Exam A Flashcards
An engineer wants to assign a printer to a different VLAN than it is statically configured on the switch port. Which CoA type should the engineer use?
A. CoA-Terminate
B. No-CoA
C. Port-Bounce
D. CoA-Reauth
Port-Bounce
An administrator needs to be able to have a router securely with a network management system. The connections must be authenticated but not encrypted. While meeting these requirements, which command will create a group that allows a user on the network management system access to the router?
A. snmp-server group v2c
B. snmp-server group v3 priv write
C. snmp-server group v3 auth
D. snmp-server group v2c write
snmp-server group v3 auth
What are two core components of a Cisco Umbrella solution? (Choose two)
A. Cloud container platform
B. DNS layer security
C. Cisco ISE
D. Transport Layer Security
E. Cloud access security broker
DNS layer security
Cloud access security broker
Which solution provides a comprehensive views of internet domains, IP address, and autonomous system to help pinpoint attackers and malicious infrastructures?
A. Cisco Advanced Malware Investigate
B. Cisco Umbrella Investigate
C. Cisco Tetration Cloud
D. Cisco Thread Indication Database
Cisco Umbrella Investigate
A network engineer has been tasked with configuring OSPF neighbor authentication on the WAN router for a branch office. The WAN router connects to the OSPF backbone area via an MPLS circuit that terminates on interface GigabitEthernet 0/0/0. The router id for this router is tied to the loopback0 interface. The password used for neighbor authentication should be encrypted when transmitted over the WAN. Which two IOS commands are required to enable OSPF neighbor authentication on this scenario? (Choose two)
A. ip ospf message-digest-key under the GigabitEthernet0/0/0 interface configuration
B. ip ospf authentication-key under Loopback0 interface configuration
C. service password-encryption under global configuration mode
D. area 0 authentication under the OSPF routing process configuration
E. area 0 authentication message-digest under the OSPF routing process configuration
ip ospf message-digest-key under the GigabitEthernet0/0/0 interface configuration
area 0 authentication message-digest under the OSPF routing process configuration
How can Cisco Tetration connect to something within customer/3rd party network if the customer/3rd party network doesn’t allow incoming connections?
A. Reverse tunnel
B. GRE tunnel
C. Source NAT
D. Destination NAT
Reverse tunnel
Which Cisco security platform is integrated into an organization’s cloud environment on AWS, google cloud, or AZUR to provide agentless visibility across the network by using advance machine learning and behavioral analytics?
A. Cisco ISE cloud
B. Cisco Stealthwatch cloud
C. Cisco ASAv
D. Cisco AMP cloud
Cisco Stealthwatch cloud
An engineer is configuring DHCP snooping on a cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition this will occur?
A. A packet from a DHCP server is received from inside the network or firewall
B. A packet is received on an untrusted interface and the source MAC Address and the DHCP client hardware address do not match
C. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0
D. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database
A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A. Application settings
B. Destination lists
C. Content categories
D. Security settings
Destination lists
While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two)
A. IP addresses
B. URLs
C. port numbers
D. protocol IDs
E. MAC addresses
IP addresses
URLs
Which actions configure the IEEE 802.11x Flexible Authentication feature to support Layer 3 authentications mechanisms?
A. Modify the Dot1X configuration on the VPN server to send Layer 3 authentications to an external authentication database.
B. Add MAB into the switch to allow redirection to a Layer 3 device for authentication
C. Identify the devices using this feature and create a policy that allows them to pass Layer2 authentication
D. Configure WebAuth so the hosts are redirected to a web page for authentication
Configure WebAuth so the hosts are redirected to a web page for authentication
Which action adds IOCs to customize detections for a new attack?
A. Upload the IOCs into the installed Endpoint IOC feature within Cisco AMP For Endpoints.
B. Use the initiate Endpoint IOC scan feature to gather the IOC information and push it to the clients.
C. Modify the base policy within Cisco AMP for Endpoints to include simple custom detections.
D. Add a custom Advanced detection to include the IOCs needed within Cisco For endpoints.
Upload the IOCs into the installed Endpoint IOC feature within Cisco AMP For Endpoints.
Which platform besides the Cisco ASA should be deployed to provide content redirection using Direct-To-Tower methods without the need for the customer to send traffic using PAC files or third-party proxies?
A. Cisco ASR
B. Cisco ISR
C. Cisco WSA
D. Cisco CWS
Cisco CWS
An organization is using CSR1000v routers in their private cloud infrastructure. They must upgrade their code to address vulnerabilities within their running code version. Who is responsible for these upgrades?
A. The cloud vendor is responsible for updating all code hosted in the cloud
B. The cloud service provider must be asked perform the upgrade
C. The organization must upgrade the code for the devices they manage
D. The CSR1000v is upgraded automatically as new code becomes available
The organization must upgrade the code for the devices they manage
Which action blocks specific IP address whenever a computer with Cisco AMP for Endpoints installed connects to the network?
A. Create a simple custom detection policy and add the IP address
B. Create an application block list and add the IP address
C. Create an advanced custom detection policy and add the IP address
D. Create an IP Block & Allow list and add the IP address
Create an IP Block & Allow list and add the IP address
A company has an infrastructure ACI policy on its perimeter router that denies RFC1918 address, unused address ranges, any packets that use the IP address range that is assigned to the internal IP infrastructure, and 127.0.0.1. All these rules apply to incoming traffic from the internet. Which two attacks are prevented by using this method? (Choose two)
A. Losing the line protocol keep-alives and routing protocol update
B. Spoofing the IP address of another customer to steal service
C. DoS attack that cause high CPU utilization
D. Gaining of access to network devices using a spoofed address
E. Routing processor resource exhaustion
Spoofing the IP address of another customer to steal service
Gaining of access to network devices using a spoofed address
Which two tasks are required when a decryption policy is implemented on a Cisco WSA? (Choose two)
A. Upload a root certificate and private key
B. Enable HTTPS attack protection
C. Enable real-time revocation status checking
D. Configure invalid certificate handing
E. Enable the HTTPS proxy
Upload a root certificate and private key
Enable the HTTPS proxy
What is a difference between GRE over IPsec and IPsec with crypto map?
A. GRE over IPsec supports non-IP protocols
B. Multicast traffic is supported by IPsec with crypto map
C. GRE provides its own encryption mechanism
D. IPsec with crypto map offers better scalability
GRE over IPsec supports non-IP protocols
Which attack gives unauthorized access to files on the web server?
A. Broadcast storm
B. DHCP snooping
C. Distributed DoS
D. Path transversal
Path transversal
Which VPN provides scalability for organizations with many remote sites?
A. SSL VPN
B. Site-to-site IPsec
C. DMVPN
D. GRE over IPsec
DMVPN
When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?
A. Cisco ISE
B. Cisco ASA
C. Cisco AMP Private Cloud
D. Cisco Cloudlock
Cisco Cloudlock
What are two examples of code injection vulnerabilities? (Choose two)
A. Session hijacking
B. Cross-site-scripting
C. XML external entity injection
D. Arbitrary command injection
E. SQL injection
Cross-site-scripting
SQL injection
A network engineer must secure a Cisco switch from a MAC address flooding attack by allowing only the MAC address of currently connected PC on port Gi1/0/28. Which Cisco IOS command must be run to check if that MAC address is currently known and is the only MAC address allowed on that port?
A. show port-security
B. show port-security interface GigabitEthernet 1/0/28
C. show port-security address
show port-security interface GigabitEthernet 1/0/28
Which problem is solved by deploying a multicontext firewall?
A. Overlapping IP addressing plan
B. Faster inspection
C. More secure policy
D. Resilient high availability design
Overlapping IP addressing plan
What are two targets in cross-site scripting attacks? (Choose two)
A. Footer
B. Cookie
C. Image
D. Input
E. Header
Cookie
Input
An administrator wants to ensure that the organization’s remote access VPN devices can connect to the VPN without the user logging into the devices. Which action accomplishes this task?
