210-255 Practice Questions
193 real 210-255 exam questions with expert-verified answers and explanations. Page 1 of 4.
- Question #1Security Monitoring
Which option can be addressed when using retrospective security techniques?
retrospective analysismalware investigationincident forensicsnetwork security - Question #2Attack Methods
Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?
CVSSv3attack vectorvulnerability scoringphysical access - Question #3Security Policies and Procedures
Which option is a misuse variety per VERIS enumerations?
VERISincident taxonomymisuse classificationthreat categorization - Question #4Security Policies and Procedures
In the context of incident handling phases, which two activities fall under scoping? (Choose two.)
incident handlingincident scopingincident response phasesprotected resources - Question #5Security Monitoring
Which regular expression matches "color" and "colour"?
regular expressionspattern matchingoptional quantifierstring matching - Question #6Security Policies and Procedures
Which kind of evidence can be considered most reliable to arrive at an analytical assertion?
evidence typesdirect evidenceanalytical assertionforensic investigation - Question #7Network Intrusion Analysis
You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and writes to a new p...
Diamond Modelweb application attackHTTP log analysisdelivery phase - Question #8Security Monitoring
Which string matches the regular expression r(ege)+x?
regular expressionsregex quantifierspattern matchinggrouping - Question #9Attack Methods
Which statement about threat actors is true?
threat actorssecurity terminologyattacker classificationthreat intelligence - Question #10Security Policies and Procedures
Which data element must be protected with regards to PCI?
PCI DSScardholder datadata protectioncompliance - Question #11Host-Based Analysis
What mechanism does the Linux operating system provide to control access to files?
Linux file permissionsaccess controlOS securityfile system - Question #12Network Intrusion Analysis
Refer to the exhibit. What can be determined from this ping result?
IPv6ping analysisIP addressingnetwork troubleshooting - Question #13Security Policies and Procedures
Which element is part of an incident response plan?
incident response planIR proceduressecurity planningorganizational policy - Question #14Security Policies and Procedures
Which source provides reports of vulnerabilities in software and hardware to a Security Operations Center?
CSIRTvulnerability reportingSOC operationssecurity organizations - Question #15Security Monitoring
What information from HTTP logs can be used to find a threat actor?
HTTP logsIP address analysisthreat actor identificationlog analysis - Question #16Security Policies and Procedures
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61...
NIST SP800-61incident responseprecursorindicators of attack - Question #17Host-Based Analysis
You have run a suspicious file in a sandbox analysis tool to see what the file does. The analysis report shows that outbound callouts were made post infection. Which two pieces of...
sandbox analysismalware calloutsC2 indicatorsnetwork IOC - Question #18Network Intrusion Analysis
Which option filters a LibPCAP capture that used a host as a gateway?
LibPCAPpacket capture filterstcpdumpgateway filtering - Question #19Security Monitoring
Which type of analysis allows you to see how likely an exploit could affect your network?
probabilistic analysisexploit likelihoodrisk assessmentvulnerability analysis - Question #20Network Intrusion Analysis
Which network device creates and sends the initial packet of a session?
network sessionssource hostpacket flowsession initiation - Question #21Network Intrusion Analysis
When performing threat hunting against a DNS server, which traffic toward the affected domain is considered a starting point?
DNSthreat huntingUDPtraffic analysis - Question #22Network Intrusion Analysis
Refer to the exhibit. Which application protocol is in this PCAP file?
PCAP analysisSSLprotocol identificationWireshark - Question #23Attack Methods
You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real attach and not a net...
Diamond ModelAPTdata exfiltrationaction on objectives - Question #24Security Monitoring
Refer to the exhibit. We have performed a malware detection on the Cisco website. Which statement about the result is true?
malware detectionVirusTotalthreat analysisbenign classification - Question #25Security Monitoring
Which option has a drastic impact on network traffic because it can cause legitimate traffic to be blocked?
false positiveIDS/IPSalert classificationtraffic blocking - Question #26Security Policies and Procedures
Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?
