Download Implementing Cisco Cybersecurity Operations.CertDumps.210-255.2020-08-01.1e.111q.vcex

Download Exam

File Info

Exam Implementing Cisco Cybersecurity Operations
Number 210-255
File Name Implementing Cisco Cybersecurity Operations.CertDumps.210-255.2020-08-01.1e.111q.vcex
Size 3.44 Mb
Posted August 01, 2020
Downloads 1
Download Implementing Cisco Cybersecurity Operations.CertDumps.210-255.2020-08-01.1e.111q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

   
  
Refer to the exhibit. We have performed a malware detection on the Cisco website. Which statement about the result is true?

  • A: The website has been marked benign on all 68 checks.
  • B: The threat detection needs to run again.
  • C: The website has 68 open threats.
  • D: The website has been marked benign on 0 checks.

Correct Answer: A

Example:https://www.virustotal.com/en/url/df05d8e27bd760c33dc709951a5840cc6578d78d544d869890b7b94ea21e46b0/analysis/1368183553/




Question 2

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

  • A: collection
  • B: examination
  • C: reporting
  • D: investigation

Correct Answer: A

The basic phases of the forensic process are: collection, examination, analysis, and reporting. During collection, data related to a specific event is identified, labeled, recorded, and collected, and its integrity is preserved. In the second phase, examination, forensic tools and techniques appropriate to the types of data that were collected are executed to identify and extract the relevant information from the collected data while protecting its integrity. Examination may use a combination of automated tools and manual processes. The next phase, analysis, involves analyzing the results of the examination to derive useful information that addresses the questions that were the impetus for performing the collection and examination. The final phase involves reporting the results of the analysis, which may include describing the actions performed, determining what other actions need to be performed, and recommending improvements to policies, guidelines, procedures, tools, and other aspects of the forensic process.
Reference:http://itlaw.wikia.com/wiki/Forensic_process




Question 3

   
  
Refer to the exhibit. A customer reports that they cannot access your organization’s website. Which option is a possible reason that the customer cannot access the website?

  • A: The server at 10.33.1.5 is using up too much bandwidth causing a denial-of-service.
  • B: The server at 10.67.10.5 has a virus.
  • C: A vulnerability scanner has shown that 10.67.10.5 has been compromised.
  • D: Web traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.

Correct Answer: D

Every firewall has its own database where it maintains the website reputation on terms of security, ease of access, performance etc and below certain score (generally 7 in case of Cisco), firewalls block access to the sites. For example, you can visit www.senderbase.org and enter name of any website and you will see the reputation of that website. 

   




Question 4

You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and writes to a new php file on the webserver. Which category does this event fall under as defined in the Diamond Model of Intrusion?

  • A: delivery
  • B: reconnaissance
  • C: action on objectives
  • D: installation
  • E: exploitation

Correct Answer: D




Question 5

Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?

  • A: confidentiality
  • B: integrity
  • C: availability
  • D: complexity

Correct Answer: B

There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.




Question 6

Which regular expression matches “color” and “colour”?

  • A: col[0-9]+our
  • B: colo?ur
  • C: colou?r
  • D: [a-z]{7}

Correct Answer: C

Reference: http://www.regular-expressions.info/quickstart.html




Question 7

In VERIS, an incident is viewed as a series of events that adversely affects the information assets of an organization. Which option contains the elements that every event is comprised of according to VERIS incident model?

  • A: victim demographics, incident description, incident details, discovery & response
  • B: victim demographics, incident details, indicators of compromise, impact assessment
  • C: actors, attributes, impact, remediation
  • D: actors, actions, assets, attributes

Correct Answer: D

Reference: https://github.com/vz-risk/veris/wiki/VERIS-Overview




Question 8

Which statement about threat actors is true?

  • A: They are any company assets that are threatened.
  • B: They are any assets that are threatened.
  • C: They are perpetrators of attacks.
  • D: They are victims of attacks.

Correct Answer: C




Question 9

Which Security Operations Center’s goal is to provide incident handling to a country?

  • A: Coordination Center
  • B: Internal CSIRT
  • C: National CSIRT
  • D: Analysis Center

Correct Answer: C

Some general categories of CSIRTs include, but are not limited to, the following:
Internal CSIRTs provide incident handling services to their parent organization. This could be a CSIRT for a bank, a manufacturing company, a university, or a federal agency. 
National CSIRTs provide incident handling services to a country. Examples include: the Japan CERT Coordination Center (JPCERT/CC) or the Singapore Computer Emergency Response Team (SingCERT).
Coordination Centers coordinate and facilitate the handling of incidents across various CSIRTs. Examples include the CERT Coordination Center or the United States Computer Emergency Readiness Team (US-CERT). 
Analysis Centers focus on synthesizing data from various sources to determine trends and patterns in incident activity. This information can be used to help predict future activity or to provide early warning when the activity matches a set of previously determined characteristics. 
Vendor Teams handle reports of vulnerabilities in their software or hardware products. They may work within the organization to determine if their products are vulnerable and to develop remediation and mitigation strategies. A vendor team may also be the internal CSIRT for a vendor organization. 
Incident Response Providers offer incident handling services as a for-fee service to other organizations. 
Reference:http://www.cert.org/incident-management/csirt-development/csirt-faq.cfm?




Question 10

Which component of the NIST SP800-61 r2 incident handling strategy reviews data?

  • A: preparation
  • B: detection and analysis
  • C: containment, eradication, and recovery
  • D: post-incident analysis

Correct Answer: D

Reference: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files