nerdexam
Cisco

210-255 · Question #181

How do you verify that one of your hosts is potentially compromised based on their communication destinations?

The correct answer is A. Search the communication destinations of the host in the Talos IP & Domain Reputation Center.. The Cisco Talos IP and Domain Reputation Center is the authoritative tool for checking whether a host's communication destinations are associated with known malicious activity.

Security Monitoring

Question

How do you verify that one of your hosts is potentially compromised based on their communication destinations?

Options

  • ASearch the communication destinations of the host in the Talos IP & Domain Reputation Center.
  • BAnalyze how much traffic the host sent and received from each IP address or domain.
  • CSee if any Stealthwatch alarms were triggered for the host communicating with internal hosts.
  • DCheck the Firepower appliance to see if malicious files were downloaded.

How the community answered

(26 responses)
  • A
    77% (20)
  • B
    4% (1)
  • C
    4% (1)
  • D
    15% (4)

Why each option

The Cisco Talos IP and Domain Reputation Center is the authoritative tool for checking whether a host's communication destinations are associated with known malicious activity.

ASearch the communication destinations of the host in the Talos IP & Domain Reputation Center.Correct

Cisco Talos maintains a continuously updated threat intelligence database of malicious IP addresses and domains. Searching a suspected host's communication destinations against Talos directly reveals whether it is contacting known command-and-control servers or other threat infrastructure, which is a primary indicator of compromise.

BAnalyze how much traffic the host sent and received from each IP address or domain.

Traffic volume analysis identifies bandwidth anomalies but does not reveal whether the communication destinations are known malicious endpoints.

CSee if any Stealthwatch alarms were triggered for the host communicating with internal hosts.

Stealthwatch alarms are focused on internal network behavioral anomalies and lateral movement, not on evaluating the reputation of external communication destinations.

DCheck the Firepower appliance to see if malicious files were downloaded.

Firepower inspects files transiting the network for malware signatures but does not assess whether the IP addresses or domains a host is communicating with are malicious.

Concept tested: Using Talos reputation center to verify host compromise

Source: https://talosintelligence.com/reputation_center

Topics

#threat intelligence#Talos#IP reputation#host compromise detection

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice