Log into your Prepaway Account
Please Log In to download ETE file or view Training Course
Registration is free and easy - just provide your E-mail address.
Click Here to Register
Exam: | 210-250 - Understanding Cisco Cybersecurity Fundamentals (SECFND) |
Size: | 264.44 KB |
Posted: | Saturday, February 3, 2018 |
Download:
|
|
Log in to make your opinion count.
Registration is free and easy - just provide your E-mail address.
Click Here to Register
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from [email protected] and follow the directions.
1. Which protocol is layer 4 protocol.given options are.
HHTP/TLS
DNS
2.what does the v509v3 indicatess to? ( i remember the choices choose 3)
a.publice key of the certificate
b.private key of the certificate
c.subject of the certificate
3. Which Protocol is used for DNS zone transfer.
Answer. TCP
4. The FMC can share HTML, PDF and CSV data type that relate to a specific event type data. Which specific event type data?
A. Connection
B. Host
C. Netflow
D. Intrusion
Answer: D
5. how can you correlacte ntp in a accurate time something
a.) asynchronous
b.) get time from each network device
c.)get from ad/ domain controller
d.)synchronous time
if you want to pass read little more from others.
I have an exam 28 june
A. method in which the hack occurred
B. defense contractor that stored the intellectual property
C. intellectual property that was stolen
D. foreign government that conducted the attack
I am seeing so many here have answered this wrong . The correct answer is option D
A threat agent definition is The term Threat Agent is used to indicate an individual or group that can manifest a threat. It is fundamental to identify who would want to exploit the assets of a company, and how they might use them against the company.
S
these dumps are valid.
also study the questions that are in comments ,they are really important to pass
read about
A)the x509v3 certificate they asked what it contains there were 5 options we had to choose 3.
B)heartbleed bug (answer was information disclosure)
C)protocol that works at 4th layer of OSI
I need new question
I need pass 210-250
Sat for this exams yesterday and passed! dumps need some updates because some questions got their answers wrong. overall, dumps is 70% valid. you would need some studying to do very well but you can pass with dumps as well. here are the new questions i got
1. which are two protocols used for ddos amplification attack
a. TCP
b. DNS
c. HTTP
2. which evasion method serves as an important functionality of ransomware
a. Encryption
b. Resource exhaustion
c. encoding
3.which purpose of security risk asseessment is true
options: cant remember
4. which security principle is violated by running all processes as root/admin
a. RBAC
b. principle of least priviledge
c. segregation of duty
5. dns query uses which protocol
a. TCP
b. UDP
c. HTTP
6. which options is true when using the traffic mirror feature in a switch
a. Ethernet headers are modified
b. packets payloads are lost
c. packets are nor processed
7. which data type is the most beneficial to recreate a binary file for malware analysis
a. alert
b. session
c.statistical
d. extracted content data.
Good Luck!
can you please answr the questions you wrote?
Thanks a lot!
Greetz
I did my exam yesterday and passed. Dump is for 70% valid. There were about 15 new questions. Can't remember all of them but, there were a lot about logging . Two questions that I can remember is about DNS transfer Zone which protocol it uses. Furthermore I had a question about heartbleed exploit so you should know what it does and a question about HIPAA. Other questions not in the dump I already put them in this forum. You will get a couple of them too. Good Luck!
PS C:\> Get-WmiObject win32_operatingsystem -ComputerName Quark | Invoke-WMIMethod -name Win32Shutdown
The Win32Shutdown method can accept parameters. The default is 0 which means do a simple logoff. But if the user has open files or if the default method fails, you can always resort to a forceful logoff:
PS C:\> Get-WmiObject win32_operatingsystem -ComputerName Quark | Invoke-WMIMethod -name Win32Shutdown -ArgumentList @(4)
WMI can be used to reboot a computer
The FMC can share HTML, PDF and CSV data type that relate to a specific event type data. Which specific event type data?
