210-255 Online Practice Questions and Answers

DRAG DROP

Drag and drop the Cyber Kill Chain elements from the left into the correct order on the right.

Select and Place:

Refer to the exhibit. Which application protocol is in this PCAP file?

A. TCP

B. SSH

C. HTTP

D. SSL

Refer to the exhibit. Which packet contains a file that is extractable within Wireshark?

A. 1986

B. 2318

C. 2542

D. 2317

At which stage attacking the vulnerability belongs in Cyber kill chain?

A. Exploitation

B. Reconnaissance

C. Weaponization

D. Delivery

E. Installation

F. Command and control (C2)

G. Actions on objectives

Which two useful pieces of information can be collected from the IPv4 protocol header? (Choose two.)

A. UDP port which the traffic is destined

B. source IP address of the packet

C. UDP port from which the traffic is sourced

D. TCP port from which the traffic was source

E. destination IP address of the packet

What can be addressed when using retrospective security techniques?

A. if the affected host needs a software update

B. what system are affected

C. if the affected system needs replacement

D. why the malware is still in our network

What is the definition of integrity according to CVSSv3 framework?

A. This metric measures the impact to the confidentiality of the information resources that are managed by a software component due to a successfully exploited vulnerability.

B. This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.

C. This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.

How do you verify that one of your hosts is potentially compromised based on their communication destinations?

A. Search the communication destinations of the host in the Talos IP and Domain Reputation Center.

B. Analyze how much traffic the host sent and received from each IP address or domain.

C. See if any Stealthwatch alarms were triggered for the host communicating with internal hosts.

D. Check the Firepower appliance to see if malicious files were downloaded.

Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?

A. SFlow

B. NetFlow

C. NFlow

D. IPFIX

Which description of probabilistic analysis is true?

A. probable proof of a user's identity

B. lack of proof of a user's identity

C. definitive proof of a user's identity

D. false proof of a user's identity