A. Modify the Cisco AnyConnect Client image to start before logon and use the users cached credentials for authentication
B. Change the Cisco AnyConnect Connection Profile to allow for authentication prior to logon and use the user certificate for authentication
C. Configure the Start Before Logon feature in the Cisco AnyConnect Client and use certificate authentication
D. Add the Auto Connect feature in the Cisco AnyConnect Group Policy and use the machine certificate as the authentication indentity
Configure the Start Before Logon feature in the Cisco AnyConnect Client and use certificate authentication
Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches?
A. Northbound APIs
B. Unprotected APIs
C. Southbound APIs
D. Rest APIs
Southbound APIs
Which security mechanism is designed to protect against offline brute-force attacks?
A. Salt
B. CAPTCHA
C. MFA
D. Token
MFA
Which process is used to obtain a certificate from a CA?
A. Enrollment
B. Signing
C. Approval
D. Registration
Enrollment
Which two products are used to forecast capacity needs accurately in real time? (Choose two)
A. Cisco Workload Optimization Manager
B. Cisco Cloudlock
C. Cisco AppDynamics
D. Cisco Umbrella
E. Cisco Tetration
Cisco Workload Optimization Manager
Cisco AppDynamics
Which two algorithms must be used when an engineer is creating a connection that will have classified data across it? (Choose two)
A. SHA-384
B. RC4
C. RSA-3072
D. AES-256
E. ECDSA-256
SHA-384
AES-256
Which common exploit method is TLS 1.3 designed to prevent?
A. Man-in-the-middle attack
B. Cross-site-request forgery
C. Cross-site-scripting
D. Denial-of-service attack
Man-in-the-middle attack
A website administrator wants to prevent SQL injection attacks the company’s customer database, which is referenced by the web server. Which two methods help prevent SQL injection attacks? (Choose two)
A. using load balancers with NAT
B. enforcing TLS 1.3 only
C. using SSL certificates
D. using web application firewalls
E. performing input validation
using web application firewalls
performing input validation
Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco implementation (Choose two)
A. ADC
B. ERSPAN
C. Cisco ASA
D. NetFlow
E. Cisco Secure Workload
ERSPAN
NetFlow
An engineer is configuring a Cisco Cloud Email Security instance to send logs to an external server for auditing. For security purposes, a username and SSH key has been generated on the remote log server that accepts only the SSHv2 protocol. Which log retrieval method must be configured in the log subscription?
A. Syslog push
B. FTP push
C. Manually download
D. SCP push
SCP push
A network Administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants to limit the strain on firewall resources. Which method must be used to send these logs to Cisco Security Analytics and Logging?
A. SFTP using the FMC CLI
B. HTTP POST using the Security Analytics FMC plugin
C. Direct connection using SNMP traps
D. Syslog using the Secure Event Connector
Syslog using the Secure Event Connector
Refer to the exhibit.
*Jul 1 15:33:50.027: ISAKMP: (0):Enqueued KEY_MGR_SESSION_CLOSED for Tunnel0 deletion
*Jul 1 15:33:50.027: ISAKMP: (0):Deleting peer node by peer_reap for 2.2.2.2: D1250B0
*Jul 1 15:33:50.029: ISAKMP: (1001):peer does not do paranoid keepalives.
*Jul 1 15:33:54.781: ISAKMP-PAK: (0) received packet from 2.2.2.2 dport 500 sport 500 Global (N) NEW SA
*Jul 1 15:33:54.781: ISAKMP: (0):Created a peer struct for 2.2.2.2, peer port 500
*Jul 1 15:33:54.781: ISAKMP: (0):New peer created peer = 0x11026528 peer_handle = 0x80000004
*Jul 1 15:33:54.781: ISAKMP: (0):Locking peer struct 0x11026528, refcount 1 for crypto_isakmp_process_block
*Jul 1 15:33:54.782: ISAKMP: (0):local port 500, remote port 500
*Jul 1 15:33:54.782: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 104E3C68
*Jul 1 15:33:54.782: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Jul 1 15:33:54.782: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1
Which command results in these messages when attempting to troubleshoot an IPsec VPN connection?
