nerdexam
Exams210-255Questions#161
Cisco

210-255 · Question #161

210-255 Question #161: Real Exam Question with Answer & Explanation

The correct answer is B: A log indicating a port scan was run against a host.. A precursor signals that an attack may occur in the future, while an indicator shows an attack is occurring or has already happened. A port scan log represents reconnaissance activity that precedes an attack.

Question

Which example of a precursor is true?

Options

  • AAn admin finds their password has been changed.
  • BA log indicating a port scan was run against a host.
  • CA notification that a host is infected with malware.
  • DA device configuration changed from the baseline without an audit log entry.

Explanation

A precursor signals that an attack may occur in the future, while an indicator shows an attack is occurring or has already happened. A port scan log represents reconnaissance activity that precedes an attack.

Common mistakes.

  • A. A changed admin password indicates an attack has already succeeded, making it an indicator rather than a precursor.
  • C. A malware infection notification is an indicator because it confirms a security event has already taken place on the host.
  • D. An unauthorized configuration change without an audit log entry is an indicator of a completed intrusion or policy violation, not a warning of a future attack.

Concept tested. Distinguishing precursors from indicators of compromise

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice