Which statement is true about the placement of an IPS?
A. Placement is not important as long as the IPS is directly connected to a firewall interface.
B. Security analysts are typically consulted about IPS placement.
C. Optimal placement of an IPS depends on the needs and topology of the network to be protected.
D. An IPS should never have to monitor traffic "in the wild" due to the overhead that is involved.
After a file disposition changes from unknown to malicious, what is the next step that should be taken?
A. Run the file in a sandbox to verify if it is malicious and to determine the file behaviors.
B. Create a new IPS signature to detect the malicious file.
C. Go back to the system where the file was previously seen and quarantine the malicious file.
D. Run a file retrospective analysis in the cloud using machine learning to determine the file SHA.
Which statement is true about sandboxing?
A. Using a sandbox technique ensures that no malware infected files can get in the network.
B. Running a file in a sandbox guarantees that the disposition will show the threat that it poses to your environment.
C. Malware authors deploy several techniques to bypass sandbox analysis.
D. Using a sandbox replaces the need for expensive antivirus and firewall software.
File integrity checking tools work by calculating hash values of important files, storing the hash values, and periodically comparing those hash values to hash values that it calculates later. If a file hash value comparison results in a mismatch, what does that indicate?
A. It means nothing; it is a mismatch because the files hashes were compiled on different days.
B. It means that one file did not calculate correctly and need to be recalculated.
C. It indicates that the file has been changed in some way and there may be an issue to be resolved.
D. It indicates that your organization has suffered a security breach and a full-scale investigation is needed as soon as possible.
What is one result of placing an IPS on the untrusted (outside) segment of a firewall?
A. The IPS can collect and correlate raw data from other network devices such as firewalls.
B. The IPS alerts include real IP addresses rather than NATed addresses.
C. The IPS generates more true positive alerts.
D. The IPS can detect new forms of attacks.
During incident investigations, what does the AMP for endpoints device trajectory feature show?
A. hosts that have seen the malicious file
B. the signature that triggered the malicious file alert
C. actions that have been performed on the victim's host
D. how the malware file was packed (compressed or encrypted)
An end user's host becomes infected with a virus because the end user browsed to a malicious website. Which endpoint security technology can be used to best prevent such an incident?
A. personal firewall
B. personal anti-virus
C. endpoint malware protection
D. file sandboxing
E. file integrity checks
Which method is a permissive security control in which only specified applications can run on an end host, while all other applications are prevented?
A. application blacklisting
B. application whitelisting
C. application deep packets inspection
D. application recognition and detection
When Cisco AMP for Endpoints detects that an unknown file has been received on an endpoint, what does it do with the file?
A. submits the file to the cloud for future analysis
B. deletes the file
C. executes the file to determine if it is malicious or not
D. performs a file trajectory to determine which other systems have seen the same file
What is the primary difference between a host-based firewall and a traditional firewall?
A. The host-based firewall can block traffic based on application or file type.
B. The traditional firewall can identify and protect against malicious HTTP exploits.
C. There is no difference between the functional aspects of host-based and traditional firewalls.
D. Host-based firewalls protect an individual machine while traditional firewalls control traffic arriving at and leaving networks.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.