Which endpoint security technology should be used to prevent any incoming connections to the host?
A. host-based personal firewall
B. host-based anti-virus
C. host-based IPS
D. host-based malware protection
What can a HIPS do that a NIPS cannot? (Choose two.)
A. Detect malware delivered to the host via an encrypted channel.
B. Protect a mobile host while connected to non-secured networks.
C. Block malware as it is carried across the network.
D. Inspect traffic crossing a link in the network.
How does malware evade sandbox detection?
A. change the file's SHA or the file's extension
B. compress the malware file
C. avoid triggering malicious activities when it is run within a virtual environment
D. alter the file behavior such as the protocol used for the CnC traffic
An attacker used social engineering to gain administrative access to a router, then altered the router image. How can an analyst detect that the router's image has been altered?
A. by verifying the router's image digital signature hash
B. by verifying the router's running configurations
C. by verifying the router's image creation date
D. by verifying the router's image version
When an attacker modifies a system image that has been digitally signed, what does the attacker need in order to also change the digital signature of the image?
A. the digital signature of the original image
B. the public key that was used to sign the original image
C. the private key that was used to sign the original image
D. the public and private keys that were used to sign the original image
Which Cisco AMP for endpoints feature is used during post-incident investigations to determine the source (patient zero) of the malware?
A. file security intelligence feeds
B. file capture
C. file sandboxing
D. file trajectory
What is the primary reason to use a sandbox to analyze unknown suspicious files?
A. to determine exactly what a file does before it is labeled malicious or benign
B. to block any suspected malware in real time before it can inflect the end user
C. to provide evidence for post-incident forensics reports
D. to run it in a production environment to see its effects
How is malware that is not on the whitelist able to execute?
A. by executing it in memory and injecting malicious code into a legitimate process that is currently running
B. by changing the register setting
C. by packing (encrypting or compressing) the file
D. by executing it using the safe mode
Which two of the following statements are true about malware protection? (Choose two.)
A. Malware protection at the host installation level is useless and can only be performed at the network level.
B. Modern products for malware detection can achieve close to 100 percent success in detection.
C. Antivirus and antispyware tools provide a line of defense, but their efficacy is dropping.
D. Antivirus and antispyware tools primarily work after the infection has occurred.
E. A combination of an antivirus product and an antispyware product provides the best defense against malware.
A malicious file was executed on a host but it was not detected by the host-based IPS. What is this kind of incident known as?
A. true positive
B. true negative
C. false positive
D. false negative
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.