.)
A. Does the alert occur frequently?
B. Does the alert generate a true positive condition?
C. If the alert is not a security incident, does it offer valuable information?
D. Does the alert pertain to your network environment?
What are two reasons that AAA server logs are useful in protecting the network and users? (Choose two.)
A. Due to the nature of AAA logging, AAA server logs always indicate actual attack attempts.
B. Most AAA server log authentication failures, an excessive number of which may point the security analyst to a brute force attack.
C. Authentication logs track the success and failure of legitimate users with a time stamp record.
D. AAA server logs are very minimal and actually do not yield much information.
What is one of the ways in which the cyber kill chain is used by an SOC?
A. ensure that attackers do not complete all stages of the kill chain
B. to measure analytic completeness
C. to help determine behavior on an per incident basis
D. to identify and delete detected malware
What basic benchmark of an SOC is related to the cyber kill chain cycle?
A. eradicate cyber attacks
B. stop attackers at low levels of the kill chain
C. decrease time from compromise to discovery
D. find and delete CnC traffic
Which statement is true of advanced persistent threats (APTs)?
A. APTs are easy to detect.
B. APTs are generally considered to be less severe threats.
C. APTs maintain strict CnC channels.
D. APTs adapt to defenders' efforts to detect them.
Typically, by which two methods are APTs often achieved? (Choose two.)
A. using multiple attack vectors
B. maintaining a short presence in the network to avoid detection
C. following the same exact kill-chain sequence
D. exploiting "zero-day" vulnerabilities
What are five pieces of information that an analyst can learn about an IP conversation from a NetFlow report? (Choose five.)
A. source IP address
B. amount of data passed
C. user account
D. source port
E. destination port
F. device hostname
G. protocol
H. active directory login time
You get an alert on your desktop computer showing that an attack was successful on the host but up on investigation you see that occurred duration the attack. Which reason is true?
A. The computer has HIDS installed on it
B. The computer has NIDS installed on it
C. The computer has HIPS installed on it
D. The computer has NIPS installed on it
Which three options are valid reasons for tuning an IPS? (Choose three.)
A. As you tune the system to be less restrictive, you decrease the likelihood of false negatives.
B. Tuning allows for a clearer picture of what is actually going on in the network.
C. Tuning improves the performance and efficacy of an IPS.
D. Tuning reduces the occurrence of true negatives.
E. Tuning assists with prioritizing responses to event information.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.