Documente Academic
Documente Profesional
Documente Cultură
Fundamentals
Version: 1.0
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 1
Which security monitoring data type requires the most storage space?
transaction data
session data
statistical data
QUESTION 2
Which security principle states that more than one person is required to perform a critical task?
due diligence
least privilege
need to know
separation of duties
QUESTION 3
QUESTION 4
IMAP
SMTP
HTTP
NTP
DNS
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 5
The document is hashed and then the document is encrypted with the private key.
The document is encrypted and then the document is hashed with the public key
The document is hashed and then the document is encrypted with the public key.
The document is hashed and then the hash is encrypted with the private key.
QUESTION 6
Which two actions are valid uses of public key infrastructure? (Choose two )
QUESTION 7
While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by
modifying the IP header, Which option is making this behavior possible?
TOR
encapsulation
tunneling
NAT
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 8
Which term represents a weakness in a system that could lead to the system being compromised?
risk
exploit
threat
vulnerability
QUESTION 9
running program
database that stores low-level settings for the OS and for certain applications
QUESTION 10
whaling
mailbomb
hooking
mailnet
spear
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 11
Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?
TCP/UDP
ATM/ MPLS
IPv4/IPv6
HTTP/TLS
QUESTION 12
An intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources.
Which evasion technique does this attempt indicate?
timing attack
tunneling
traffic fragmentation
resource exhaustion
QUESTION 13
Which identifier is used to describe the application or process that submitted a log message?
selector
priority
facility
action
QUESTION 14
link
application
Internet
transport
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 15
Identify which ports and services are open on the target host.
QUESTION 16
For which reason can HTTPS traffic make security monitoring difficult?
encryption
SSL interception
QUESTION 17
Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across
networks?
QUESTION 18
Which evasion method involves performing actions slower than normal to prevent detection?
tunneling
traffic fragmentation
resource exhaustion
timing attack
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 19
repeater
bridge
router
switch
QUESTION 20
Which term represents the practice of giving employees only those permissions necessary to perform their
specific role within an organization?
due diligence
need to know
least privilege
integrity validation
QUESTION 21
Which definition of the virtual address space for a Windows process is true?
system-level memory protection feature that is built into the operating system
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 22
written affidavit that you have to sign before using the system
QUESTION 23
Which term represents the chronological record of how evidence was collected- analyzed, preserved, and
transferred?
chain of custody
chain of evidence
evidence chronology
record of safekeeping
QUESTION 24
hich security monitoring data type is associated with application server logs?
statistical data
session data
alert data
transaction data
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 25
session data
network downtime
application logs
QUESTION 26
DES
3DES
CES
AES
QUESTION 27
a powerful versatile tool that verifies the integrity of the log files
a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
QUESTION 28
availability
sustainability
confidentiality
integrity
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 29
If a web server accepts input from the user and passes it to a bash shell, to which attack method is it
vulnerable?
input validation
command injection
hash collision
integer overflow
QUESTION 30
SHA-256
SHA-1
SHA-512
RSA 4096
QUESTION 31
Based on which statement does the discretionary access control security model grant or restrict access ?
QUESTION 32
QUESTION 33
Network-based has the ability to protect unmanaged devices and unsupported operating systems.
Host-based antivirus does not have the ability to collect newly created signatures.
QUESTION 34
Which directory is commonly used on Linux systems to store log files, including syslog and apache access
logs?
/lib/log
/var/log
/etc/log
/root/log
QUESTION 35
A user reports difficulties accessing certain external web pages, When examining traffic to and from the external
domain in full packet captures, you notice many SYNs that have the same sequence number, source, and
destination IP address, but have different payloads. Which problem is a possible explanation of this situation?
TCP injection
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 36
QUESTION 37
program used to detect and remove unwanted malicious software from the system
QUESTION 38
Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?
endpoint event
intrusion event
NetFlow event
connection event
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 39
Which two terms are types of cross site scripting attacks? (Choose two )
encoded
directed
cascaded
stored
reflected
QUESTION 40
Drag the data source on the left to the left to the correct data type on the right.
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 41
In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, like a
firewall, before it could be built fully?
RST
PSH, ACK
ACK
SYN ACK
QUESTION 42
Which concern is important when monitoring NTP servers for abnormal levels of traffic?
Watching for rogue devices that have been added to the network.
QUESTION 43
Refer to the exhibit. During an analysis this list of email attachments is found. Which files contain the same
content?
1 and 3
3 and 4
1 and 2
1 and 4
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 44
Which term represents a potential danger that could take advantage of a weakness in a system?
vulnerability
exploit
threat
risk
QUESTION 45
Drag the technology on the left to the data type the technology provides on the right.
QUESTION 46
One of the objectives of information security is to protect the CIA of information and systems. What does CIA
mean in this context?
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 47
software that does not have the most current patch applied
QUESTION 48
SHA-3
MD5
SHA-2
RC4
QUESTION 49
According to RFC 1035 which transport protocol is recommended for use with DNS queries?
QUESTION 50
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 51
QUESTION 52
You must create a vulnerability management framework. Which main purpose of this framework is true?
QUESTION 53
public
symmetric
private
asymmetric
QUESTION 54
Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture?
HTTP
SSH
DNS
NTP
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 55
QUESTION 56
QUESTION 57
Which term describes the act of a user, without authority or permission, obtaining rights on a system, beyond
what were assigned?
administrative abuse
rights exploitation
authentication tunneling
privilege escalation
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 58
Which two features must a next generation firewall include? (Choose two.)
host-based antivirus
data mining
QUESTION 59
Which type of exploit normally requires the culprit to have prior access to the target system?
denial of service
local exploit
remote exploit
system vulnerability
QUESTION 60
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two
IPS phones?
man-in-the-middle
dictionary
replay
known-plaintext
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 61
Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)
QUESTION 62
Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP server to
overwhelm their target?
replay
denial of service
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 63
Refer to the exhibit. A TFTP server has recently been installed in the Atlanpero ta office. The network
administrator is located in the NY office and has attempted to make a connection to the TFTP server. They are
unable to backup the configuration file and Cisco IOS of the NY router to the TFTP server Which cause of this
problem is true?
QUESTION 64
Which definition describes the main purpose of a Security Information and Event Management solution ?
a monitoring interface that manages firewall access control lists for duplicate firewall filtering
a security product that collects, normalizes, and correlates event log data to provide holistic views of
the security posture
a database that collects and categorizes indicators of compromise to evaluate and search for potential
security threats
a relay server or device that collects then forwards event logs to another log collection device
www.lead2pass.com
Cisco 210-250 Exam
QUESTION 65
Which tool is commonly used by threat actors on a webpage to take advantage of the software vulnerabilities of
a system to spread malware?
vulnerability kit
exploit kit
root kit
www.lead2pass.com