210-255 Practice Questions
193 real 210-255 exam questions with expert-verified answers and explanations. Page 2 of 4.
- Question #51Network Intrusion Analysis
Which option allows a file to be extracted from a TCP stream within Wireshark?
WiresharkTCP stream analysisfile extractionpacket analysis - Question #52Security Monitoring
Refer to the exhibit. Which type of log is this an example of?
NetFlowlog typesnetwork flow logslog identification - Question #53Security Monitoring
Refer to the exhibit. Which type of log is this an example of?
IDS logslog typesintrusion detectionlog identification - Question #54Network Intrusion Analysis
Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traff...
portsnetwork reconnaissanceprotocol analysisthreat actor techniques - Question #55Security Policies and Procedures
Which stakeholder group is responsible for containment, eradication, and recovery in incident handling?
incident handling rolesstakeholder responsibilitiescontainmenteradication and recovery - Question #56Security Monitoring
Refer to the exhibit. You notice that the email volume history has been abnormally high. Which potential result is true?
email anomaly detectionbotnet indicatorshost compromisesecurity monitoring - Question #57Attack Methods
A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in the Diamo...
Cyber Kill Chaindelivery phasemalicious attachmentattack phases - Question #58Attack Methods
Which option is a misuse variety per VERIS enumerations?
VERISaction categoriesincident classificationmisuse varieties - Question #59Security Monitoring
Which CVSSv3 metric captures the level of access that is required for a successful attack?
CVSSv3privileges requiredvulnerability metricsCVSS scoring - Question #60Security Policies and Procedures
From a security perspective, why is it important to employ a clock synchronization protocol on a network?
NTPclock synchronizationlog correlationincident response timeline - Question #61Attack Methods
You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and writes to a new p...
Diamond ModelHTTP injectionwebserver attackdelivery phase - Question #62Network Intrusion Analysis
Which two HTTP header fields relate to intrusion analysis? (Choose two).
HTTP headersuser-agentintrusion analysisHTTP protocol - Question #63Security Policies and Procedures
Which component of the NIST SP800-61 r2 incident handling strategy reviews data?
NIST SP800-61incident response lifecyclepost-incident analysisincident handling - Question #64Host-Based Analysis
Which option is generated when a file is run through an algorithm and generates a string specific to the contents of that file?
file hashingcryptographic hashintegrity verificationmalware analysis - Question #65Security Policies and Procedures
Which data type is protected under the PCI compliance framework?
PCI DSScomplianceprimary account numberdata protection - Question #66Security Policies and Procedures
What is accomplished in the identification phase of incident handling?
incident handlingidentification phasesecurity eventincident response - Question #71Security Policies and Procedures
Which of the following are core responsibilities of a national CSIRT and CERT?
CSIRTCERTnational cybersecurityvulnerability disclosure - Question #72Security Policies and Procedures
Which of the following is one of the main goals of the CSIRT?
CSIRTincident responsedamage controlsecurity team - Question #73Security Policies and Procedures
Which of the following are examples of some of the responsibilities of a corporate CSIRT and the policies it helps create? (Select all that apply.)
CSIRTincident classificationinformation classificationsecurity policies - Question #74Security Monitoring
Which of the following is one of the main goals of data normalization?
data normalizationlog managementSIEMdata integrity - Question #75Security Policies and Procedures
Which of the following is an example of a coordination center?
coordination centerCERTSEIsecurity organizations - Question #76Network Intrusion Analysis
Refer to the following packet capture. Which of the following statements is true about this packet capture? 00:00:04.549138 IP omar.cisco.com.34548 > 93.184.216.34.telnet: Flags [S...
packet capture analysisTelnetTCP SYNconnection timeout - Question #77Attack Methods
Which of the following steps in the kill chain would come before the others?
kill chainattack lifecycledelivery phaseattack sequence - Question #78Security Policies and Procedures
Which of the following are the three metrics, or "scores," of the Common Vulnerability Scoring System (CVSS)? (Select all that apply.)
