Cisco 210-255 SECOPS Exam Questions Instant Access

Question 1

Which of the following are the three broad categories of cybersecurity investigations?

APublic, private, and individual investigations

BJudiciary, private, and individual investigations

CPublic, private, and corporate investigations

DGovernment, corporate, and private investigations

Answer : A

Question 2

You receive an alert for malicious code that exploits Internet Explorer and runs arbitrary code on the site visitor machine. The malicous code is on an external site that is being visited by hosts on your network. Which user agent in the HTTP headers in the requests from your internal hosts warrants further investigation?

AMozilla/5.0 (compatible, MSIE 10.0, Windows NT 6.2, Trident 6.0)

BMozilla/5.0 (XII; Linux i686; rv: 1.9.2.20) Gecko/20110805

CMozilla/5.0 (Windows NT 6.1; WOW64; rv: 4O0) Gecko/20100101

DOpera/9.80 (XII; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16

Answer : A

Question 3

How do you verify that one of your hosts is potentially compromised based on their communication

destinations?

ASearch the communication destinations of the host in the Talos IP & Domain Reputation Center.

BAnalyze how much traffic the host sent and received from each IP address or domain.

CSee if any Stealthwatch alarms were triggered for the host communicating with internal hosts.

DCheck the Firepower appliance to see if malicious files were downloaded.

Answer : A

Question 4

Which description of a retrospective malware detection is true?

AYou use Wireshark to identify the malware source.

BYou use historical information from one or more sources to identify the affected host or file.

CYou use information from a network analyzer to identify the malware source.

DYou use Wireshark to identify the affected host or file.

Answer : B

Question 5

Which of the following is an example of a coordination center?

ACisco PSIRT

BMicrosoft MSRC

CCERT division of the Software Engineering Institute (SEI)

DFIRST

Answer : C

Question 6

A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, one must send an HTTP POST with specific variables to exploitable.php. You see traffic to your webserver that consists of only HTTP GET requests to myplugin.html. Which category best describes this activity?

Aweaponization

Bexploitation

Cinstallation

Dreconnaissance

Answer : D

Question 7

You have a video of a suspect entering a data center that was captured on the same that files in the same data center were transferred to a computer. Which type of is this?

APhysical evidence

Bbest evidence

Cprima faice evidence

Dindirect evidence

Answer : D

Cisco Cybersecurity Operations 210-255 SECOPS Exam Questions