Cisco 210-250 Online Practice Questions and Exam Preparation

Cisco 210-250 Online Questions & Answers

• Question 831:

  Which one of the following protocols is susceptible to a SYN flood attack?

  A. UDP
  B. ARP
  C. TCP
  D. ICMP
  C. TCP

• Question 832:

  An attacker used social engineering to gain administrative access to a router, then altered the router image. How can an analyst detect that the router's image has been altered?

  A. by verifying the router's image digital signature hash
  B. by verifying the router's running configurations
  C. by verifying the router's image creation date
  D. by verifying the router's image version
  A. by verifying the router's image digital signature hash

• Question 833:

  Which three describe what happens when a compromised system that is used for malware operation is discovered and taken down? (Choose three.)

  A. The malware downloader may be unable to retrieve its payload.
  B. The malware may attempt to use a different compromised system to download malicious payload.
  C. Malware communication with the CnC server may stop.
  D. The malware may inform the CnC center that a compromised system has been discovered and the entire operation should be aborted.
  A. The malware downloader may be unable to retrieve its payload.
  B. The malware may attempt to use a different compromised system to download malicious payload.
  C. Malware communication with the CnC server may stop.

• Question 834:

  Which access control model originates from the military and uses security labels?

  A. access control list
  B. discretionary access control
  C. mandatory access control
  D. role-based access control
  C. mandatory access control

• Question 835:

  Which of the following is not a disadvantage of host-based antimalware?

  A. It requires updating multiple endpoints.
  B. It does not have visibility into encrypted traffic.
  C. It does not have visibility of all events happening in the network.
  D. It may require working with different operating systems.
  B. It does not have visibility into encrypted traffic.

• Question 836:

  Which of the following is a type of vulnerability that attackers can exploit to read sensitive data from the database, modify or delete database data, execute administration operations on the database, and even issue commands to the operating system?

  A. SQL injection
  B. SQL buffer overflow
  C. SQL drop
  D. SQL bomb
  A. SQL injection

• Question 837:

  Which one of the following options is a valid field in the UDP header?

  A. window size
  B. options
  C. checksum
  D. reserved
  C. checksum

• Question 838:

  Which endpoint security technology should be used to prevent any incoming connections to the host?

  A. host-based personal firewall
  B. host-based anti-virus
  C. host-based IPS
  D. host-based malware protection
  A. host-based personal firewall

• Question 839:

  Why are encryption and protocol tunneling effective techniques for IPS evasion attacks?

  A. Encrypted packets bypass IPS sensors, as IP and TCP header information is unreadable by the sensor.
  B. Tunneling protocols send packets end-to-end and therefore cannot transit the IPS sensor.
  C. IPS sensors cannot unencrypt the payload to determine the contents of the data.
  D. Packets bypass the IPS sensor after its memory resources are exhausted unencrypting packets.
  C. IPS sensors cannot unencrypt the payload to determine the contents of the data.

• Question 840:

  Which Security Onion tool should the security analyst use to as the centralized syslog collector?

  A. OSSEC
  B. ELSA
  C. SNORT
  D. Bro
  B. ELSA