Drag and Drop

Drag and Drop
Drag and drop the type of evidence from the left onto the correct descnption(s) of that evidence on the right.
Select and Place:


cisco-exams

152 thoughts on “Drag and Drop

  1. Can you pelase help me with this question:

    Which file system has 32 bits assigned to the address clusters of the allocation table?

    A. FAT32
    B. NTFS
    C. EXT4
    D. FAT16

    FAT32: This is a maximum of 2^32 = 4,294,967,296 clusters, but it has 4
    reserved bits, so it is actually 28 bits, which means a maximum of 2^28 =
    268,435,456.
    exFAT: This uses the whole 32 bits for addressing.
    The number after each version of FAT, such as FAT12, FAT16, or FAT32,
    represents the number of bits that are assigned to address clusters in the FAT
    table.

  2. Not cleared exam,cisco changed their pool, i was well prepared with jim pdf and dumps 🙁
    had lots of new questions

    Q: Who is responsible for incident
    A. CIO
    B. Incident handeler
    C. Network Administrator
    D. IT Director

    Q: Which Precursor example is true
    A- A network device configuration has been changed.

    1. what do the security intelligence events within FMC allow to an administrator to do?
      A. see if a host is connecting to a known bad domain
      B. view any malicious files that a host has downloaded
      C. verify host to host traffic within your network
      D. check the host to server traffic in your network

          1. I’m going to stick with A on this one.

            “As a first line of defense against malicious Internet content, the Firepower System includes the Security Intelligence feature, which allows you to immediately blacklist (block) connections based on the latest reputation intelligence, removing the need for a more resource-intensive, in-depth analysis.

            Security Intelligence works by blocking traffic to or from IP addresses, URLs, or domain names that have a known bad reputation. This traffic filtering takes place before any other policy-based inspection, analysis, or traffic handling (although it does occur after hardware-level handling, such as fast-pathing).”

    1. hello everyone . 4th dec is on my exam. anyone can share the exam expriance . Please must share the new question .

  3. Questions faced in my exam

    -which regex matches on lower case letters only?
    a. a-z+
    b. a*z+
    c. [a-z]+
    d. [^a-z]+

    -Filtering ports in wireshark?
    tcp.port ==80

    1. i have a retake on dec 5
      i took my first exam on nov 21 and had those questions
      on regex answer is C
      port filtering is a good answer

  4. i took the exam today and failed majority of the questions are change and older ones have different options with completely different aspects. Need help for retry exam

  5. I could not read all the answers however 127 should be false negative hence the alert is legit and not recognize
    do not confuse with flase positive that is a ¨false alarm”

  6. Hi

    NEW QUESTION 126
    What are the metric values of the confidentiality based on the CVSS framework?

    A. Low-High
    B. Low-Medium-High
    C. High-Low-None

    Answer: C

    NEW QUESTION 127
    Which signature type results in a legitime alert been dismissed?

    A. True Negative
    B. False Negative
    C. True Positive
    D. False Positive

    Answer: D

    NEW QUESTION 128
    Which incident handling is focused on minimizing the impact of an incident?

    A. Scoping
    B. Reporting
    C. Containment
    D. Eradication

    Answer: D

    NEW QUESTION 129
    Which analyzing technique describe the outcome as well as how likely each outcome is?

    A. deterministic
    B. exploratory
    C. probabilistic
    D. descriptive

    Answer: C

    NEW QUESTION 130
    According to NIST 86, which action describes the volatile data collection?

    A. Collect data before rebooting.
    B. Collect data while rebooting.
    C. Collect data after rebooting.
    D. Collect data that contains malware.

    Answer: A

    NEW QUESTION 131
    Which statement about collecting data evidence when performing digital forensics is true?

    A. Allowing unrestricted access to impacted devices.
    B. Not allowing items of evidence to be physically touch.
    C. Powering off the device after collecting the data.
    D. It must be preserved and integrity checked.

    Answer: D

    NEW QUESTION 132
    What is the process of remediation the network and systems and/or reconstructing so the responsible threat actor can be revealed?

