Drag and Drop
Drag and drop the type of evidence from the left onto the correct descnption(s) of that evidence on the right.
Select and Place:
Drag and Drop
Drag and drop the type of evidence from the left onto the correct descnption(s) of that evidence on the right.
Select and Place:
Can you pelase help me with this question:
Which file system has 32 bits assigned to the address clusters of the allocation table?
A. FAT32
B. NTFS
C. EXT4
D. FAT16
FAT32: This is a maximum of 2^32 = 4,294,967,296 clusters, but it has 4
reserved bits, so it is actually 28 bits, which means a maximum of 2^28 =
268,435,456.
exFAT: This uses the whole 32 bits for addressing.
The number after each version of FAT, such as FAT12, FAT16, or FAT32,
represents the number of bits that are assigned to address clusters in the FAT
table.
A. FAT32
Has anyone taken the exam recently and passed? Please share
Hi. Anyone recently appeared and cleared exam. Please share your experience
Not cleared exam,cisco changed their pool, i was well prepared with jim pdf and dumps 🙁
had lots of new questions
Q: Who is responsible for incident
A. CIO
B. Incident handeler
C. Network Administrator
D. IT Director
Q: Which Precursor example is true
A- A network device configuration has been changed.
A.CIO
what do the security intelligence events within FMC allow to an administrator to do?
A. see if a host is connecting to a known bad domain
B. view any malicious files that a host has downloaded
C. verify host to host traffic within your network
D. check the host to server traffic in your network
A? see if a host is connecting to a known bad domain?
I guess this should be A and B
I’m going to stick with A on this one.
“As a first line of defense against malicious Internet content, the Firepower System includes the Security Intelligence feature, which allows you to immediately blacklist (block) connections based on the latest reputation intelligence, removing the need for a more resource-intensive, in-depth analysis.
Security Intelligence works by blocking traffic to or from IP addresses, URLs, or domain names that have a known bad reputation. This traffic filtering takes place before any other policy-based inspection, analysis, or traffic handling (although it does occur after hardware-level handling, such as fast-pathing).”
I agree with you on A
Taking my exam at 5pm US Easter time which is in 1:45 min
share my experience after the exam today 🙂
hello everyone . 4th dec is on my exam. anyone can share the exam expriance . Please must share the new question .
Questions faced in my exam
-which regex matches on lower case letters only?
a. a-z+
b. a*z+
c. [a-z]+
d. [^a-z]+
-Filtering ports in wireshark?
tcp.port ==80
i have a retake on dec 5
i took my first exam on nov 21 and had those questions
on regex answer is C
port filtering is a good answer
How did it go? tell us, share your experience, thnk you
good day
I’m writing next week. can you please help with the latest dump.
Hi please help with new questions if you have them i will be taking my exam very soon([email protected])
Thanks
i took the exam today and failed majority of the questions are change and older ones have different options with completely different aspects. Need help for retry exam
please share new questions i have exams next few days to [email protected]
please share new questions i have exams next few days
I could not read all the answers however 127 should be false negative hence the alert is legit and not recognize
do not confuse with flase positive that is a ¨false alarm”
Hi
NEW QUESTION 126
What are the metric values of the confidentiality based on the CVSS framework?
A. Low-High
B. Low-Medium-High
C. High-Low-None
Answer: C
NEW QUESTION 127
Which signature type results in a legitime alert been dismissed?
A. True Negative
B. False Negative
C. True Positive
D. False Positive
Answer: D
NEW QUESTION 128
Which incident handling is focused on minimizing the impact of an incident?
A. Scoping
B. Reporting
C. Containment
D. Eradication
Answer: D
NEW QUESTION 129
Which analyzing technique describe the outcome as well as how likely each outcome is?
A. deterministic
B. exploratory
C. probabilistic
D. descriptive
Answer: C
NEW QUESTION 130
According to NIST 86, which action describes the volatile data collection?
A. Collect data before rebooting.
B. Collect data while rebooting.
C. Collect data after rebooting.
D. Collect data that contains malware.
Answer: A
NEW QUESTION 131
Which statement about collecting data evidence when performing digital forensics is true?
A. Allowing unrestricted access to impacted devices.
B. Not allowing items of evidence to be physically touch.
C. Powering off the device after collecting the data.
D. It must be preserved and integrity checked.
Answer: D
NEW QUESTION 132
What is the process of remediation the network and systems and/or reconstructing so the responsible threat actor can be revealed?
A. Data analysis
B. Assets distribution
C. Evidence collection
D. Threat actor distribution
Answer: A
NEW QUESTION 133
You have a video of suspect entering your office the day your data has being stolen?
A. Direct evidence
B. Indirect
C. Circumstantial
Answer: B
NEW QUESTION 134
What define the roadmap for implementing the incident response plan?
A. Incident response plan
B. Incident response policy
C. Incident response procedures
Answer: C
NEW QUESTION 135
Which precursor example is true?
A. Admin finds their password has been changed.
B. A log scan indicating a port scan against a host.
C. A network device configuration has been changed.
Answer: C
NEW QUESTION 136
Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?
A. internal CSIRT
B. national CSIRT
C. coordination centers
D. analysis centers
E. vendor teams
F. incident response providers
Answer: A
NEW QUESTION 137
What does the CSIRT incident response provider usually do?
A. provide incident handling services to their parent organization
B. provide incident handling services to a country
C. coordinate and facilitate the handling of incidents across various CSIRTs
D. focus on synthesizing data from various sources to determine trends and patterns in incident activity
E. handle reports of vulnerabilities in their software or hardware products
F. offer incident handling services as a for-fee service to other organizations
Answer: F
NEW QUESTION 138
Which of the following is not an example of reconnaissance?
A. Searching the robots.txt file
B. Redirecting users to a source and scanning traffic to learn about the target
C. Scanning without completing the three-way handshake
D. Communicating over social media
Answer: B
NEW QUESTION 139
Which of the following is typically a responsibility of a PSIRT (Product SIRT)?
A. Configure the organization’s firewall.
B. Monitor security logs.
C. Investigate security incidents in a SOC.
D. Disclosure vulnerabilities in the organization’s products and services.
Answer: D
NEW QUESTION 140
When incident data is collected, it is important that evidentiary cross-contamination is prevented. How is this accomplished?
A. By allowing unrestricted access to impacted devices.
B. By not allowing items of evidence to physically touch.
C. By ensuring power is removed to all devices involved.
D. By not permitting a device to store evidence if it is the evidence itself.
Answer: D
http://www.ciscobraindump.com/7-aug-2018-new-210-255-dumps-with-vce-and-pdf-from-passleader-update-questions.html
q1. which incident handling focuses on minmizing the impact of icident?
1.reporting
2. scoping
3.containment
4.remediation
q2.which regex matches on lower case letters only?
a. a-z+
b. a*z+
c. [a-z]+
d. [^a-z]+
q3. mar 07 2018 16:06:0 %ASA-4-10623: Deny TCP src outside 10.22.219.221/54620 dst outside :10.22,250.212/504 by access group ‘outside’ [0x0 , 0x0]
q3. refer to the exibit. which technology generates this log?
a. webproxy
b. firewall
c. ids
d. netflow
q4. which two are true about deterministic and probabilistic?
q5.Which precursor example is true?
A. Admin finds their password has been changed.
B. A log scan indicating a port scan against a host.
C. A log indicating that host has been infected wit malware
D. a device configuration changed from the baseline without any audit log
q6. what do the security intelligence events within FMC allow to an administrator to do?
A. see if a host is connecting to a known bad domain
B. view any malicious files that a host has downloaded
C. verify host to host traffic within your network
D. check the host to server traffic in your network
q7. WHICH technology is the inndustry leading approach to automatically enforce NAC
a. 802.1X
b. port security
c. snmp
d. igmp
q8. which incident handling phase conatin information gathering and handling?
a. post incident
b. identififcation
c. containmnet,eradication,recovery
d.prepration
q9. which artifact can most relaibly identify systems that have been potentially infected
a. destination
b. host
c. url
d. process name
q10.which category do attributes belong to within veris schema?
a. discovery and response
b. incident response
c. victim demographics
d. incident tracking
q11. which expresisons allows you to enter network numbers?
a. [src| dst] net net
b gatreway host
q12 which statement about the collective evidence data when performing digital forensics is true?
A. IT must be preserved and its integrity verified
B. it must be copied to external storage media and immediately report to ciso
C. it must be stored in a forensics lab only by data cutodian
D.it must be delete as soon as posible due to pci compliance
q13. which purpose of data mapping is true?
a. check thata data is corretc
b. find xtra vulnerabilities
c. visualize data
d. discover the attributed of attackers
q14. which linux sytem supports journaling and an unlimited numbers of sub directories?
a. ntfs
b. ext4
c. ext3
d. ext 2
q15. which type of intrusion event is an attacker retrieving the robots.txt file from a target site?
a. weaponization
b. recconnaisance
c. exploitation
d. scanning
q16. which event can be used to identify http get request for a specific file?
a. URI
b. HTTP status code
c. tcp ack
d. destination IP address
q17. which file sytem has 32 bit asigned to the address cluster of the file allocation table?
a. ntfs
b. ext4
c.fat16
d. fat32
q18. which expression can be used as a filter on a host ip address or name?
q19. which value in profiling server in a system is true?
a.it can identifuy when network performance has decreased
b. it can protect the address space for critical hosts
c. it can identify servers that have been exploited
d.it can identify when new network ports has been connected
please help me solve these apart from it 10 to 15 are logs based
can someone please provide the answers to the questions.
q14
answer c
sorry
b not c
Q1 – containment
Q2 – [a-z]+
Q3 – firewall (The line looks like an ACL, traffic shaping rule)
Q4 – ….
Q5- a device configuration changed from the baseline without any audit lo
Q6 – view any malicious files that a host has downloaded
Q7- 802.1X
Q8- post incident
Q9- process name
Q10- INCIDENT DESCRIPTION
Q11- ??
Q12- IT must be preserved and its integrity verified
Q13- visualize data
Q14- ext4
Q15- recconnaisance
Q16- URI
Q17- fat32
Q18- …
Q19- it can identify when new network ports has been connected
Why isn’t Q19 can identify servers have been exploited?
Hey guys, there is a lots of new questions which are not found in web forums, please study well. i passed with more closer value to pass mark. i cannot remember all Qs but around 20-25 new Qs got in exam. good luck.
can you comment on from which sections there were?
Guys, about the netstat question. I always see they answer A option. However it doesn’t work. only D option has listening port. Is there a trick in this question?
Which command can be used to find open ports on a system?
A. netstat -l
B. netstat -r
C. netstat –g
D. netstat –v
netstat -l where -l list all listening port
I check through cmd that “netstat -v” is showing the ports but confused with the ans (netstat -l) in the dumps.
I believe that “netstat -v” only shows the connected ports. Not the listening….
The question didnt ask for listening ports, it just asked for ports…
Please read the question before commenting.
The way the wording of the station is, -v makes the most sense.
it only works in linux netstat command
could you please share new questions i have exams next few days
maybe more than 15 NEW Qs , what I remember not exactly :-
1–D&D , ASA outband TCP connection from outside IPXX/port to inside IPXX/port , source/des ip add/port
2–Employee are allowed to access internal websites. Employee access an internal website but IDS report as a malicious behavior
3–What does the CSIRT incident response provider usually do , focus on synthesizing data from various sources to determine trends and patterns in incident activity
3–What do the CSIRT incident analysis centers usually do , offer incident handling services as a for-fee service to other organizations
4—Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency , internal CSIRT
5–which is most used linux file and supports journaling
ext4
6–which of the follwoing make the file unique ?
1-file timestamp ,
2-file hash ,
3-file size , ..etc
7–Which two statements correctly describe the victim demographics section of the VERIS schema
1-The victim demographics section describes but does not identify the organization that is affected by the incident.
2-The victim demographics section compares different types of organizations or departments within a single organization.
Thank you AAA.
Has anyone else encountered new questions?
Thanks.
I passed today Cisco 210-255 exam. Dumps and the Q&As from Official Guide was helpful. There were few new questions I hit during the exam. I don’t remember all of them but I do remember few which I have listed below:
1. Employee are allowed to access internal websites. Employee access an internal website but IDS report as a malicious behavior. – I selected “True Negative”
2. There was a drag and drop for ASA. Built Inbound connection for Outside:<>/port to Inside:<>/port
3. Which attributes belong within VERIS schema.
4. Remediating network so that that threat actor can be releaved
What is the drag and drop ?? can u give more details
Hello, I passed Secop today, with 917. Thank You very much.
https://www.dropbox.com/s/js9nif8y62gmg15/questions%20from%20online%20exams.docx?dl=0
Congratulations!!!. Did you encounter some new questions?
it that valid ? any new QS ?
I found few new questions. but I do not remember exactly what question are, you just have to read carefully and respond. They are not so difficult.
the new questions are those that “RD” published
According to NIST what option is unnecessary for containment strategy?
What is the process of remediation the system from attack so that responsible threat actor can be revealed?
According to NIST what option(s) should be contained in issue tracking system?
whether is it ext4,3,2 or NTFS that supports unlimited journaling ?
which schema does attributes come in VERIS ?
Hello belt, i cannot find the file at dropbox can you share it via [email protected]
Hello Belt,
Congratulations. Can you send me this file because it is unused now. Thank you.
[email protected]
any update on 100q dump , please help
Hello guys any valid dumps should pls share me.
https://certcollection.org/forum
the site is up again
Hello Everyone!
these are still valid, I took the exam on Thursday passed with 88*.
Also do read the questions provided in the comments the two PDF files with answers.
It’s enough to pass the exam.
GOOD LUCK.
I passed my exams today. Thanks guys. There are new questions in the exams i wrote
Congrats,
How many?
Do you remember them?
Congrats,
How many?
Do you remember them?
Can u share us the experience and some new question in your examination center.
Congrate @kay. Kindly help us post the question. Pls because am also planning to write my exam next week Monday.
Thanks
Pass today with score 88x , dumps is quite enough to pass.
Great, Congrats,
Do you remember how many new questions you had?
Do you remember these questions?
Can u share us the experience and some new question in your examination center.
pass today > valid dropbox dump valid 85% > there is question
Thanks mate for the feedback 🙂 do you remember some new question?
Dropbox questions are still valid?
thanks in advance!
Hi,
Thank you all for your help.Passed with 944. All the dumps are relevant. Also there was a question about journaling in linux, whether is it ext4,3,2 or NTFS that supports unlimited journaling. Also , had this question about which schema does attributes come in VERIS.Also, a straightforward question from ASA log to find the source and dest address,port. Also, a question on threat actor attribution.
Just passed the exam 30min ago. only valid 60% only. bout 5 new questions, the questions asking different and answer is different too. Asking the question is reverse back what here. good luck
Pls who have the secop new question to share us or a valid dumps. Thanks
passed today , the below dump is valid 100% , there are a few new questions
https://www.dropbox.com/s/js9nif8y62gmg15/questions%20from%20online%20exams.docx?dl=0
Hi Fahad,
Can you share if what are the new questions you encountered?
Thanks.
to be honest i don’t remember them , but with the 100q dump i passed.
Hello Fahad
is there any question outside the file ?
yes there are but less than 5
Did the exam. The dropbox link is more than enough to pass.
As for new questions I remember two of them.
‘Attributes’ belong to which of the Veris Schema? Incident Tracking, Victim Demograhics, Incident Description, Discovery & response, Impact Assessment.
Confidentiality is defined as what in the cvssv3 framework? Incident response given to a ‘software component/person’ from a ‘successful/unsuccessful’ exploit.
@Rauf those questions did not appear on the exam.
Thanks all
91. According to NIST what option is unnecessary for containment strategy?
95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
96. According to NIST what option(s) should be contained in issue tracking system?
May I get the exact answers to these questions?
Finally completed SECOPS exam with 922. Thanks for sharing informations.
Congratulate bro,
what dump did you use?
Any new questions to add?
I used https://www.dropbox.com/s/js9nif8y62gmg15/questions%20from%20online%20exams.docx?dl=0. There are 10 to 15 new questions but it is easy to answer.
91. According to NIST what option is unnecessary for containment strategy?
95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
96. According to NIST what option(s) should be contained in issue tracking system?
May I get the exact answers to these questions?
Passed today with scored 912, most of the questions came from dimitris82 and Jim’s. 11 new questions and few questions have different options.
Can link this dimitri?
https://www.dropbox.com/s/js9nif8y62gmg15/questions%20from%20online%20exams.docx?dl=0
Thanks thanks Jim, But I got 902 . the question are same , they change option of answer. again thanks JIM
Jim
i just cleared SECOPS with 951 with using these questions (https://www.dropbox.com/s/js9nif8y62gmg15/questions%20from%20online%20exams.docx?dl=0). 2-3 more questions popped but i cant remember them
Took the exam this month and passed. Questions above are valid. Some new questions, around 3-4 that a cannot remember.
Thanks.
Dear
i pass today i use the up question .
thanks
91. According to NIST what option is unnecessary for containment strategy?
95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
96. According to NIST what option(s) should be contained in issue tracking system?
May I get the exact answers to these questions?
91. According to NIST what option is unnecessary for containment strategy?
95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
96. According to NIST what option(s) should be contained in issue tracking system?
May I get the exact answers to these questions?
Has anyone taken the exam this month?
Any new questions to add?
Good luck all
tcp.port==80
I recommend the following link, that includes the new Q until today:
https://www.prepaway.com/cisco/testking.210-255.27019.ete.file.html
please see Sila comments.
Please don’t use tono2’s advice. I just did a virus analysis on the testing engine that is required for the file. The result is that the testing engine from Vumingo.com is very nasty that has a Trojan/ransomeware file on it. If you allow the program to make changes on your hard drive, it will start logging your keystrokes, drop executable files on your computer, write process to a remote process, and contains the ability to randomly reboot your computer.
Are you sure ? I am using this f* tool to prepare for my exams.
don’t open the link it contain a trojan
Passed Secops today! Only took me 17 minutes! Thank you Jim for the fantastic file!
https://www.dropbox.com/sh/ftagos8f6xhibez/AADBU7zs9ysldUDglRuZivExa?dl=0
Study that, and you are golden!
And this:
https://www.dropbox.com/s/js9nif8y62gmg15/questions%20from%20online%20exams.docx?dl=0
ALL you need to pass is to study these questions….. nothing else…… Good luck!
Hi guys,
I wrote my SECOP exam yesterday and passed with 902.
Thank you JIM for sharing this link
https://www.dropbox.com/sh/ftagos8f6xhibez/AADBU7zs9ysldUDglRuZivExa?dl=0
Good luck
Is the same paper coming for the second attempt?
Um…. what?
I be failed the first attempt. I’m talking the exam for the second time tomorrow. I’m asking is the exam questions will be different in the second attempt?
* I’ve failed the first attempt.
Some say that there is a pool of questions, so maybe there will be some different questions or maybe not. Some others say that on second attempt you get more questions on the sections you failed.
I faced my second attempt today and passed with 912 marks. Both attempts got almost same questions. Thanks all.
netstat -v is also possible. Check with windows cmd, you will see the ports there.
win or linux ?
WIN is netstat -a
LINUX netstat -i
on linux https://explainshell.com/explain?cmd=netstat+-v
–verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about
unconfigured address families.
on win https://ss64.com/nt/netstat.html
-v Verbose – use in conjunction with -b, to display the sequence of
components involved for all executables.
Hi guys,
i just cleared SECOPS with 951 with using these questions (https://www.dropbox.com/s/js9nif8y62gmg15/questions%20from%20online%20exams.docx?dl=0). 2-3 more questions popped but i cant remember them
Good luck to everyone
GREAT JOB Jim! And thank you for checking back in! So you found all the VCE questions plus those end of chapter questions helpful? What is your experience level outside of this test? I’m hopeful now….. taking the test tomorrow AM!!!!!!!! Can’t wait to get this finished up! You had a great score!
yes, they were very helpful. But the most helpful was the fact that i had to search and study to find the correct answers.And i also read the OCG for more details as the videos and the material from the cyber security scholarship e-class did not get into much of details. So, after that almost all the pieces came together.
I am at the IT field almost 3 years and none of my previous experience is relevant. I have CCNA, CCNA security and now the Cyber Ops. The fact that i am at the IT of a cyber security organisation of course helps a bit. 🙂 . Good luck for your exams.
jim can you please repost the pdf file dropsbox isnt wokring anymore
hi Jim thanks for the link very helpfull please did you have the same couple of question for the SECFND EXAM ?
if the case please share
thanks by advance
Unfortunately not, for SECFND i only read material from e-class. No online tests, no nothing,
91. According to NIST what option is unnecessary for containment strategy?
95. What is the process of remediation the system from attack so that responsible threat actor can be revealed?
96. According to NIST what option(s) should be contained in issue tracking system?
May I get the exact answers to these questions?
data mining also used for Intrusion detection
Data mining is the process of sorting through large data sets to identify patterns and establish relationships to solve problems through data analysis. Data mining tools allow
What is Data maping used for?
there is no “integrity” option , best answer I beilieve is visibility
Is data accuracy an option
As far as I remember there was no integrity/accuracy option. There was definitely ‘for visivblity’ option. I don’t know what answer is right for this question.
