Exam A

Question 1

An engineer wants to assign a printer to a different VLAN than it is statically configured on the switch port. Which CoA type should the engineer use?

A. CoA-Terminate
B. No-CoA
C. Port-Bounce
D. CoA-Reauth

Answer 1

Port-Bounce

Question 2

An administrator needs to be able to have a router securely with a network management system. The connections must be authenticated but not encrypted. While meeting these requirements, which command will create a group that allows a user on the network management system access to the router?

A. snmp-server group v2c
B. snmp-server group v3 priv write
C. snmp-server group v3 auth
D. snmp-server group v2c write

Answer 2

snmp-server group v3 auth

Question 3

What are two core components of a Cisco Umbrella solution? (Choose two)

A. Cloud container platform
B. DNS layer security
C. Cisco ISE
D. Transport Layer Security
E. Cloud access security broker

Answer 3

DNS layer security

Cloud access security broker

Question 4

Which solution provides a comprehensive views of internet domains, IP address, and autonomous system to help pinpoint attackers and malicious infrastructures?

A. Cisco Advanced Malware Investigate
B. Cisco Umbrella Investigate
C. Cisco Tetration Cloud
D. Cisco Thread Indication Database

Answer 4

Cisco Umbrella Investigate

Question 5

A network engineer has been tasked with configuring OSPF neighbor authentication on the WAN router for a branch office. The WAN router connects to the OSPF backbone area via an MPLS circuit that terminates on interface GigabitEthernet 0/0/0. The router id for this router is tied to the loopback0 interface. The password used for neighbor authentication should be encrypted when transmitted over the WAN. Which two IOS commands are required to enable OSPF neighbor authentication on this scenario? (Choose two)

A. ip ospf message-digest-key under the GigabitEthernet0/0/0 interface configuration

B. ip ospf authentication-key under Loopback0 interface configuration

C. service password-encryption under global configuration mode

D. area 0 authentication under the OSPF routing process configuration

E. area 0 authentication message-digest under the OSPF routing process configuration

Answer 5

ip ospf message-digest-key under the GigabitEthernet0/0/0 interface configuration

area 0 authentication message-digest under the OSPF routing process configuration

Question 6

How can Cisco Tetration connect to something within customer/3rd party network if the customer/3rd party network doesn’t allow incoming connections?

A. Reverse tunnel
B. GRE tunnel
C. Source NAT
D. Destination NAT

Answer 6

Reverse tunnel

Question 7

Which Cisco security platform is integrated into an organization’s cloud environment on AWS, google cloud, or AZUR to provide agentless visibility across the network by using advance machine learning and behavioral analytics?

A. Cisco ISE cloud
B. Cisco Stealthwatch cloud
C. Cisco ASAv
D. Cisco AMP cloud

Answer 7

Cisco Stealthwatch cloud

Question 8

An engineer is configuring DHCP snooping on a cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition this will occur?

A. A packet from a DHCP server is received from inside the network or firewall

B. A packet is received on an untrusted interface and the source MAC Address and the DHCP client hardware address do not match

C. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0

D. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database

Answer 8

A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0

Question 9

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A. Application settings
B. Destination lists
C. Content categories
D. Security settings

Answer 9

Destination lists

Question 10

While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two)

A. IP addresses
B. URLs
C. port numbers
D. protocol IDs
E. MAC addresses

Answer 10

IP addresses

URLs

Question 11

Which actions configure the IEEE 802.11x Flexible Authentication feature to support Layer 3 authentications mechanisms?

A. Modify the Dot1X configuration on the VPN server to send Layer 3 authentications to an external authentication database.

B. Add MAB into the switch to allow redirection to a Layer 3 device for authentication

C. Identify the devices using this feature and create a policy that allows them to pass Layer2 authentication

D. Configure WebAuth so the hosts are redirected to a web page for authentication

Answer 11

Configure WebAuth so the hosts are redirected to a web page for authentication

Question 12

Which action adds IOCs to customize detections for a new attack?

A. Upload the IOCs into the installed Endpoint IOC feature within Cisco AMP For Endpoints.

B. Use the initiate Endpoint IOC scan feature to gather the IOC information and push it to the clients.

C. Modify the base policy within Cisco AMP for Endpoints to include simple custom detections.

D. Add a custom Advanced detection to include the IOCs needed within Cisco For endpoints.

Answer 12

Upload the IOCs into the installed Endpoint IOC feature within Cisco AMP For Endpoints.

Question 13

Which platform besides the Cisco ASA should be deployed to provide content redirection using Direct-To-Tower methods without the need for the customer to send traffic using PAC files or third-party proxies?

A. Cisco ASR
B. Cisco ISR
C. Cisco WSA
D. Cisco CWS

Answer 13

Cisco CWS

Question 14

An organization is using CSR1000v routers in their private cloud infrastructure. They must upgrade their code to address vulnerabilities within their running code version. Who is responsible for these upgrades?

A. The cloud vendor is responsible for updating all code hosted in the cloud

B. The cloud service provider must be asked perform the upgrade

C. The organization must upgrade the code for the devices they manage

D. The CSR1000v is upgraded automatically as new code becomes available

Answer 14

The organization must upgrade the code for the devices they manage

Question 15

Which action blocks specific IP address whenever a computer with Cisco AMP for Endpoints installed connects to the network?

A. Create a simple custom detection policy and add the IP address

B. Create an application block list and add the IP address

C. Create an advanced custom detection policy and add the IP address

D. Create an IP Block & Allow list and add the IP address

Answer 15

Create an IP Block & Allow list and add the IP address

Question 16

A company has an infrastructure ACI policy on its perimeter router that denies RFC1918 address, unused address ranges, any packets that use the IP address range that is assigned to the internal IP infrastructure, and 127.0.0.1. All these rules apply to incoming traffic from the internet. Which two attacks are prevented by using this method? (Choose two)

A. Losing the line protocol keep-alives and routing protocol update
B. Spoofing the IP address of another customer to steal service
C. DoS attack that cause high CPU utilization
D. Gaining of access to network devices using a spoofed address
E. Routing processor resource exhaustion

Answer 16

Spoofing the IP address of another customer to steal service

Gaining of access to network devices using a spoofed address

Question 17

Which two tasks are required when a decryption policy is implemented on a Cisco WSA? (Choose two)

A. Upload a root certificate and private key
B. Enable HTTPS attack protection
C. Enable real-time revocation status checking
D. Configure invalid certificate handing
E. Enable the HTTPS proxy

Answer 17

Upload a root certificate and private key

Enable the HTTPS proxy

Question 18

What is a difference between GRE over IPsec and IPsec with crypto map?

A. GRE over IPsec supports non-IP protocols
B. Multicast traffic is supported by IPsec with crypto map
C. GRE provides its own encryption mechanism
D. IPsec with crypto map offers better scalability

Answer 18

GRE over IPsec supports non-IP protocols

Question 19

Which attack gives unauthorized access to files on the web server?

A. Broadcast storm
B. DHCP snooping
C. Distributed DoS
D. Path transversal

Answer 19

Path transversal

Question 20

Which VPN provides scalability for organizations with many remote sites?

A. SSL VPN
B. Site-to-site IPsec
C. DMVPN
D. GRE over IPsec

Answer 20

DMVPN

Question 21

When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?

A. Cisco ISE
B. Cisco ASA
C. Cisco AMP Private Cloud
D. Cisco Cloudlock

Answer 21

Cisco Cloudlock

Question 22

What are two examples of code injection vulnerabilities? (Choose two)

A. Session hijacking
B. Cross-site-scripting
C. XML external entity injection
D. Arbitrary command injection
E. SQL injection

Answer 22

Cross-site-scripting

SQL injection

Question 23

A network engineer must secure a Cisco switch from a MAC address flooding attack by allowing only the MAC address of currently connected PC on port Gi1/0/28. Which Cisco IOS command must be run to check if that MAC address is currently known and is the only MAC address allowed on that port?

A. show port-security
B. show port-security interface GigabitEthernet 1/0/28
C. show port-security address

Answer 23

show port-security interface GigabitEthernet 1/0/28

Question 24

Which problem is solved by deploying a multicontext firewall?

A. Overlapping IP addressing plan
B. Faster inspection
C. More secure policy
D. Resilient high availability design

Answer 24

Overlapping IP addressing plan

Question 25

What are two targets in cross-site scripting attacks? (Choose two)

A. Footer
B. Cookie
C. Image
D. Input
E. Header

Answer 25

Cookie

Input

Question 26

An administrator wants to ensure that the organization’s remote access VPN devices can connect to the VPN without the user logging into the devices. Which action accomplishes this task?

