Exam E

Question 1

Which function is performed by certificate authorities but is a limitation of registration authorities?

A. CRL publishing
B. verifying user identity
C. certificate re-enrollment
D. accepts enrollment requests

Answer 1

CRL publishing

Question 2

Which encryption algorithm provides highly secure VPN communications?

A. DES
B. 3DES
C. AES 256
D. AES 128

Answer 2

AES 256

Question 3

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A. Cisco NGFW
B. Cisco AMP for Endpoints
C. Cisco Duo
D. Cisco AnyConnect

Answer 3

Cisco Duo

Question 4

How does a WCCP-configured router identify if the Cisco WSA is functional?

A. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router.

B. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the WSA.

C. The router sends a Here-I-Am message every 10 seconds, and the WSA acknowledges with an I-See-You message.

D. The WSA sends a Here-I-Am message every 10 seconds, and the router acknowledges with an I-See-You message.

Answer 4

The WSA sends a Here-I-Am message every 10 seconds

Question 5

What is a feature of NetFlow Secure Event Logging?

A. It exports only records that indicate significant events in a flow.

B. It supports v5 and v8 templates.

C. It filters NSEL events based on the traffic and event type through RSVP.

D. It delivers data records to NSEL collectors through NetFlow over TCP only.

Answer 5

It exports only records that indicate significant events in a flow.

Question 6

An administrator needs to configure the Cisco ASA via ASDM such that the network management system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two)

A. Specify the SNMP manager and UDP port.
B. Specify a community string.
C. Add an SNMP USM entry.
D. Add an SNMP host access entry.
E. Specify an SNMP user group.

Answer 6

Specify the SNMP manager and UDP port.

Add an SNMP host access entry.

Question 7

Which technology enables integration between Cisco ISE and other platforms to gather and share network and vulnerability data and SIEM and location information?

A. pxGrid
B. SNMP
C. NetFlow
D. Cisco Talos

Answer 7

pxGrid

Question 8

A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?

A. Cisco Cloud Orchestrator
B. Cisco Stealthwatch Cloud
C. Cisco ASAv
D. Cisco WSAv

Answer 8

Cisco ASAv

Question 9

What is a benefit of using Cisco Tetration?

A. It collects policy compliance data and process details.
B. It collects telemetry data from servers and then uses software sensors to analyze flow information.
C. It collects near-real time data from servers and inventories the software packages that exist on servers
D. It collects enforcement data from servers and collects interpacket variation.

Answer 9

It collects near-real time data from servers and inventories the software packages that exist on servers

Question 10

Which standard is used to automate exchanging cyber threat information?

A. IoC
B. TAXII
C. MITRE
D. STIX

Answer 10

TAXII

Question 11

Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?

A. Cisco Encrypted Traffic Analytics
B. Cisco CTA
C. Cisco Umbrella
D. Cisco Stealthwatch

Answer 11

Cisco Stealthwatch

Question 12

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?

A. IP Reputation Filtering
B. Anti-Virus Filtering
C. File Analysis
D. Intelligent Multi-Scan

Answer 12

Intelligent Multi-Scan

Question 13

Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection, enabling the platform to identify and output various applications within the network traffic flows?

A. Cisco ASAv
B. Cisco Prime Infrastructure
C. Cisco NBAR2
D. Account on Resolution

Answer 13

Cisco NBAR2

Question 14

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?

A. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

B. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not.

C. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not.

D. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.

Answer 14

Cisco FTD because it enables interactive blocking and blocking with reset natively

Question 15

An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal?

A. third-party
B. SubCA
C. self-signed
D. organization owned root

Answer 15

organization owned root

Question 16

Which two parameters are used to prevent a data breach in the cloud? (Choose two)

A. encryption
B. complex cloud-based web proxies
C. strong user authentication
D. antispoofing programs
E. DLP solutions

Answer 16

encryption

strong user authentication

Question 17

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest access, and the same guest portal is used as the BYOD portal?

A. streamlined access
B. multichannel GUI
C. single-SSID BYOD
D. dual-SSID BYOD

Answer 17

dual-SSID BYOD

Question 18

What is the function of the crypto isakmp key cisc414685095 address 192.168.50.1 255.255.255.255 command when establishing an IPsec VPN tunnel?

A. It prevents 192.168.50.1 from connecting to the VPN server.

B. It defines that data destined to 192.168.50.1 is going to be encrypted.

C. It configures the pre-shared authentication key for host 192.168.50.1.

D. It configures the local address for the VPN server 192.168.50.1.

Answer 18

It configures the pre-shared authentication key for host 192.168.50.1.

Question 19

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

A. outbreakconfig
B. websecurityadvancedconfig
C. webadvancedconfig
D. websecurityconfig

Answer 19

websecurityadvancedconfig

Question 20

Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?

