210-255 | Downloadable 210-255 Forum 2019
Proper study guides for Up to date Cisco Implementing Cisco Cybersecurity Operations certified begins with Cisco 210-255 preparation products which designed to deliver the Guaranteed 210-255 questions by making you pass the 210-255 test at your first time. Try the free 210-255 demo right now.
NEW QUESTION 1
Which option creates a display filter on Wireshark on a host IP address or name?
- A. ip.address == <address> or ip.network == <network>
- B. [tcp|udp] ip.[src|dst] port <port>
- C. ip.addr == <addr> or ip.name == <name>
- D. ip.addr == <addr> or ip.host == <host>
NEW QUESTION 2
What are the metric values for confidentiality impact in the CVSS v3.0 framework?
- A. high, low, none
- B. open, closed, obsolete
- C. high, low
- D. high, medium, none
NEW QUESTION 3
Which command can be used to find open ports on a system?
- A. netstat -I
- B. netstat -v
- C. netstat -r
- D. netstat-g
NEW QUESTION 4
Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)
- A. Communication to CnC servers
- B. Configuration issues
- C. Malicious domains based on reputation
- D. Routing problems
NEW QUESTION 5
From a security perspective, why is it important to employ a clock synchronization protocol on a network?
- A. so that everyone knows the local time
- B. to ensure employees adhere to work schedule
- C. to construct an accurate timeline of events when responding to an incident
- D. to guarantee that updates are pushed out according to schedule
The Importance of Time Synchronization for Your NetworkIn modern computer networks time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events happen. Time also provides the only frame of reference between all devices on the network. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible. Following are just a few specific reasons:Tracking security breaches, network usage, or problems affecting a large number of components can be nearly impossible if timestamps in logs are inaccurate. Time is often the critical factor that allows an event on one network node to be mapped to a corresponding event on another.To reduce confusion in shared filesystems, it is important for the modification times to be consistent, regardless of what machine the filesystems are on.
NEW QUESTION 6
Refer to the exhibit.
Which packet contains a file that is extractable within Wireshark?
- A. 1986
- B. 2318
- C. 2542
- D. 2317
NEW QUESTION 7
Refer to the exhibit.
Which application protocol is in this PCAP file?
- A. TCP
- B. SSH
- C. HTTP
- D. SSL
If we are looking at the OSI model then SSL/TLS would sit at the presentation layer as it provides
encryption services, but SSL/TLS also establishes an encrypted communication session therefore SSL/TLS is also seen as part of session layer (layer 5 of the OSI model). It will also guarantee the authenticity of a Server by properly authenticating the required authentication challenges. Authentication works at Layer 7.If we are referring to the TCP/IP model, then it is entirely acceptable that SSL is seen as an application layer protocol as layers 5,6 & 7 of the OSI are mapped to the Application layer in TCP/IP model.TCP is not an application layer protocol – it is seen as the Transport layer protocol in both models.
NEW QUESTION 8
Filtering ports in wireshark?
- A. tcp.port == 80
- B. tcp port equals 80
- C. tcp.port 80
- D. port 80
NEW QUESTION 9
Which expression creates a filter on a host IP address or name?
- A. [src|dst] host <host >
- B. [tcp|udp] [src|dst] port<port>
- C. ether [src|dst] host<ehost>
- D. gateway host <host>
NEW QUESTION 10
Which of the following is not an example of reconnaissance?
- A. Searching the robots.txt file
- B. Redirecting users to a source and scanning traffic to learn about the target
- C. Scanning without completing the three-way handshake
- D. Communicating over social media
NEW QUESTION 11
A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in the Diamond Model of Intrusion does this activity fall under?
- A. reconnaissance
- B. weaponization
- C. delivery
- D. installation
NEW QUESTION 12
You have a video of suspect entering your office the day your data has being stolen?
- A. Direct evidence
- B. Indirect
- C. Circumstantial
NEW QUESTION 13
Which precursor example is true?