A. debug crypto ipsec
B. debug crypto isakmp
C. debug crypto isakmp connection
D. debug crypto ipsec endpoint
debug crypto isakmp
What describes the function of the
crypto isakmp key C1$c449400824 address 0.0.0.0 0.0.0.0
command when configuring an IPsec VPN tunnel on a Cisco IOS router?
A. It configures the IP address and subnet mask of the VPN server
B. It allows connections from any hosts using the defined preshared key
C. It defines that all data is going to be encrypted via the VPN
D. It drops spoofed VPN traffic using 0.0.0.0 as the source or destination IP address
It allows connections from any hosts using the defined preshared key
Which two activities are performed using Cisco DNA Center? (Choose two)
A. DNS
B. DHCP
C. design
D. provision
E. accounting
design
provision
What is the ideal deployment mode to use when you need to manage separate security policies for multiple customers on a Cisco ASA device?
A. spanned cluster mode
B. IRB mode
C. VRF mode
D. multiple context mode
multiple context mode
Which algorithm does ISAKMP use to securely derive encryption and integrity keys?
A. AES
B. Diffie-Hellman
C. 3DES
D. RSA
Diffie-Hellman
In which cloud services model is the customer responsible for scanning for and mitigation of application vulnerabilities?
A. VMaaS
B. IaaS
C. PaaS
D. SaaS
IaaS
For which type of attack is multifactor authentication an effective deterrent?
A. syn flood
B. ping of death
C. phishing
D. teardrop
phishing
An organization wants to reduce their attack surface for cloud applications. They want to understand application communications, detect abnormal application behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?
A. Modify the Cisco Duo configuration to restrict access between applications.
B. Use Cisco ISE to provide application visibility and restrict access to them.
C. Configure Cisco Tetration to detect anomalies and vulnerabilities.
D. Implement Cisco Umbrella to control the access each application is granted.
Configure Cisco Tetration to detect anomalies and vulnerabilities.
Refer to the exhibit.
RouterA(config)#crypto key generate rsa general-keys label SSH modules 2048
RouterA(config)#ip ssh rsa keypair-name SSH
RouterA(config)#ip ssh version 2
An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two)
A. enables SSHv1 on the router
B. uses the FQDN with the label command
C. generates RSA key pairs on the router
D. generates AES key pairs on the router
E. labels the key pairs to be used for SSH
generates RSA key pairs on the router
labels the key pairs to be used for SSH
When MAB is configured for use within the 802.1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password?
A. The MAB uses the Call-Station-ID as username and password
B. The MAB uses the IP address as username and password.
C. Each device must be set manually by the administrator.
D. The MAB uses the MAC address as username and password
The MAB uses the MAC address as username and password
Which solution operates as a cloud-native CASB?
A. Cisco Umbrella
B. Cisco pxGrid
C. Cisco CloudLock
D. Cisco Stealthwatch Cloud
Cisco CloudLock
A security audit recently revealed that an administrator is using the same password of C1$c0451175124 for his personal account across multiple systems. What must be implemented by the company to reduce the changes of this happening again?
A. centralized user authentication
B. security awareness training
C. strict password policies
D. role based access control
security awareness training
Which entity is responsible for encrypting data in transit using an IaaS model versus a SaaS model?
A. Cloud Service Provider for IaaS and Cloud Service Customer for SaaS
B. Cloud SLA Manager for IaaS and Cloud Application Developer for SaaS
C. Cloud Service Customer for IaaS and Cloud Service Provider for SaaS
D. Cloud Application Developer for IaaS and Cloud SLA Manager for SaaS
Cloud Service Customer for IaaS and Cloud Service Provider for SaaS
Which common threat can be prevented by implementing port security on switch ports?
A. VLAN hopping attacks
B. spoofing attacks
C. denial-of-service attacks
D. eavesdropping attacks
denial-of-service attacks
When a site-to-site VPN is configuring in Cisco FMC, which topology is supported when crypto ACLs are used instead of protected networks to define interesting traffic?