A. Connection
B. Host
C. Netflow
D. Intrusion
Answer: D
Explanation:
The Firepower System has features that you can use to gather intrusion data in standard formats such as HTML, PDF, and CSV (comma-separated values) so that you can easily share intrusion data with others.
NEW QUESTION 92
For which purpose can Windows management instrumentation be used?
A. Remote viewing of a computer
B. Remote blocking of malware on a computer
C. Remote reboot of a computer
D. Remote start of a computer
Answer: A
Explanation:
The purpose of WMI is to define a proprietary set of environment-independent specifications which allow management information to be shared between management applications. WMI allows scripting languages to locally and remotely manage Microsoft Windows computers and services. The following list provides examples of what WMI can be used for:
-- Providing information about the status of local or remote computer systems
-- Configuring security settings
-- Modifying system properties
-- Changing permissions for authorized users and user groups
-- Assigning and changing drive labels
-- Scheduling times for processes to run
-- Backing up the object repository
-- Enabling or disabling error logging
NEW QUESTION 93
Which international standard is for general risk management, including the principles and guideline for managing risk?
A. ISO 31000
B. ISO 27001
C. ISO 27005
D. ISO 27002
Answer: A
Explanation:
ISO 31000:2018, Risk management -- Guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
NEW QUESTION 94
Which statement about the difference between a denial-of-service attack and a distributed denial of service attack is true?
A. Dos attack are launched from one host, and DDoS attack are launched from multiple host.
B. DoS attack and DDoS attack have no differences.
C. DDoS attacks are launched from one host, and DoS attacks are launched from multiple host.
D. Dos attack only use flooding to compromise a network, and DDoS attacks only use other methods.
Answer: A
Explanation:
DDoS refers to a "distributed denial of service" attack. With this attack a hacker will use multiple servers to attack another target server i.e. the attack is distributed across multiple servers. Traffic associated with a single DDoS attack may originate from hundreds or thousands of compromised servers or PCs. Whereas a "denial of service" (DoS) attack is when a single server is used to attack another targeted server.
NEW QUESTION 95
You discover that a foreign government hacked one of the defense contractors in your country and stole intellectual property. In this situation, which option is considered the threat agent?
A. method in which the hack occurred
B. defense contractor that stored the intellectual property
C. intellectual property that was stolen
D. foreign government that conducted the attack
Answer: A
NEW QUESTION 96
After a large influx of network traffic to externally facing devices, you begin investigating what appear to be a denial of service attack. When you review packets capture data, you notice that the traffic is a single SYN packet to each port. Which kind of attack is this?
A. SYN flood.
B. Host profiling.
C. Traffic fragmentation.
D. Port scanning.
Answer: D
NEW QUESTION 97
Which definition of common event format is terms of a security information and event management solution is true?
A. A type of event log used to identify a successful user login.
B. A TCP network media protocol.
C. Event log analysis certificate that stands for certified event forensics.
D. A standard log event format that is used for log collection.
Answer: D
NEW QUESTION 98
Which definition of a Linux daemon is true?
A. Process that is causing harm to the system by either using up system resources or causing a critical crash.
B. Long - running process that is the child at the init process.
C. Process that has no parent process.
D. Process that is starved at the CPU.
Answer: B
Explanation:
A daemon is a type of program on Unix-like operating systems that runs unobtrusively in the background, rather than under the direct control of a user, waiting to be activated by the occurance of a specific event or condition. Unix-like systems typically run numerous daemons, mainly to accommodate requests for services from other computers on a network, but also to respond to other programs and to hardware activity.
...
Daemons are recognized by the system as any processes whose parent process has a PID of one, which always represents the process init. init is always the first process that is started when a Linux computer is booted up (i.e., started), and it remains on the system until the computer is turned off. init adopts any process whose parent process dies (i.e., terminates) without waiting for the child process's status. Thus, the common method for launching a daemon involves forking (i.e., dividing) once or twice, and making the parent (and grandparent) processes die while the child (or grandchild) process begins performing its normal function.
