Cisco 210-250

Exam 210-250

Understanding Cisco Cybersecurity

Title
Fundamentals

Updated Version: 10.0

Product
109 Q&A
Type

“Best Material, Great Results”. www.certkingdom.com 1

 Cisco 210-250

QUESTION 1
Which data can be obtained using NetFlow?

A. session data
B. application logs
C. network downtime
D. report full packet capture

Answer: A

QUESTION 2
You discover that a foreign government hacked one of the defense contractors in your country and stole intellectual
property. In this situation, which option is considered the threat agent?

A. foreign government that conducted the attack

B. defense contractor that stored the intellectual property
C. method in which the hack occurred
D. intellectual property that was stolen

Answer: D

QUESTION 3
Which of the following is true about heuristic-based algorithms?

A. Heuristic-based algorithms may require fine tuning to adapt to network traffic and minimize
the possibility of false positives.
B. Heuristic-based algorithms do not require fine tuning.
C. Heuristic-based algorithms support advanced malware protection.
D. Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and tuning.

Answer: A

QUESTION 4
Which of the following are Cisco cloud security solutions?

A. CloudDLP
B. OpenDNS
C. CloudLock
D. CloudSLS

Answer: B,C

QUESTION 5
Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?

A. HTTP/TLS
B. IPv4/IPv6
“Best Material, Great Results”. www.certkingdom.com 2
 Cisco 210-250

C. TCP/UDP
D. ATM/ MPLS

Answer: B

QUESTION 6
Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?

A. connection event
B. endpoint event
C. NetFlow event
D. intrusion event

Answer: D

QUESTION 7
Which definition of a daemon on Linux is true?

A. error check right after the call to fork a process

B. new process created by duplicating the calling process
C. program that runs unobtrusively in the background
D. set of basic CPU instructions

Answer: C

QUESTION 8
Which two features must a next generation firewall include? (Choose two.)

A. data mining
B. host-based antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system

Answer: C,E

QUESTION 9
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IPS phones?

A. replay
B. man-in-the-middle
C. dictionary
D. known-plaintext

Answer: B

QUESTION 10
Which hashing algorithm is the least secure?
“Best Material, Great Results”. www.certkingdom.com 3
 Cisco 210-250

A. MD5
B. RC4
C. SHA-3
D. SHA-2

Answer: A

QUESTION 11
Which evasion method involves performing actions slower than normal to prevent detection?

A. traffic fragmentation
B. tunneling
C. timing attack
D. resource exhaustion

Answer: C

QUESTION 12
Which statement about the difference between a denial-of-service attack and a distributed denial-ot-service attack is true?

A. DoS attacks and DDoS attacks have no differences

B. DDoS attacks are launched from one host, and DoS attacks are launched from multiple hosts
C. DoS attacks only use flooding to compromise a network, and DDoS attacks only use other methods.
D. DoS attacks are launched from one host and DDoS attacks are launched from multiple
hosts

Answer: D

QUESTION 13
Which definition describes the main purpose of a Security Information and Event Management solution ?

A. a database that collects and categorizes indicators of compromise to evaluate and search for potential security threats
B. a monitoring interface that manages firewall access control lists for duplicate firewall filtering
C. a relay server or device that collects then forwards event logs to another log collection device
D. a security product that collects, normalizes, and correlates event log data to provide holistic views of the security
posture

Answer: D

QUESTION 14
Which network device is used to separate broadcast domains?

A. router
B. repeater
C. switch
D. bridge

“Best Material, Great Results”. www.certkingdom.com 4

 Cisco 210-250

Answer: A

QUESTION 15
A user reports difficulties accessing certain external web pages, When examining traffic to and from the external domain
in full packet captures, you notice many SYNs that have the
same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible
explanation of this situation?

A. insufficient network resources

B. failure of full packet capture solution
C. misconfiguration of web filter
D. TCP injection

Answer: D

QUESTION 16
What is one of the advantages of the mandatory access control (MAC) model?

