Drag and Drop

Drag and Drop
Drag the data source on the left to the left to the correct data type on the right.
Select and Place:


cisco-exams

22 thoughts on “Drag and Drop

  1. Hi just taken exam yesterday may 18, 2018 and just failed 813/1000

    the dumps in the 80q downloaded is not semi valid, BUT: the questions is still there what is in the dump, so you need to really review the blueprint and i encountered new questions i remembered:

    what does the v509v3 indicatess to? ( i remember the choices choose 3)
    a.publice key of the certificate
    b.private key of the certificate
    c.subject of the certificate

    d.(cant remember the two)

    what is a heartbleed attack?
    a.)command injection

    b.) buffer overlow

    c.)i dont know

    d.) i cant remmber

    how can you correlacte ntp in a accurate time something

    a.) asynchronous

    b.) get time from each network device

    c.)get from ad/ domain controller
    d.)synchronous time
    what access control is from the root administrator far as i remember the choices is

    1.)mandatory

    b.)discressionary

    c) least priviledge

    d.) RBAC

  2. Here some question recopiled of other post, some new that here not see.

    The FMC can share HTML, PDF and CSV data type that relate to a specific event type data. Which specific event type data?
    A. Connection
    B. Host
    C. Netflow
    D. Intrusion
    Answer: D

    Which of the following are metrics that can measure the effectiveness of a runbook?
    A. Mean time to repair (MTTR)
    B. Mean time between failures (MTBF)
    C. Mean time to discover a security incident
    D. All of the above
    Answer: D

    In which case should an employee return his laptop to the organization?
    A. When moving to a different role
    B. Upon termination of the employment
    C. As described in the asset return policy
    D. When the laptop is end of lease
    Answer: C

    What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
    (Select all that apply.)
    A. Each station can transmit and receive at the same time.
    B. It avoids collisions.
    C. It makes use of backoff time.
    D. It uses a collision avoidance algorithm to transmit.
    Answer: AB

    Stateful and traditional firewalls can analyze packets and judge them against a set of
    predetermined rules called access control lists (ACLs).
    They inspect which of the following elements within a packet? (Choose Two)
    A. Session headers
    B. NetFlow flow information
    C. Source and destination ports and source and destination IP addresses
    D. Protocol information
    Answer: CD

    Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke
    architecture. pxGrid is used to enable the sharing of contextual-based information from which
    devices?
    A. From a Cisco ASA to the Cisco OpenDNS service
    B. From a Cisco ASA to the Cisco WSA
    C. From a Cisco ASA to the Cisco FMC
    D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices
    and the Cisco ASA

    For which purpose can Windows management instrumentation be used?
    A. Remote viewing of a computer
    B. Remote blocking of malware on a computer
    C. Remote reboot of a computer
    D. Remote start of a computer
    Answer: A

    Which international standard is for general risk management, including the principles and guideline for managing risk?
    A. ISO 31000
    B. ISO 27001
    C. ISO 27005
    D. ISO 27002
    Answer: A

    Which statement about the difference between a denial-of-service attack and a distributed denial of service attack is true?
    A. Dos attack are launched from one host, and DDoS attack are launched from multiple host.
    B. DoS attack and DDoS attack have no differences.
    C. DDoS attacks are launched from one host, and DoS attacks are launched from multiple host.
    D. Dos attack only use flooding to compromise a network, and DDoS attacks only use other methods.
    Answer: A

    You discover that a foreign government hacked one of the defense contractors in your country and stole intellectual property. In this situation, which option is considered the threat agent?
    A. method in which the hack occurred
    B. defense contractor that stored the intellectual property
    C. intellectual property that was stolen
    D. foreign government that conducted the attack
    Answer: A

    After a large influx of network traffic to externally facing devices, you begin investigating what appear to be a denial of service attack. When you review packets capture data, you notice that the
    traffic is a single SYN packet to each port. Which kind of attack is this?
    A. SYN flood.
    B. Host profiling.
    C. Traffic fragmentation.
    D. Port scanning.
    Answer: D

    Which definition of common event format is terms of a security information and event management solution is true?
    A. A type of event log used to identify a successful user login.
    B. A TCP network media protocol.
    C. Event log analysis certificate that stands for certified event forensics.
    D. A standard log event format that is used for log collection.
    Answer: D

    Which definition of a Linux daemon is true?
    A. Process that is causing harm to the system by either using up system resources or causing a critical crash.
    B. Long – running process that is the child at the init process.
    C. Process that has no parent process.
    D. Process that is starved at the CPU.
    Answer: B

    Which term describes reasonable effort that must be made to obtain relevant information to facilitate appropriate courses of action?
    A. Due diligence.
    B. Ethical behavior.
    C. Decision making.
    D. Data mining.
    Answer: A

    According to the common vulnerability scoring system, which term is associated with scoring multiple vulnerabilities that are exploit in the course of a single attack?
    A. chained score
    B. risk analysis
    C. vulnerability chaining
    D. confidentiality
    Answer: C

    In which format are NetFlow records stored?
    A. hexadecimal
    B. base 10
    C. binary
    D. ASCII
    Answer: C

    Which purpose of Command and Control for network aware malware is true?
    A. It contacts a remote server for commands and updates.
    B. It controls and shuts down services on the infected host.
    C. It helps the malware to profile the host
    D. It takes over the user account.
    Answer: A

    Which of the following access control models use security labels to make access decisions?
    A. Discretionary access control (DAC)
    B. Mandatory access control (MAC)
    C. Role-based access control (RBAC)
    D. Identity-based access control (IBAC)
    Answer: B

    I Hope it useful for you.

