210-255 Practice Questions
193 real 210-255 exam questions with expert-verified answers and explanations. Page 3 of 4.
- Question #106Attack Methods
Which type of intrusion event is an attacker retrieving the robots. txt file from target site?
reconnaissancecyber kill chainrobots.txtpassive recon - Question #107Security Monitoring
Which two potions about deterministic and probabilistic analysis are true? (Choose two.)
deterministic analysisprobabilistic analysissecurity assessment - Question #108Network Intrusion Analysis
Refer to exhibit. Which option is the logical source device for these events?
IDS/IPSevent analysisnetwork device identification - Question #109Host-Based Analysis
Which option is the common artifact used to uniquely identify a detected file?
file hashartifact identificationmalware analysisforensic indicators - Question #110Network Intrusion Analysis
Which two useful pieces of information can be collected from the IPv4 protocol header? (Choose two.)
IPv4 headerpacket analysisIP addressing - Question #111Security Policies and Procedures
Which option is unnecessary for determining the appropriate containment strategy according to NIST.SP800-61 r2?
NIST SP800-61containment strategyincident responseevidence preservation - Question #112Host-Based Analysis
Which type verification typically consists of using tools to compute the message digest of the original and copies data, then comparing the digests to make sure that they are the s...
data integritymessage digesthash verificationdigital forensics - Question #113Security Policies and Procedures
Which function does an internal CSIRT provide?
CSIRT typesincident handlingorganizational security - Question #114Network Intrusion Analysis
Which expression creates a filter on a host IP address or name?
BPF filtertcpdumppacket capturehost filter syntax - Question #115Security Policies and Procedures
The united State CERT provides cybersecurity protection to Federal, civilian, and executive branch agencies through intrusion detection and prevention capabilities. Which type of i...
National CSIRTUS-CERTincident response teamsCSIRT taxonomy - Question #116Network Intrusion Analysis
Which two potions are the primary 5-tuple components? (Choose two)
5-tupleflow analysisIP addressingnetwork traffic - Question #117Security Policies and Procedures
According to NIST-SP800-61R2, which option should be contained in the issue tracking system?
NIST SP800-61issue trackingincident documentation - Question #118Security Monitoring
Employees are allowed access to internal websites. An employee connects to an internal website and IDS reports it as malicious behavior. What is this example of?
false positiveIDS alert classificationtrue positivedetection accuracy - Question #119Security Monitoring
Which purpose of data mapping is true?
data mappingdata visualization - Question #120Security Monitoring
Which value in profiling servers in a system is true?
server profilingbaseline behavioranomaly detectionhost exploitation - Question #121Security Monitoring
Which type of analysis shows what the outcome is as well how likely each outcome is?
probabilistic analysisrisk analysisoutcome likelihood - Question #122Security Monitoring
How is confidentiality defined in the CVSS v3.0 framework?
CVSS v3.0confidentiality metricvulnerability scoringsoftware components - Question #124Security Monitoring
Which CVSS metric describes the conditions that are beyond the attackers control so that an attack can be successful?
CVSSattack complexityvulnerability metricsexploitability - Question #125Host-Based Analysis
What is the common artifact that is used to uniquely identify a detected file?
file hashartifact identificationmalware analysisfile fingerprinting - Question #126Security Monitoring
What are the metric values of the confidentiality based on the CVSS framework?
CVSSconfidentiality metricmetric valuesvulnerability scoring - Question #127Security Monitoring
Which signature type results in a legitime alert been dismissed?
false negativeIDS signaturesalert classificationdetection accuracy - Question #128Security Policies and Procedures
Which incident handling is focused on minimizing the impact of an incident?
incident responsecontainmentincident handlingimpact minimization - Question #129Security Monitoring
Which analyzing technique describe the outcome as well as how likely each outcome is?
probabilistic analysisdata analysissecurity analyticsoutcome modeling - Question #130Host-Based Analysis
According to NIST 86, which action describes the volatile data collection?
