210-255 Exam Questions
181 real 210-255 exam questions with expert-verified answers and explanations. Page 2 of 4.
- Question #60Security Policies and Procedures
From a security perspective, why is it important to employ a clock synchronization protocol on a network?
NTPclock synchronizationlog correlationincident response timeline - Question #62Network Intrusion Analysis
Which two HTTP header fields relate to intrusion analysis? (Choose two).
HTTP headersuser-agentintrusion analysisHTTP protocol - Question #63Security Policies and Procedures
Which component of the NIST SP800-61 r2 incident handling strategy reviews data?
NIST SP800-61incident response lifecyclepost-incident analysisincident handling - Question #64Host-Based Analysis
Which option is generated when a file is run through an algorithm and generates a string specific to the contents of that file?
file hashingcryptographic hashintegrity verificationmalware analysis - Question #65Security Policies and Procedures
Which data type is protected under the PCI compliance framework?
PCI DSScomplianceprimary account numberdata protection - Question #66Security Policies and Procedures
What is accomplished in the identification phase of incident handling?
incident handlingidentification phasesecurity eventincident response - Question #71Security Policies and Procedures
Which of the following are core responsibilities of a national CSIRT and CERT?
CSIRTCERTnational cybersecurityvulnerability disclosure - Question #72Security Policies and Procedures
Which of the following is one of the main goals of the CSIRT?
CSIRTincident responsedamage controlsecurity team - Question #73Security Policies and Procedures
Which of the following are examples of some of the responsibilities of a corporate CSIRT and the policies it helps create? (Select all that apply.)
CSIRTincident classificationinformation classificationsecurity policies - Question #74Security Monitoring
Which of the following is one of the main goals of data normalization?
data normalizationlog managementSIEMdata integrity - Question #75Security Policies and Procedures
Which of the following is an example of a coordination center?
coordination centerCERTSEIsecurity organizations - Question #76Network Intrusion Analysis
Refer to the following packet capture. Which of the following statements is true about this packet capture? 00:00:04.549138 IP omar.cisco.com.34548 > 93.184.216.34.telnet: Flags [S...
packet capture analysisTelnetTCP SYNconnection timeout - Question #77Attack Methods
Which of the following steps in the kill chain would come before the others?
kill chainattack lifecycledelivery phaseattack sequence - Question #78Security Policies and Procedures
Which of the following are the three metrics, or "scores," of the Common Vulnerability Scoring System (CVSS)? (Select all that apply.)
CVSSvulnerability scoringbase scoretemporal score - Question #79Security Monitoring
Which of the following are not components of the 5-tuple of a flow in NetFlow? (Select all that apply.)
NetFlow5-tupleflow analysisnetwork monitoring - Question #80Security Policies and Procedures
Which of the following is typically a responsibility of a PSIRT?
PSIRTvulnerability disclosureproduct securitysecurity team - Question #81Security Monitoring
Which of the following is not a metadata feature of the Diamond Model?
Diamond Modelthreat intelligencemetadatacyber threat framework - Question #82Network Intrusion Analysis
Which of the following has been used to evade IDS and IPS devices?
IDS evasionIPS evasionfragmentationpacket manipulation - Question #83Security Monitoring
Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)
DNS intelligenceC2 detectionthreat correlationdomain reputation - Question #84Security Monitoring
Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a security operations center (SOC)?
SOCmanaged security serviceincident responseCisco ATA - Question #85Attack Methods
Which of the following is not an example of weaponization?
cyber kill chainweaponizationC2 serverRAT - Question #86Security Policies and Procedures
In addition to cybercrime and attacks, evidence found on a system or network may be presented in a court of law to support accusations of crime or civil action, including which of...
digital forensicslegal evidencecybercrimecourt proceedings - Question #88Security Policies and Procedures
What is the process of remediation the system from attack so that responsible threat actor can be revealed?
incident responseIP attributionthreat actor identificationremediation - Question #89Security Policies and Procedures
What protocol is related to NAC?
NAC802.1Xnetwork access controlauthentication protocol - Question #90Security Policies and Procedures
Which of the following are the three broad categories of cybersecurity investigations?
cybersecurity investigationsforensicslegal framework - Question #91Host-Based Analysis
Which netstat command show ports?
netstatlistening portshost commandsCLI tools - Question #92Security Policies and Procedures
Choose the option that best describes NIST data integrity
NISTdata integrityhashingforensic procedures - Question #93Security Policies and Procedures
What attribute belonging VERIS schema?
VERISincident recordingCIA triadsecurity framework - Question #94Security Policies and Procedures
According to NIST what option is unnecessary for containment strategy?
NIST SP 800-61containment strategyincident responsesandboxing - Question #95Security Policies and Procedures
Based on nistsp800-61R2 what are the recommended protections against malware?
NIST SP 800-61malware preventionsecurity controls - Question #96Network Intrusion Analysis
Filtering ports in wireshark?
Wiresharkdisplay filterspacket analysisport filtering - Question #97Security Policies and Procedures
What is the definition of confidentiality according to CVSSv3 framework?
CVSSv3vulnerability scoringconfidentiality metricCVSS framework - Question #98Attack Methods
At which stage attacking the vulnerability belongs in Cyber kill chain?
cyber kill chainexploitationattack phasesvulnerability - Question #99Host-Based Analysis
What is a listening port?
listening portsnetwork portsTCP connectionssocket - Question #100Security Policies and Procedures
Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?
PSIRTvulnerability disclosurevendor securityCSIRT - Question #101Host-Based Analysis
Which of the following is not true about listening ports?
listening portsport analysisnetwork trafficservice identification - Question #102Security Policies and Procedures
Which of the following are examples of some of the responsibility of a corporate CSIRT and the policies it helps create? (Choose four)
CSIRT responsibilitiesincident classificationinformation protectiondata retention - Question #103Security Monitoring
What is the difference between deterministic and probabilistic assessment method?
deterministic analysisprobabilistic analysisrisk assessment - Question #104Security Policies and Procedures
Which of the following is not an example of the VERIS main schema categories?
VERIS schemaincident trackingincident classification - Question #105Security Monitoring
What is Data mapping used for? (Choose two)
data mappingdata integritydata visualization - Question #106Attack Methods
Which type of intrusion event is an attacker retrieving the robots. txt file from target site?
reconnaissancecyber kill chainrobots.txtpassive recon - Question #107Security Monitoring
Which two potions about deterministic and probabilistic analysis are true? (Choose two.)
deterministic analysisprobabilistic analysissecurity assessment - Question #108Network Intrusion Analysis
Refer to exhibit. Which option is the logical source device for these events?
IDS/IPSevent analysisnetwork device identification - Question #109Host-Based Analysis
Which option is the common artifact used to uniquely identify a detected file?
file hashartifact identificationmalware analysisforensic indicators - Question #110Network Intrusion Analysis
Which two useful pieces of information can be collected from the IPv4 protocol header? (Choose two.)
IPv4 headerpacket analysisIP addressing - Question #111Security Policies and Procedures
Which option is unnecessary for determining the appropriate containment strategy according to NIST.SP800-61 r2?
NIST SP800-61containment strategyincident responseevidence preservation - Question #112Host-Based Analysis
Which type verification typically consists of using tools to compute the message digest of the original and copies data, then comparing the digests to make sure that they are the s...
data integritymessage digesthash verificationdigital forensics - Question #113Security Policies and Procedures
Which function does an internal CSIRT provide?
CSIRT typesincident handlingorganizational security - Question #114Network Intrusion Analysis
Which expression creates a filter on a host IP address or name?
BPF filtertcpdumppacket capturehost filter syntax - Question #115Security Policies and Procedures
The united State CERT provides cybersecurity protection to Federal, civilian, and executive branch agencies through intrusion detection and prevention capabilities. Which type of i...
National CSIRTUS-CERTincident response teamsCSIRT taxonomy