Download Implementing Cisco Cybersecurity Operations.test-inside.210-255.2019-10-03.1e.91q.vcex

Download Exam

File Info

Exam Implementing Cisco Cybersecurity Operations
Number 210-255
File Name Implementing Cisco Cybersecurity Operations.test-inside.210-255.2019-10-03.1e.91q.vcex
Size 1.11 Mb
Posted October 03, 2019
Downloads 49
Download Implementing Cisco Cybersecurity Operations.test-inside.210-255.2019-10-03.1e.91q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1

Refer to the exhibit. We have performed a malware detection on the Cisco website. Which statement about the result is true?

  • A: The website has been marked benign on all 68 checks.
  • B: The threat detection needs to run again.
  • C: The website has 68 open threats.
  • D: The website has been marked benign on 0 checks.

Correct Answer: A


Question 2

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

  • A: collection
  • B: examination
  • C: reporting
  • D: investigation

Correct Answer: A

The basic phases of the forensic process are: collection, examination, analysis, and reporting. During collection, data related to a specific event is identified, labeled, recorded, and collected, and its integrity is preserved. In the second phase, examination, forensic tools and techniques appropriate to the types of data that were collected are executed to identify and extract the relevant information from the collected data while protecting its integrity. Examination may use a combination of automated tools and manual processes. The next phase, analysis, involves analyzing the results of the examination to derive useful information that addresses the questions that were the impetus for performing the collection and examination. The final phase involves reporting the results of the analysis, which may include describing the actions performed, determining what other actions need to be performed, and recommending improvements to policies, guidelines, procedures, tools, and other aspects of the forensic process.

Question 3

Refer to the exhibit. A customer reports that they cannot access your organization’s website. Which option is a possible reason that the customer cannot access the website?

  • A: The server at is using up too much bandwidth causing a denial-of-service.
  • B: The server at has a virus.
  • C: A vulnerability scanner has shown that has been compromised.
  • D: Web traffic sent from has been identified as malicious by Internet sensors.

Correct Answer: D

Every firewall has its own database where it maintains the website reputation on terms of security, ease of access, performance etc and below certain score (generally 7 in case of Cisco), firewalls block access to the sites. For example, you can visit and enter name of any website and you will see the reputation of that website. 


Question 4

You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and writes to a new php file on the webserver. Which category does this event fall under as defined in the Diamond Model of Intrusion?

  • A: delivery
  • B: reconnaissance
  • C: action on objectives
  • D: installation
  • E: exploitation

Correct Answer: D

Question 5

Which process is being utilized when IPS events are removed to improve data integrity?

  • A: data normalization
  • B: data availability
  • C: data protection
  • D: data signature

Correct Answer: A

Question 6

In Microsoft Windows, as files are deleted the space they were allocated eventually is considered available for use by other files. This creates alternating used and unused areas of various sizes. What is this called?

  • A: network file storing
  • B: free space fragmentation
  • C: alternate data streaming
  • D: defragmentation

Correct Answer: B

Question 7

Which two components are included in a 5-tuple? (Choose two.)

  • A: port number
  • B: destination IP address
  • C: data packet
  • D: user name
  • E: host logs

Correct Answer: AB

A 5-tuple refers to a set of five different values that comprise a Transmission Control Protocol/Internet Protocol (TCP/IP) connection. It includes a source IP address/port number, destination IP address/port number and the protocol in use.

Question 8

Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?

  • A: confidentiality
  • B: integrity
  • C: availability
  • D: complexity

Correct Answer: B

There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.

Question 9

Which statement about threat actors is true?

  • A: They are any company assets that are threatened.
  • B: They are any assets that are threatened.
  • C: They are perpetrators of attacks.
  • D: They are victims of attacks.

Correct Answer: C

Question 10

Which Security Operations Center’s goal is to provide incident handling to a country?

  • A: Coordination Center
  • B: Internal CSIRT
  • C: National CSIRT
  • D: Analysis Center

Correct Answer: C

Some general categories of CSIRTs include, but are not limited to, the following:
Internal CSIRTs provide incident handling services to their parent organization. This could be a CSIRT for a bank, a manufacturing company, a university, or a federal agency. 
National CSIRTs provide incident handling services to a country. Examples include: the Japan CERT Coordination Center (JPCERT/CC) or the Singapore Computer Emergency Response Team (SingCERT).
Coordination Centers coordinate and facilitate the handling of incidents across various CSIRTs. Examples include the CERT Coordination Center or the United States Computer Emergency Readiness Team (US-CERT). 
Analysis Centers focus on synthesizing data from various sources to determine trends and patterns in incident activity. This information can be used to help predict future activity or to provide early warning when the activity matches a set of previously determined characteristics. 
Vendor Teams handle reports of vulnerabilities in their software or hardware products. They may work within the organization to determine if their products are vulnerable and to develop remediation and mitigation strategies. A vendor team may also be the internal CSIRT for a vendor organization. 
Incident Response Providers offer incident handling services as a for-fee service to other organizations. 





You can buy ProfExam with a 20% discount!


Use ProfExam Simulator to open VCEX and EXAM files