210-255 Online Practice Questions and Answers

Refer to exhibit.

Drag and drop the items from the left onto the correct 5-tuples on the right.

Select and Place:

Which option can be addressed when using retrospective security techniques?

A. if the affected host needs a software update

B. how the malware entered our network

C. why the malware is still in our network

D. if the affected system needs replacement

What information from HTTP logs can be used to find a threat actor?

A. referer

B. IP address

C. user-agent

D. URL

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?

A. instigator

B. precursor

C. online assault

D. trigger

Refer to the exhibit. We have performed a malware detection on the Cisco website. Which statement about the result is true?

A. The website has been marked benign on all 68 checks.

B. The threat detection needs to run again.

C. The website has 68 open threats.

D. The website has been marked benign on 0 checks.

A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in the Diamond Model of Intrusion does this activity fall under?

A. reconnaissance

B. weaponization

C. delivery

D. installation

Which of the following are not components of the 5-tuple of a flow in NetFlow? (Select all that apply.)

A. Source IP address

B. Flow record ID

C. Gateway

D. Source port

E. Destination port

What is the difference between deterministic and probabilistic assessment method?

A. At deterministic method we know the facts beforehand and at probabilistic method we make assumptions

B. At probabilistic method we know the facts beforehand and at deterministic method we make assumptions

C. Probabilistic method has an absolute nature

D. Deterministc method has an absolute nature

Which of the following is not an example of the VERIS main schema categories?

A. Incident tracking

B. Victim demographics

C. Incident descriptions

D. Incident forensics ID

What can be addressed when using retrospective security techniques?

A. why the malware is still in our network

B. if the affected host needs a software update

C. origin of the malware

D. if the affected system needs replacement