210-255 Exam Questions
181 real 210-255 exam questions with expert-verified answers and explanations. Page 3 of 4.
- Question #116Network Intrusion Analysis
Which two potions are the primary 5-tuple components? (Choose two)
5-tupleflow analysisIP addressingnetwork traffic - Question #117Security Policies and Procedures
According to NIST-SP800-61R2, which option should be contained in the issue tracking system?
NIST SP800-61issue trackingincident documentation - Question #118Security Monitoring
Employees are allowed access to internal websites. An employee connects to an internal website and IDS reports it as malicious behavior. What is this example of?
false positiveIDS alert classificationtrue positivedetection accuracy - Question #119Security Monitoring
Which purpose of data mapping is true?
data mappingdata visualization - Question #120Security Monitoring
Which value in profiling servers in a system is true?
server profilingbaseline behavioranomaly detectionhost exploitation - Question #121Security Monitoring
Which type of analysis shows what the outcome is as well how likely each outcome is?
probabilistic analysisrisk analysisoutcome likelihood - Question #122Security Monitoring
How is confidentiality defined in the CVSS v3.0 framework?
CVSS v3.0confidentiality metricvulnerability scoringsoftware components - Question #124Security Monitoring
Which CVSS metric describes the conditions that are beyond the attackers control so that an attack can be successful?
CVSSattack complexityvulnerability metricsexploitability - Question #125Host-Based Analysis
What is the common artifact that is used to uniquely identify a detected file?
file hashartifact identificationmalware analysisfile fingerprinting - Question #126Security Monitoring
What are the metric values of the confidentiality based on the CVSS framework?
CVSSconfidentiality metricmetric valuesvulnerability scoring - Question #127Security Monitoring
Which signature type results in a legitime alert been dismissed?
false negativeIDS signaturesalert classificationdetection accuracy - Question #128Security Policies and Procedures
Which incident handling is focused on minimizing the impact of an incident?
incident responsecontainmentincident handlingimpact minimization - Question #129Security Monitoring
Which analyzing technique describe the outcome as well as how likely each outcome is?
probabilistic analysisdata analysissecurity analyticsoutcome modeling - Question #130Host-Based Analysis
According to NIST 86, which action describes the volatile data collection?
volatile dataNIST SP 800-86digital forensicsdata collection - Question #131Host-Based Analysis
Which statement about collecting data evidence when performing digital forensics is true?
digital forensicsevidence collectiondata integritychain of custody - Question #132Security Policies and Procedures
What is the process of remediation the network and systems and/or reconstructing so the responsible threat actor can be revealed?
threat actor attributionincident responsenetwork remediationattack reconstruction - Question #133Host-Based Analysis
You have a video of suspect entering your office the day your data has being stolen?
evidence typesindirect evidencedigital forensicschain of custody - Question #134Security Policies and Procedures
What define the roadmap for implementing the incident response plan?
incident response planincident response policysecurity proceduresIR roadmap - Question #135Host-Based Analysis
Which of the following are examples of Linux boot loaders?
Linux boot loaderGRUBLILOsystem boot process - Question #136Security Policies and Procedures
Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?
CSIRTinternal CSIRTincident responseorganizational security - Question #137Security Policies and Procedures
What does the CSIRT incident response provider usually do?
CSIRTincident response providersecurity servicesfor-fee services - Question #138Attack Methods
Which of the following is not an example of reconnaissance?
reconnaissanceattack methodsnetwork scanninginformation gathering - Question #139Security Policies and Procedures
Which of the following is typically a responsibility of a PSIRT (Product SIRT)?
PSIRTvulnerability disclosureproduct securitysecurity team roles - Question #140Host-Based Analysis
When incident data is collected, it is important that evidentiary cross-contamination is prevented. How is this accomplished?
evidence collectionchain of custodyforensic procedurescross-contamination prevention - Question #141Security Policies and Procedures
Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?
threat actor attributionincident responseattack reconstructionnetwork remediation - Question #142Security Monitoring
What can be addressed when using retrospective security techniques?
retrospective analysisincident responseaffected systemssecurity monitoring - Question #143Network Intrusion Analysis
Which event artifact can be used to identify HTTP GET requests for a specific file?