- A. Admin finds their password has been changed
- B. A log scan indicating a port scan against a host
- C. A network device configuration has been changed
NEW QUESTION 14
Which Linux file system allows unlimited folder subdirectory structure
- A. ext4
- B. ext3
- C. ext2
- D. NTFS
NEW QUESTION 15
Which of the following are the three broad categories of cybersecurity investigations?
- A. Public, private, and individual investigations
- B. Judiciary, private, and individual investigations
- C. Public, private, and corporate investigations
- D. Government, corporate, and private investigations
NEW QUESTION 16
Which are two security goals of data normalization? (Choose two.)
- A. increase data exposure
- B. purge redundant data
- C. create data for attraction
- D. maintain data integrity
- E. reduce size of data on disk
NEW QUESTION 17
Which technology is the leading industry approach used to automatically enforce NAC?
- A. SNMP
- B. port security
- C. IGMP
- D. 802.1x
NEW QUESTION 18
Which information must be left out of a final incident report?
- A. server hardware configurations
- B. exploit or vulnerability used
- C. impact and/or the financial loss
- D. how the incident was detected
NEW QUESTION 19
Refer to the Exhibit.
A customer reports that they cannot access your organization's website. Which option is a possible reason that the customer cannot access the website?
- A. The server at 10.33.1.5 is using up too much bandwidth causing a denial- of-service.
- B. The server at 10.67.10.5 has a virus.
- C. A vulnerability scanner has shown that 10.67.10.5 has been compromised.
- D. Web traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.
Every firewall has its own database where it maintains the website reputation on terms of security, ease of access, performance etc and below certain score (generally 7 in case of Cisco), firewalls block access to the sites. For example, you can visit www.senderbase.org and enter name of any website and you will see the reputation of that website.
NEW QUESTION 20
Refer to the following packet capture. Which of the following statements is true about this packet capture?
00:00:04.549138 IP omar.cisco.com.34548 > 188.8.131.52.telnet: Flags [S], seq
3152949738, win 29200,options [mss 1460,sackOK,TS val 1193148797 ecr 0,nop,wscale 7], length 000:00:05.547084 IP omar.cisco.com.34548 > 184.108.40.206.telnet: Flags [S], seq3152949738, win 29200,options [mss 1460,sackOK,TS val 1193149047 ecr 0,nop,wscale 7], length 000:00:07.551078 IP
omar.cisco.com.34548 > 220.127.116.11.telnet: Flags [S], seq3152949738, win 29200, options [mss 1460,sackOK,TS val 1193149548 ecr 0,nop,wscale 7], length 000:00:11.559081 IP omar.cisco.com.34548
> 18.104.22.168.telnet: Flags [S], seq3152949738, win 29200,options [mss 1460,sackOK,TS val 1193150550 ecr 0,nop,wscale 7], length 0
- A. The host with the IP address 22.214.171.124 is the source.
- B. The host omar.cisco.com is the destination.
- C. This is a Telnet transaction that is timing out and the server is not responding.
- D. The server omar.cisco.com is responding to 126.96.36.199 with four data packets.
NEW QUESTION 21
Refer to the exhibit.
Which type of log is this an example of?
- A. syslog
- B. NetFlow log
- C. proxy log
- D. IDS log
A typical output of a NetFlow command line tool (nfdump in this case) when printing the stored flows may look as follows:
Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows2010-09-01 00:00:00.459 0.000 UDP 127.0.0.1:24920 -> 192.168.0.1:22126 1 46 12010-09-01 00:00:00.363 0.000 UDP 192.168.0.1:22126 -> 127.0.0.1:24920 1 80 1
NEW QUESTION 22
P.S. Exambible now are offering 100% pass ensure 210-255 dumps! All 210-255 exam questions have been updated with correct answers: https://www.exambible.com/210-255-exam/ (160 New Questions)