nerdexam
Exams210-255Questions#165
Cisco

210-255 · Question #165

210-255 Question #165: Real Exam Question with Answer & Explanation

The correct answer is D: 10.0.1.1. Network traffic analysis from the exhibit identifies host 10.0.1.1 as the source generating connections to a known malicious site based on suspicious DNS queries or HTTP request patterns visible in the captured logs.

Security Monitoring

Question

Refer to the exhibit. Which host is likely connecting to a malicious site?

Exhibit

210-255 question #165 exhibit

Options

  • A10.0.1.10
  • B10.0.1.20
  • C10.0.12
  • D10.0.1.1

Explanation

Network traffic analysis from the exhibit identifies host 10.0.1.1 as the source generating connections to a known malicious site based on suspicious DNS queries or HTTP request patterns visible in the captured logs.

Common mistakes.

  • A. Host 10.0.1.10 does not exhibit the DNS query or HTTP connection patterns in the exhibit that indicate communication with a malicious site.
  • B. Host 10.0.1.20 traffic shown in the exhibit reflects normal activity without indicators linking it to malicious infrastructure.
  • C. The address 10.0.12 is likely a typo for 10.0.1.12 and this host is not shown in the exhibit as initiating connections to malicious destinations.

Concept tested. Network traffic analysis and malicious host identification

Topics

#malicious traffic#network analysis#threat detection#IP analysis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice