Categories
210-250 Dumps

210-250 Real Exam Dumps Questions and answers 51-60

Get Full Version of the Exam
http://www.EnsurePass.com/210-250.html

Question No.51

Which process continues to be recorded in the process table after it has ended and the status is returned to the parent?

A.

orphan

B.

child

C.

daemon

D.

zombie

Correct Answer: D

Question No.52

In which case should an employee return his laptop to the organization?

A.

When moving to a different role

B.

Upon termination of the employment

C.

As described in the asset return policy

D.

When the laptop is end of lease

Correct Answer: C

Question No.53

Which international standard is for general risk management, including the principles and guidelines for managing risk?

A.

ISO 27002

B.

ISO 31000

C.

ISO 27005

D.

ISO 27001

Correct Answer: B

Explanation:

ISO 31000 is the general risk management standard that includes principles and guidelines for managing risk. It can be used by any organization, regardless of its size, activity, or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment.

Question No.54

For which purpose can Windows Management Instrumentation be used?

A.

remote start of a computer

B.

remote reboot of a computer

C.

remote blocking of malware on a computer

D.

remote viewing of a computer

Correct Answer: D

Question No.55

DRAG DROP

Drag the technology on the left to the data type the technology provides on the right.

image

Correct Answer:

image

Question No.56

Which two actions are valid uses of public key infrastructure? (Choose two)

A.

ensuring the privacy of a certificate

B.

revoking the validation of a certificate

C.

validating the authenticity of a certificate

D.

creating duplicate copies of a certificate

E.

changing ownership of a certificate

Correct Answer: AC

Question No.57

What are the advantages of a full-duplex transmission mode compared to half-duplex mode? (Select all that apply.)

A.

Each station can transmit and receive at the same time.

B.

It avoids collisions.

C.

It makes use of backoff time.

D.

It uses a collision avoidance algorithm to transmit.

Correct Answer: AB

Question No.58

Based on which statement does the discretionary access control security model grant or restrict access?

A.

discretion of the system administrator

B.

security policy defined by the owner of an object

C.

security policy defined by the system administrator

D.

role of a user within an organization

Correct Answer: B

Question No.59

Which hash algorithm is the weakest?

A.

SHA-512

B.

RSA 4096

C.

SHA-1

D.

SHA-256

Correct Answer: C

Question No.60

Where is a host-based intrusion detection system located?

A.

on a particular end-point as an agent or a desktop application

B.

on a dedicated proxy server monitoring egress traffic

C.

on a span switch port

D.

on a tap switch port

Correct Answer: A

Get Full Version of 210-250 Dumps

Categories
210-250 Dumps

210-250 Real Exam Dumps Questions and answers 21-30

Get Full Version of the Exam
http://www.EnsurePass.com/210-250.html

Question No.21

Which definition of a fork in Linux is true?

A.

daemon to execute scheduled commands

B.

parent directory name of a file pathname

C.

macros for manipulating CPU sets

D.

new process created by a parent process

image

Correct Answer: D

Question No.22

How many broadcast domains are created if three hosts are connected to a Layer 2 switch in full- duplex mode?

A.

4

B.

3

C.

None

D.

1

Correct Answer: D

Question No.23

Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture?

A.

NTP

B.

HTTP

C.

DNS

D.

SSH

Correct Answer: B

Question No.24

Which of the following are metrics that can measure the effectiveness of a runbook?

A.

Mean time to repair (MTTR)

B.

Mean time between failures (MTBF)

C.

Mean time to discover a security incident

D.

All of the above

Correct Answer: D

Question No.25

Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?

A.

connection event

B.

endpoint event

C.

NetFlow event

D.

intrusion event

Correct Answer: D

image

Question No.26

Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)

A.

Confirm the timing of network connections differentiated by the TCP 5-tuple

B.

Audit the applications used within a social networking web site.

C.

Determine the user IDs involved in an instant messaging exchange.

D.

Map internal private IP addresses to dynamically translated external public IP addresses

E.

Identify the malware variant carried by ^n SMTP connection

Correct Answer: AD

Question No.27

Which situation indicates application-level white listing?

A.

Allow everything and deny specific executable files.

B.

Allow specific executable files and deny specific executable files.

C.

Writing current application attacks on a whiteboard daily.

D.

Allow specific files and deny everything else.

Correct Answer: D

Question No.28

In which format are NetFlow records stored?

A.

hexadecimal

B.

base 10

C.

binary

D.

ASCII

Correct Answer: C

Question No.29

Which network device is used to separate broadcast domains?

A.

router

B.

repeater

C.

switch

D.

bridge

Correct Answer: A

Question No.30

While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by modifying the IP header, Which option is making this behavior possible?

A.

TOR

B.

NAT

C.

encapsulation

D.

tunneling

image

Correct Answer: B

Get Full Version of 210-250 Dumps

Categories
210-250 Dumps

210-250 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam
http://www.EnsurePass.com/210-250.html

Question No.31

How does NTP help with security monitoring?

A.

It synchronizes the time of day so that you can correlate events when you receive system logs.

B.

It enables you to look up the IP addresses a browser navigated to using the FQON.

