Which statement best describes how Cisco CTA identifies security breaches?
A. Cisco CTA uses geo-location database signatures to geo-locate attackers, which provide forensic data points.
B. Breaches are identified by scanning SSL/TLS based payloads, decrypting the packet for deep packet analysis.
C. Cisco CTA leverages network traffic behaviors, machine learning, and anomaly detection to detect security breaches.
D. Cisco CTA performs detailed analytics based on provided SYSLOG and NetFlow v5 data elements.
E. Cisco CTA detects data breaches by decoding ESP security payloads and comparing them to known signatures from security intelligence feeds that are provided by the Talos Intelligence Group.
What is a key reason that enterprises are reluctant to move to cloud-based security services?
A. Cloud-based services are not stable, and do not provide high-availability features.
B. Data within the cloud is not natively secure, and customer data breaches are a major concern to enterprises.
C. Cloud-based deployments are significantly more complex to deploy and administer.
D. Enterprises do not trust cloud-based services because of inaccurate X.509 certificates
E. Cloud-based services do not support NGFW encryption technologies.
What three are primary items that are tracked by a security intelligence feed? (Choose three.)
A. known attackers
B. mis-configured ACLs
C. open relays
D. IP address with good reputation
E. IP address with poor reputation
Which statement best describes the difference between security intelligence and typical firewall ACLs in preventing malicious traffic?
A. Security intelligence uses a dictionary list of keywords, which, if detected in the data payload, will trigger a security event.
B. Using intelligence feeds that provide IP addresses with known bad reputations, malicious activity is blocked before any other policy-based inspection, analysis, or traffic handling is performed.
C. ACLs provide a more granular ability to control known bad IP addresses that have a poor reputation. Security intelligence feeds are broader in scope.
D. Security intelligence feeds can be used to detect security issues in improperly configured ACLs.
E. ACLs provide superior reflexive ACL entries, based on the known IP address that has a poor reputation, which will automatically be installed in the inspection engine of NGFWs.
What three elements can be configured in firewall polices to detect network-based malware? (Choose three.)
A. commonly used rainbow hash tables
B. commonly used protocols
C. SHA-256 hashes
D. metadata stored that is within the files
E. access control lists (ACLs)
Which one of the following best describes an NGFW versus a standard firewall?
A. NGFWs perform various security functions, such as generating different types of logs and alerts related to suspicious activities, to protect the network from advanced attacks.
B. Standard firewalls are more secure, due to the ease of installation and deployment, and are capable of preventing all malicious activities from penetrating the network.
C. NGFWs contain the appropriate features to detect Malware and detonate unknown files in a secure hard drive partition on the Firewall appliance, saving the analyst time and additional equipment requirements.
D. NGFWs and standard firewalls are functionally the same. The key difference is that standard firewalls provide granular application visibility and control.
E. Standard firewalls support malware protection only.
The Cisco OpenDNS dashboard page provides useful and important security information for security analysts. In which section of the dashboard are threats of malware or botnets displayed?
A. activity volume
B. message center
C. top identities
D. top domains
Which statement best describes how a network-based malware protection feature detects a possible event?
A. Using virus signature files locally on the firewall, it will detect incorrect MD5 file hashes.
B. The firewall applies broad-based application and file control policies to detect malware.
C. Malware can be detected correctly by using reputation databases on both the firewall and/or from the cloud.
D. IDS signature files that are located on the firewall are used to detect the presence of malware.
E. Malware can be detected and stopped by using ACLs and the modular policy framework within the firewall appliance.
Which statement identifies the primary difference between a transparent proxy deployment and an explicit proxy deployment?
A. In transparent proxy deployments, the client web browser is configured to use an HTTP proxy which sends traffic to the web content security system.
B. In explicit proxy deployments, the client web browser does not need to be altered. Instead, the Internet router will forward the redirect request to the destination web server.
C. With transparent proxy deployments, any WCCPv2-capable device will redirect all TCP port 81 and port 445 traffic to the content security system.
D. Deploying an explicit proxy configuration, the client-web browser must be statically set to use the HTTP proxy specifically.
How does DNS security combat CnC callbacks?
A. By filtering DNS requests, it blocks all requested zone transfers.
B. By changing the DNS MX field, CnC systems cannot be reached on the outbound connection.
C. By implementing DNS security measures, CnC callbacks over any ports and protocols are blocked when the DNS queries to any bad or malicious domains are prevented.
D. Using openDNS servers, such as Google openDNS (8.8.8.8), DNS requests are filtered based on the IP reputation tables that are maintained.
E. By configuring clients to use cloud-based DNS services, CnC callbacks are originated only in the cloud.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.