Cisco 210-255 Online Practice Questions and Exam Preparation

Cisco 210-255 Online Questions & Answers

• Question 191:

  Which two statements correctly describe the victim demographics section of the VERIS schema? (Choose two.)

  A. The victim demographics section describes but does not identify the organization that is affected by the incident.
  B. The victim demographics section compares different types of organizations or departments within a single organization.
  C. The victim demographics section captures general information about the incident.
  D. The victim demographics section uses geolocation data to identify the organization name of the victim and the threat actor.
  A. The victim demographics section describes but does not identify the organization that is affected by the incident.
  B. The victim demographics section compares different types of organizations or departments within a single organization.

• Question 192:

  Which of the following is one of the main goals of the CSIRT?

  A. To configure the organization's firewalls
  B. To monitor the organization's IPS devices
  C. To minimize and control the damage associated with incidents, provide guidance for mitigation, and work to prevent future incidents
  D. To hire security professionals who will be part of the InfoSec team of the organization.
  C. To minimize and control the damage associated with incidents, provide guidance for mitigation, and work to prevent future incidents

• Question 193:

  From a security perspective, why is it important to employ a clock synchronization protocol on a network?

  A. so that everyone knows the local time
  B. to ensure employees adhere to work schedule
  C. to construct an accurate timeline of events when responding to an incident
  D. to guarantee that updates are pushed out according to schedule
  C. to construct an accurate timeline of events when responding to an incident

• Question 194:

  Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?

  A. TTLs
  B. ports
  C. SMTP replies
  D. IP addresses
  B. ports

• Question 195:

  You receive an alert for malicious code that exploits Internet Explorer and runs arbitrary code on the site visitor machine. The malicous code is on an external site that is being visited by hosts on your network. Which user agent in the HTTP headers in the requests from your internal hosts warrants further investigation?

  A. Mozilla/5.0 (compatible, MSIE 10.0, Windows NT 6.2, Trident 6.0)
  B. Mozilla/5.0 (XII; Linux i686; rv: 1.9.2.20) Gecko/20110805
  C. Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 4O0) Gecko/20100101
  D. Opera/9.80 (XII; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
  A. Mozilla/5.0 (compatible, MSIE 10.0, Windows NT 6.2, Trident 6.0)

• Question 196:

  What is the common artifact that is used to uniquely identify a detected file?

  A. Hash
  B. Timestamp
  C. File size
  A. Hash

• Question 197:

  What define the roadmap for implementing the incident response capability?

  A. incident response plan
  B. incident response procedure
  C. incident handling guide
  D. incident response policy
  A. incident response plan

• Question 198:

  Which Linux file system allows unlimited folder subdirectory structure

  A. ext4
  B. ext3
  C. ext2
  D. NTFS
  A. ext4

• Question 199:

  Which of the following is not a metadata feature of the Diamond Model?

  A. Direction
  B. Result
  C. Devices
  D. Resources
  C. Devices

• Question 200:

  Which option is missing a malware variety per VERIS enumerations?

  A. backdoor, command and control, denial or service attack
  B. adware, brute force, client-side attack
  C. packet sniffer, password dumper, scan network
  D. abuse of functionality, cache poisoning, remote file inclusion
  D. abuse of functionality, cache poisoning, remote file inclusion