C.

It allows you receive system-generated email traffic from log servers.

D.

It uses TCP, which allows you to see the HTTP conversations between servers and clients.

Correct Answer: A

Question No.32

Which option is a purpose of port scanning?

A.

Identify the Internet Protocol of the target system.

B.

Determine if the network is up or down

C.

Identify which ports and services are open on the target host.

D.

Identify legitimate users of a system.

Correct Answer: C

Question No.33

Refer to the exhibit. During an analysis this list of email attachments is found. Which files contain the same content?

image

A.

1 and 4

B.

3 and 4

C.

1 and 3

D.

1 and 2

Correct Answer: C

Question No.34

Which identifier is used to describe the application or process that submitted a log message?

A.

action

B.

selector

C.

priority

D.

facility

image

Correct Answer: D

Question No.35

Stateful and traditional firewalls can analyze packets and judge them against a set of predetermined rules called access control lists (ACLs). They inspect which of the following elements within a packet? (Choose two)

A.

Session headers

B.

NetFlow flow information

C.

Source and destination ports and source and destination IP addresses

D.

Protocol information

Correct Answer: CD

Question No.36

Which definition of permissions in Linux is true?

A.

rules that allow network traffic to go in and out

B.

table maintenance program

C.

written affidavit that you have to sign before using the system

D.

attributes of ownership and control of an object

Correct Answer: D

Question No.37

Which of the following are Cisco cloud security solutions?

A.

CloudDLP

B.

OpenDNS

C.

CloudLock

D.

CloudSLS

Correct Answer: BC

Question No.38

Which two protocols are used for email? (Choose two)

A.

NTP

B.

DNS

C.

HTTP

D.

IMAP

E.

SMTP

Correct Answer: DE

Question No.39

Where are configuration records stored?

A.

In a CMDB

B.

In a MySQL DB

C.

In a XLS file

D.

There is no need to store them

Correct Answer: A

Question No.40

Which action is an attacker taking when they attempt to gain root access on the victim#39;s system?

A.

command injections

B.

command and control

C.

root kit

D.

privilege escalation

Correct Answer: D

Get Full Version of 210-250 Dumps

Categories
210-250 Dumps

210-250 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/210-250.html

Question No.41

Which security principle states that more than one person is required to perform a critical task?

A.

due diligence

B.

separation of duties

C.

need to know

D.

least privilege

Correct Answer: B

Question No.42

Which evasion method involves performing actions slower than normal to prevent detection?

A.

traffic fragmentation

B.

tunneling

C.

timing attack

D.

resource exhaustion

Correct Answer: C

Question No.43

Which data can be obtained using NetFlow?

A.

session data

B.

application logs

C.

network downtime

D.

report full packet capture

Correct Answer: A

Question No.44

After a large influx of network traffic to externally facing devices, you begin investigating what appears to be a denial of service attack. When you review packet capture data, you notice that the traffic is a single SYN packet to each port. Which kind of attack is this?

A.

host profiling

B.

traffic fragmentation

C.

port scanning

D.

SYN flood

Correct Answer: C

Question No.45

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?

A.

Confidentiality, Integrity and Availability

B.

Confidentiality, Identity and Availability

C.

Confidentiality, Integrity and Authorization

D.

Confidentiality, Identity and Authorization

Correct Answer: A

Question No.46

Which term describes the act of a user, without authority or permission, obtaining rights on a system, beyond what were assigned?

A.

authentication tunneling

B.

administrative abuse

C.

rights exploitation

D.

privilege escalation

Correct Answer: D

Question No.47

Which term represents a weakness in a system that could lead to the system being compromised?

A.

vulnerability

B.

threat

C.

exploit

D.

risk

Correct Answer: A

Question No.48

Refer to the exhibit. A TFTP server has recently been installed in the Atlanta office. The network administrator is located in the NY office and has attempted to make a connection to the TFTP server. They are unable to backup the configuration file and Cisco IOS of the NY router to the TFTP server. Which cause of this problem is true?

image

A.

The TFTP server cannot obtain an address from a DHCP Server.

B.

The TFTP server has an incorrect IP address.

C.

The network administrator computer has an incorrect IP address.

D.

The TFTP server has an incorrect subnet mask.

Correct Answer: A

Question No.49

Early versions of the Microsoft PPTP virtual private network software used the same RC4 key for the sender and the receiver. Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

A.

forgery attack

B.

meet-in-the-middle attack

C.

ciphertext-only attack

D.

plaintext-only attack

Correct Answer: C

Explanation:

Early versions of Microsoft#39;s PPTP virtual private network software used the same RC4 key for the sender and the receiver (later versions solved this problem but may still have other problems). In any case where a stream cipher like RC4 is used twice with the same key, it is open to ciphertext-only attack.

Question No.50

Which hash algorithm is cryptography used in certificate generation?

A.

SHA-256

B.

MD5

C.

RSA 4096

D.

SHA-512

Correct Answer: B

Get Full Version of 210-250 Dumps

Categories
210-250 Dumps

210-250 Real Exam Dumps Questions and answers 1-10

Get Full Version of the Exam
http://www.EnsurePass.com/210-250.html

Question No.1

Which security monitoring data type is associated with application server logs?

