Which two security control decisions indicate optimal security control behavior? (Choose two.)
A. true positive
B. false positive
C. true negative
D. false negative
What are the two primary purposes of the intrusion analysis process? (Choose two.)
A. blocking attacks
B. identifying attacks
C. filtering out unnecessary, unwanted, or inaccurate event data
D. troubleshooting IPS device issues
E. collecting information about all the network traffic
Which two statements are true about firewall logs? (Choose two.)
A. Firewall logs alone can provide all the logging information that is needed to perform network security monitoring
B. Firewall logs can help a security analyst understand communication relationships and timing of the attacks.
C. One of the only pieces of information that you can never glean from a firewall log is an attacker's motive.
D. A small subset of firewall logs usually provides the most benefit to an analyst.
E. The only firewall log message that you should ever ignore is an ACL deny message
What is the severity level of the ASA syslog message "%ASA-2-106017: Deny IP due to Land Attack from IP_address to IP_address"?
A. 0
B. 1
C. 2
D. 3
E. 6
F. 7
DNS logging can capture URL resolution requests and responses. How can these two assist with identifying or reconstructing a compromise or incident? (Choose two.)
A. The DNS queries will identify the external server that was being accessed for the incident transactions.
B. The DNS name may exhibit exfiltrated data as the subdomain.
C. The DNS server can resolve local subdomain names and refer to an outside DNS server for external service name resolution.
D. The DNS query translates a URL to an IP address.
Which two of the following statements best describe the reasons that web proxy logs are important? (Choose two.)
A. Web proxy logs can show the activity of CnC bot traffic or evidence of dropper files.
B. Web proxy logs can only show legitimate HTTP traffic.
C. Web proxy devices such as the Cisco WSA can decrypt HTTPS traffic and enter it into the log for review later.
D. Web proxies TCP_HIT log messages can identify DoS attacks.
Which of the following network security data types requires the largest amount of storage?
A. session data
B. full packet capture
C. transaction data
D. extracted content
E. alert data
Which two statements best describe why it is important to deploy an NTP solution in a network infrastructure? (Choose two.)
A. NTP makes it impossible for timestamp information to be falsified.
B. NTP is needed as a time source for network devices that do not have their own internal clocks.
C. Accurate time stamping across the network is critical to forensic investigation after a compromise occurs.
D. NTP can provide an authenticated time source from which security tools can operate.
Which two statements are true regarding IPS alerts? (Choose two.)
A. Security analysts need to be able to filter out false alerts and find any common denominators between the true alerts.
B. IPS alerts always indicate that an attack is occurring.
C. IPS alerts are only part of the picture; security analysts also need to correlate IPS alerts with other data.
D. IPS alerts can always identify the true attacker by using signature file and security intelligence feeds.
You are investigating IPS alerts and finding that many of them have been generated by normal network activity. What is most likely to be the cause of this situation?
A. The IPS is running in promiscuous mode.
B. Reactive controls are too specific.
C. Proactive controls are too restrictive.
D. All IPS signatures have been assigned the Produce Alert action.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.