When attempting to reconstruct an incident from a packet capture, which three things should an analyst pay special attention to? (Choose three.)
A. IP addresses of hosts that may have been affected
B. the path that was used in the attack
C. the timeline of the attack
D. the tool used to produce the packet capture
E. the geo-location information in the IP header
Which statement is true about NetFlow?
A. NetFlow data contains actual packet data and metadata of network conversations.
B. NetFlow detects traffic anomalies by using NetFlow signatures.
C. NetFlow provides a complete audit trail of all network communications.
D. NetFlow alone can provide a security analyst with context for the communication that triggered an IPS signature.
What are three pieces of information that NetFlow captures? (Choose three.)
A. the time of IP conversations
B. the amount of data that are transferred during IP conversations
C. the content of IP conversations
D. identities of systems that are involved in IP conversations
Which two of the following statements best describe the ways in which AAA server logs can be useful in protecting the network and users? (Choose two.)
A. Due to the nature of AAA logging, AAA server logs always indicate actual attack attempts.
B. Most AAA servers log authentication failures, an excessive number of which may point the security analyst to a brute force attack.
C. Authentication logs track the success and failure of legitimate users with a time stamp record.
D. AAA server logs are very minimal and actually do not yield much information.
Which three are true about the Cisco FirePower NGFW logging? (Choose three.)
A. can log packet-level information about IPS events
B. can identify indications of compromise
C. can identify traffic anomalies by examining NetFlow records
D. can collect and correlate logs from other network security devices
E. can log the NGFW connections events
On a Linux system, where are application logs usually stored?
A. Event Viewer
B. /var/log folder
C. /proc/log folder
D. Log Viewer
Which two statements are true about application logs? (Choose two.)
A. The application log file contains events that are logged by the network applications.
B. Events that are written to the application log are determined by the operating system.
C. Application logs can be used along with the network usage logs to verify that network resources are being used appropriately.
D. An application uses the same location for storing log messages regardless of the operating system on which it is running.
URL Redirect status codes all start with which digit?
A. 1xx
B. 2xx
C. 3xx
D. 4xx
What is the purpose of a DLP policy?
A. to prevent end users from abusing corporate email services
B. to prevent end users from participating in internal phishing attacks
C. to prevent end users from sending sensitive or critical information outside the corporate network
D. to prevent end users from inadvertently disrupting corporate email services
Which two types of logs can you see on most typical email proxies? (Choose two.)
A. logs regarding incoming spam emails
B. logs regarding protocol violations
C. logs regarding email that is sent outside the corporate network
D. logs regarding incoming emails containing viruses
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.