    Best Regards, Since Colombia country

  3. Passed my Test today with 865.. thing that ‘ndndn’ mention was on the test as well as other dump question from this website. another thing i could add to that the list of new question is that they asked about what type of attack is shell shock? i think the answer is command injection since the word shell is in the name.

  4. Passed today with 8xx !! Questions mentioned by @ndndn were there !! Best wishes for new test takers !! Good luck !!!

  5. Guys, I check the answer for netflow stored data. it’s binary store! the tool that view the data is in clear text or ASCII

  6. ASCII…I missed that question too, thought it was worded poorly using the word “stored”….I brought this up to my class and everyone agreed…but the answer is, Netflow stores information in ASCII format, it’s the only one that could possibly work given the other options.

  7. These are new questions I’ve found on some forums from people recently did the exam. It does not have an exact wording:

    – Which format Netflow uses?
    Base10
    ASCII
    Binary
    Hexadecimal

    – A question about SYN flood. Gives the scenario that using a Full Packet Capture tool, you notice multiple SYN messages, this is an example of what?
    Possible answer: SYN flood

    – There was a question about ciphers. The scenario was attacker known some information in the cipher text of several messages and also knows something about the plaintext that underlies the cipher-text. (This scenario describes both a Known-plaintext Attack and a Meet-in-the-middle Attack). Question ask which type ot attack of it.
    A possible answer was man-in-the-middle, which is obviously wrong. Leaving Known-plaintext Attack as the best option.

    – Question ask about daemon process.
    a processes that detaches themselves from the script that starts them and continue to run in the background. The answer ended with something like, ‘it is spawned from an parent init process.’

    – Question ask about zombie process.
    the answer was something like, completed processes that are not yet removed from the kernel’s process table

    – Question about SIEM provide HTML, PDF and CSV format and asked what is it?
    (I don’t know what this question means)

    – Question said that a foreign government attacks your defense weapons contractor and stole intellectual property, that foreign government is defined as what?
    1) Defense Weapons Contractor who stole intellectual property
    2) Foreign government who conduct attack
    3) Intellectual property got stolen
    4) method used by foreign government to hack
    (Don’t sure the correct answer, maybe 2)? Don’t understand very well)

    – Question making a statement like Microsoft PPTP used RC4 is stream cipher, what attacks is it vulnerable to when the same key is used twice.
    Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to deduce the plaintext or key from just that information, using statistical analysis

    – A question about CVSS was how is scoring handled when multiple vulnerabilities are found in the same attack.
    Vulnerability Chaining (While not a formal metric, guidance on scoring multiple vulnerabilities is provided with Vulnerability Chaining. https://www.first.org/cvss/cvss-v30-user_guide_v1.1.pdf)

    – Several question and/or answers had RFC numbers.
    The ones about DNS you really only need to know that DNS queries use UDP port 53 and Zone transfers used TCP port 53, in the quoted RFCs.
    Answer given include UDP 53 and TCP 53

    – There was an ISO implementing guidance for general risk management question.
    Answer given
    ISO 27001 to 27005. This person selected 270002, which he thought is correct after memorizing the titles for IS0 27001 – 27005

    – There was question about what is the command to see every process on the Linux system.
    Maybe this answer is ps -ef

    – one that asked something like, what event types does FMC record? FMC = Firepower Management Center

    – something similar to, what cryptography is used on Digital Certificates? The answers included:
    SHA-256
    SHA-512
    RSA 4096
    I think answers are SHA-256 and SHA-384 if it appears on the answers list.

    – SIEM Common Event Format, what is it?
    He didn’t remember the exact question but given that syslog message format is used as a transport mechanism for a Common Event Format, He’d look for something related to that in an answer.

    – A question about what device terminate broadcast domains.
    Router is the answer

    – A question making a statement like, RC4 is stream cipher, what attacks is it vulnerable to when the same key is used twice.
    Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to deduce the plaintext or key from just that information, using statistical analysis

    Hope it helps and someone can correct some answers

  8. I cleared the exam today
    Here are some new questions I had in my exam.
    Netflow data type–binary, hexadecimal, base10 or decimal.
    Standards helps organizations keep information assets secure- iso 27001
    Read about hashing attacks like known plain text, known cypher text, cypher txt only and meet in the middle.
    Read about ps -ef Linux command..
    Read about Linux zombie process, parent process, child process, orphan process…
    Read about cvss.
    More than 15 new questions which are not included here. Do not go without covering/reading 210-250 exam blueprint.
    Questions will seem easy if you have gone through the cert books.
    Unfortunately I couldn’t remember most questions as I completed my exam in 30 minutes.

      1. R: phishing-based attack called “whaling” specifically targets executives and high-profile users

    1. Yes, these questions are valid. I passed today the exam and the majority of the questions were form here. There were 1-2 questions about ciphertext-only attacks and meet-in-the middle attacks. Also 2 questions about due-diligence and decision making. One question about the difference between DoS and DDos attack and one about CVSSv3. Generally, all questions were straight forward. The most difficult one was one question about ps command in linux and the syntax.

  9. This isn’t correct. Someone correct me if I’m wrong, but I’m certain it’s:

    1) Wireshark – Full Packet Capture
    2) Netflow – Session Data
    3) Server Log – Transaction Data
    4) IPS – Alert Data

      1. My initial response was because how the “answer” still retained the original keywords to the left and made it appear to be like the following below, as if they were matching from left – right. I’m certain this is probably why another person thought it was incorrect, but this is what it looked like to me below.

        1) Wireshark – Netflow
        2) Netflow – IPS
        3) Server Log – Wireshark
        4) IPS – Server Log

        *Now I realize it was correct all along, but the answer retained the original keywords, beside the answer, if that makes sense?

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.