Refer to the exhibit. Which application protocol is in this PCAP file?
A. TCP
B. SSH
C. HTTP
D. SSL
You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real attach and not a network misconfiguration. Which category does this event fall under as defined in the Diamond Model of Intrusion?
A. reconnaissance
B. weaponization
C. delivery
D. action on objectives
Which network device creates and sends the initial packet of a session?
A. source
B. origination
C. destination
D. network
When performing threat hunting against a DNS server, which traffic toward the affected domain is considered a starting point?
A. HTTPS traffic
B. TCP traffic
C. HTTP traffic
D. UDP traffic
Which type of analysis allows you to see how likely an exploit could affect your network?
A. descriptive
B. casual
C. probabilistic
D. inferential
You have run a suspicious file in a sandbox analysis tool to see what the file does. The analysis report shows that outbound callouts were made post infection. Which two pieces of information from the analysis report are needed or required to investigate the callouts? (Choose two.)
A. file size
B. domain names
C. dropped files
D. signatures
E. host IP addresses
Which option filters a LibPCAP capture that used a host as a gateway?
A. tcp|udp] [src|dst] port
B. [src|dst] net
C. ether [src|dst] host
D. gateway host
What information from HTTP logs can be used to find a threat actor?
A. referer
B. IP address
C. user-agent
D. URL
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?
A. instigator
B. precursor
C. online assault
D. trigger
Which element is part of an incident response plan?
A. organizational approach to incident response
B. organizational approach to security
C. disaster recovery
D. backups
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-255 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.