210-255 Practice Questions
193 real 210-255 exam questions with expert-verified answers and explanations. Page 4 of 4.
- Question #157Host-Based Analysis
According to NIST SP800-86, which action describes volatile data collection?
NIST SP800-86volatile datadigital forensicsdata collection - Question #158Security Policies and Procedures
Which statement about the collected evidence data when performing digital forensics is true?
digital forensicsevidence integrityevidence preservationchain of custody - Question #159Security Monitoring
What are the metric values for confidentiality impact in the CVSS v3.0 framework?
CVSS v3.0confidentiality impactvulnerability scoringsecurity metrics - Question #160Host-Based Analysis
Which file system has 32 bits assigned to the address clusters of the allocation table?
FAT32file allocation tablecluster addressingfile systems - Question #161Security Monitoring
Which example of a precursor is true?
precursorsindicators of compromiseport scanincident detection - Question #162Security Policies and Procedures
You have a video of a suspect entering a data center that was captured on the same that files in the same data center were transferred to a computer. Which type of is this?
evidence typesindirect evidencedigital forensicsincident investigation - Question #163Host-Based Analysis
Which file system has 32 assigned to the address cluster of the allocation table?
FAT32file systemscluster allocationstorage forensics - Question #164Security Policies and Procedures
Which technology is the leading industry approach used to automatically enforce NAC?
802.1xNACnetwork access controlport security - Question #165Security Monitoring
Refer to the exhibit. Which host is likely connecting to a malicious site?
malicious trafficnetwork analysisthreat detectionIP analysis - Question #166Network Intrusion Analysis
Which HTTP header field is usually used in forensics to identify the type of browser used?
HTTP headersuser-agentbrowser identificationweb forensics - Question #167Attack Methods
Which Cyber Kill Model category does attacking vulnerability belong to?
Cyber Kill Chainexploitationattack phasesvulnerability exploitation - Question #168Attack Methods
Which CVSS metric describes the conditions that are beyond the attacker's control that must be exist to exploit the vulnerability?
CVSSattack complexityvulnerability scoringprivileges required - Question #169Host-Based Analysis
Which Linux tile system supports journaling and an unlimited number of sub directories?
EXT4Linux file systemsjournalinghost forensics - Question #170Security Policies and Procedures
Who is responsible for initially analyzing an incident to determine what has happened?
incident responseroles and responsibilitiesincident handlerIR lifecycle - Question #171Security Monitoring
Which regex matches on all lowercase letters only?
regexpattern matchinglog analysissecurity tooling - Question #172Network Intrusion Analysis
Where do you navigate in Wireshark to download files?
Wiresharkfile extractionexport objectspacket analysis - Question #173Host-Based Analysis
Which description of deterministic analysis is true?
deterministic analysisforensic analysisidentity verificationevidence - Question #174Security Policies and Procedures
Which incident handling phase contains evidence gathering and handling?
incident response phasesevidence gatheringNIST IR frameworkincident handling - Question #175Network Intrusion Analysis
Which filter shows only SMTP and ICMP traffic on Wireshark?
Wireshark filtersSMTPICMPdisplay filters - Question #176Host-Based Analysis
Refer to the exhibit. Which event is represented by this configuration?
Linux mount commanddisk imagingfile system forensicsevidence acquisition - Question #177Attack Methods
Which CVSS Attach Vector metric value means that the vulnerable component is not bound to the network stack and the path of the attacker is via read/write/execute capabilities?
CVSSattack vectorlocal accessvulnerability scoring - Question #178Security Monitoring
Refer to the exhibit. What device is this taken from?
firewall logsdevice identificationlog analysisnetwork security - Question #179Network Intrusion Analysis
Which concept is used to understand instances of the same cybersecurity event occurring over the course of a few weeks that could be linked together through multiple illustrations...
diamond modelintrusion analysisthreat intelligenceadversary attribution - Question #180Security Monitoring
Refer to the exhibit. Which item is depicted in this output?
NetFlowtraffic analysisnetwork monitoringlog identification - Question #181Security Monitoring
How do you verify that one of your hosts is potentially compromised based on their communication destinations?
threat intelligenceTalosIP reputationhost compromise detection - Question #182Attack Methods
Which option is missing a malware variety per VERIS enumerations?
VERIS frameworkmalware classificationmalware varietiestaxonomy - Question #183Network Intrusion Analysis
Refer to the exhibit. What does the output indicate about the server with IP address 172.18.104.139?
port scanningemail server portsopen portsNmap output - Question #184Security Policies and Procedures
Which compliance framework applies to safeguarding a patient prescription list?
HIPAAcompliance frameworkshealthcare datadata protection - Question #185Host-Based Analysis
You have identified a malicious file in a sandbox analysis tool. Which piece of file information from the analysis is needed to search for additional downloads of this file by othe...
file hashsandbox analysismalware IOCthreat hunting - Question #186Security Policies and Procedures
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)
PCI DSSHIPAAencryption in transitcompliance requirements - Question #187Security Monitoring
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
IPFIXNetFlowflow recordssession monitoring - Question #188Security Monitoring
Which two elements are used for profiling a network? (Choose two.)
network profilingOS fingerprintinglistening portsnetwork baseline - Question #189Security Monitoring
What do the Security Intelligence Events within the FMC allow an administrator to do?
FMCSecurity Intelligenceknown-bad domainsthreat intelligence feeds - Question #191Security Policies and Procedures
Which stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
incident responsestakeholder rolesIR coordinationregulatory reporting - Question #192Security Monitoring
Refer to the exhibit. Which technology generates this log?
firewall logslog identificationlog formatslog sources - Question #193Network Intrusion Analysis
Which expression allows you to filter on network numbers?
BPF filterstcpdumpnetwork number filteringpacket capture - Question #194Security Monitoring
Which type of analysis is done when all facts are available?
deterministic analysisprobabilistic analysisanalysis typesincident analysis - Question #195Network Intrusion Analysis
Which command filters a port?
Wireshark display filtersport filteringpacket analysiscapture filters - Question #196Security Policies and Procedures
According to NIST-SP800-61R2, why is it important to keep clocks synchronized?
NIST SP800-61R2clock synchronizationevent correlationlog timestamps - Question #197Host-Based Analysis
Refer to the exhibit. Which event is occurring?
Cuckoo sandboxdynamic malware analysissandboxingbinary submission - Question #198Security Monitoring
Which two goals of data normalization are true? (Choose two.)
data normalizationlog managementdata integrityredundancy elimination - Question #199Security Monitoring
Which description of probabilistic analysis is true?
probabilistic analysisanalysis methodsevidence assessmentanalysis types - Question #200Security Monitoring
What can be addressed when using retrospective security techniques?
retrospective securitymalware persistencepost-breach analysisthreat hunting