NEW QUESTION 99
Which term describes reasonable effort that must be made to obtain relevant information to facilitate appropriate courses of action?
A. Due diligence.
B. Ethical behavior.
C. Decision making.
D. Data mining.
Answer: A
NEW QUESTION 100
According to the common vulnerability scoring system, which term is associated with scoring multiple vulnerabilities that are exploit in the course of a single attack?
A. chained score
B. risk analysis
C. vulnerability chaining
D. confidentiality
Answer: C
Explanation:
CVSS is designed to classify and rate individual vulnerabilities. However, it is important to support the needs of the vulnerability analysis community by accommodating situations where multiple vulnerabilities are exploited in the course of a single attack to compromise a host or application. The scoring of multiple vulnerabilities in this manner is termed Vulnerability Chaining. Note that this is not a formal metric, but is included as guidance for analysts when scoring these kinds of attacks.
A. method in which the hack occurred
B. defense contractor that stored the intellectual property
C. intellectual property that was stolen
D. foreign government that conducted the attack
Answer: A
After a large influx of network traffic to externally facing devices, you begin investigating what appear to be a denial of service attack. When you review packets capture data, you notice that the traffic is a single SYN packet to each port. Which kind of attack is this?
A. SYN flood.
B. Host profiling.
C. Traffic fragmentation.
D. Port scanning.
Answer: D
Which definition of common event format is terms of a security information and event management solution is true?
A. A type of event log used to identify a successful user login.
B. A TCP network media protocol.
C. Event log analysis certificate that stands for certified event forensics.
D. A standard log event format that is used for log collection.
Answer: D
Which vulnerability is an example of Shellshock?
a-SQL injection
b-heap Overflow
c-cross site scripting
d-command injection
Answer. D
in which technology is network level encrypted not natively incorporated?
a-Kerberos
b-ssl
c-tls
d-IPsec
Answer:A
which purpose of command and control for network aware malware is true?
a-It helps the malware to profile the host
b-It takes over the user account
c-It contacts a remote server for command and updates
d-It controls and down services on the infected host
Answer:C
For which kind of attack does an attacker use known information in encrypted files to break the encryption scheme for the rest of
a-known-plaintext
b-known-ciphertext
c-unknown key
d-man in the middle
Answer:A
which process continues to be recorded in the process table after it has ended and the status is returned to the parent?
a-daemon
b-zombie
c-orphan
d-child
Answer:B
you get an alert on your desktop computer showing that an attack was successful on the host but up on investigation you see that occurred duration the attack. Which reason is true?
a- The computer has HIDS installed on it
b- The computer has NIDS installed on it
c- The computer has HIPS installed on it
d- The computer has NIPS installed on it
Answer:A
I found few wrong ans which I have corrected:
1. While viewing packet capture data, you notice that one IP is sending and receiving packet for multiple device. Ans: NAT
2. Which two tasks can be performed by analyzing the logs of traditional stateful firewall? Ans: A-5 tuple B. Map internal IP
3. The key in an X.509 certificate. Ans: Public
4. Digitally signature. Ans: document is hashed and then hash is encrypted with private key
5. HTTPS traffic make security monitoring difficult. Ans: SSL interception
6. Definition of Antivirus. Ans: Program used to detect and remove unwanted malicious soft
7. About social engineering. Ans: Receiving call from IT department, sending a verbal request to an administrator
8. About next generation firewall. Ans: Application visibility, intrusion detection system
9. Discretionary access control security model. Ans: security policy defined by the owner of an object
best of luck!!!!
I believe the correct answer is Public - can anyone confirm??
The answer is B, not A.
The hash is generated, then encrypted with your private key - that's your signature.
That's why non-repudiation works...only YOU hold the private key!
1. Command and control for network aware malware is true -- not sure can remember the answers
2. Which attack is the network vulnerable to when a stream cipher like rc4 is used twice with the same key
3. Which format Netflow records are stored
4. Attack surface is true
The vce passleader (111q) is valid.
Exam passed yesterday 13/Mar, 90x/1000.