210-255 exam

Which of the following is one of the main goals of data normalization?A . To save duplicate logs for redundancyB . To purge redundant data while maintaining data integrityC . To correlate IPS and IDS logs with DNSD . To correlate IPS/IDS logs with firewall logsView AnswerAnswer: B

What information from HTTP logs can be used to find a threat actor?A . refererB . IP addressC . user-agentD . URLView AnswerAnswer: B

DRAG DROP Refer to exhibit. Drag and drop the items from the left onto the correct 5-tuples on the right. View AnswerAnswer:

What is the process of remediation the system from attack so that responsible threat actor can be revealed?A . Validating the Attacking Host's IP AddressB . Researching the Attacking Host through Search Engines.C . Using Incident Databases.D . Monitoring Possible Attacker Communication Channels.View AnswerAnswer: A

Which incident handling is focused on minimizing the impact of an incident?A . ScopingB . ReportingC . ContainmentD . EradicationView AnswerAnswer: D

Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the PCAP file on the right. View AnswerAnswer:

Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a security operations center (SOC)?A . Cisco CloudLockB . Cisco's Active Threat Analytics (ATA)C . Cisco Managed Firepower ServiceD . Cisco JasperView AnswerAnswer: B

Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?A . localB . physicalC . networkD . adjacentView AnswerAnswer: B

Which CVSSv3 metric captures the level of access that is required for a successful attack?A . attack vectorB . attack complexityC . privileges requiredD . user interactionView AnswerAnswer: C

Filtering ports in wireshark?A . tcp.port == 80B . tcp port equals 80C . tcp.port 80D . port 80View AnswerAnswer: A