I don’t find Data mapping in the book materials.
Any new about new 2018 questions?
Hi,
Here are some new q:
– Defenition of listening port;
– Open ports nestat command (possible answers – netstat -r/-r/-v/-i);
– About NIST data integrity (possible answers – use only sha-1, use only md5, you must hash data&backup and compare hashes, no need to hash data&backup and compare hashes).
My recommendations:
– use this vce, but read the comments!!! answers in comments are correct;
– use this link http://www.certifychat.com/threads/new-210-255-questions-pdf-and-vce-dec-2017-updated.7134/ after registering you’ll see link to 44 valid Q&A.
dis you take the exam?
Name which other Q&A did you remember that are not here in VCE?
Has anyone taken the test recently…. are these questions from here pretty accurate?
A friend of mine took the test recently. The questions are accurate. Also there are some new questions from the Q&A section of official cert guide
Allthe answer given by VCE are accurate? or there are correction given by users?
Def. read through the discussions below each question… a lot of the default answers by vce are incorrect…… but I’m hoping question and options are accurate at least 🙂
Jim can you share this new Q&A?
Of course. Give me some time and i will do it. I had no pc these days. As for the answers i always try to check by myself if they are correct. I have my doubts for some of them.
https://www.dropbox.com/sh/ftagos8f6xhibez/AADBU7zs9ysldUDglRuZivExa?dl=0 here are all Q&A and the answers from the book. almost 25 of the new questions are from here!!
You actually saw the end of chapters you posted on the test? Word for word or just the general concept of them? Are these VCE questions pretty accurate (if we pick the right answers).
@ Johnny Appleseed
There are a lot of questions from the Q&A in various dumbs but with wrong answers. My friend confirmed also that the questions and the answers are word for word accurate. I just searched them at the official cert guide to be sure that i have the right answer.
I think the answer is wrong.
I think the correct order is
indirect evidence
direct evidence
corroborative evidence.
The firewall log says that there is a succesful communication,so this must be the direct evidence.
Any thoughts?
Jim
I think you are correct
I have second thoughts about my answer above.
I think it is
direct evidence (as it says confirmed malware)
corroborative evidence (as is supports the above claim)
indirect evidence
friends i got some questions to ask.as i could remember after exam.
please answer so others can find help here.
What attribute belonging veris schema?
What is the definition of confidentiality accord to CVSSv3 framework?
What is the process of remediation the system from attack so that responsible threat actor can be revealed?
What is attacking vulnerability in Cyber kill chain?
According to nist what option should be contained in issue tracking system?
According to nist what option is unnecessary for containment strategy?
Purpose of data mapping?
Netstat command for show ports?
Command filtering port in wire shark?
Nistsp800-61R2 what are the recommended protections against malware?
these are new qs.
You ?% correct. I just passed. All these new questions came. Thanks
Hi Sam,
Can you recall the answers of those new questions? Thanks in advance.
Hi OG ob
Please can you provide to us some answer you give for those question and the rest of the question of this site it will very helpfull
thanks
Anyone to help to answer this questions ?
I just passed!! with 834
all the best!
Hi Ar is this questions still valid?
The repeated all this questions above
Did any one pass recently? Any tips?
Thanks.
Read completely the documents of NIST. There is alot of new questions about that documents.
Thanks for your advice! I will take the exam soon.
Thanks. Im taking the exams next week ! I’ll definately post my update.
Hi, I just passed this exam there are some new questions.
Just remember:
Filtering ports in wireshark tcp.port != 80
NAC is related to 802.1X
new questions:
Which netstat command show ports?
What is Data maping used for?
Thanks sirPeter
Please can you provide some answer of those question in this site look you already take the exam and Passs it
it will very helpfull
Which netstat command show ports?
netstat -a
What is Data maping used for?
data accuracy(integrity)
Filtering ports in wireshark?
tcp.port equals 80
Which netstat command show ports?
the options are
netstat -l
netstat -v
netstat -g
netstat -r
So netstat -a would be the answer if it was there, next best option is netstat -l
https://explainshell.com/explain?cmd=netstat+-l
netstat -a for windows and netstat -l for linux.
They’re both correct