nerdexam
Exams210-255Questions#53
Cisco

210-255 · Question #53

210-255 Question #53: Real Exam Question with Answer & Explanation

The correct answer is D: IDS log. The exhibit shows an IDS log, which is characterized by structured alert fields such as signature ID, severity level, source/destination IP, port, and the name of the triggered detection rule.

Question

Refer to the exhibit. Which type of log is this an example of?

Exhibit

210-255 question #53 exhibit

Options

  • Asyslog
  • BNetFlow log
  • Cproxy log
  • DIDS log

Explanation

The exhibit shows an IDS log, which is characterized by structured alert fields such as signature ID, severity level, source/destination IP, port, and the name of the triggered detection rule.

Common mistakes.

  • A. Syslog is a general-purpose system event logging protocol that records OS or application events and does not contain IDS-specific fields like signature IDs or alert classifications.
  • B. NetFlow logs capture flow-level metadata such as source/destination IP, port, byte count, and packet count, but do not include threat signatures or alert severity ratings.
  • C. Proxy logs record web browsing activity including URLs, HTTP methods, user agents, and response codes - not threat detection alerts or signature rule data.

Concept tested. Identifying IDS log format and distinguishing characteristics

Reference. https://docs.snort.org/rules/headers

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice