ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 178 discussion

Actual exam question from Cisco's 300-710
Question #: 178
Topic #: 1
[All 300-710 Questions]

An analyst is investigating a potentially compromised endpoint within the network and pulls a host report for the endpoint in question to collect metrics and documentation. What information should be taken from this report for the investigation?

  • A. client applications by user, web applications, and user connections
  • B. number of attacked machines, sources of the attack, and traffic patterns
  • C. threat detections over time and application protocols transferring malware
  • D. intrusion events, host connections, and user sessions
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by neo_911 at March 26, 2023, 6:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SegaMasterSystemAdmin
Highly Voted 1 year, 1 month ago
Selected Answer: D
The Firepower System correlates various types of data (intrusion events, Security Intelligence, connection events, and file or malware events) to determine whether a host on your monitored network is likely to be compromised by malicious means. Certain combinations and frequencies of event data trigger indications of compromise (IOC) tags on affected hosts. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/using_host_profiles.html#ID-2218-000003be
upvoted 5 times
...
tinyJoe
Most Recent 3 weeks ago
Selected Answer: D
I verified this in the lab. Perhaps this is a question about the contents of the “host report” that is provided as a template for FMC's Reporting. The following five items are included in the Host Report. - Applications being used and served by the host - Intrusion Events that the host has been involved with - Connections that the host has established - Users of the host - White list violations by the host Therefore, the answer should be D. (A seems to be an explanation of another Report Template called “User Report”.)
upvoted 2 times
...
THEODORABLE
1 year, 2 months ago
A is correct, there are no intrusion events on a host profile.
upvoted 1 times
KISRUVEM
6 months, 1 week ago
Question didn’t ask about a host profile. It asks about a host report. (That got me at first too)
upvoted 2 times
...
...
Initial14
1 year, 3 months ago
Selected Answer: D
The question states: for the endpoint, so D
upvoted 3 times
...
neo_911
1 year, 3 months ago
Correct answer is D. intrusion events, host connections, and user sessions
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago