What is an advantage when deploying the Talos Intelligence Group security intelligence feed?
A. updated virus signatures for IT administrators to deploy on user end-stations.
B. updated geo-location database updates, to track malicious activities origins.
C. regular updates to ensure that the system uses up-to-date information to filter your network traffic.
D. archival intelligence feeds that are only obtained from the Internet storm center.
E. real-time cyber analytics feeds from leading governments around the globe.
Which one of the following statements is considered a DNS "blind spot?"
A. A DNS blind spot is defined as the inability to change the CX DNS records for outbound requests.
B. A blind spot is the failure to properly monitor DNS activity for security purposes.
C. DNS blind spots are created when a root-level DNS server is under a DDos attack.
D. Blind spots are caused by improper or lack of proper software patching to DNS BIND servers.
E. DNS blind spots are a direct result of DoS port scanning of UDP port 53.
What happens when a file hash has never been seen by Cisco's cloud malware analysis system?
A. An unknown disposition status is returned, and the file is automatically submitted to the cloud for dynamic analysis.
B. An unknown disposition status is returned, and the file is automatically stored on the local firewall SSD module.
C. The file is sent directly to Cisco for analysis
D. A CVE is automatically generated for the file, and uploaded to the cloud for dynamic analysis.
E. The file is quietly discarded and the end user is alerted to the presence of malware.
What are two controls that the Cisco WSA can use to validate web requests? (Choose two.)
A. basic URL filtering that leverages pre-defined, category-based web usage controls
B. AMP for isolating reputable exploits and malware samples to its local disk for further investigation
C. a reputation database that is used to analyze web requests as part of a security control procedure
D. IPS-based signatures that are loaded in the Cisco WSA to prevent intrusions and alert system administrators
E. a reputation database within the Cisco WSA that uses Snort-like rule sets to combat RootKit intrusions
Which three technologies typically send traffic using clear text? (Choose three.)
A. FTP/TFTP
B. SCP
C. SMTP
D. SSH
E. SSL
F. Telnet
Regarding outbound email security policies, which one of the following steps is omitted from the outbound mail pipeline, but is available in the inbound mail pipeline?
A. reputation filters
B. RSA DLP
C. advanced malware protection
D. anti-virus
E. anti-spam
What are three similarities between IDS and IPS sensors? (Choose three.)
A. Both use reflective ACLs to detect malicious network activity.
B. Both can verify that the rules of network protocols such as TCP/IP, UDP, and ICMP are properly followed.
C. Both use signature files to determine whether suspicious activity is occurring.
D. Both can block attacks that would normally pass through a traditional firewall device.
E. Both can analyze all traffic that controls Layer 2-to-Layer 3 mappings, such as ARP and DHCP.
Which one of the following command strings are correct Snort rules?
A. alert tcp any any (msg:"IDS Rule 5 Triggered");
B. drop udp 10.40.1.74 anyany any (content: "root"; nocase; msg:"UDP not allowed");
C. pass tcp 443 443 -> any any (msg:"HTTP rule failure"; content: "https:";;)
D. alert icmp any any -> $HOME_NET any (msg:"ICMP rule triggered";)
E. drop vlan (content:"dot1q"; msg:"VLAN Trunking Violation";) -> any any $HOME_NET
What are two limitations to deploying a local SPAN to monitor traffic? (Choose two.)
A. Local SPAN functionality varies depending on the platform and software revision that are used.
B. Local SPAN can be configured, but dropped packets may occur when applying it to the destination interface.
C. Since local SPAN is run in software, it provides a cost-effective solution, compared to network taps.
D. The monitoring interface can become a bottleneck during periods of high use.
E. Minimal filtering is possible by specifying the interface directionally or VLAN.
Which three of the following statements are benefits of RSPAN? (Choose three.)
A. RSPAN uses existing hardware to provide a cost-effective monitoring solution.
B. RSPAN eliminates the need for VLAN-capable devices between the source and destination to monitor traffic.
C. With RSPAN working at the IOS driver level, it bypasses any ACLs that are applied to the 802.1Q trunk.
D. RSPAN allows multiple sources for enterprise-wide port monitoring.
E. RSPAN does not require the capture device to be directly connected.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.