volatile dataNIST SP 800-86digital forensicsdata collection - Question #131Host-Based Analysis
Which statement about collecting data evidence when performing digital forensics is true?
digital forensicsevidence collectiondata integritychain of custody - Question #132Security Policies and Procedures
What is the process of remediation the network and systems and/or reconstructing so the responsible threat actor can be revealed?
threat actor attributionincident responsenetwork remediationattack reconstruction - Question #133Host-Based Analysis
You have a video of suspect entering your office the day your data has being stolen?
evidence typesindirect evidencedigital forensicschain of custody - Question #134Security Policies and Procedures
What define the roadmap for implementing the incident response plan?
incident response planincident response policysecurity proceduresIR roadmap - Question #135Host-Based Analysis
Which of the following are examples of Linux boot loaders?
Linux boot loaderGRUBLILOsystem boot process - Question #136Security Policies and Procedures
Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?
CSIRTinternal CSIRTincident responseorganizational security - Question #137Security Policies and Procedures
What does the CSIRT incident response provider usually do?
CSIRTincident response providersecurity servicesfor-fee services - Question #138Attack Methods
Which of the following is not an example of reconnaissance?
reconnaissanceattack methodsnetwork scanninginformation gathering - Question #139Security Policies and Procedures
Which of the following is typically a responsibility of a PSIRT (Product SIRT)?
PSIRTvulnerability disclosureproduct securitysecurity team roles - Question #140Host-Based Analysis
When incident data is collected, it is important that evidentiary cross-contamination is prevented. How is this accomplished?
evidence collectionchain of custodyforensic procedurescross-contamination prevention - Question #141Security Policies and Procedures
Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?
threat actor attributionincident responseattack reconstructionnetwork remediation - Question #142Security Monitoring
What can be addressed when using retrospective security techniques?
retrospective analysisincident responseaffected systemssecurity monitoring - Question #143Network Intrusion Analysis
Which event artifact can be used to identify HTTP GET requests for a specific file?
HTTP GETURIevent artifactsnetwork traffic analysis - Question #144Host-Based Analysis
Which of the following Linux file systems not only supports journaling but also modifies important data structures of the file system, such as the ones destined to store the file d...
Linux file systemsjournalingExt4file system performance - Question #145Host-Based Analysis
What is a job in Microsoft Windows?
Windows job objectsprocess managementWindows internalsOS concepts - Question #146Host-Based Analysis
Which of the following file systems is more secure, scalable, and advanced?
NTFSfile systemsWindows file systemfile system security - Question #147Security Policies and Procedures
To which category do attributes belong within the VERIS schema?
VERIS schemaincident descriptionattributessecurity frameworks - Question #148Security Policies and Procedures
Which two statements correctly describe the victim demographics section of the VERIS schema? (Choose two.)
VERIS schemavictim demographicsincident documentationsecurity frameworks - Question #149Security Monitoring
Which are two security goals of data normalization? (Choose two.)
data normalizationdata integrityredundant datasecurity data management - Question #150Host-Based Analysis
Which of the following is true about journaling?
journalingfile systemsdisk wearfile system reliability - Question #151Security Policies and Procedures
Which of the following are the three broad categories of cybersecurity investigations?
cybersecurity investigationsinvestigation categoriespublic investigationsprivate investigations - Question #152Security Policies and Procedures
In addition to cybercrime and attacks, evidence found on a system or network may be presented in a court of law to support accusations of crime or civil action, including which of...
digital evidencelegal proceedingscybercrimeforensic evidence - Question #153Security Policies and Procedures
Which of the following is true about attribution in a cybersecurity investigation?
attributioncybersecurity investigationsuspect-led approachinvestigation bias - Question #154Security Policies and Procedures
Which of the following is not true regarding the use of digital evidence?
digital evidenceforensic reliabilitylegal proceedingsdigital forensics - Question #155Host-Based Analysis
Which of the following statements is true about processes and threads?
processesthreadsprimary threadWindows internals - Question #156Host-Based Analysis
Which command can be used to find open ports on a system?
netstatopen portsnetwork commandshost analysis