nerdexam
Cisco

210-255 · Question #62

Which two HTTP header fields relate to intrusion analysis? (Choose two).

The correct answer is A. user-agent B. host. The user-agent and host HTTP header fields are most valuable for intrusion analysis because they expose client identity and the intended target of each request.

Network Intrusion Analysis

Question

Which two HTTP header fields relate to intrusion analysis? (Choose two).

Options

  • Auser-agent
  • Bhost
  • Cconnection
  • Dlanguage
  • Ehandshake type

How the community answered

(28 responses)
  • A
    89% (25)
  • C
    7% (2)
  • D
    4% (1)

Why each option

The user-agent and host HTTP header fields are most valuable for intrusion analysis because they expose client identity and the intended target of each request.

Auser-agentCorrect

The user-agent header identifies the client software making the request and is commonly manipulated by attackers using exploit frameworks, automated scanners, or malware, making it a primary indicator for detecting malicious or anomalous HTTP activity.

BhostCorrect

The host header specifies which domain or virtual host is being targeted and is critical for detecting host header injection attacks, identifying which assets are under attack, and correlating requests to specific web applications in a multi-tenant environment.

Cconnection

The connection header manages TCP connection persistence such as keep-alive directives and provides no meaningful signal for identifying malicious intent or attacker behavior patterns.

Dlanguage

The accept-language header indicates preferred response language for content negotiation and carries no security significance relevant to intrusion detection or attack analysis.

Ehandshake type

Handshake type is not a standard HTTP header field; TLS handshake negotiation occurs at the transport layer and is not visible or applicable as an HTTP header for intrusion analysis.

Concept tested: HTTP header fields relevant to intrusion detection analysis

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

Topics

#HTTP headers#user-agent#intrusion analysis#HTTP protocol

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice