Exam D

Question 1

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two)

A. Create NTLM or Kerberos authentication realm and enable transparent user identification

B. The eDirectory client must be installed on each client workstation

C. Deploy a separate eDirectory server; the client IP address is recorded in this server

D. Create an LDAP authentication realm and disable transparent user identification

E. Deploy a separate Active Directory agent such as Cisco Context Directory Agent

Answer 1

Create NTLM or Kerberos authentication realm and enable transparent user identification

Deploy a separate Active Directory agent such as Cisco Context Directory Agent

Question 2

Which MDM configuration provides scalability?

A. BYOD support without extra appliance or licenses
B. enabling use of device features such as camera use
C. pushing WPA2-Enterprise settings automatically to devices
D. automatic device classification with level 7 fingerprinting

Answer 2

pushing WPA2-Enterprise settings automatically to devices

Question 3

```An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?

A. username < username> password
B. username privilege 15 password
C. service password-recovery
D. service password-encryption```

Answer 3

service password-encryption

Question 4

What are two security benefits of an MDM deployment? (Choose two)

A. distributed software upgrade
B. robust security policy enforcement
C. on-device content management
D. privacy control checks
E. distributed dashboard

Answer 4

robust security policy enforcement

on-device content management

Question 5

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect

Answer 5

Cisco Stealthwatch

Question 6

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two)

A. RADIUS communication must be permitted between the ISE server and the domain controller

B. The ISE account must be a domain administrator in Active Directory to perform JOIN operations

C. Active Directory only supports user authentication by using MSCHAPv2

D. LDAP communication must be permitted between the ISE server and the domain controller

E. Active Directory supports user and machine authentication by using MSCHAPv2

Answer 6

LDAP communication must be permitted between the ISE server and the domain controller

Active Directory supports user and machine authentication by using MSCHAPv2

Question 7

Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?

A. CoA-ACK
B. CoA-NAK
C. CoA-MAB
D. CoA-NCL

Answer 7

CoA-ACK

Question 8

What is a feature of container orchestration?

A. ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane

B. ability to deploy Kubernetes clusters in air-gapped sites

C. ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane

D. automated daily updates

Answer 8

ability to deploy Kubernetes clusters in air-gapped sites

Question 9

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

A. WSAv performance
B. AVC performance
C. RTP performance
D. OTCP performance

Answer 9

RTP performance

Question 10

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

A. Cisco AMP for Endpoints
B. Cisco AnyConnect
C. Cisco Umbrella
D. Cisco Duo

Answer 10

Cisco AMP for Endpoints

Question 11

Which two components do southbound APIs use to communicate with downstream devices? (Choose two)

A. services running over the network
B. external application APIs
C. OpenFlow
D. applications running over the network
E. OpFlex

Answer 11

OpenFlow

OpFlex

Question 12

Which solution detects threats across a private network, public clouds, and encrypted traffic?

A. Cisco Stealthwatch
B. Cisco CTA
C. Cisco Encrypted Traffic Analytics
D. Cisco Umbrella

Answer 12

Cisco Stealthwatch

Question 13

Which Cisco security solution integrates with cloud applications like Dropbox and Office 365 while protecting data from being exfiltrated?

A. Cisco Talos
B. Cisco Stealthwatch Cloud
C. Cisco Cloudlock
D. Cisco Umbrella Investigate

Answer 13

Cisco Cloudlock

Question 14

What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and infrastructure automation?

A. container orchestration
B. cloud application security broker
C. compile-time instrumentation
D. continuous integration and continuous deployment

Answer 14

continuous integration and continuous deployment

Question 15

Which type of attack is MFA an effective deterrent for?

A. ping of death
B. phishing
C. teardrop
D. syn flood

Answer 15

phishing

Question 16

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?

A. Install the Cisco Umbrella root CA onto the user’s device.

B. Modify the user’s browser settings to suppress errors from Cisco Umbrella.

C. Upload the organization root CA to Cisco Umbrella.

D. Restrict access to only websites with trusted third-party signed certificates.

Answer 16

Install the Cisco Umbrella root CA onto the user’s device.

Question 17

A network engineer has configured a NTP server on a Cisco ASA. The Cisco ASA has IP reachability to the NTP server and is not filtering any traffic. The show ntp association detail command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the cause of this issue?

A. Resynchronization of NTP is not forced

B. NTP is not configured to use a working server

C. An access list entry for UDP port 123 on the inside interface is missing

D. An access list entry for UDP port 123 on the outside interface is missing

Answer 17

NTP is not configured to use a working server

Question 18

Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?

A. inbound
B. north-south
C. east-west
D. outbound

Answer 18

outbound

Question 19

Which solution should be leveraged for secure access of a CI/CD pipeline?

A. SSL WebVPN
B. remote access client
C. Duo Network Gateway
D. Cisco FTD network gateway

Answer 19

Duo Network Gateway

Question 20

Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers and can be stopped by Cisco Umbrella?

A. DNS tunneling
B. DNS flood attack
C. cache poisoning
D. DNS hijacking

Answer 20

DNS tunneling

Question 21

Which system performs compliance checks and remote wiping?

A. OTP
B. MDM
C. AMP
D. ISE

Answer 21

MDM

Question 22

Why is it important to patch endpoints consistently?

A. Patching helps to mitigate vulnerabilities.
B. Patching reduces the attack surface of the infrastructure.
C. Patching is required per the vendor contract.
D. Patching allows for creating a honeypot.

Answer 22

Patching helps to mitigate vulnerabilities.

Question 23

What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two)

A. It is defined as a Transparent proxy deployment.
B. In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.
C. The PAC file, which references the proxy, is deployed to the client web browser.
D. It is defined as an Explicit proxy deployment.
E. It is defined as a Bridge proxy deployment.

Answer 23

The PAC file, which references the proxy, is deployed to the client web browser.

It is defined as an Explicit proxy deployment.

Question 24

How does Cisco Umbrella protect clients when they operate outside of the corporate network?

A. by modifying the registry for DNS lookups

B. by using Active Directory group policies to enforce Cisco Umbrella DNS servers

C. by forcing DNS queries to the corporate name servers

D. by using the Cisco Umbrella roaming client

Answer 24

by using the Cisco Umbrella roaming client

Question 25

Which function is included when Cisco AMP is added to web security?

A. multifactor, authentication-based user identity
B. detailed analytics of the unknown file’s behavior
C. phishing detection on emails
D. threat prevention on an infected endpoint

Answer 25

detailed analytics of the unknown file’s behavior

Question 26

When a next-generation endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation? (Choose two)

A. continuous monitoring of all files that are located on connected endpoints

B. macro-based protection to keep connected endpoints safe

C. signature-based endpoint protection on company endpoints

D. email integration to protect endpoints from malicious content that is located in email

E. real-time feeds from global threat intelligence centers

Answer 26

continuous monitoring of all files that are located on connected endpoints

real-time feeds from global threat intelligence centers

Question 27

Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two)

A. The latest antivirus updates are applied before access is allowed.
B. Assignments to endpoint groups are made dynamically, based on endpoint attributes.
C. Patch management remediation is performed.
D. A centralized management solution is deployed.
E. Endpoint supplicant configuration is deployed.

Answer 27

The latest antivirus updates are applied before access is allowed.

A centralized management solution is deployed.

Question 28

Why should organizations migrate to an MFA strategy for authentication?

A. Single methods of authentication can be compromised more easily than MFA.

B. Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.

C. MFA methods of authentication are never compromised.

D. MFA does not require any piece of evidence for an authentication mechanism.

Answer 28

Single methods of authentication can be compromised more easily than MFA.

Question 29

What is the purpose of joining Cisco WSAs to an appliance group?

A. All WSAs in the group can view file analysis results

B. It simplifies the task of patching multiple appliances

C. It supports cluster operations to expedite the malware analysis process

D. The group supports improved redundancy

Answer 29

The group supports improved redundancy

Question 30

Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments?

A. Cisco Umbrella
B. Cisco Stealthwatch Cloud
C. Cisco Appdynamics
D. Cisco CloudLock

Answer 30

Cisco Stealthwatch Cloud

Question 31

Which two Cisco ISE components must be configured for BYOD? (Choose two)

A. central WebAuth
B. local WebAuth
C. null WebAuth
D. guest
E. dual

Answer 31

central WebAuth

guest

Question 32

Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?

A. inter-EPG isolation
B. intra-EPG isolation
C. inter-VLAN security
D. placement in separate EPGs

Answer 32

intra-EPG isolation

Question 33

In which scenario is endpoint-based security the solution?

A. inspecting encrypted traffic
B. device profiling and authorization
C. performing signature-based application control
D. inspecting a password-protected archive

Answer 33

inspecting a password-protected archive

Question 34

What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two)

A. allows developers to create code once and deploy to multiple clouds
B. helps maintain source code for cloud deployments
C. manages Docker containers
D. manages Kubernetes clusters
E. creates complex tasks for managing code

Answer 34

allows developers to create code once and deploy to multiple clouds

manages Kubernetes clusters

Question 35

What is the recommendation in a zero-trust model before granting access to corporate applications and resources?

A. to use multifactor authentication
B. to use strong passwords
C. to use a wired network, not wireless
D. to disconnect from the network when inactive

Answer 35

to use multifactor authentication

Question 36

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?

A. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not
B. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.
C. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not
D. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

Answer 36

Cisco FTD because it enables interactive blocking and blocking with reset natively

Question 37

Which IETF attribute is supported for the RADIUS CoA feature?

A. 81 Message-Authenticator
B. 30 Calling-Station-ID
C. 42 Acct-Session-ID
D. 24 State

Answer 37

24 State

Question 38

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?

A. Cisco Secureworks
B. Cisco Configuration Professional
C. Cisco Defense Orchestrator
D. Cisco DNAC

Answer 38

Cisco Defense Orchestrator

Question 39

Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?

A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count
B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device
C. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice?parameter1=value&parameter2=value&….
D. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice/startIndex/recordsToReturn

Answer 39

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count

Question 40

What is the difference between a vulnerability and an exploit?

A. A vulnerability is a hypothetical event for an attacker to exploit
B. An exploit is a hypothetical event that causes a vulnerability in the network
C. An exploit is a weakness that can cause a vulnerability in the network
D. A vulnerability is a weakness that can be exploited by an attacker

Answer 40

A vulnerability is a weakness that can be exploited by an attacker

Question 41

An administrator needs to configure the Cisco ASA via ASDM such that the network management system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two)

A. Specify the SNMP manager and UDP port.
B. Specify an SNMP user group
C. Specify a community string.
D. Add an SNMP USM entry
E. Add an SNMP host access entry

Answer 41

Specify the SNMP manager and UDP port.

Add an SNMP host access entry

Question 42

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

A. Cisco Endpoint Security Analytics
B. Cisco AMP for Endpoints
C. Endpoint Compliance Scanner
D. Security Posture Assessment Service

Answer 42

Security Posture Assessment Service

Question 43

When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?

A. guest
B. limited Internet
C. blocked
D. full Internet

Answer 43

blocked

Question 44

Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?

A. Cisco Identity Services Engine
B. Cisco Enterprise Security Appliance
C. Cisco Web Security Appliance
D. Cisco Advanced Stealthwatch Appliance

Answer 44

Cisco Web Security Appliance

Question 45

Which technology provides a combination of endpoint protection endpoint detection, and response?

A. Cisco AMP
B. Cisco Talos
C. Cisco Threat Grid
D. Cisco Umbrella

Answer 45

Cisco AMP

Question 46

When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?

A. It blocks the request.
B. It applies the global policy.
C. It applies the next identification profile policy.
D. It applies the advanced policy.

Answer 46

It applies the global policy.

Question 47

Which solution supports high availability in routed or transparent mode as well as in northbound and southbound deployments?

A. Cisco FTD with Cisco ASDM
B. Cisco FTD with Cisco FMC
C. Cisco Firepower NGFW physical appliance with Cisco. FMC
D. Cisco Firepower NGFW Virtual appliance with Cisco FMC

Answer 47

Cisco FTD with Cisco FMC

Question 48

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?

A. retrospective detection
B. elastic search
C. file trajectory
D. indication of compromise

Answer 48

indication of compromise

Question 49

Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is authenticated?

A. Authorization
B. Accounting
C. Authentication
D. CoA

Answer 49

CoA

Question 50

Which two authentication protocols are supported by the Cisco WSA? (Choose two)

A. WCCP
B. NTLM
C. TLS
D. SSL
E. LDAP

Answer 50

NTLM

LDAP

Question 51

Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?

A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication

Answer 51

multifactor authentication

Question 52

Which baseline form of telemetry is recommended for network infrastructure devices?

A. SDNS
B. NetFlow
C. passive taps
D. SNMP

Answer 52

SNMP

Question 53

Which Cisco WSA feature supports access control using URL categories?

A. transparent user identification
B. SOCKS proxy services
C. web usage controls
D. user session restrictions

Answer 53

transparent user identification

Question 54

What is an advantage of the Cisco Umbrella roaming client?

A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections
C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment

Answer 54

the ability to dynamically categorize traffic to previously uncategorized sites

Question 55

An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?

A. Configure Dynamic ARP Inspection and add entries in the DHCP snooping database

B. Configure DHCP snooping and set an untrusted interface for all clients

C. Configure Dynamic ARP Inspection and antispoofing ACLs in the DHCP snooping database

D. Configure DHCP snooping and set a trusted interface for the DHCP server

Answer 55

Configure Dynamic ARP Inspection and add entries in the DHCP snooping database

Question 56

Which solution stops unauthorized access to the system if a user’s password is compromised?

A. VPN
B. MFA
C. AMP
D. SSL

Answer 56

MFA

Question 57

Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?

A. filters
B. group key
C. company key
D. connector

Answer 57

connector

Question 58

Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other interoperable security platforms?

A. IEEE
B. IETF
C. NIST
D. ANSI

Answer 58

IETF

Question 59

What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?

A. blocks traffic from URL categories that are known to contain malicious content

B. decrypts SSL traffic to monitor for malicious content

C. monitors suspicious traffic across all the TCP/UDP ports

D. prevents data exfiltration by searching all the network traffic for specified sensitive information

Answer 59

monitors suspicious traffic across all the TCP/UDP ports

Question 60

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?

A. OWASP
B. Fuzzing Framework
C. Radamsa
D. AFL

Answer 60

OWASP

Question 61

What is the process of performing automated static and dynamic analysis of files against preloaded behavioral indicators for threat analysis?

A. deep visibility scan
B. point-in-time checks
C. advanced sandboxing
D. advanced scanning

Answer 61

advanced sandboxing

Question 62

Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to the network?

A. posture
B. profiler
C. Cisco TrustSec
D. Threat Centric NAC

Answer 62

posture

Question 63

Refer to the exhibit.

import requests
client_id = ‘a1b2c3d4e5f6g7h8i9j0’
api_key = ‘a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6’

What does the API key do while working with https://api.amp.cisco.com/v1/computers?

A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication

Answer 63

Imports requests

Question 64

How does the Cisco WSA enforce bandwidth restrictions for web applications?

A. It implements a policy route to redirect application traffic to a lower-bandwidth link

B. It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA

C. It sends commands to the uplink router to apply traffic policing to the application traffic

D. It simulates a slower link by introducing latency into application traffic

Answer 64

It sends commands to the uplink router to apply traffic policing to the application traffic

Question 65

Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?

A. endpoint isolation
B. advanced search
C. advanced investigation
D. retrospective security

Answer 65

retrospective security