nerdexam
Cisco

210-255 · Question #36

Refer to the Exhibit. A customer reports that they cannot access your organization's website. Which option is a possible reason that the customer cannot access the website?

The correct answer is D. Web traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.. When internet-facing threat intelligence sensors flag a server's traffic as malicious, that IP can be blocklisted by ISPs and security infrastructure, preventing external customers from reaching the website.

Security Monitoring

Question

Refer to the Exhibit. A customer reports that they cannot access your organization's website. Which option is a possible reason that the customer cannot access the website?

Exhibit

210-255 question #36 exhibit

Options

  • AThe server at 10.33.1.5 is using up too much bandwidth causing a denial- of-service.
  • BThe server at 10.67.10.5 has a virus.
  • CA vulnerability scanner has shown that 10.67.10.5 has been compromised.
  • DWeb traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.

How the community answered

(24 responses)
  • A
    13% (3)
  • B
    8% (2)
  • C
    4% (1)
  • D
    75% (18)

Why each option

When internet-facing threat intelligence sensors flag a server's traffic as malicious, that IP can be blocklisted by ISPs and security infrastructure, preventing external customers from reaching the website.

AThe server at 10.33.1.5 is using up too much bandwidth causing a denial- of-service.

Excessive bandwidth consumption by an internal server would degrade or slow access for all users but would not produce a clean external block; this describes resource exhaustion rather than an access control action.

BThe server at 10.67.10.5 has a virus.

A virus on the server is an internal security finding and does not by itself cause external customers to be blocked from connecting to the website.

CA vulnerability scanner has shown that 10.67.10.5 has been compromised.

A vulnerability scanner result indicating compromise is an internal assessment output and does not directly result in external parties blocking customer access to the site.

DWeb traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.Correct

Internet sensors operated by threat intelligence services such as Cisco Talos can identify and report outbound traffic from an IP as malicious. Once flagged, that IP address may be added to reputation blocklists consumed by upstream ISPs, firewalls, and DNS resolvers, causing customer connections to the website to be silently dropped or refused. This external reputation-based blocking is a direct and realistic cause for customers being unable to access the organization's site even when the server itself is technically online.

Concept tested: Threat intelligence blacklisting impact on external website accessibility

Source: https://www.cisco.com/c/en/us/products/security/talos-intelligence-group/index.html

Topics

#web traffic#malicious activity#sensor detection#incident triage

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice