nerdexam
Cisco

210-255 · Question #120

Which value in profiling servers in a system is true?

The correct answer is B. it can identify servers that have been exploited. Profiling servers establishes a baseline of normal behavior so that deviations - such as those caused by exploitation - can be detected.

Security Monitoring

Question

Which value in profiling servers in a system is true?

Options

  • Ait can identify when network performance has decreased
  • Bit can identify servers that have been exploited
  • Cit can identify when network ports have been connected
  • Dit can protect the address space of critical hosts.

How the community answered

(36 responses)
  • A
    8% (3)
  • B
    86% (31)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Profiling servers establishes a baseline of normal behavior so that deviations - such as those caused by exploitation - can be detected.

Ait can identify when network performance has decreased

Decreased network performance is identified through network monitoring and performance baselining tools, not server profiling specifically.

Bit can identify servers that have been exploitedCorrect

Server profiling captures normal characteristics such as running processes, active ports, CPU usage, and file system activity. When a server is exploited, its behavior deviates from this established baseline, allowing security teams to identify compromise through anomaly detection against the stored profile.

Cit can identify when network ports have been connected

Monitoring which ports are connected is a function of network traffic analysis or a port scanner, not server profiling.

Dit can protect the address space of critical hosts.

Protecting address space of critical hosts is a function of memory protection mechanisms such as ASLR or DEP, not server profiling.

Concept tested: Server profiling for anomaly and compromise detection

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#server profiling#baseline behavior#anomaly detection#host exploitation

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice