New 210-250 exam questions from PassLeader 210-250 dumps! Welcome to download the newest PassLeader 210-250 VCE and PDF dumps: https://www.passleader.com/210-250.html (111 Q&As –> 119 Q&As –> 152 Q&As –> 1187 Q&As)
P.S. New 210-250 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpa1BSWGJ1R0VBSU0
NEW QUESTION 91
The FMC can share HTML, PDF and CSV data type that relate to a specific event type data. Which specific event type data?
A. Connection
B. Host
C. Netflow
D. Intrusion
Answer: D
Explanation:
The Firepower System has features that you can use to gather intrusion data in standard formats such as HTML, PDF, and CSV (comma-separated values) so that you can easily share intrusion data with others.
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/incidents.html
NEW QUESTION 92
For which purpose can Windows management instrumentation be used?
A. Remote viewing of a computer
B. Remote blocking of malware on a computer
C. Remote reboot of a computer
D. Remote start of a computer
Answer: A
Explanation:
The purpose of WMI is to define a proprietary set of environment-independent specifications which allow management information to be shared between management applications. WMI allows scripting languages to locally and remotely manage Microsoft Windows computers and services. The following list provides examples of what WMI can be used for:
— Providing information about the status of local or remote computer systems
— Configuring security settings
— Modifying system properties
— Changing permissions for authorized users and user groups
— Assigning and changing drive labels
— Scheduling times for processes to run
— Backing up the object repository
— Enabling or disabling error logging
NEW QUESTION 93
Which international standard is for general risk management, including the principles and guideline for managing risk?
A. ISO 31000
B. ISO 27001
C. ISO 27005
D. ISO 27002
Answer: A
Explanation:
ISO 31000:2018, Risk management — Guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
https://www.iso.org/iso-31000-risk-management.html
NEW QUESTION 94
Which statement about the difference between a denial-of-service attack and a distributed denial of service attack is true?
A. Dos attack are launched from one host, and DDoS attack are launched from multiple host.
B. DoS attack and DDoS attack have no differences.
C. DDoS attacks are launched from one host, and DoS attacks are launched from multiple host.
D. Dos attack only use flooding to compromise a network, and DDoS attacks only use other methods.
Answer: A
Explanation:
DDoS refers to a “distributed denial of service” attack. With this attack a hacker will use multiple servers to attack another target server i.e. the attack is distributed across multiple servers. Traffic associated with a single DDoS attack may originate from hundreds or thousands of compromised servers or PCs. Whereas a “denial of service” (DoS) attack is when a single server is used to attack another targeted server.
https://hetzner.co.za/help-centre/website/what-is-the-difference-between-a-dos-and-ddos-attack/
NEW QUESTION 95
You discover that a foreign government hacked one of the defense contractors in your country and stole intellectual property. In this situation, which option is considered the threat agent?
A. method in which the hack occurred
B. defense contractor that stored the intellectual property
C. intellectual property that was stolen
D. foreign government that conducted the attack
Answer: A
NEW QUESTION 96
After a large influx of network traffic to externally facing devices, you begin investigating what appear to be a denial of service attack. When you review packets capture data, you notice that the traffic is a single SYN packet to each port. Which kind of attack is this?
A. SYN flood.
B. Host profiling.
C. Traffic fragmentation.
D. Port scanning.
Answer: D
NEW QUESTION 97
Which definition of common event format is terms of a security information and event management solution is true?
A. A type of event log used to identify a successful user login.
B. A TCP network media protocol.
C. Event log analysis certificate that stands for certified event forensics.
D. A standard log event format that is used for log collection.
Answer: D
NEW QUESTION 98
Which definition of a Linux daemon is true?
A. Process that is causing harm to the system by either using up system resources or causing a critical crash.
B. Long – running process that is the child at the init process.
C. Process that has no parent process.
D. Process that is starved at the CPU.
Answer: B
Explanation:
A daemon is a type of program on Unix-like operating systems that runs unobtrusively in the background, rather than under the direct control of a user, waiting to be activated by the occurance of a specific event or condition. Unix-like systems typically run numerous daemons, mainly to accommodate requests for services from other computers on a network, but also to respond to other programs and to hardware activity.
…
Daemons are recognized by the system as any processes whose parent process has a PID of one, which always represents the process init. init is always the first process that is started when a Linux computer is booted up (i.e., started), and it remains on the system until the computer is turned off. init adopts any process whose parent process dies (i.e., terminates) without waiting for the child process’s status. Thus, the common method for launching a daemon involves forking (i.e., dividing) once or twice, and making the parent (and grandparent) processes die while the child (or grandchild) process begins performing its normal function.
http://www.linfo.org/daemon.html
NEW QUESTION 99
Which term describes reasonable effort that must be made to obtain relevant information to facilitate appropriate courses of action?
A. Due diligence.
B. Ethical behavior.
C. Decision making.
D. Data mining.
Answer: A
NEW QUESTION 100
According to the common vulnerability scoring system, which term is associated with scoring multiple vulnerabilities that are exploit in the course of a single attack?
A. chained score
B. risk analysis
C. vulnerability chaining
D. confidentiality
Answer: C
Explanation:
CVSS is designed to classify and rate individual vulnerabilities. However, it is important to support the needs of the vulnerability analysis community by accommodating situations where multiple vulnerabilities are exploited in the course of a single attack to compromise a host or application. The scoring of multiple vulnerabilities in this manner is termed Vulnerability Chaining. Note that this is not a formal metric, but is included as guidance for analysts when scoring these kinds of attacks.
https://www.first.org/cvss/cvss-v30-user_guide_v1.1.pdf (page 10 — Vulnerability Chaining)
NEW QUESTION 101
……
New 210-250 exam questions from PassLeader 210-250 dumps! Welcome to download the newest PassLeader 210-250 VCE and PDF dumps: https://www.passleader.com/210-250.html (111 Q&As –> 119 Q&As –> 152 Q&As –> 1187 Q&As)
P.S. New 210-250 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpa1BSWGJ1R0VBSU0