A. point-to-point
B. hub-and-spoke
C. DMVPN
D. full mesh
point-to-point
Which solution provides end-to-end visibility of applications and insights about application performance?
A. Cisco Secure Cloud Analytics
B. Cisco Cloudlock
C. Cisco Tetration
D. Cisco AppDynamics
Cisco AppDynamics
Which two methods are valid to be included in an authentication method list? (Choose two)
A. default
B. login
C. console
D. line
E. enable
login
enable
Which two aspects of the IaaS cloud service model are managed by the service provider? (Choose two)
A. virtual network
B. applications
C. physical network
D. hypervisors
E. virtual machines
physical network
hypervisors
A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to mitigate this risk?
A. aaa authentication console
B. config-register 0x00000041
C. no service password-recovery
D. no service sw-reset-button
no service password-recovery
What is the purpose of a denial-of-service attack?
A. to exploit a security vulnerability on a computer system to steal sensitive information
B. to disrupt the normal operation of a targeted system by overwhelming it
C. to spread throughout a computer system by self-replicating to additional hosts
D. to prevent or limit access to data on a computer system by encrypting it
to disrupt the normal operation of a targeted system by overwhelming it
What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physical Secure Email Gateway?
A. provides faster performance
B. enables the allocation of additional resources
C. provides an automated setup process
D. simplifies the distribution of software updates
simplifies the distribution of software updates
Which Cisco AnyConnect module is integrated with Splunk Enterprise to provide monitoring capabilities to administrators to allow them to view endpoint application usage?
A. ISE Posture
B. Umbrella Roaming Security
C. AMP Enabler
D. Network Visibility
Network Visibility
An engineer must configure Cisco Secure Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?
A. Create an application control blocked applications list.
B. Add a list for simple custom detection.
C. Modify the advanced custom detection list to include these files.
D. Identify the network IPs and place them in a blocked list.
Create an application control blocked applications list
Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?
A. DNS Security Essentials
B. SIG Essentials
C. DNS Security Advantage
D. SIG Advantage
DNS Security Advantage
Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?
A. DNS Security Essentials
B. SIG Essentials
C. DNS Security Advantage
D. SIG Advantage
DNS Security Advantage
Which two VPN tunneling protocols support the use of IPsec to provide data integrity, authentication, and data encryption? (Choose two)
A. OpenVPN
B. Secure Socket Tunneling Protocol
C. Generic Routing Encapsulation Protocol
D. Point-to-Point Tunneling Protocol
E. Layer 2 Tunneling Protocol
Generic Routing Encapsulation Protocol
Layer 2 Tunneling Protocol
Which firewall deployment mode allows inspection of traffic between servers in the same IP subnet?
A. transparent
B. multicontext
C. virtual
D. routed
transparent
Which two Cisco ISE components enforce security policies on noncompliant endpoints by blocking network access? (Choose two)
A. profiling
B. TACACS+
C. Apex licensing
D. DHCP and SNMP probes
E. posture agents
profiling
posture agents
An administrator is testing new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue?
A. NTP authentication has been configured on the network device.
B. The network device is sending the wrong password to the server.
C. NTP authentication has been configured on the NTP server.
D. The server changed its time source to stratum 1.
The network device is sending the wrong password to the server.
What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?
A. pass
B. buffer
C. reset
D. drop
pass
A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization’s inside network 192.168.1.0/24. Which IOS command must be used to create the access control list?
A. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0
B. access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80
C. access-list permit http 192.168.1.0 255.255.255.0 any
D. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80
Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations?
A. hybrid cloud
B. private cloud
C. community cloud
D. public cloud
community cloud
What must be configured on Cisco Secure Endpoint to create a custom detection file list to detect and quarantine future files?
A. Use the simple custom detection feature and add each detection to the list
B. Add a network IP block allowed list to the configuration and add the blocked files
C. Create an advanced custom detection and upload the hash of each file
D. Configure an application control allowed applications list to block the files
Use the simple custom detection feature and add each detection to the list
A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?
A. denial-of-service
B. cross-site request forgery
C. man-in-the-middle
D. SQL injection
SQL injection
Which two devices support WCCP for traffic redirection? (Choose two)
A. Cisco Secure Web Appliance
B. Cisco IOS
C. proxy server
D. Cisco ASA
E. Cisco IPS
Cisco IOS
Cisco ASA
An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generated by the user is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goal?
A. group policy
B. NAT exemption
C. encryption domain
D. routing table
group policy
A network administrator is modifying a remote access VPN on an FTD managed by an FMC. The administrator wants to offload traffic to certain trusted domains. The administrator wants this traffic to go out of the client’s local internet and send other internet-bound traffic over the VPN. Which feature must the administrator configure?
A. dynamic access policies
B. local LAN access
C. dynamic split tunneling
D. reverse route injection
dynamic split tunneling
A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?
A. The changes are applied immediately if the destination list is part of a policy
B. The destination list must be removed from the policy before changes are made to it
C. The changes are applied only after the configuration is saved in Cisco Umbrella
D. The user role of Block Page Bypass or higher is needed to perform these changes
The changes are applied immediately if the destination list is part of a policy
What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?
A. public collection of threat intelligence feeds
B. service used to exchange security information
C. language used to represent security information
D. threat intelligence sharing organization
service used to exchange security information
A network administrator has configured TACACS on a network device using the key Cisc0467380030 for authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is failing. Which configuration step must the administrator complete?
A. Configure the TACACS key on the server to match with the network device.
B. Install a compatible operating system version on the TACACS server.
C. Implement synchronized system clock on TACACS server that matches the network device.
D. Apply an access control list on TACACS server to allow communication with the network device.
Configure the TACACS key on the server to match with the network device.
Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains IPs, and flies, and helps to pinpoint attackers’ infrastructures and predict future threat?
A. Cisco Secure Network Analytics
B. Cisco Secure Cloud Analytics
C. Cisco pxGrid
D. Cisco Umbrella Investigate
Cisco Umbrella Investigate
How should an organization gain visibility into encrypted flows leaving the organization?
A. Decrypt and inspect the HTTPS traffic
B. Add Cisco Secure Firewall IPS
C. Enable a VPN for more sensitive data
D. Implement AAA for external users
Decrypt and inspect the HTTPS traffic
What is a capability of EPP compared to EDR?
A. EPP prevents attacks on a website, and EDR focuses on protecting computers and servers
B. EPP prevents attacks made via email, and EDR prevents attacks on a web server
C. EPP prevents attacks on an endpoint, and EDR detects attacks that penetrate the environment
D. EPP prevents attacks on an endpoint, and EDR focuses on protecting email and web servers
EPP prevents attacks on an endpoint
Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organizations cloud environment?
A. Cisco DNA
B. Cisco Secure Workload
C. Cisco FTD
D. Cisco CSR 1000v
Cisco DNA
Refer to the exhibit.
host_api_url = “/api/fmc_config/v1/domain/” + DOMAIN_UUID + “/object/hosts?bulk=true”
host_url = “https://” + address + host_api_uri
header = { ‘Content-Type’:application/json’, ‘ x-auth-access-token’:
accesstoken }
if host != []:
response = requests.request(“POST”, host_url, headers=headers,
data = host_payload , verify=False)
else:
print(“Please validate that the CSV file provided is correct or at correct location”)
Which task is the Python script performing by using the Cisco Secure Firewall API?
A. removing an existing bulk list of internal hosts from Cisco Secure Firewall Management Center
B. retrieving a bulk list of network hosts from Cisco Secure Firewall Management Center
C. adding to an existing bulk list of internal hosts on Cisco Secure Firewall Management Center
D. pushing a bulk list of network hosts to Cisco Secure Firewall Management Center
pushing a bulk list of network hosts to Cisco Secure Firewall Management Center
An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware?
A. Block Files
B. Block Malware
C. Detect Files
D. Malware Cloud Lookup
Block Malware
An engineer configured 802.1X authentication on a switch port but cannot authenticate. Which action must the engineer take to validate if the user credentials are correct?
A. Check policy enforcement point for the authentication mechanism and credentials used
B. Check the authenticator and view the debug logs for the username and password.
C. Check the supplicant logs for the username and password entered then check the authentication provider
D. Check the logs of the authentication server for the username and authentication rejection logs
Check the logs of the authentication server for the username and authentication rejection logs
How does a Cisco Secure Web Appliance integrated with LDAP handle the permissions of a currently logged in Active Directory group member when the Active Directory administrator changes the permissions of the user’s group mid session?
A. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session
B. If the Cisco Secure Client Mobility Client is configured on the endpoint to provide Active Directory updates, the Cisco Secure Web Appliance changes the user’s permissions immediately when alerted by the client.
C. The Cisco Secure Web Appliance terminates the current session and prompts the user to re-authenticate in order to update the effective permissions
D. If the Cisco Secure Web Appliance is configured to receive real-time updates from the Active Directory user agent, it changes the user’s permissions immediately when the agent sends the update
The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session
The security team has installed a Cisco Secure Email Gateway. During setup, a large number of email messages are being blocked. The security team wants to investigate and determine if the emails are part of a phishing or malware attack. Which configuration step must the security team apply?
A. Configure sender domain reputation policy to check if sender email domain is known to be malicious
B. Implement a policy to only allow email from trusted to the network senders
C. Apply a policy to route all blocked emails to a separate quarantine folder
D. Configure a policy to disable spam filtering in order to expedite email delivery
Apply a policy to route all blocked emails to a separate quarantine folder
What is an attribute of a successful endpoint patch management strategy?
A. discovering assets
B. defining timing to install patches
C. deciding which patches to install
D. minimizing device variance
defining timing to install patches
An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal?
A. SWC service
B. SDC VM
C. SDC event viewer
D. Cisco analytics
SDC VM
Which two facts must be considered when deciding whether to deploy the Cisco WSA in Standard mode, Hybrid Web Security mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two)
A. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy
B. The onsite web proxy is not supported in Cloud Web Security Connector mode
C. External DLP is available only in Standard mode and Hybrid Web Security mode
D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring
E. ISE integration is available only in Standard mode and Hybrid Web Security mode
Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy
The onsite web proxy is not supported in Cloud Web Security Connector mode
What is a benefit of using GETVPN over FlexVPN within a VPN deployment?
A. GETVPN natively supports MPLS and private IP networks
B. GETVPN interoperates with non-Cisco devices
C. GETVPN supports Remote Access VPNs
D. GETVPN uses multiple security associations for connections
GETVPN natively supports MPLS and private IP networks
What is an advantage of using a next-generation firewall compared to a traditional firewall?
A. Next-generation firewall have stateless inspection capabilities, and traditional firewalls use stateful inspection
B. Next-generation firewalls use intrusion prevention policies, and traditional firewalls use intrusion detection policies
C. Next-generation firewalls use dynamic packet filtering, and traditional firewalls use static packet filtering
D. Next-generation firewalls have threat intelligence feeds, and traditional firewalls use signature detection
Next-generation firewalls have threat intelligence feeds
An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two)
A. Configure the DNS security settings
B. Point DHCP to Umbrella platform DHCP servers
C. Point DNS to Umbrella platform DNS servers
D. Install the Umbrella root certificate
E. Enter a network public IP address
Point DNS to Umbrella platform DNS servers
Enter a network public IP address
Which feature is used to configure an encrypted route-based site-to-site VPN from a Cisco router to a cloud environment?
A. Tunnel Mode Auto Selection
B. IKE Profile Based Selection
C. FlexVPN Mixed Mode
D. virtual tunnel interface
virtual tunnel interface
An engineer is configuring Outbreak Filters for a Cisco Secure Email Gateway to protect a network from large-scale virus outbreaks and phishing scams. Any URLs that match the filter must be logged with these details:
- Category
- Reputation score
- Outbreak Filter rewrites
Which CLI command must the engineer use?
A. quarantineconfig
B. dlpconfig
C. outbreakconfig
D. outbreakfilters
outbreakconfig
What is a benefit of implementing multifactor authentication for an application?
A. links devices with applications improving discovery
B. allows secure connections to the application
C. allows remote access to the application
D. helps prevent stolen credentials from being used
helps prevent stolen credentials from being used
An engineer must configure a Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of emails that violate the DLP policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet the requirements?
A. Secure Message Forwarding
B. Secure Reply All
C. Matched Content Logging
D. DLP Message Action
Matched Content Logging
Refer to the exhibit.
import requests
import json
from datetime import datetime
import base64
API_req = “c47757e9-9216-4f92-8etd-eff31bb4e0759ee”
API_secret =”fjks2454skfj2”
API_combined = API_key + “:” API_secret
base64= (base64.standard_b64encode(bytes(API_combined, ‘utf-8’))).decode(“utf-8”)
organization = “1385624”
reporting_url =”https://reports.api.umbrella.com/v1/organization/”
+ organization + “/security-activity”
time= datetime.now().isoformat()
headers = {
‘Authorization’: “Basic” + base64
}
req = requests.get{reporting_url, headers=headers)
output = req.json()
if(req.status.code == 200)
print(“SUCCESS” at %(time)s is the most recent security
activity : %(output)s % {‘time’:, time, ‘output’: output})
else:
print(“An error has occurred with the following code %(error)s,
please consult the following link: https://docs.umbrella.con/
investigate-api/” % {’error’: req.status_code})
Which task is the Python script performing by using the Cisco Umbrella API?
A. creating a list of the latest security events
B. copying a list of the latest security activity
C. retrieving a list of the latest security events
D. sending a list of the latest security activity
sending a list of the latest security activity
What is a feature of an endpoint detection and response solution?
A. ensuring the security of network devices by choosing which devices are allowed to reach the network
B. rapidly and consistently observing and examining data to mitigate threats
C. preventing attacks by identifying harmful events with machine learning and conduct-based defense
D. capturing and clarifying data on email, endpoints, and servers to mitigate threats
preventing attacks by identifying harmful events with machine learning and conduct-based defense
Which file type is supported when performing a bulk upload of destinations into a destination list on Cisco Umbrella?
A. XLS
B. TXT
C. CSV
D. RTF
TXT
A network administrator has installed Secure Endpoint in the network. During setup it was noticed an endpoint has been exhibiting unusual behavior, including slow performance and unexpected network activity. Administrator discovers a suspicious file running in the background. Which step must the network administrator take to investigate and remediate the potential malware?
A. Isolate the endpoint from the network
B. Reset the endpoint password and enable multi-factor authentication
C. Disable all non-essential processes running on the endpoint
D. Format and reinstall the operating system on the endpoint
Isolate the endpoint from the network
Which component performs the resolution between the tunnel address and mGRE address in DMVPN?
A. NHRP
B. NHS
C. GDOI
D. NBMA
NHRP
A network administrator needs a solution to match traffic and allow or deny the traffic based on the type of application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement?
A. next-generation firewall
B. web application firewall
C. intrusion detection system
D. next-generation intrusion prevention system
next-generation intrusion prevention system
What is a difference between encrypted passwords and hardcoded passwords?
A. Encrypted passwords are easier to obtain, and hardcoded passwords are known only to developers
B. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code
C. Encrypted passwords are used for frontend applications, and hardcoded passwords are used for backend applications
D. Encrypted passwords are generated by an application user, and hardcoded passwords are generated randomly
Encrypted passwords are stored in a database
A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full?
A. It deletes logs older than a configurable age
B. It archives older logs in a compressed file to free space
C. It suspends logging and reporting functions
D. It overwrites the oldest log files
It suspends logging and reporting functions
Which platform uses Cyber Threat Intelligence as its main source of information?
A. Cisco Secure Endpoint
B. EDR
C. EPP
D. Cisco ASA
Cisco Secure Endpoint