A. Modify the Cisco AnyConnect Client image to start before logon and use the users cached credentials for authentication

B. Change the Cisco AnyConnect Connection Profile to allow for authentication prior to logon and use the user certificate for authentication

C. Configure the Start Before Logon feature in the Cisco AnyConnect Client and use certificate authentication

D. Add the Auto Connect feature in the Cisco AnyConnect Group Policy and use the machine certificate as the authentication indentity

Answer 26

Configure the Start Before Logon feature in the Cisco AnyConnect Client and use certificate authentication

Question 27

Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches?

A. Northbound APIs
B. Unprotected APIs
C. Southbound APIs
D. Rest APIs

Answer 27

Southbound APIs

Question 28

Which security mechanism is designed to protect against offline brute-force attacks?

A. Salt
B. CAPTCHA
C. MFA
D. Token

Answer 28

MFA

Question 29

Which process is used to obtain a certificate from a CA?

A. Enrollment
B. Signing
C. Approval
D. Registration

Answer 29

Enrollment

Question 30

Which two products are used to forecast capacity needs accurately in real time? (Choose two)

A. Cisco Workload Optimization Manager
B. Cisco Cloudlock
C. Cisco AppDynamics
D. Cisco Umbrella
E. Cisco Tetration

Answer 30

Cisco Workload Optimization Manager

Cisco AppDynamics

Question 31

Which two algorithms must be used when an engineer is creating a connection that will have classified data across it? (Choose two)

A. SHA-384
B. RC4
C. RSA-3072
D. AES-256
E. ECDSA-256

Answer 31

SHA-384

AES-256

Question 32

Which common exploit method is TLS 1.3 designed to prevent?

A. Man-in-the-middle attack
B. Cross-site-request forgery
C. Cross-site-scripting
D. Denial-of-service attack

Answer 32

Man-in-the-middle attack

Question 33

A website administrator wants to prevent SQL injection attacks the company’s customer database, which is referenced by the web server. Which two methods help prevent SQL injection attacks? (Choose two)

A. using load balancers with NAT
B. enforcing TLS 1.3 only
C. using SSL certificates
D. using web application firewalls
E. performing input validation

Answer 33

using web application firewalls

performing input validation

Question 34

Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco implementation (Choose two)

A. ADC
B. ERSPAN
C. Cisco ASA
D. NetFlow
E. Cisco Secure Workload

Answer 34

ERSPAN

NetFlow

Question 35

An engineer is configuring a Cisco Cloud Email Security instance to send logs to an external server for auditing. For security purposes, a username and SSH key has been generated on the remote log server that accepts only the SSHv2 protocol. Which log retrieval method must be configured in the log subscription?

A. Syslog push
B. FTP push
C. Manually download
D. SCP push

Answer 35

SCP push

Question 36

A network Administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants to limit the strain on firewall resources. Which method must be used to send these logs to Cisco Security Analytics and Logging?

A. SFTP using the FMC CLI
B. HTTP POST using the Security Analytics FMC plugin
C. Direct connection using SNMP traps
D. Syslog using the Secure Event Connector

Answer 36

Syslog using the Secure Event Connector

Question 37

Refer to the exhibit.
*Jul 1 15:33:50.027: ISAKMP: (0):Enqueued KEY_MGR_SESSION_CLOSED for Tunnel0 deletion
*Jul 1 15:33:50.027: ISAKMP: (0):Deleting peer node by peer_reap for 2.2.2.2: D1250B0
*Jul 1 15:33:50.029: ISAKMP: (1001):peer does not do paranoid keepalives.
*Jul 1 15:33:54.781: ISAKMP-PAK: (0) received packet from 2.2.2.2 dport 500 sport 500 Global (N) NEW SA
*Jul 1 15:33:54.781: ISAKMP: (0):Created a peer struct for 2.2.2.2, peer port 500
*Jul 1 15:33:54.781: ISAKMP: (0):New peer created peer = 0x11026528 peer_handle = 0x80000004
*Jul 1 15:33:54.781: ISAKMP: (0):Locking peer struct 0x11026528, refcount 1 for crypto_isakmp_process_block
*Jul 1 15:33:54.782: ISAKMP: (0):local port 500, remote port 500
*Jul 1 15:33:54.782: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 104E3C68
*Jul 1 15:33:54.782: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Jul 1 15:33:54.782: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1

Which command results in these messages when attempting to troubleshoot an IPsec VPN connection?

A. debug crypto ipsec
B. debug crypto isakmp
C. debug crypto isakmp connection
D. debug crypto ipsec endpoint

Answer 37

debug crypto isakmp

Question 38

What describes the function of the

crypto isakmp key C1$c449400824 address 0.0.0.0 0.0.0.0

command when configuring an IPsec VPN tunnel on a Cisco IOS router?

A. It configures the IP address and subnet mask of the VPN server

B. It allows connections from any hosts using the defined preshared key

C. It defines that all data is going to be encrypted via the VPN

D. It drops spoofed VPN traffic using 0.0.0.0 as the source or destination IP address

Answer 38

It allows connections from any hosts using the defined preshared key

Question 39

Which two activities are performed using Cisco DNA Center? (Choose two)

A. DNS
B. DHCP
C. design
D. provision
E. accounting

Answer 39

design

provision

Question 40

What is the ideal deployment mode to use when you need to manage separate security policies for multiple customers on a Cisco ASA device?

A. spanned cluster mode
B. IRB mode
C. VRF mode
D. multiple context mode

Answer 40

multiple context mode

Question 41

Which algorithm does ISAKMP use to securely derive encryption and integrity keys?

A. AES
B. Diffie-Hellman
C. 3DES
D. RSA

Answer 41

Diffie-Hellman

Question 42

In which cloud services model is the customer responsible for scanning for and mitigation of application vulnerabilities?

A. VMaaS
B. IaaS
C. PaaS
D. SaaS

Answer 42

IaaS

Question 43

For which type of attack is multifactor authentication an effective deterrent?

A. syn flood
B. ping of death
C. phishing
D. teardrop

Answer 43

phishing

Question 44

An organization wants to reduce their attack surface for cloud applications. They want to understand application communications, detect abnormal application behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?

A. Modify the Cisco Duo configuration to restrict access between applications.

B. Use Cisco ISE to provide application visibility and restrict access to them.

C. Configure Cisco Tetration to detect anomalies and vulnerabilities.

D. Implement Cisco Umbrella to control the access each application is granted.

Answer 44

Configure Cisco Tetration to detect anomalies and vulnerabilities.

Question 45

Refer to the exhibit.

RouterA(config)#crypto key generate rsa general-keys label SSH modules 2048
RouterA(config)#ip ssh rsa keypair-name SSH
RouterA(config)#ip ssh version 2

An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two)

A. enables SSHv1 on the router
B. uses the FQDN with the label command
C. generates RSA key pairs on the router
D. generates AES key pairs on the router
E. labels the key pairs to be used for SSH

Answer 45

generates RSA key pairs on the router

labels the key pairs to be used for SSH

Question 46

When MAB is configured for use within the 802.1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password?

A. The MAB uses the Call-Station-ID as username and password
B. The MAB uses the IP address as username and password.
C. Each device must be set manually by the administrator.
D. The MAB uses the MAC address as username and password

Answer 46

The MAB uses the MAC address as username and password

Question 47

Which solution operates as a cloud-native CASB?

A. Cisco Umbrella
B. Cisco pxGrid
C. Cisco CloudLock
D. Cisco Stealthwatch Cloud

Answer 47

Cisco CloudLock

Question 48

A security audit recently revealed that an administrator is using the same password of C1$c0451175124 for his personal account across multiple systems. What must be implemented by the company to reduce the changes of this happening again?

A. centralized user authentication
B. security awareness training
C. strict password policies
D. role based access control

Answer 48

security awareness training

Question 49

Which entity is responsible for encrypting data in transit using an IaaS model versus a SaaS model?

A. Cloud Service Provider for IaaS and Cloud Service Customer for SaaS

B. Cloud SLA Manager for IaaS and Cloud Application Developer for SaaS

C. Cloud Service Customer for IaaS and Cloud Service Provider for SaaS

D. Cloud Application Developer for IaaS and Cloud SLA Manager for SaaS

Answer 49

Cloud Service Customer for IaaS and Cloud Service Provider for SaaS

Question 50

Which common threat can be prevented by implementing port security on switch ports?

A. VLAN hopping attacks
B. spoofing attacks
C. denial-of-service attacks
D. eavesdropping attacks

Answer 50

denial-of-service attacks

Question 51

When a site-to-site VPN is configuring in Cisco FMC, which topology is supported when crypto ACLs are used instead of protected networks to define interesting traffic?

A. point-to-point
B. hub-and-spoke
C. DMVPN
D. full mesh

Answer 51

point-to-point

Question 52

Which solution provides end-to-end visibility of applications and insights about application performance?

A. Cisco Secure Cloud Analytics
B. Cisco Cloudlock
C. Cisco Tetration
D. Cisco AppDynamics

Answer 52

Cisco AppDynamics

Question 53

Which two methods are valid to be included in an authentication method list? (Choose two)

A. default
B. login
C. console
D. line
E. enable

Answer 53

login

enable

Question 54

Which two aspects of the IaaS cloud service model are managed by the service provider? (Choose two)

A. virtual network
B. applications
C. physical network
D. hypervisors
E. virtual machines

Answer 54

physical network

hypervisors

Question 55

A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to mitigate this risk?

A. aaa authentication console
B. config-register 0x00000041
C. no service password-recovery
D. no service sw-reset-button

Answer 55

no service password-recovery

Question 56

What is the purpose of a denial-of-service attack?

A. to exploit a security vulnerability on a computer system to steal sensitive information

B. to disrupt the normal operation of a targeted system by overwhelming it

C. to spread throughout a computer system by self-replicating to additional hosts

D. to prevent or limit access to data on a computer system by encrypting it

Answer 56

to disrupt the normal operation of a targeted system by overwhelming it

Question 57

What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physical Secure Email Gateway?

A. provides faster performance
B. enables the allocation of additional resources
C. provides an automated setup process
D. simplifies the distribution of software updates

Answer 57

simplifies the distribution of software updates

Question 58

Which Cisco AnyConnect module is integrated with Splunk Enterprise to provide monitoring capabilities to administrators to allow them to view endpoint application usage?

A. ISE Posture
B. Umbrella Roaming Security
C. AMP Enabler
D. Network Visibility

Answer 58

Network Visibility

Question 59

An engineer must configure Cisco Secure Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?

A. Create an application control blocked applications list.
B. Add a list for simple custom detection.
C. Modify the advanced custom detection list to include these files.
D. Identify the network IPs and place them in a blocked list.

Answer 59

Create an application control blocked applications list

Question 60

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?

A. DNS Security Essentials
B. SIG Essentials
C. DNS Security Advantage
D. SIG Advantage

Answer 60

DNS Security Advantage

Question 61

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?

A. DNS Security Essentials
B. SIG Essentials
C. DNS Security Advantage
D. SIG Advantage

Answer 61

DNS Security Advantage

Question 62

Which two VPN tunneling protocols support the use of IPsec to provide data integrity, authentication, and data encryption? (Choose two)

A. OpenVPN
B. Secure Socket Tunneling Protocol
C. Generic Routing Encapsulation Protocol
D. Point-to-Point Tunneling Protocol
E. Layer 2 Tunneling Protocol

Answer 62

Generic Routing Encapsulation Protocol

Layer 2 Tunneling Protocol

Question 63

Which firewall deployment mode allows inspection of traffic between servers in the same IP subnet?

A. transparent
B. multicontext
C. virtual
D. routed

Answer 63

transparent

Question 64

Which two Cisco ISE components enforce security policies on noncompliant endpoints by blocking network access? (Choose two)

A. profiling
B. TACACS+
C. Apex licensing
D. DHCP and SNMP probes
E. posture agents

Answer 64

profiling

posture agents

Question 65

An administrator is testing new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue?

A. NTP authentication has been configured on the network device.

B. The network device is sending the wrong password to the server.

C. NTP authentication has been configured on the NTP server.

D. The server changed its time source to stratum 1.

Answer 65

The network device is sending the wrong password to the server.

Question 66

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?

A. pass
B. buffer
C. reset
D. drop

Answer 66

pass

Question 67

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization’s inside network 192.168.1.0/24. Which IOS command must be used to create the access control list?

A. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0

B. access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

C. access-list permit http 192.168.1.0 255.255.255.0 any

D. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

Answer 67

access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

Question 68

Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations?

A. hybrid cloud
B. private cloud
C. community cloud
D. public cloud

Answer 68

community cloud

Question 69

What must be configured on Cisco Secure Endpoint to create a custom detection file list to detect and quarantine future files?

A. Use the simple custom detection feature and add each detection to the list

B. Add a network IP block allowed list to the configuration and add the blocked files

C. Create an advanced custom detection and upload the hash of each file

D. Configure an application control allowed applications list to block the files

Answer 69

Use the simple custom detection feature and add each detection to the list

Question 70

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?

A. denial-of-service
B. cross-site request forgery
C. man-in-the-middle
D. SQL injection

Answer 70

SQL injection

Question 71

Which two devices support WCCP for traffic redirection? (Choose two)

A. Cisco Secure Web Appliance
B. Cisco IOS
C. proxy server
D. Cisco ASA
E. Cisco IPS

Answer 71

Cisco IOS

Cisco ASA

Question 72

An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generated by the user is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goal?

A. group policy
B. NAT exemption
C. encryption domain
D. routing table

Answer 72

group policy

Question 73

A network administrator is modifying a remote access VPN on an FTD managed by an FMC. The administrator wants to offload traffic to certain trusted domains. The administrator wants this traffic to go out of the client’s local internet and send other internet-bound traffic over the VPN. Which feature must the administrator configure?

A. dynamic access policies
B. local LAN access
C. dynamic split tunneling
D. reverse route injection

Answer 73

dynamic split tunneling

Question 74

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?

A. The changes are applied immediately if the destination list is part of a policy

B. The destination list must be removed from the policy before changes are made to it

C. The changes are applied only after the configuration is saved in Cisco Umbrella

D. The user role of Block Page Bypass or higher is needed to perform these changes

Answer 74

The changes are applied immediately if the destination list is part of a policy

Question 75

What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?

A. public collection of threat intelligence feeds

B. service used to exchange security information

C. language used to represent security information

D. threat intelligence sharing organization

Answer 75

service used to exchange security information

Question 76

A network administrator has configured TACACS on a network device using the key Cisc0467380030 for authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is failing. Which configuration step must the administrator complete?

A. Configure the TACACS key on the server to match with the network device.

B. Install a compatible operating system version on the TACACS server.

C. Implement synchronized system clock on TACACS server that matches the network device.

D. Apply an access control list on TACACS server to allow communication with the network device.

Answer 76

Configure the TACACS key on the server to match with the network device.

Question 77

Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains IPs, and flies, and helps to pinpoint attackers’ infrastructures and predict future threat?

A. Cisco Secure Network Analytics

B. Cisco Secure Cloud Analytics

C. Cisco pxGrid

D. Cisco Umbrella Investigate

Answer 77

Cisco Umbrella Investigate

Question 78

How should an organization gain visibility into encrypted flows leaving the organization?

A. Decrypt and inspect the HTTPS traffic

B. Add Cisco Secure Firewall IPS

C. Enable a VPN for more sensitive data

D. Implement AAA for external users

Answer 78

Decrypt and inspect the HTTPS traffic

Question 79

What is a capability of EPP compared to EDR?

A. EPP prevents attacks on a website, and EDR focuses on protecting computers and servers

B. EPP prevents attacks made via email, and EDR prevents attacks on a web server

C. EPP prevents attacks on an endpoint, and EDR detects attacks that penetrate the environment

D. EPP prevents attacks on an endpoint, and EDR focuses on protecting email and web servers

Answer 79

EPP prevents attacks on an endpoint

Question 80

Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organizations cloud environment?

A. Cisco DNA

B. Cisco Secure Workload

C. Cisco FTD

D. Cisco CSR 1000v

Answer 80

Cisco DNA

Question 81

Refer to the exhibit.

host_api_url = “/api/fmc_config/v1/domain/” + DOMAIN_UUID + “/object/hosts?bulk=true”
host_url = “https://” + address + host_api_uri
header = { ‘Content-Type’:application/json’, ‘ x-auth-access-token’:
accesstoken }
if host != []:
response = requests.request(“POST”, host_url, headers=headers,
data = host_payload , verify=False)
else:
print(“Please validate that the CSV file provided is correct or at correct location”)

Which task is the Python script performing by using the Cisco Secure Firewall API?

A. removing an existing bulk list of internal hosts from Cisco Secure Firewall Management Center

B. retrieving a bulk list of network hosts from Cisco Secure Firewall Management Center

C. adding to an existing bulk list of internal hosts on Cisco Secure Firewall Management Center

D. pushing a bulk list of network hosts to Cisco Secure Firewall Management Center

Answer 81

pushing a bulk list of network hosts to Cisco Secure Firewall Management Center

Question 82

An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware?

A. Block Files
B. Block Malware
C. Detect Files
D. Malware Cloud Lookup

Answer 82

Block Malware

Question 83

An engineer configured 802.1X authentication on a switch port but cannot authenticate. Which action must the engineer take to validate if the user credentials are correct?

A. Check policy enforcement point for the authentication mechanism and credentials used

B. Check the authenticator and view the debug logs for the username and password.

C. Check the supplicant logs for the username and password entered then check the authentication provider

D. Check the logs of the authentication server for the username and authentication rejection logs

Answer 83

Check the logs of the authentication server for the username and authentication rejection logs

Question 84

How does a Cisco Secure Web Appliance integrated with LDAP handle the permissions of a currently logged in Active Directory group member when the Active Directory administrator changes the permissions of the user’s group mid session?

A. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session

B. If the Cisco Secure Client Mobility Client is configured on the endpoint to provide Active Directory updates, the Cisco Secure Web Appliance changes the user’s permissions immediately when alerted by the client.

C. The Cisco Secure Web Appliance terminates the current session and prompts the user to re-authenticate in order to update the effective permissions

D. If the Cisco Secure Web Appliance is configured to receive real-time updates from the Active Directory user agent, it changes the user’s permissions immediately when the agent sends the update

Answer 84

The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session

Question 85

The security team has installed a Cisco Secure Email Gateway. During setup, a large number of email messages are being blocked. The security team wants to investigate and determine if the emails are part of a phishing or malware attack. Which configuration step must the security team apply?

A. Configure sender domain reputation policy to check if sender email domain is known to be malicious

B. Implement a policy to only allow email from trusted to the network senders

C. Apply a policy to route all blocked emails to a separate quarantine folder

D. Configure a policy to disable spam filtering in order to expedite email delivery

Answer 85

Apply a policy to route all blocked emails to a separate quarantine folder

Question 86

What is an attribute of a successful endpoint patch management strategy?

A. discovering assets
B. defining timing to install patches
C. deciding which patches to install
D. minimizing device variance

Answer 86

defining timing to install patches

Question 87

An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal?

A. SWC service
B. SDC VM
C. SDC event viewer
D. Cisco analytics

Answer 87

SDC VM

Question 88

Which two facts must be considered when deciding whether to deploy the Cisco WSA in Standard mode, Hybrid Web Security mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two)

A. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy

B. The onsite web proxy is not supported in Cloud Web Security Connector mode

C. External DLP is available only in Standard mode and Hybrid Web Security mode

D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring

E. ISE integration is available only in Standard mode and Hybrid Web Security mode

Answer 88

Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy

The onsite web proxy is not supported in Cloud Web Security Connector mode

Question 89

What is a benefit of using GETVPN over FlexVPN within a VPN deployment?

A. GETVPN natively supports MPLS and private IP networks

B. GETVPN interoperates with non-Cisco devices

C. GETVPN supports Remote Access VPNs

D. GETVPN uses multiple security associations for connections

Answer 89

GETVPN natively supports MPLS and private IP networks

Question 90

What is an advantage of using a next-generation firewall compared to a traditional firewall?

A. Next-generation firewall have stateless inspection capabilities, and traditional firewalls use stateful inspection

B. Next-generation firewalls use intrusion prevention policies, and traditional firewalls use intrusion detection policies

C. Next-generation firewalls use dynamic packet filtering, and traditional firewalls use static packet filtering

D. Next-generation firewalls have threat intelligence feeds, and traditional firewalls use signature detection

Answer 90

Next-generation firewalls have threat intelligence feeds

Question 91

An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two)

A. Configure the DNS security settings

B. Point DHCP to Umbrella platform DHCP servers

C. Point DNS to Umbrella platform DNS servers

D. Install the Umbrella root certificate

E. Enter a network public IP address

Answer 91

Point DNS to Umbrella platform DNS servers

Enter a network public IP address

Question 92

Which feature is used to configure an encrypted route-based site-to-site VPN from a Cisco router to a cloud environment?

A. Tunnel Mode Auto Selection
B. IKE Profile Based Selection
C. FlexVPN Mixed Mode
D. virtual tunnel interface

Answer 92

virtual tunnel interface

Question 93

An engineer is configuring Outbreak Filters for a Cisco Secure Email Gateway to protect a network from large-scale virus outbreaks and phishing scams. Any URLs that match the filter must be logged with these details:

1. Category
2. Reputation score
3. Outbreak Filter rewrites

Which CLI command must the engineer use?

A. quarantineconfig
B. dlpconfig
C. outbreakconfig
D. outbreakfilters

Answer 93

outbreakconfig

Question 94

What is a benefit of implementing multifactor authentication for an application?

A. links devices with applications improving discovery

B. allows secure connections to the application

C. allows remote access to the application

D. helps prevent stolen credentials from being used

Answer 94

helps prevent stolen credentials from being used

Question 95

An engineer must configure a Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of emails that violate the DLP policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet the requirements?

A. Secure Message Forwarding
B. Secure Reply All
C. Matched Content Logging
D. DLP Message Action

Answer 95

Matched Content Logging

Question 96

Refer to the exhibit.

import requests
import json
from datetime import datetime
import base64
API_req = “c47757e9-9216-4f92-8etd-eff31bb4e0759ee”
API_secret =”fjks2454skfj2”
API_combined = API_key + “:” API_secret
base64= (base64.standard_b64encode(bytes(API_combined, ‘utf-8’))).decode(“utf-8”)
organization = “1385624”
reporting_url =”https://reports.api.umbrella.com/v1/organization/”
+ organization + “/security-activity”
time= datetime.now().isoformat()
headers = {
‘Authorization’: “Basic” + base64
}
req = requests.get{reporting_url, headers=headers)
output = req.json()
if(req.status.code == 200)
print(“SUCCESS” at %(time)s is the most recent security
activity : %(output)s % {‘time’:, time, ‘output’: output})
else:
print(“An error has occurred with the following code %(error)s,
please consult the following link: https://docs.umbrella.con/
investigate-api/” % {’error’: req.status_code})

Which task is the Python script performing by using the Cisco Umbrella API?

A. creating a list of the latest security events

B. copying a list of the latest security activity

C. retrieving a list of the latest security events

D. sending a list of the latest security activity

Answer 96

sending a list of the latest security activity

Question 97

What is a feature of an endpoint detection and response solution?

A. ensuring the security of network devices by choosing which devices are allowed to reach the network

B. rapidly and consistently observing and examining data to mitigate threats

C. preventing attacks by identifying harmful events with machine learning and conduct-based defense

D. capturing and clarifying data on email, endpoints, and servers to mitigate threats

Answer 97

preventing attacks by identifying harmful events with machine learning and conduct-based defense

Question 98

Which file type is supported when performing a bulk upload of destinations into a destination list on Cisco Umbrella?

A. XLS
B. TXT
C. CSV
D. RTF

Answer 98

TXT

Question 99

A network administrator has installed Secure Endpoint in the network. During setup it was noticed an endpoint has been exhibiting unusual behavior, including slow performance and unexpected network activity. Administrator discovers a suspicious file running in the background. Which step must the network administrator take to investigate and remediate the potential malware?

A. Isolate the endpoint from the network

B. Reset the endpoint password and enable multi-factor authentication

C. Disable all non-essential processes running on the endpoint

D. Format and reinstall the operating system on the endpoint

Answer 99

Isolate the endpoint from the network

Question 100

Which component performs the resolution between the tunnel address and mGRE address in DMVPN?

A. NHRP
B. NHS
C. GDOI
D. NBMA

Answer 100

NHRP

Question 101

A network administrator needs a solution to match traffic and allow or deny the traffic based on the type of application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement?

A. next-generation firewall

B. web application firewall

C. intrusion detection system

D. next-generation intrusion prevention system

Answer 101

next-generation intrusion prevention system

Question 102

What is a difference between encrypted passwords and hardcoded passwords?

A. Encrypted passwords are easier to obtain, and hardcoded passwords are known only to developers

B. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code

C. Encrypted passwords are used for frontend applications, and hardcoded passwords are used for backend applications

D. Encrypted passwords are generated by an application user, and hardcoded passwords are generated randomly

Answer 102

Encrypted passwords are stored in a database

Question 103

A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full?

A. It deletes logs older than a configurable age

B. It archives older logs in a compressed file to free space

C. It suspends logging and reporting functions

D. It overwrites the oldest log files

Answer 103

It suspends logging and reporting functions

Question 104

Which platform uses Cyber Threat Intelligence as its main source of information?

A. Cisco Secure Endpoint
B. EDR
C. EPP
D. Cisco ASA

Answer 104

Cisco Secure Endpoint