What are three characteristics of RADIUS? (Choose three.)
A. RADIUS uses the UDP protocol.
B. RADIUS encrypts passwords.
C. RADIUS performs authentication and accounting only.
D. RADIUS encrypts the entire body of the packet.
E. RADIUS uses one UDP port for authentication and one for accounting.
Why is a transparent firewall considered a "bump in the wire" or "stealth firewall"?
A. It is a bump on the wire because it filters packets at the OSI physical layer.
B. Using separate IP subnets for inside and outside interfaces, packets are inspected quietly.
C. A transparent firewall is considered a Layer 2 firewall and has no routing capabilities.
D. Transparent firewalls work in "stealth mode" by using network taps.
E. Because transparent firewalls can route between inside and outside interfaces, packets are "bumped" between them by using special firewall rule-sets.
How does a network tap alter the data flow?
A. A network tap installs a new header field into the Ethernet frame.
B. A network tap alters the Layer 3 TCP/IP headers and recalculates the CRC field.
C. A network tap does not alter the data flow.
D. Using a data-mixing feature, the network tap combines two or more data flows for efficiency.
E. A network tap regenerates the captured packet, thus changing its digital signature.
Which Security Onion tool should the security analyst use to as the centralized syslog collector?
A. OSSEC
B. ELSA
C. SNORT
D. Bro
What are three benefits of deploying Security Onion for network security monitoring? (Choose three.)
A. Security Onion provides an entire suite of open-source tools in a single distribution.
B. Security Onion automates security monitoring eliminating the need for security analyst intervention.
C. Security Onion provides visibility and context into network events, traffic, and alerts.
D. Security Onion can be installed on your mobile devices such as tablets to provide a portable security analysis tool.
E. Security Onion provides tools for packet capture, threat detection, and packet analysis.
What common defense-in-depth method can help reduce the attack surface?
A. use 8-character passwords
B. replace copper connections with fiber-based connections
C. deploy IPS, firewalls, and AAA-based platforms and services
D. use UDP protocols to preserve bandwidth and protocol overhead
E. place systems on Internet-facing DMZ links to control traffic flows
When are "point-in-time detection technologies" considered useless?
A. after the attacker has compromised the Internet-facing firewall appliance
B. when a malicious file is not caught, or is self-morphing after entering the environment
C. when the IPS appliance detects an anomaly.
D. when forensics are performed on the malicious payload to ascertain its origin and attack behaviors
What are two benefits of cloud-based security services? (Choose two.)
A. The cloud promotes greater optimization and utilization of assets to achieve significant cost reduction.
B. The cloud provides flexibility in the way that enterprise organizations source, deliver, and consume security services.
C. Cloud providers automatically deploy advanced threat analytics to secure confidential customer data, such as customer information.
D. With cloud-based security services, enterprise organizations can remove complex layers of on-premise security policies and procedures.
E. Migration of security services between cloud providers is easier to achieve.
What are two tools that are provided by Security Onion? (Choose two.)
A. Metasploit
B. StealthWatch
C. Snort
D. Nagios
E. ELSA
Of the two types of attacks that analysts investigate, established attacks can be detected by which three methods? (Choose three.)
A. well-defined ACLs that are applied at the firewall
B. a decent set of IPS signatures applied
C. updated anti-virus signatures
D. updated firmware on network devices
E. updated IP/domain blacklists
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.