All About 210-255 test preparation Jun 2017

We provide real 210-255 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco 210-255 Exam quickly & easily. The 210-255 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 210-255 dumps pdf and vce product and material, you can easily pass the 210-255 exam.


Free VCE & PDF File for Cisco 210-255 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 210-255 Exam Dumps (PDF & VCE):
Available on:

Q1. Which process is being utilized when IPS events are removed to improve data integrity?

A. data normalization

B. data availability

C. data protection

D. data signature

Answer: B

Q2. A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in the Diamond Model of Intrusion does this activity fall under?

A. reconnaissance

B. weaponization

C. delivery

D. installation

Answer: A

Q3. Which type of analysis assigns values to scenarios to see what the outcome might be in each scenario?

A. deterministic

B. exploratory

C. probabilistic

D. descriptive

Answer: D

Q4. Which two components are included in a 5-tuple? (Choose two.)

A. port number

B. destination IP address

C. data packet

D. user name

E. host logs

Answer: B,C

Q5. Which string matches the regular expression r(ege)+x?

A. rx

B. regeegex

C. r(ege)x

D. rege+x

Answer: A

Q6. Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?


B. ports

C. SMTP replies

D. IP addresses

Answer: A

Q7. Refer to the Exhibit. A customer reports that they cannot access your organization's website. Which option is a possible reason that the customer cannot access the website?


A. The server at is using up too much bandwidth causing a denial- of-service.

B. The server at has a virus.

C. A vulnerability scanner has shown that has been compromised.

D. Web traffic sent from has been identified as malicious by Internet sensors.

Answer: C



Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the NetFlow v5 record from a security event on the right.




Q9. In the context of incident handling phases, which two activities fall under scoping? (Choose two.)

A. determining the number of attackers that are associated with a security incident

B. ascertaining the number and types of vulnerabilities on your network

C. identifying the extent that a security incident is impacting protected resources on the network

D. determining what and how much data may have been affected

E. identifying the attackers that are associated with a security incident

Answer: D,E

Q10. Which option can be addressed when using retrospective security techniques?

A. if the affected host needs a software update

B. how the malware entered our network

C. why the malware is still in our network

D. if the affected system needs replacement

Answer: A