A. Complex to administer.
B. Stricter control over the information access.
C. Easy and scalable.
D. The owner can decide whom to grant access to.

Answer: B

QUESTION 17
In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, like a firewall,
before it could be built fully?

A. ACK
B. SYN ACK
C. RST
D. PSH, ACK

Answer: C

QUESTION 18
Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke
architecture. pxGrid is used to enable the sharing of contextual-based information from which
devices?

A. From a Cisco ASA to the Cisco OpenDNS service

B. From a Cisco ASA to the Cisco WSA
C. From a Cisco ASA to the Cisco FMC
D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA

Answer: D
“Best Material, Great Results”. www.certkingdom.com 5
 Cisco 210-250

QUESTION 19
For which kind of attack does an attacker use known information in encrypted files to break the encryption scheme for
the rest of the ciphertext?

A. unknown key
B. known-plaintext
C. man in the middle
D. known-ciphertext

Answer: B

QUESTION 20
Which two protocols are used for email (Choose two )

A. NTP
B. DNS
C. HTTP
D. IMAP
E. SMTP

Answer: D,E

QUESTION 21
Which concern is important when monitoring NTP servers for abnormal levels of traffic?

A. Being the cause of a distributed reflection denial of service attack.

B. Users changing the time settings on their systems.
C. A critical server may not have the correct time synchronized.
D. Watching for rogue devices that have been added to the network.

Answer: A

QUESTION 22
Based on which statement does the discretionary access control security model grant or restrict access ?

A. discretion of the system administrator

B. security policy defined by the owner of an object
C. security policy defined by the system administrator
D. role of a user within an organization

Answer: B

QUESTION 23
Which identifier is used to describe the application or process that submitted a log message?

A. action
B. selector
“Best Material, Great Results”. www.certkingdom.com 6
 Cisco 210-250

C. priority
D. facility

Answer: D

QUESTION 24

Refer to the exhibit. During an analysis this list of email attachments is found. Which files contain the same content?

A. 1 and 4
B. 3 and 4
C. 1 and 3
D. 1 and 2

Answer: C

QUESTION 25
Which definition of the virtual address space for a Windows process is true?

A. actual physical location of an object in memory

B. set of virtual memory addresses that it can use
C. set of pages that are currently resident in physical memory
D. system-level memory protection feature that is built into the operating system

Answer: B

QUESTION 26
Which definition of a process in Windows is true?

A. running program
B. unit of execution that must be manually scheduled by the application
C. database that stores low-level settings for the OS and for certain applications
D. basic unit to which the operating system allocates processor time

Answer: A

QUESTION 27
Which international standard is for general risk management, including the principles and guidelines for managing risk?

“Best Material, Great Results”. www.certkingdom.com 7

 Cisco 210-250

A. ISO 27002
B. ISO 31000
C. ISO 27005
D. ISO 27001

Answer: B

Explanation: ISO 31000 is the general risk management standard that includes principles and guidelines for managing
risk. It can be used by any organization, regardless of its size, activity, or sector. Using ISO 31000 can help organizations
increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively
allocate and use resources for risk
treatment.

QUESTION 28
You get an alert on your desktop computer showing that an attack was successful on the host, but upon investigation you
see that no mitigation actions occurred during the attack. Which reason is true?

A. The computer has a HIDS instated on it

B. The computer has a NIDS installed on it
C. The computer has a HIPS installed on it
D. The computer has a NIPS installed on it

Answer: A

QUESTION 29
Which definition of an antivirus program is true?

A. program used to detect and remove unwanted malicious software from the system
B. program that provides real time analysis of security alerts generated by network hardware and application
C. program that scans a running application for vulnerabilities
D. rules that allow network traffic to go in and out

Answer: A

QUESTION 30 DRAG DROP

Drag the technology on the left to the data type the technology provides on the right.

“Best Material, Great Results”. www.certkingdom.com 8

 Cisco 210-250

Answer:

Explanation:
TCPDump = Full packet capture
Netflow = SesionData
Traditional stateful firewall = Connection Event
Web content filtering = Transaction Data

QUESTION 31
Which type of exploit normally requires the culprit to have prior access to the target system?

A. local exploit
B. denial of service
C. system vulnerability
D. remote exploit

Answer: A

QUESTION 32
Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP server to overwhelm their
target?

A. man in the middle

B. denial of service
C. distributed denial of service
D. replay

Answer: C

QUESTION 33
Which two terms are types of cross site scripting attacks? (Choose two )

A. directed
B. encoded
C. stored

“Best Material, Great Results”. www.certkingdom.com 9

 Cisco 210-250

D. reflected
E. cascaded

Answer: C,D

QUESTION 34
Which security principle states that more than one person is required to perform a critical task?

A. due diligence
B. separation of duties
C. need to know
D. least privilege

Answer: B

QUESTION 35
In which context is it inappropriate to use a hash algorithm?

A. Telnet logins
B. verifying file integrity
C. SSH logins
D. digital signature verification

Answer: D

QUESTION 36
Where is a host-based intrusion detection system located?

A. on a particular end-point as an agent or a desktop application

B. on a dedicated proxy server monitoring egress traffic
C. on a span switch port
D. on a tap switch port

Answer: A

QUESTION 37

“Best Material, Great Results”. www.certkingdom.com 10

 Cisco 210-250

Refer to the exhibit. A TFTP server has recently been installed in the Atlanta office. The network administrator is located
in the NY office and has attempted to make a connection to the TFTP server. They are unable to backup the
configuration file and Cisco IOS of the NY router to the TFTP server Which cause of this problem is true?

A. The TFTP server cannot obtain an address from a DHCP Server.

B. The TFTP server has an incorrect IP address.
C. The network administrator computer has an incorrect IP address
D. The TFTP server has an incorrect subnet mask.

Answer: A

QUESTION 38
Which two activities are examples of social engineering? (Choose two)

A. receiving call from the IT department asking you to verify your username/password to maintain the account
B. receiving an invite to your department's weekly WebEx meeting
C. sending a verbal request to an administrator to change the password to the account of a user the administrator does
know
D. receiving an email from MR requesting that you visit the secure HR website and update your contract information
E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the
same company

Answer: A,C

“Best Material, Great Results”. www.certkingdom.com 11

 Cisco 210-250

QUESTION 39
Which option is a purpose of port scanning?

A. Identify the Internet Protocol of the target system.

B. Determine if the network is up or down
C. Identify which ports and services are open on the target host.
D. Identify legitimate users of a system.

Answer: C

QUESTION 40
How does NTP help with security monitoring?

A. It synchronizes the time of day so that you can correlate events when you receive system logs.
B. It enables you to look up the IP addresses a browser navigated to using the FQON.
C. It allows you receive system-generated email traffic from log servers.
D. It uses TCP, which allows you to see the HTTP conversations between servers and clients.

Answer: A

QUESTION 41
Which situation indicates application-level white listing?

A. Allow everything and deny specific executable files.

B. Allow specific executable files and deny specific executable files.
C. Writing current application attacks on a whiteboard daily.
D. Allow specific files and deny everything else.

Answer: B

QUESTION 42
Which purpose of Command and Control for network aware malware is true?

A. It contacts a remote server for commands and updates.

B. It controls and shuts down services on the infected host.
C. It helps the malware to profile the host
D. It takes over the user account.

Answer: A

QUESTION 43
According to the attribute-based access control (ABAC) model, what is the subject location considered?

A. Part of the environmental attributes

B. Part of the object attributes
C. Part of the access control attributes
D. None of the above
“Best Material, Great Results”. www.certkingdom.com 12
 Cisco 210-250

Answer: A

QUESTION 44
Which hash algorithm is the weakest?