A. single context mode
B. routed mode
C. transparent mode
D. multiple context mode

Answer 20

transparent mode

Question 21

Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?

A. SNMP
B. Splunk
C. Grafana
D. InfluxDB

Answer 21

Grafana

Question 22

```Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?

A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count
B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/startIndex/recordsToReturn
C. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device
D. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device?parameter1=value&parameter2=value&…```

Answer 22

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count

Question 23

When NetFlow is applied to an interface, which component creates the flow monitor cache that is used to collect traffic based on the key and nonkey fields in the configured record?

A. flow sampler
B. flow exporter
C. records
D. flow monitor

Answer 23

flow monitor

Question 24

Refer to the exhibit.

ASA# show service-policy sfr
Global policy:
Service-policy: global_policy
Class-map: SFR
SFR: card status Up, mode fail-open monitor-only
packet input 0, packet output 44715478687, drop 0, reset-drop 0

What are two indications of the Cisco Firepower Services Module configuration? (Choose two)

A. The module is operating in IPS mode.
B. The module fails to receive redirected traffic.
C. Traffic is blocked if the module fails.
D. Traffic continues to flow if the module fails.
E. The module is operating in IDS mode.

Answer 24

Traffic continues to flow if the module fails.

The module is operating in IDS mode.

Question 25

Why is it important for the organization to have an endpoint patching strategy?

A. so the organization can identify endpoint vulnerabilities

B. so the network administrator is notified when an existing bug is encountered

C. so the internal PSIRT organization is aware of the latest bugs

D. so the latest security fixes are installed on the endpoints

Answer 25

so the organization can identify endpoint vulnerabilities

Question 26

Which system is InfluxDB and Grafana be used on to pull the data and display the visualization information?

A. Docker containers
B. Windows Server 2019
C. specialized Cisco Linux system
D. Windows Server 2016

Answer 26

specialized Cisco Linux system

Question 27

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics?

A. routed
B. multiple context
C. cluster
D. transparent

Answer 27

multiple context

Question 28

Which two parameters are used for device compliance checks? (Choose two)

A. device operating system version
B. DHCP snooping checks
C. Windows registry values
D. endpoint protection software version
E. DNS integrity checks

Answer 28

device operating system version

endpoint protection software version

Question 29

A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256 cisc0414685095 command and needs to send SNMP information to a host at 10.255.255.1. Which command achieves this goal?

A. snmp-server host inside 10.255.255.1 version 3 asmith
B. snmp-server host inside 10.255.255.1 snmpv3 myv7
C. snmp-server host inside 10.255.255.1 snmpv3 asmith
D. snmp-server host inside 10.255.255.1 version 3 myv7

Answer 29

snmp-server host inside 10.255.255.1 version 3 asmith

Question 30

An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?

A. two-interface
B. single interface
C. multi-context
D. transparent

Answer 30

two-interface

Question 31

A small organization needs to reduce the VPN bandwidth load on their headend Cisco ASA in order to ensure that bandwidth is available for VPN users needing access to corporate resources on the 10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the network?

A. Configure VPN load balancing to send non-corporate traffic straight to the internet.

B. Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only.

C. Configure VPN load balancing to distribute traffic for the 10.0.0.0/24 network.

D. Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network.

Answer 31

Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only.

Question 32

Which benefit does DMVPN provide over GETVPN?

A. DMVPN can be used over the public Internet, and GETVPN requires a private network

B. DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.

C. DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.

D. DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.

Answer 32

DMVPN can be used over the public Internet

Question 33

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

A. Docker
B. SDLC
C. Lambda
D. Contiv

Answer 33

Contiv

Question 34

An engineer needs to configure an access control policy rule to always send traffic for inspection without using the default action. Which action should be configured for this rule?

A. monitor
B. allow
C. trust
D. block

Answer 34

allow

Question 35

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two)

A. uses a static algorithm to determine malicious
B. determines if the email messages are malicious
C. does a real-time user web browsing behavior analysis
D. blocks malicious websites and adds them to a block list
E. provides a defense for on-premises email deployments

Answer 35

determines if the email messages are malicious

provides a defense for on-premises email deployments

Question 36

What are two things to consider when using PAC files with the Cisco WSA? (Choose two)

A. If the WSA host port is changed, the default port redirects web traffic to the correct port automatically

B. The WSA hosts PAC files on port 6001 by default.

C. PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.

D. By default, they direct traffic through a proxy when the PC and the host are on the same subnet

E. The WSA hosts PAC files on port 9001 by default.

Answer 36

PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.

The WSA hosts PAC files on port 9001 by default.

Question 37

When implementing transparent user identification for single sign-on with Internet Explorer, how is the redirect hostname configured?

A. as an IP address
B. as a FQDN
C. as a distinguished name
D. as a short host name

Answer 37

as a short host name