A.

alert data

B.

statistical data

C.

session data

D.

transaction data

Correct Answer: D

Question No.2

You must create a vulnerability management framework. Which main purpose of this framework is true?

A.

Conduct vulnerability scans on the network.

B.

Manage a list of reported vulnerabilities.

C.

Identify remove and mitigate system vulnerabilities.

D.

Detect and remove vulnerabilities in source code.

Correct Answer: C

Question No.3

Which vulnerability is an example of Shellshock?

A.

cross site scripting

B.

command injection

C.

heap overflow

D.

SQL injection

Correct Answer: B

Question No.4

A user reports difficulties accessing certain external web pages, When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible explanation of this situation?

A.

insufficient network resources

B.

failure of full packet capture solution

C.

misconfiguration of web filter

D.

TCP injection

Correct Answer: D

Question No.5

You get an alert on your desktop computer showing that an attack was successful on the host, but upon investigation you see that no mitigation actions occurred during the attack. Which reason is true?

A.

The computer has a HIDS instated on it

B.

The computer has a NIDS installed on it

C.

The computer has a HIPS installed on it

D.

The computer has a NIPS installed on it

Correct Answer: A

Question No.6

Which type of exploit normally requires the culprit to have prior access to the target system?

A.

local exploit

B.

denial of service

C.

system vulnerability

D.

remote exploit

Correct Answer: A

Question No.7

Which definition of a process in Windows is true?

A.

running program

B.

unit of execution that must be manually scheduled by the application

C.

database that stores low-level settings for the OS and for certain applications

D.

basic unit to which the operating system allocates processor time

Correct Answer: A

Question No.8

What is PHI?

A.

Protected HIPAA information

B.

Protected health information

C.

Personal health information

D.

Personal human information

Correct Answer: B

Question No.9

Which purpose of Command and Control for network aware malware is true?

A.

It contacts a remote server for commands and updates.

B.

It controls and shuts down services on the infected host.

C.

It helps the malware to profile the host

D.

It takes over the user account.

Correct Answer: A

Question No.10

According to RFC 1035 which transport protocol is recommended for use with DNS queries?

A.

Transmission Control Protocol

B.

Reliable Data Protocol

C.

Hypertext Transfer Protocol

D.

User Datagram Protocol

Correct Answer: D

Get Full Version of 210-250 Dumps

Categories
210-250 Dumps

210-250 Real Exam Dumps Questions and answers 11-20

Get Full Version of the Exam
http://www.EnsurePass.com/210-250.html

Question No.11

Which definition of vulnerability is true?

A.

an exploitable unpatched and unmitigated weakness in software

B.

an incompatible piece of software

C.

software that does not have the most current patch applied

D.

software that was not approved for installation

Correct Answer: A

Question No.12

Which option is an advantage to using network-based anti-virus versus host-based anti-virus?

A.

Network-based has the ability to protect unmanaged devices and unsupported operating systems.

B.

There are no advantages compared to host-based antivirus.

C.

Host-based antivirus does not have the ability to collect newly created signatures.

D.

Network-based can protect against infection from malicious files at rest.

Correct Answer: A

Question No.13

Which definition of the virtual address space for a Windows process is true?

A.

actual physical location of an object in memory

B.

set of virtual memory addresses that it can use

C.

set of pages that are currently resident in physical memory

D.

system-level memory protection feature that is built into the operating system

Correct Answer: B

Question No.14

DRAG DROP

Drag the data source on the left to the left to the correct data type on the right.

image

Correct Answer:

image

Question No.15

Which statement about digitally signing a document is true?

A.

The document is hashed and then the document is encrypted with the private key.

B.

The document is hashed and then the hash is encrypted with the private key.

C.

The document is encrypted and then the document is hashed with the public key

D.

The document is hashed and then the document is encrypted with the public key.

Correct Answer: B

Question No.16

For which reason can HTTPS traffic make security monitoring difficult?

A.

encryption

B.

large packet headers

C.

Signature detection takes longer.

D.

SSL interception

Correct Answer: A

Question No.17

Which cryptographic key is contained in an X.509 certificate?

A.

symmetric

B.

public

C.

private

D.

asymmetric

Correct Answer: B

Question No.18

Which two features must a next generation firewall include? (Choose two.)

A.

data mining

B.

host-based antivirus

C.

application visibility and control

D.

Security Information and Event Management

E.

intrusion detection system

Correct Answer: CE

Question No.19

Which directory is commonly used on Linux systems to store log files, including syslog and apache access logs?

A.

/etc/log

B.

/root/log

C.

/lib/log

D.

/var/log

Correct Answer: D

Question No.20

Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke architecture. pxGrid is used to enable the sharing of contextual-based information from which devices?

A.

From a Cisco ASA to the Cisco OpenDNS service

B.

From a Cisco ASA to the Cisco WSA

C.

From a Cisco ASA to the Cisco FMC

D.

From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA

Correct Answer: D

Get Full Version of 210-250 Dumps