Cisco - Premium.210 255.by .VCEplus.34q DEMO
Cisco - Premium.210 255.by .VCEplus.34q DEMO
Cisco - Premium.210 255.by .VCEplus.34q DEMO
126q
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
Exam A
QUESTION 1
Which option can be addressed when using retrospective security techniques?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?
A. local
B. physical
C. network
D. adjacent
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Which option is a misuse variety per VERIS enumerations?
A. snooping
B. hacking
C. theft
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
D. assault
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
In the context of incident handling phases, which two activities fall under scoping? (Choose two.)
A. determining the number of attackers that are associated with a security incident
B. ascertaining the number and types of vulnerabilities on your network
C. identifying the extent that a security incident is impacting protected resources on the network
D. determining what and how much data may have been affected
E. identifying the attackers that are associated with a security incident
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
Which regular expression matches "color" and "colour"?
A. col[0-9]+our
B. colo?ur
C. colou?r
D. ]a-z]{7}
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
QUESTION 6
Which kind of evidence can be considered most reliable to arrive at an analytical assertion?
A. direct
B. corroborative
C. indirect
D. circumstantial
E. textual
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed,
creates and writes to a new php file on the webserver. Which category does this event fall under as defined in the Diamond Model of Intrusion?
A. delivery
B. reconnaissance
C. action on objectives
D. installation
E. exploitation
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
Which string matches the regular expression r(ege)+x?
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
A. rx
B. regeegex
C. r(ege)x
D. rege+x
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
Which statement about threat actors is true?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
Which data element must be protected with regards to PCI?
Correct Answer: C
Section: (none)
Explanation
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
Explanation/Reference:
QUESTION 11
What mechanism does the Linux operating system provide to control access to files?
A. privileges required
B. user interaction
C. file permissions
D. access complexity
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
Refer to the exhibit. What can be determined from this ping result?
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
C. The Cisco.com website is responding with an internal IP.
D. The public IP address of cisco.com is an IPv4 address.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Which element is part of an incident response plan?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
What is the correct about listening port?
A. A listening port is a port open by a running application in order to accept inbound connections.
B. A listening port is a port open by a running application in order to accept outbound connections.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
Filtering ports in wireshark?
A. tcp.port = 80
B. tcp.port equals 80
C. tcp.port != 80
D. tcp.port equal 80
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Which two statements correctly describe the victim demographics section of the
VERIS schema? (Choose two.)
A. The victim demographics section describes but does not identify the organization that is affected by the incident.
B. The victim demographics section compares different types of organizations or departments within a single organization.
C. The victim demographics section captures general information about the incident.
D. The victim demographics section uses geolocation data to identify the organization name of the victim and the threat actor.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
which option is unnecessary for determining the appropriate containment strategy according to NIST.SP80061 r2?
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18
Drag and Drop
Built inbound TCP connection 463879 for outside: (25.238.89.53/14846) to DMZ: WWW_Server/80 (198.52.1.50/80)
Correct Answer:
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Which source provides reports of vulnerabilities in software and hardware to a Security Operations Center?
A. Analysis Center
B. National CSIRT
C. Internal CSIRT
D. Physical Security
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
What information from HTTP logs can be used to find a threat actor?
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
A. referer
B. IP address
C. user-agent
D. URL
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in
the NIST SP800- 61 r2?
A. instigator
B. precursor
C. online assault
D. trigger
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 22
You have run a suspicious file in a sandbox analysis tool to see what the file does. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed or required to investigate the callouts? (Choose two.)
A. file size
B. domain names
C. dropped files
D. signatures
E. host IP addresses
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
Which option filters a LibPCAP capture that used a host as a gateway?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
Which type of analysis allows you to see how likely an exploit could affect your network?
A. descriptive
B. casual
C. probabilistic
D. inferential
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 25
Which network device creates and sends the initial packet of a session?
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
A. source
B. origination
C. destination
D. network
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
When performing threat hunting against a DNS server, which traffic toward the affected domain is considered a starting point?
A. HTTPS traffic
B. TCP traffic
C. HTTP traffic
D. UDP traffic
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit. Which application protocol is in this PCAP file?
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
A. TCP
B. SSH
C. HTTP
D. SSL
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
QUESTION 28
You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real
attach and not a network misconfiguration. Which category does this event fall under as defined in the Diamond Model of Intrusion?
A. reconnaissance
B. weaponization
C. delivery
D. action on objectives
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
Refer to the exhibit. We have performed a malware detection on the Cisco website. Which statement about the result is true?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
QUESTION 30
Which option has a drastic impact on network traffic because it can cause legitimate traffic to be blocked?
A. true positive
B. true negative
C. false positive
D. false negative
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?
A. confidentiality
B. integrity
C. availability
D. complexity
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
A. collection
B. examination
C. reporting
D. investigation
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Which information must be left out of a final incident report?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
Which two components are included in a 5-tuple? (Choose two.)
A. port number
B. destination IP address
C. data packet
D. user name
E. host logs
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online