HTTP GETURIevent artifactsnetwork traffic analysis - Question #144Host-Based Analysis
Which of the following Linux file systems not only supports journaling but also modifies important data structures of the file system, such as the ones destined to store the file d...
Linux file systemsjournalingExt4file system performance - Question #145Host-Based Analysis
What is a job in Microsoft Windows?
Windows job objectsprocess managementWindows internalsOS concepts - Question #146Host-Based Analysis
Which of the following file systems is more secure, scalable, and advanced?
NTFSfile systemsWindows file systemfile system security - Question #147Security Policies and Procedures
To which category do attributes belong within the VERIS schema?
VERIS schemaincident descriptionattributessecurity frameworks - Question #148Security Policies and Procedures
Which two statements correctly describe the victim demographics section of the VERIS schema? (Choose two.)
VERIS schemavictim demographicsincident documentationsecurity frameworks - Question #149Security Monitoring
Which are two security goals of data normalization? (Choose two.)
data normalizationdata integrityredundant datasecurity data management - Question #150Host-Based Analysis
Which of the following is true about journaling?
journalingfile systemsdisk wearfile system reliability - Question #153Security Policies and Procedures
Which of the following is true about attribution in a cybersecurity investigation?
attributioncybersecurity investigationsuspect-led approachinvestigation bias - Question #154Security Policies and Procedures
Which of the following is not true regarding the use of digital evidence?
digital evidenceforensic reliabilitylegal proceedingsdigital forensics - Question #155Host-Based Analysis
Which of the following statements is true about processes and threads?
processesthreadsprimary threadWindows internals - Question #156Host-Based Analysis
Which command can be used to find open ports on a system?
netstatopen portsnetwork commandshost analysis - Question #157Host-Based Analysis
According to NIST SP800-86, which action describes volatile data collection?
NIST SP800-86volatile datadigital forensicsdata collection - Question #158Security Policies and Procedures
Which statement about the collected evidence data when performing digital forensics is true?
digital forensicsevidence integrityevidence preservationchain of custody - Question #159Security Monitoring
What are the metric values for confidentiality impact in the CVSS v3.0 framework?
CVSS v3.0confidentiality impactvulnerability scoringsecurity metrics - Question #160Host-Based Analysis
Which file system has 32 bits assigned to the address clusters of the allocation table?
FAT32file allocation tablecluster addressingfile systems - Question #161Security Monitoring
Which example of a precursor is true?
precursorsindicators of compromiseport scanincident detection - Question #162Security Policies and Procedures
You have a video of a suspect entering a data center that was captured on the same that files in the same data center were transferred to a computer. Which type of is this?
evidence typesindirect evidencedigital forensicsincident investigation - Question #163Host-Based Analysis
Which file system has 32 assigned to the address cluster of the allocation table?
FAT32file systemscluster allocationstorage forensics - Question #164Security Policies and Procedures
Which technology is the leading industry approach used to automatically enforce NAC?
802.1xNACnetwork access controlport security - Question #165Security Monitoring
Refer to the exhibit. Which host is likely connecting to a malicious site?
malicious trafficnetwork analysisthreat detectionIP analysis - Question #166Network Intrusion Analysis
Which HTTP header field is usually used in forensics to identify the type of browser used?
HTTP headersuser-agentbrowser identificationweb forensics - Question #167Attack Methods
Which Cyber Kill Model category does attacking vulnerability belong to?
Cyber Kill Chainexploitationattack phasesvulnerability exploitation - Question #168Attack Methods
Which CVSS metric describes the conditions that are beyond the attacker's control that must be exist to exploit the vulnerability?
CVSSattack complexityvulnerability scoringprivileges required