Exam D Flashcards
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two)
A. Create NTLM or Kerberos authentication realm and enable transparent user identification
B. The eDirectory client must be installed on each client workstation
C. Deploy a separate eDirectory server; the client IP address is recorded in this server
D. Create an LDAP authentication realm and disable transparent user identification
E. Deploy a separate Active Directory agent such as Cisco Context Directory Agent
Create NTLM or Kerberos authentication realm and enable transparent user identification
Deploy a separate Active Directory agent such as Cisco Context Directory Agent
Which MDM configuration provides scalability?
A. BYOD support without extra appliance or licenses
B. enabling use of device features such as camera use
C. pushing WPA2-Enterprise settings automatically to devices
D. automatic device classification with level 7 fingerprinting
pushing WPA2-Enterprise settings automatically to devices
```An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
A. username < username> password
B. username privilege 15 password
C. service password-recovery
D. service password-encryption```
service password-encryption
What are two security benefits of an MDM deployment? (Choose two)
A. distributed software upgrade
B. robust security policy enforcement
C. on-device content management
D. privacy control checks
E. distributed dashboard
robust security policy enforcement
on-device content management
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect
Cisco Stealthwatch
A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two)
A. RADIUS communication must be permitted between the ISE server and the domain controller
B. The ISE account must be a domain administrator in Active Directory to perform JOIN operations
C. Active Directory only supports user authentication by using MSCHAPv2
D. LDAP communication must be permitted between the ISE server and the domain controller
E. Active Directory supports user and machine authentication by using MSCHAPv2
LDAP communication must be permitted between the ISE server and the domain controller
Active Directory supports user and machine authentication by using MSCHAPv2
Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?
A. CoA-ACK
B. CoA-NAK
C. CoA-MAB
D. CoA-NCL
CoA-ACK
What is a feature of container orchestration?
A. ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane
B. ability to deploy Kubernetes clusters in air-gapped sites
C. ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane
D. automated daily updates
ability to deploy Kubernetes clusters in air-gapped sites
Which metric is used by the monitoring agent to collect and output packet loss and jitter information?
A. WSAv performance
B. AVC performance
C. RTP performance
D. OTCP performance
RTP performance
Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?
A. Cisco AMP for Endpoints
B. Cisco AnyConnect
C. Cisco Umbrella
D. Cisco Duo
Cisco AMP for Endpoints
Which two components do southbound APIs use to communicate with downstream devices? (Choose two)
A. services running over the network
B. external application APIs
C. OpenFlow
D. applications running over the network
E. OpFlex
OpenFlow
OpFlex
Which solution detects threats across a private network, public clouds, and encrypted traffic?
A. Cisco Stealthwatch
B. Cisco CTA
C. Cisco Encrypted Traffic Analytics
D. Cisco Umbrella
Cisco Stealthwatch
Which Cisco security solution integrates with cloud applications like Dropbox and Office 365 while protecting data from being exfiltrated?
A. Cisco Talos
B. Cisco Stealthwatch Cloud
C. Cisco Cloudlock
D. Cisco Umbrella Investigate
Cisco Cloudlock
What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and infrastructure automation?
A. container orchestration
B. cloud application security broker
C. compile-time instrumentation
D. continuous integration and continuous deployment
continuous integration and continuous deployment
Which type of attack is MFA an effective deterrent for?
A. ping of death
B. phishing
C. teardrop
D. syn flood
phishing
An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?
A. Install the Cisco Umbrella root CA onto the user’s device.
B. Modify the user’s browser settings to suppress errors from Cisco Umbrella.
C. Upload the organization root CA to Cisco Umbrella.
D. Restrict access to only websites with trusted third-party signed certificates.
Install the Cisco Umbrella root CA onto the user’s device.
A network engineer has configured a NTP server on a Cisco ASA. The Cisco ASA has IP reachability to the NTP server and is not filtering any traffic. The show ntp association detail command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the cause of this issue?
A. Resynchronization of NTP is not forced
B. NTP is not configured to use a working server
C. An access list entry for UDP port 123 on the inside interface is missing
D. An access list entry for UDP port 123 on the outside interface is missing
NTP is not configured to use a working server
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?
A. inbound
B. north-south
C. east-west
D. outbound
outbound
Which solution should be leveraged for secure access of a CI/CD pipeline?
A. SSL WebVPN
B. remote access client
C. Duo Network Gateway
D. Cisco FTD network gateway
Duo Network Gateway
Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers and can be stopped by Cisco Umbrella?
A. DNS tunneling
B. DNS flood attack
C. cache poisoning
D. DNS hijacking
DNS tunneling
Which system performs compliance checks and remote wiping?
A. OTP
B. MDM
C. AMP
D. ISE
MDM
Why is it important to patch endpoints consistently?
A. Patching helps to mitigate vulnerabilities.
B. Patching reduces the attack surface of the infrastructure.
C. Patching is required per the vendor contract.
D. Patching allows for creating a honeypot.
Patching helps to mitigate vulnerabilities.
What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two)
A. It is defined as a Transparent proxy deployment.
B. In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.
C. The PAC file, which references the proxy, is deployed to the client web browser.
D. It is defined as an Explicit proxy deployment.
E. It is defined as a Bridge proxy deployment.
The PAC file, which references the proxy, is deployed to the client web browser.
It is defined as an Explicit proxy deployment.
How does Cisco Umbrella protect clients when they operate outside of the corporate network?
A. by modifying the registry for DNS lookups
B. by using Active Directory group policies to enforce Cisco Umbrella DNS servers
C. by forcing DNS queries to the corporate name servers
D. by using the Cisco Umbrella roaming client
by using the Cisco Umbrella roaming client
Which function is included when Cisco AMP is added to web security?
A. multifactor, authentication-based user identity
B. detailed analytics of the unknown file’s behavior
C. phishing detection on emails
D. threat prevention on an infected endpoint
detailed analytics of the unknown file’s behavior
When a next-generation endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation? (Choose two)
A. continuous monitoring of all files that are located on connected endpoints
B. macro-based protection to keep connected endpoints safe
C. signature-based endpoint protection on company endpoints
D. email integration to protect endpoints from malicious content that is located in email
E. real-time feeds from global threat intelligence centers
continuous monitoring of all files that are located on connected endpoints
real-time feeds from global threat intelligence centers
Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two)
A. The latest antivirus updates are applied before access is allowed.
B. Assignments to endpoint groups are made dynamically, based on endpoint attributes.
C. Patch management remediation is performed.
D. A centralized management solution is deployed.
E. Endpoint supplicant configuration is deployed.
The latest antivirus updates are applied before access is allowed.
A centralized management solution is deployed.
Why should organizations migrate to an MFA strategy for authentication?
A. Single methods of authentication can be compromised more easily than MFA.
B. Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.
C. MFA methods of authentication are never compromised.
D. MFA does not require any piece of evidence for an authentication mechanism.
Single methods of authentication can be compromised more easily than MFA.
What is the purpose of joining Cisco WSAs to an appliance group?
A. All WSAs in the group can view file analysis results
B. It simplifies the task of patching multiple appliances
C. It supports cluster operations to expedite the malware analysis process
D. The group supports improved redundancy
The group supports improved redundancy
Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments?
A. Cisco Umbrella
B. Cisco Stealthwatch Cloud
C. Cisco Appdynamics
D. Cisco CloudLock
Cisco Stealthwatch Cloud
Which two Cisco ISE components must be configured for BYOD? (Choose two)
A. central WebAuth
B. local WebAuth
C. null WebAuth
D. guest
E. dual
central WebAuth
guest
Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?
A. inter-EPG isolation
B. intra-EPG isolation
C. inter-VLAN security
D. placement in separate EPGs
intra-EPG isolation
In which scenario is endpoint-based security the solution?
A. inspecting encrypted traffic
B. device profiling and authorization
C. performing signature-based application control
D. inspecting a password-protected archive
inspecting a password-protected archive
What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two)
A. allows developers to create code once and deploy to multiple clouds
B. helps maintain source code for cloud deployments
C. manages Docker containers
D. manages Kubernetes clusters
E. creates complex tasks for managing code
allows developers to create code once and deploy to multiple clouds
manages Kubernetes clusters
What is the recommendation in a zero-trust model before granting access to corporate applications and resources?
A. to use multifactor authentication
B. to use strong passwords
C. to use a wired network, not wireless
D. to disconnect from the network when inactive
to use multifactor authentication
An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?
A. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not
B. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.
C. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not
D. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.
Cisco FTD because it enables interactive blocking and blocking with reset natively
Which IETF attribute is supported for the RADIUS CoA feature?
A. 81 Message-Authenticator
B. 30 Calling-Station-ID
C. 42 Acct-Session-ID
D. 24 State
24 State
Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?
A. Cisco Secureworks
B. Cisco Configuration Professional
C. Cisco Defense Orchestrator
D. Cisco DNAC
Cisco Defense Orchestrator
Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?
A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count
B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device
C. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice?parameter1=value¶meter2=value&….
D. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice/startIndex/recordsToReturn
GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count
What is the difference between a vulnerability and an exploit?
A. A vulnerability is a hypothetical event for an attacker to exploit
B. An exploit is a hypothetical event that causes a vulnerability in the network
C. An exploit is a weakness that can cause a vulnerability in the network
D. A vulnerability is a weakness that can be exploited by an attacker
A vulnerability is a weakness that can be exploited by an attacker
An administrator needs to configure the Cisco ASA via ASDM such that the network management system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two)
A. Specify the SNMP manager and UDP port.
B. Specify an SNMP user group
C. Specify a community string.
D. Add an SNMP USM entry
E. Add an SNMP host access entry
Specify the SNMP manager and UDP port.
Add an SNMP host access entry
Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?
A. Cisco Endpoint Security Analytics
B. Cisco AMP for Endpoints
C. Endpoint Compliance Scanner
D. Security Posture Assessment Service
Security Posture Assessment Service
When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?
A. guest
B. limited Internet
C. blocked
D. full Internet
blocked
Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?
A. Cisco Identity Services Engine
B. Cisco Enterprise Security Appliance
C. Cisco Web Security Appliance
D. Cisco Advanced Stealthwatch Appliance
Cisco Web Security Appliance
Which technology provides a combination of endpoint protection endpoint detection, and response?
A. Cisco AMP
B. Cisco Talos
C. Cisco Threat Grid
D. Cisco Umbrella
Cisco AMP
When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?
A. It blocks the request.
B. It applies the global policy.
C. It applies the next identification profile policy.
D. It applies the advanced policy.
It applies the global policy.
Which solution supports high availability in routed or transparent mode as well as in northbound and southbound deployments?
A. Cisco FTD with Cisco ASDM
B. Cisco FTD with Cisco FMC
C. Cisco Firepower NGFW physical appliance with Cisco. FMC
D. Cisco Firepower NGFW Virtual appliance with Cisco FMC
Cisco FTD with Cisco FMC
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?
A. retrospective detection
B. elastic search
C. file trajectory
D. indication of compromise
indication of compromise
Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is authenticated?
A. Authorization
B. Accounting
C. Authentication
D. CoA
CoA
Which two authentication protocols are supported by the Cisco WSA? (Choose two)
A. WCCP
B. NTLM
C. TLS
D. SSL
E. LDAP
NTLM
LDAP
Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?
A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication
multifactor authentication
Which baseline form of telemetry is recommended for network infrastructure devices?
A. SDNS
B. NetFlow
C. passive taps
D. SNMP
SNMP
Which Cisco WSA feature supports access control using URL categories?
A. transparent user identification
B. SOCKS proxy services
C. web usage controls
D. user session restrictions
transparent user identification
What is an advantage of the Cisco Umbrella roaming client?
A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections
C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment
the ability to dynamically categorize traffic to previously uncategorized sites
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?
A. Configure Dynamic ARP Inspection and add entries in the DHCP snooping database
B. Configure DHCP snooping and set an untrusted interface for all clients
C. Configure Dynamic ARP Inspection and antispoofing ACLs in the DHCP snooping database
D. Configure DHCP snooping and set a trusted interface for the DHCP server
Configure Dynamic ARP Inspection and add entries in the DHCP snooping database
Which solution stops unauthorized access to the system if a user’s password is compromised?
A. VPN
B. MFA
C. AMP
D. SSL
MFA
Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?
A. filters
B. group key
C. company key
D. connector
connector
Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other interoperable security platforms?
A. IEEE
B. IETF
C. NIST
D. ANSI
IETF
What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?
A. blocks traffic from URL categories that are known to contain malicious content
B. decrypts SSL traffic to monitor for malicious content
C. monitors suspicious traffic across all the TCP/UDP ports
D. prevents data exfiltration by searching all the network traffic for specified sensitive information
monitors suspicious traffic across all the TCP/UDP ports
Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?
A. OWASP
B. Fuzzing Framework
C. Radamsa
D. AFL
OWASP
What is the process of performing automated static and dynamic analysis of files against preloaded behavioral indicators for threat analysis?
A. deep visibility scan
B. point-in-time checks
C. advanced sandboxing
D. advanced scanning
advanced sandboxing
Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to the network?
A. posture
B. profiler
C. Cisco TrustSec
D. Threat Centric NAC
posture
Refer to the exhibit.
import requests
client_id = ‘a1b2c3d4e5f6g7h8i9j0’
api_key = ‘a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6’
What does the API key do while working with https://api.amp.cisco.com/v1/computers?
A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication
Imports requests
How does the Cisco WSA enforce bandwidth restrictions for web applications?
A. It implements a policy route to redirect application traffic to a lower-bandwidth link
B. It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA
C. It sends commands to the uplink router to apply traffic policing to the application traffic
D. It simulates a slower link by introducing latency into application traffic
It sends commands to the uplink router to apply traffic policing to the application traffic
Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?
A. endpoint isolation
B. advanced search
C. advanced investigation
D. retrospective security
retrospective security