A. SHA-512
B. RSA 4096
C. SHA-1
D. SHA-256

Answer: C

QUESTION 45
Which hash algorithm is cryptography used in certificate generation?

A. SHA-256
B. MD5
C. RSA 4096
D. SHA-512

Answer: B

QUESTION 46
Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)

A. Confirm the timing of network connections differentiated by the TCP 5-tuple

B. Audit the applications used within a social networking web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dynamically translated external public IP addresses
E. Identify the malware variant carried by ^n SMTP connection

Answer: A,D

QUESTION 47
Which action is an attacker taking when they attempt to gain root access on the victim's system?

A. command injections
B. command and control
C. root kit
D. privilege escalation

Answer: D

QUESTION 48
After a large influx of network traffic to externally facing devices, you begin investigating what appears to be a denial of
service attack. When you review packet capture data, you notice that the traffic is a single SYN packet to each port.
Which kind of attack is this?
“Best Material, Great Results”. www.certkingdom.com 13
 Cisco 210-250

A. host profiling
B. traffic fragmentation
C. port scanning
D. SYN flood

Answer: D

QUESTION 49
In which technology is network level encryption not natively incorporated?

A. Kerberos
B. IPsec
C. SSL
D. TLS

Answer: D

QUESTION 50
Stateful and traditional firewalls can analyze packets and judge them against a set of
predetermined rules called access control lists (ACLs). They inspect which of the following
elements within a packet? (Choose Two)

A. Session headers
B. NetFlow flow information
C. Source and destination ports and source and destination IP addresses
D. Protocol information

Answer: C,D

QUESTION 51
Which directory is commonly used on Linux systems to store log files, including syslog and apache access logs?

A. /etc/log
B. /root/log
C. /lib/log
D. /var/log

Answer: D

QUESTION 52
Which information security property is supported by encryption?

A. sustainability
B. integrity
C. confidentiality
D. availability

“Best Material, Great Results”. www.certkingdom.com 14

 Cisco 210-250

Answer: C

QUESTION 53
Which cryptographic key is contained in an X.509 certificate?

A. symmetric
B. public
C. private
D. asymmetric

Answer: B

QUESTION 54 DRAG DROP

Drag the data source on the left to the left to the correct data type on the right.

Answer:

Explanation:
Wireshark = Full packet capture
Netflow = Session Data
“Best Material, Great Results”. www.certkingdom.com 15
 Cisco 210-250

Server log = Transaction Data

IPS = Alert data

QUESTION 55
Which two options are recognized forms of phishing? (Choose two )

A. spear
B. whaling
C. mailbomb
D. hooking
E. mailnet

Answer: A,B

QUESTION 56
Which term represents the likelihood of a potential danger taking advantage of a weakness in a system?

A. risk
B. exploit
C. threat
D. vulnerability

Answer: C

Explanation:
A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited—or, more importantly,
it is not yet publicly known—the threat is latent and not yet realized. If someone is actively launching an attack against
your system and successfully accesses something or compromises your security against an asset, the threat is realized.
The entity that takes advantage of the vulnerability is known as the malicious actor, and the path used by this actor to
perform the attack is known as the threat agent or threat vector.

QUESTION 57
If a web server accepts input from the user and passes it to a bash shell, to which attack
method is it vulnerable?

A. input validation
B. hash collision
C. command injection
D. integer overflow

Answer: C

QUESTION 58
What is PHI?

A. Protected HIPAA information

B. Protected health information
“Best Material, Great Results”. www.certkingdom.com 16
 Cisco 210-250

C. Personal health information

D. Personal human information

Answer: B

QUESTION 59
Which tool is commonly used by threat actors on a webpage to take advantage of the software vulnerabilities of a system
to spread malware?

A. exploit kit
B. root kit
C. vulnerability kit
D. script kiddie kit

Answer: A

QUESTION 60
Which definition of a Linux daemon is true?

A. long-running process that is the child at the init process

B. process that is starved at the CPU
C. process that is causing harm to the system by either using up system resources or causing a critical crash.
D. process that has no parent process

Answer: A

QUESTION 61
Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across networks?

A. Internet Control Message Protocol

B. Address Resolution Protocol
C. Session Initiation Protocol
D. Transmission Control Protocol/Internet Protocol

Answer: B

QUESTION 62
Which encryption algorithm is the strongest?

A. AES
B. CES
C. DES
D. 3DES

Answer: A

QUESTION 63
You must create a vulnerability management framework. Which main purpose of this framework is true?
“Best Material, Great Results”. www.certkingdom.com 17
 Cisco 210-250

A. Conduct vulnerability scans on the network.

B. Manage a list of reported vulnerabilities.
C. Identify remove and mitigate system vulnerabilities.
D. Detect and remove vulnerabilities in source code.

Answer: B

QUESTION 64
For which purpose can Windows Management Instrumentation be used?

A. remote start of a computer

B. remote reboot of a computer
C. remote blocking of malware on a computer
D. remote viewing of a computer

Answer: D

QUESTION 65
Which process continues to be recorded in the process table after it has ended and the status is returned to the parent?

A. orphan
B. child
C. daemon
D. zombie

Answer: D

QUESTION 66
Which definition of the IIS Log Parser tool is true?

A. a logging module for IIS that allows you to log to a database

B. a data source control to connect to your data source
C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
D. a powerful versatile tool that verifies the integrity of the log files

Answer: C

QUESTION 67
Which description is an example of whaling?

A. when attackers use fraudulent websites that look like legitimate ones
B. when attackers go after the CEO
C. when attackers target specific individuals
D. when attackers target a group of individuals

Answer: B

“Best Material, Great Results”. www.certkingdom.com 18

 Cisco 210-250

QUESTION 68
Which definition of vulnerability is true?

A. an exploitable unpatched and unmitigated weakness in software

B. an incompatible piece of software
C. software that does not have the most current patch applied
D. software that was not approved for installation

Answer: A

QUESTION 69
Which term describes the act of a user, without authority or permission, obtaining rights on a system, beyond what were
assigned?

A. authentication tunneling
B. administrative abuse
C. rights exploitation
D. privilege escalation

Answer: D

QUESTION 70
In computer security, which information is the term PHI used to describe?

A. private host information

B. protected health information
C. personal health information
D. protected host information

Answer: B

QUESTION 71
Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture?

A. NTP
B. HTTP
C. DNS
D. SSH

Answer: B

QUESTION 72
Which of the following access control models use security labels to make access decisions?

A. Discretionary access control (DAC)

B. Mandatory access control (MAC)
C. Role-based access control (RBAC)
D. Identity-based access control (IBAC)
“Best Material, Great Results”. www.certkingdom.com 19
 Cisco 210-250

Answer: B

QUESTION 73
Where are configuration records stored?

A. In a CMDB
B. In a MySQL DB
C. In a XLS file
D. There is no need to store them

Answer: A

QUESTION 74
Which definition of Common Event Format in terms of a Security Information and Event Management solution is true?

A. event log analysis certificate that stands for Certified Event Forensics
B. a type of event log used to identify a successful user login
C. a TCP network media protocol
D. a standard log event format that is used for log collection

Answer: D

QUESTION 75
Which definition of a fork in Linux is true?

A. daemon to execute scheduled commands

B. parent directory name of a file pathname
C. macros for manipulating CPU sets
D. new process created by a parent process

Answer: D

QUESTION 76
Which statement about an attack surface is true?

A. It is an exploitable weakness in a system or its design

B. It is any potential danger to an asset
C. It is the individuals who perform an attack
D. lt is the sum of all paths for data/commands into and out of the application

Answer: B

QUESTION 77
What is a trunk link used for?

A. To pass multiple virtual LANs

B. To connect more than two switches
“Best Material, Great Results”. www.certkingdom.com 20
 Cisco 210-250

C. To enable Spanning Tree Protocol

D. To encapsulate Layer 2 frames

Answer: A

QUESTION 78
In which case should an employee return his laptop to the organization?

A. When moving to a different role

B. Upon termination of the employment
C. As described in the asset return policy
D. When the laptop is end of lease

Answer: C

QUESTION 79
How many broadcast domains are created if three hosts are connected to a Layer 2 switch in full-duplex mode?

A. 4
B. 3
C. None
D. 1

Answer: D

QUESTION 80
Which tool provides universal query access to text based data such as event logs and file system?

A. service viewer
B. log parser
C. handles
D. Windows Management Instrumentation

Answer: B

Explanation: Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log
files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log,
the Registry, the file system, and Active Directory®.

QUESTION 81
Which security monitoring data type is associated with application server logs?

A. alert data
B. statistical data
C. session data
D. transaction data

Answer: D
“Best Material, Great Results”. www.certkingdom.com 21
 Cisco 210-250

QUESTION 82
Which of the following are metrics that can measure the effectiveness of a runbook?

A. Mean time to repair (MTTR)

B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above

Answer: D

QUESTION 83
Which definition of permissions in Linux is true?

A. rules that allow network traffic to go in and out

B. table maintenance program
C. written affidavit that you have to sign before using the system
D. attributes of ownership and control of an object

Answer: D

QUESTION 84
You have deployed an enterprise-wide host/endpoint technology for all of the company corporate PCs. Management asks
you to block a selected set of applications on all corporate PCs. Which technology is the best option?

A. antivirus/antispyware software
B. application whitelisting/blacklisting
C. host-based IDS
D. network NGFW

Answer: B

QUESTION 85
Which term represents a weakness in a system that could lead to the system being compromised?

A. vulnerability
B. threat
C. exploit
D. risk

Answer: A

QUESTION 86
According to RFC 1035 which transport protocol is recommended for use with DNS queries?

A. Transmission Control Protocol

B. Reliable Data Protocol
C. Hypertext Transfer Protocol
“Best Material, Great Results”. www.certkingdom.com 22
 Cisco 210-250

D. User Datagram Protocol

Answer: D

QUESTION 87
According to the Common Vulnerability Scoring System, which term is associated with scoring multiple vulnerabilities
that are exploited in the course of a single attack?

A. confidentiality
B. vulnerability chaining
C. chained score
D. risk analysis

Answer: B

Explanation:
Vulnerability Chaining CVSS is designed to classify and rate individual vulnerabilities. However, it is important to
support the needs of the vulnerability analysis community by accommodating situations where multiple vulnerabilities
are exploited in the course of a single attack to compromise a host or application. The scoring of multiple vulnerabilities
in this manner is termed Vulnerability Chaining. Note that this is not a formal metric, but is included as guidance for
analysts when scoring these kinds of attacks

QUESTION 88
What does the sum of the risks presented by an application represent for that application?

A. application attack surface

B. security violation
C. vulnerability
D. HIPPA violation

Answer: A

QUESTION 89
An intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources. Which
evasion technique does this attempt indicate?

A. traffic fragmentation
B. resource exhaustion
C. timing attack
D. tunneling

Answer: B

QUESTION 90
Which term describes reasonable efforts that must be made to obtain relevant information to facilitate appropriate
courses of action?

A. ethical behavior
“Best Material, Great Results”. www.certkingdom.com 23
 Cisco 210-250

B. due diligence
C. data mining
D. decision making

Answer: B

QUESTION 91
Which Linux terminal command can be used to display all the processes?

A. ps -u
B. ps-m
C. ps-ef
D. ps-d

Answer: A

QUESTION 92
The FMC can share HTML, PDF and CSV data types that relate to a specific event type. Which event type?

A. host
B. connection
C. intrusion
D. NetFlow

Answer: C

QUESTION 93
Which vulnerability is an example of Shellshock?

A. cross site scripting

B. command injection
C. heap overflow
D. SQL injection

Answer: B

QUESTION 94
At which OSI layer does a router typically operate?

A. Transport
B. Network
C. Data link
D. Application

Answer: B

QUESTION 95
Which two actions are valid uses of public key infrastructure? (Choose two )
“Best Material, Great Results”. www.certkingdom.com 24
 Cisco 210-250

A. ensuring the privacy of a certificate

B. revoking the validation of a certificate
C. validating the authenticity of a certificate
D. creating duplicate copies of a certificate
E. changing ownership of a certificate

Answer: B,C

QUESTION 96
Which term represents the practice of giving employees only those permissions necessary
to perform their specific role within an organization?

A. integrity validation
B. due diligence
C. need to know
D. least privilege

Answer: D

QUESTION 97
Which term represents a potential danger that could take advantage of a weakness in a system?

A. vulnerability
B. risk
C. threat
D. exploit

Answer: B

QUESTION 98
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in
this context?

A. Confidentiality, Integrity, and Availability

B. Confidentiality, Identity, and Availability
C. Confidentiality, Integrity, and Authorization
D. Confidentiality, Identity, and Authorization

Answer: A

QUESTION 99
In which format are NetFlow records stored?

A. hexadecimal
B. base 10
C. binary
D. ASCII
“Best Material, Great Results”. www.certkingdom.com 25
 Cisco 210-250

Answer: C

QUESTION 100
While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by
modifying the IP header, Which option is making this behavior possible?

A. TOR
B. NAT
C. encapsulation
D. tunneling

Answer: B

QUESTION 101
Early versions of the Microsoft PPTP virtual private network software used the same RC4 key for the sender and the
receiver. Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

A. forgery attack
B. meet-in-the-middle attack
C. ciphertext-only attack
D. plaintext-only attack

Answer: C

Explanation:
? Early versions of Microsoft's PPTP virtual private network software used the same RC4 key for the sender and the
receiver (later versions solved this problem but may still have other problems). In any case where a stream cipher like
RC4 is
used twice with the same key, it is open to ciphertext-only attack.

QUESTION 102
For which reason can HTTPS traffic make security monitoring difficult?

A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception

Answer: D

QUESTION 103
A firewall requires deep packet inspection to evaluate which layer?

A. application
B. Internet
C. link
D. transport
“Best Material, Great Results”. www.certkingdom.com 26
 Cisco 210-250

Answer: A

QUESTION 104
Which security monitoring data type requires the most storage space?

A. full packet capture

B. transaction data
C. statistical data
D. session data

Answer: A

QUESTION 105
What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
(Select all that apply.)

A. Each station can transmit and receive at the same time.

B. It avoids collisions.
C. It makes use of backoff time.
D. It uses a collision avoidance algorithm to transmit.

Answer: A,B

QUESTION 106
Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?

A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping

Answer: C

QUESTION 107
Which statement about digitally signing a document is true?

A. The document is hashed and then the document is encrypted with the private key.
B. The document is hashed and then the hash is encrypted with the private key.
C. The document is encrypted and then the document is hashed with the public key
D. The document is hashed and then the document is encrypted with the public key.

Answer: B

QUESTION 108
Which option is an advantage to using network-based anti-virus versus host-based anti-virus?

A. Network-based has the ability to protect unmanaged devices and unsupported operating systems.
“Best Material, Great Results”. www.certkingdom.com 27
 Cisco 210-250

B. There are no advantages compared to host-based antivirus.

C. Host-based antivirus does not have the ability to collect newly created signatures.
D. Network-based can protect against infection from malicious files at rest.

Answer: D

QUESTION 109
Which definition of Windows Registry is true?

A. set of pages that are currently resident m physical memory

B. basic unit to which the operating system allocates processor time
C. set of virtual memory addresses
D. database that stores low-level settings for the operating system

Answer: D

“Best Material, Great Results”. www.certkingdom.com 28