    A. Data analysis
    B. Assets distribution
    C. Evidence collection
    D. Threat actor distribution

    Answer: A

    NEW QUESTION 133
    You have a video of suspect entering your office the day your data has being stolen?

    A. Direct evidence
    B. Indirect
    C. Circumstantial

    Answer: B

    NEW QUESTION 134
    What define the roadmap for implementing the incident response plan?

    A. Incident response plan
    B. Incident response policy
    C. Incident response procedures

    Answer: C

    NEW QUESTION 135
    Which precursor example is true?

    A. Admin finds their password has been changed.
    B. A log scan indicating a port scan against a host.
    C. A network device configuration has been changed.

    Answer: C

    NEW QUESTION 136
    Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?

    A. internal CSIRT
    B. national CSIRT
    C. coordination centers
    D. analysis centers
    E. vendor teams
    F. incident response providers

    Answer: A

    NEW QUESTION 137
    What does the CSIRT incident response provider usually do?

    A. provide incident handling services to their parent organization
    B. provide incident handling services to a country
    C. coordinate and facilitate the handling of incidents across various CSIRTs
    D. focus on synthesizing data from various sources to determine trends and patterns in incident activity
    E. handle reports of vulnerabilities in their software or hardware products
    F. offer incident handling services as a for-fee service to other organizations

    Answer: F

    NEW QUESTION 138
    Which of the following is not an example of reconnaissance?

    A. Searching the robots.txt file
    B. Redirecting users to a source and scanning traffic to learn about the target
    C. Scanning without completing the three-way handshake
    D. Communicating over social media

    Answer: B

    NEW QUESTION 139
    Which of the following is typically a responsibility of a PSIRT (Product SIRT)?

    A. Configure the organization’s firewall.
    B. Monitor security logs.
    C. Investigate security incidents in a SOC.
    D. Disclosure vulnerabilities in the organization’s products and services.

    Answer: D

    NEW QUESTION 140
    When incident data is collected, it is important that evidentiary cross-contamination is prevented. How is this accomplished?

    A. By allowing unrestricted access to impacted devices.
    B. By not allowing items of evidence to physically touch.
    C. By ensuring power is removed to all devices involved.
    D. By not permitting a device to store evidence if it is the evidence itself.

    Answer: D

    http://www.ciscobraindump.com/7-aug-2018-new-210-255-dumps-with-vce-and-pdf-from-passleader-update-questions.html

    1. q1. which incident handling focuses on minmizing the impact of icident?
      1.reporting
      2. scoping
      3.containment
      4.remediation

      q2.which regex matches on lower case letters only?
      a. a-z+
      b. a*z+
      c. [a-z]+
      d. [^a-z]+

      q3. mar 07 2018 16:06:0 %ASA-4-10623: Deny TCP src outside 10.22.219.221/54620 dst outside :10.22,250.212/504 by access group ‘outside’ [0x0 , 0x0]
      q3. refer to the exibit. which technology generates this log?
      a. webproxy
      b. firewall
      c. ids
      d. netflow

      q4. which two are true about deterministic and probabilistic?

      q5.Which precursor example is true?
      A. Admin finds their password has been changed.
      B. A log scan indicating a port scan against a host.
      C. A log indicating that host has been infected wit malware
      D. a device configuration changed from the baseline without any audit log

      q6. what do the security intelligence events within FMC allow to an administrator to do?

      A. see if a host is connecting to a known bad domain
      B. view any malicious files that a host has downloaded
      C. verify host to host traffic within your network
      D. check the host to server traffic in your network

      q7. WHICH technology is the inndustry leading approach to automatically enforce NAC
      a. 802.1X
      b. port security
      c. snmp
      d. igmp

      q8. which incident handling phase conatin information gathering and handling?
      a. post incident
      b. identififcation
      c. containmnet,eradication,recovery
      d.prepration

      q9. which artifact can most relaibly identify systems that have been potentially infected
      a. destination
      b. host
      c. url
      d. process name

      q10.which category do attributes belong to within veris schema?
      a. discovery and response
      b. incident response
      c. victim demographics
      d. incident tracking

      q11. which expresisons allows you to enter network numbers?
      a. [src| dst] net net
      b gatreway host

      q12 which statement about the collective evidence data when performing digital forensics is true?
      A. IT must be preserved and its integrity verified
      B. it must be copied to external storage media and immediately report to ciso
      C. it must be stored in a forensics lab only by data cutodian
      D.it must be delete as soon as posible due to pci compliance

      q13. which purpose of data mapping is true?
      a. check thata data is corretc
      b. find xtra vulnerabilities
      c. visualize data
      d. discover the attributed of attackers

      q14. which linux sytem supports journaling and an unlimited numbers of sub directories?
      a. ntfs
      b. ext4
      c. ext3
      d. ext 2

      q15. which type of intrusion event is an attacker retrieving the robots.txt file from a target site?
      a. weaponization
      b. recconnaisance
      c. exploitation
      d. scanning

      q16. which event can be used to identify http get request for a specific file?
      a. URI
      b. HTTP status code
      c. tcp ack
      d. destination IP address

      q17. which file sytem has 32 bit asigned to the address cluster of the file allocation table?
      a. ntfs
      b. ext4
      c.fat16
      d. fat32

      q18. which expression can be used as a filter on a host ip address or name?

      q19. which value in profiling server in a system is true?
      a.it can identifuy when network performance has decreased
      b. it can protect the address space for critical hosts
      c. it can identify servers that have been exploited
      d.it can identify when new network ports has been connected

      1. Q1 – containment
        Q2 – [a-z]+
        Q3 – firewall (The line looks like an ACL, traffic shaping rule)
        Q4 – ….
        Q5- a device configuration changed from the baseline without any audit lo
        Q6 – view any malicious files that a host has downloaded
        Q7- 802.1X
        Q8- post incident
        Q9- process name
        Q10- INCIDENT DESCRIPTION
        Q11- ??
        Q12- IT must be preserved and its integrity verified
        Q13- visualize data
        Q14- ext4
        Q15- recconnaisance
        Q16- URI
        Q17- fat32
        Q18- …
        Q19- it can identify when new network ports has been connected

  7. Hey guys, there is a lots of new questions which are not found in web forums, please study well. i passed with more closer value to pass mark. i cannot remember all Qs but around 20-25 new Qs got in exam. good luck.

  8. Guys, about the netstat question. I always see they answer A option. However it doesn’t work. only D option has listening port. Is there a trick in this question?
    Which command can be used to find open ports on a system?
    A. netstat -l
    B. netstat -r
    C. netstat –g
    D. netstat –v

    1. I check through cmd that “netstat -v” is showing the ports but confused with the ans (netstat -l) in the dumps.

        1. The question didnt ask for listening ports, it just asked for ports…

          Please read the question before commenting.

          The way the wording of the station is, -v makes the most sense.

  9. maybe more than 15 NEW Qs , what I remember not exactly :-

    1–D&D , ASA outband TCP connection from outside IPXX/port to inside IPXX/port , source/des ip add/port
    2–Employee are allowed to access internal websites. Employee access an internal website but IDS report as a malicious behavior
    3–What does the CSIRT incident response provider usually do , focus on synthesizing data from various sources to determine trends and patterns in incident activity
    3–What do the CSIRT incident analysis centers usually do , offer incident handling services as a for-fee service to other organizations
    4—Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency , internal CSIRT

    5–which is most used linux file and supports journaling
    ext4

    6–which of the follwoing make the file unique ?
    1-file timestamp ,
    2-file hash ,
    3-file size , ..etc

    7–Which two statements correctly describe the victim demographics section of the VERIS schema
    1-The victim demographics section describes but does not identify the organization that is affected by the incident.
    2-The victim demographics section compares different types of organizations or departments within a single organization.

  10. I passed today Cisco 210-255 exam. Dumps and the Q&As from Official Guide was helpful. There were few new questions I hit during the exam. I don’t remember all of them but I do remember few which I have listed below:
    1. Employee are allowed to access internal websites. Employee access an internal website but IDS report as a malicious behavior. – I selected “True Negative”
    2. There was a drag and drop for ASA. Built Inbound connection for Outside:<>/port to Inside:<>/port
    3. Which attributes belong within VERIS schema.
    4. Remediating network so that that threat actor can be releaved

        1. I found few new questions. but I do not remember exactly what question are, you just have to read carefully and respond. They are not so difficult.

          the new questions are those that “RD” published

          According to NIST what option is unnecessary for containment strategy?
          What is the process of remediation the system from attack so that responsible threat actor can be revealed?
          According to NIST what option(s) should be contained in issue tracking system?

          whether is it ext4,3,2 or NTFS that supports unlimited journaling ?

          which schema does attributes come in VERIS ?

  11. Hello Everyone!
    these are still valid, I took the exam on Thursday passed with 88*.
    Also do read the questions provided in the comments the two PDF files with answers.
    It’s enough to pass the exam.
    GOOD LUCK.

    1. Can u share us the experience and some new question in your examination center.
      Congrate @kay. Kindly help us post the question. Pls because am also planning to write my exam next week Monday.
      Thanks

  12. Hi,
    Thank you all for your help.Passed with 944. All the dumps are relevant. Also there was a question about journaling in linux, whether is it ext4,3,2 or NTFS that supports unlimited journaling. Also , had this question about which schema does attributes come in VERIS.Also, a straightforward question from ASA log to find the source and dest address,port. Also, a question on threat actor attribution.

    1. Just passed the exam 30min ago. only valid 60% only. bout 5 new questions, the questions asking different and answer is different too. Asking the question is reverse back what here. good luck

          1. Did the exam. The dropbox link is more than enough to pass.

            As for new questions I remember two of them.

            ‘Attributes’ belong to which of the Veris Schema? Incident Tracking, Victim Demograhics, Incident Description, Discovery & response, Impact Assessment.

            Confidentiality is defined as what in the cvssv3 framework? Incident response given to a ‘software component/person’ from a ‘successful/unsuccessful’ exploit.

            @Rauf those questions did not appear on the exam.

            Thanks all

    1. 91. According to NIST what option is unnecessary for containment strategy?
      95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
      96. According to NIST what option(s) should be contained in issue tracking system?

      May I get the exact answers to these questions?

        1. 91. According to NIST what option is unnecessary for containment strategy?
          95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
          96. According to NIST what option(s) should be contained in issue tracking system?

          May I get the exact answers to these questions?

  13. Passed today with scored 912, most of the questions came from dimitris82 and Jim’s. 11 new questions and few questions have different options.

    1. Took the exam this month and passed. Questions above are valid. Some new questions, around 3-4 that a cannot remember.

      Thanks.

      1. 91. According to NIST what option is unnecessary for containment strategy?
        95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
        96. According to NIST what option(s) should be contained in issue tracking system?

        May I get the exact answers to these questions?

    2. 91. According to NIST what option is unnecessary for containment strategy?
      95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
      96. According to NIST what option(s) should be contained in issue tracking system?

      May I get the exact answers to these questions?

    1. Please don’t use tono2’s advice. I just did a virus analysis on the testing engine that is required for the file. The result is that the testing engine from Vumingo.com is very nasty that has a Trojan/ransomeware file on it. If you allow the program to make changes on your hard drive, it will start logging your keystrokes, drop executable files on your computer, write process to a remote process, and contains the ability to randomly reboot your computer.

      1. I be failed the first attempt. I’m talking the exam for the second time tomorrow. I’m asking is the exam questions will be different in the second attempt?

          1. Some say that there is a pool of questions, so maybe there will be some different questions or maybe not. Some others say that on second attempt you get more questions on the sections you failed.

          2. I faced my second attempt today and passed with 912 marks. Both attempts got almost same questions. Thanks all.

    1. GREAT JOB Jim! And thank you for checking back in! So you found all the VCE questions plus those end of chapter questions helpful? What is your experience level outside of this test? I’m hopeful now….. taking the test tomorrow AM!!!!!!!! Can’t wait to get this finished up! You had a great score!

      1. yes, they were very helpful. But the most helpful was the fact that i had to search and study to find the correct answers.And i also read the OCG for more details as the videos and the material from the cyber security scholarship e-class did not get into much of details. So, after that almost all the pieces came together.
        I am at the IT field almost 3 years and none of my previous experience is relevant. I have CCNA, CCNA security and now the Cyber Ops. The fact that i am at the IT of a cyber security organisation of course helps a bit. 🙂 . Good luck for your exams.

    2. hi Jim thanks for the link very helpfull please did you have the same couple of question for the SECFND EXAM ?
      if the case please share

      thanks by advance

    3. 91. According to NIST what option is unnecessary for containment strategy?
      95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
      96. According to NIST what option(s) should be contained in issue tracking system?

      May I get the exact answers to these questions?

  14. Data mining is the process of sorting through large data sets to identify patterns and establish relationships to solve problems through data analysis. Data mining tools allow

  15. What is Data maping used for?
    there is no “integrity” option , best answer I beilieve is visibility

      1. As far as I remember there was no integrity/accuracy option. There was definitely ‘for visivblity’ option. I don’t know what answer is right for this question.

  16. Hi,

    Here are some new q:
    – Defenition of listening port;
    – Open ports nestat command (possible answers – netstat -r/-r/-v/-i);
    – About NIST data integrity (possible answers – use only sha-1, use only md5, you must hash data&backup and compare hashes, no need to hash data&backup and compare hashes).

    My recommendations:
    – use this vce, but read the comments!!! answers in comments are correct;
    – use this link http://www.certifychat.com/threads/new-210-255-questions-pdf-and-vce-dec-2017-updated.7134/ after registering you’ll see link to 44 valid Q&A.

    1. A friend of mine took the test recently. The questions are accurate. Also there are some new questions from the Q&A section of official cert guide

        1. Def. read through the discussions below each question… a lot of the default answers by vce are incorrect…… but I’m hoping question and options are accurate at least 🙂

        1. Of course. Give me some time and i will do it. I had no pc these days. As for the answers i always try to check by myself if they are correct. I have my doubts for some of them.

          1. You actually saw the end of chapters you posted on the test? Word for word or just the general concept of them? Are these VCE questions pretty accurate (if we pick the right answers).

          2. @ Johnny Appleseed
            There are a lot of questions from the Q&A in various dumbs but with wrong answers. My friend confirmed also that the questions and the answers are word for word accurate. I just searched them at the official cert guide to be sure that i have the right answer.

  17. I think the answer is wrong.
    I think the correct order is
    indirect evidence
    direct evidence
    corroborative evidence.

    The firewall log says that there is a succesful communication,so this must be the direct evidence.

    Any thoughts?

      1. I have second thoughts about my answer above.
        I think it is
        direct evidence (as it says confirmed malware)
        corroborative evidence (as is supports the above claim)
        indirect evidence

  18. friends i got some questions to ask.as i could remember after exam.
    please answer so others can find help here.

    What attribute belonging veris schema?
    What is the definition of confidentiality accord to CVSSv3 framework?
    What is the process of remediation the system from attack so that responsible threat actor can be revealed?
    What is attacking vulnerability in Cyber kill chain?
    According to nist what option should be contained in issue tracking system?
    According to nist what option is unnecessary for containment strategy?
    Purpose of data mapping?
    Netstat command for show ports?
    Command filtering port in wire shark?
    Nistsp800-61R2 what are the recommended protections against malware?

    1. Hi OG ob

      Please can you provide to us some answer you give for those question and the rest of the question of this site it will very helpfull

      thanks

    1. Read completely the documents of NIST. There is alot of new questions about that documents.

  19. Hi, I just passed this exam there are some new questions.
    Just remember:
    Filtering ports in wireshark tcp.port != 80
    NAC is related to 802.1X

    new questions:
    Which netstat command show ports?
    What is Data maping used for?

    1. Thanks sirPeter

      Please can you provide some answer of those question in this site look you already take the exam and Passs it

      it will very helpfull

    2. Which netstat command show ports?
      netstat -a

      What is Data maping used for?
      data accuracy(integrity)

      Filtering ports in wireshark?
      tcp.port equals 80

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.