CVSSvulnerability scoringbase scoretemporal score - Question #79Security Monitoring
Which of the following are not components of the 5-tuple of a flow in NetFlow? (Select all that apply.)
NetFlow5-tupleflow analysisnetwork monitoring - Question #80Security Policies and Procedures
Which of the following is typically a responsibility of a PSIRT?
PSIRTvulnerability disclosureproduct securitysecurity team - Question #81Security Monitoring
Which of the following is not a metadata feature of the Diamond Model?
Diamond Modelthreat intelligencemetadatacyber threat framework - Question #82Network Intrusion Analysis
Which of the following has been used to evade IDS and IPS devices?
IDS evasionIPS evasionfragmentationpacket manipulation - Question #83Security Monitoring
Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)
DNS intelligenceC2 detectionthreat correlationdomain reputation - Question #84Security Monitoring
Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a security operations center (SOC)?
SOCmanaged security serviceincident responseCisco ATA - Question #85Attack Methods
Which of the following is not an example of weaponization?
cyber kill chainweaponizationC2 serverRAT - Question #86Security Policies and Procedures
In addition to cybercrime and attacks, evidence found on a system or network may be presented in a court of law to support accusations of crime or civil action, including which of...
digital forensicslegal evidencecybercrimecourt proceedings - Question #88Security Policies and Procedures
What is the process of remediation the system from attack so that responsible threat actor can be revealed?
incident responseIP attributionthreat actor identificationremediation - Question #89Security Policies and Procedures
What protocol is related to NAC?
NAC802.1Xnetwork access controlauthentication protocol - Question #90Security Policies and Procedures
Which of the following are the three broad categories of cybersecurity investigations?
cybersecurity investigationsforensicslegal framework - Question #91Host-Based Analysis
Which netstat command show ports?
netstatlistening portshost commandsCLI tools - Question #92Security Policies and Procedures
Choose the option that best describes NIST data integrity
NISTdata integrityhashingforensic procedures - Question #93Security Policies and Procedures
What attribute belonging VERIS schema?
VERISincident recordingCIA triadsecurity framework - Question #94Security Policies and Procedures
According to NIST what option is unnecessary for containment strategy?
NIST SP 800-61containment strategyincident responsesandboxing - Question #95Security Policies and Procedures
Based on nistsp800-61R2 what are the recommended protections against malware?
NIST SP 800-61malware preventionsecurity controls - Question #96Network Intrusion Analysis
Filtering ports in wireshark?
Wiresharkdisplay filterspacket analysisport filtering - Question #97Security Policies and Procedures
What is the definition of confidentiality according to CVSSv3 framework?
CVSSv3vulnerability scoringconfidentiality metricCVSS framework - Question #98Attack Methods
At which stage attacking the vulnerability belongs in Cyber kill chain?
cyber kill chainexploitationattack phasesvulnerability - Question #99Host-Based Analysis
What is a listening port?
listening portsnetwork portsTCP connectionssocket - Question #100Security Policies and Procedures
Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?
PSIRTvulnerability disclosurevendor securityCSIRT - Question #101Host-Based Analysis
Which of the following is not true about listening ports?
listening portsport analysisnetwork trafficservice identification - Question #102Security Policies and Procedures
Which of the following are examples of some of the responsibility of a corporate CSIRT and the policies it helps create? (Choose four)
CSIRT responsibilitiesincident classificationinformation protectiondata retention - Question #103Security Monitoring
What is the difference between deterministic and probabilistic assessment method?
deterministic analysisprobabilistic analysisrisk assessment - Question #104Security Policies and Procedures
Which of the following is not an example of the VERIS main schema categories?
VERIS schemaincident trackingincident classification - Question #105Security Monitoring
What is Data mapping used for? (Choose two)
data mappingdata integritydata visualization