CVSSv3integrityvulnerability scoringCVSS metrics - Question #27Security Policies and Procedures
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
forensic processevidence collectiondata integritychain of custody - Question #28Security Policies and Procedures
Which information must be left out of a final incident report?
incident reportingdocumentationreport contentsincident response - Question #29Network Intrusion Analysis
Which two components are included in a 5-tuple? (Choose two.)
5-tupleport numberdestination IPnetwork traffic - Question #30Security Policies and Procedures
In VERIS, an incident is viewed as a series of events that adversely affects the information assets of an organization. Which option contains the elements that every event is compr...
VERISincident modelactors actions assetsthreat framework - Question #31Network Intrusion Analysis
Refer to the exhibit. Which packet contains a file that is extractable within Wireshark?
Wiresharkfile extractionPCAPpacket analysis - Question #32Host-Based Analysis
Which two options can be used by a threat actor to determine the role of a server? (Choose two.)
server fingerprintingrunning processesreconnaissancethreat actor - Question #33Network Intrusion Analysis
Which option creates a display filter on Wireshark on a host IP address or name?
Wiresharkdisplay filterIP address filterpacket filtering - Question #34Network Intrusion Analysis
You receive an alert for malicious code that exploits Internet Explorer and runs arbitrary code on the site visitor machine. The malicous code is on an external site that is being...
HTTP user agentbrowser exploitInternet Explorermalicious traffic - Question #35Attack Methods
A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in the Diamo...
Diamond Modeldelivery phasemalicious attachmentkill chain - Question #36Security Monitoring
Refer to the Exhibit. A customer reports that they cannot access your organization's website. Which option is a possible reason that the customer cannot access the website?
web trafficmalicious activitysensor detectionincident triage - Question #37Network Intrusion Analysis
Which identifies both the source and destination location?
IP addresssource destinationnetwork addressing5-tuple - Question #38Security Policies and Procedures
Which type of analysis assigns values to scenarios to see what the outcome might be in each scenario?
probabilistic analysisrisk assessmentscenario modelingthreat analysis - Question #39Host-Based Analysis
Which feature is used to find possible vulnerable services running on a server?
listening portsvulnerable servicesport scanninghost enumeration - Question #40Security Policies and Procedures
Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?
CVSSv3availabilityresource consumptionCVSS metrics - Question #41Security Policies and Procedures
Which Security Operations Center's goal is to provide incident handling to a country?
CSIRT typesNational CSIRTSOC structureincident handling - Question #42Attack Methods
A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in...
Cyber Kill ChainreconnaissanceHTTP traffic analysiskill chain phases - Question #43Security Monitoring
Which goal of data normalization is true?
data normalizationdata redundancydata management - Question #44Security Monitoring
Which description of a retrospective malware detection is true?
retrospective detectionmalware analysishistorical datathreat detection - Question #45Security Monitoring
Which process is being utilized when IPS events are removed to improve data integrity?
data normalizationIPS eventsdata integrityfalse positive removal - Question #46Security Policies and Procedures
Which element is included in an incident response plan?
incident response planIRP elementssecurity policyorganization mission - Question #47Host-Based Analysis
In Microsoft Windows, as files are deleted the space they were allocated eventually is considered available for use by other files. This creates alternating used and unused areas o...
file system forensicsfree space fragmentationWindows storagedisk analysis - Question #48Security Policies and Procedures
In the context of incident handling phases, which two activities fall under scoping? (Choose two.)
incident handling phasesscopingincident responseimpact assessment - Question #49Security Monitoring
Which regular expression matches "color" and "colour"?
regular expressionspattern matchingregex syntaxlog analysis - Question #50Host-Based Analysis
During which phase of the forensic process are tools and techniques used to extract the relevant information from the collective data?
forensic processexamination phasedigital forensicsevidence analysis