Exam F Flashcards
Which attack is commonly associated with C and C++ programming languages?
A. cross-site scriptingwrong
B. DDoS
C. buffer overflow
D. water holing
buffer overflow
What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?
A. SMTPwrong
B. pxGrid
C. STIX
D. XMPP
STIX
Which two preventive measures are used to control cross-site scripting? (Choose two)
A. Disable cookie inspection in the HTML inspection engine.wrong
B. Incorporate contextual output encoding/escaping
C. Enable client-side scripts on a per-domain basis
D. Run untrusted HTML input through an HTML sanitization engine.
E. Same Site cookie attribute should not be used.
Incorporate contextual output encoding/escaping
Enable client-side scripts on a per-domain basis
Which two mechanisms are used to control phishing attacks? (Choose two)
A. Use antispyware software.wrong
B. Implement email filtering techniques.
C. Revoke expired CRL of the websites.
D. Enable browser alerts for fraudulent websites.
E. Define security group memberships.
Implement email filtering techniques.
Enable browser alerts for fraudulent websites.
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
A. rootkit exploitwrong
B. Smurf
C. distributed denial of service
D. cross-site scripting
cross-site scripting
Which two behavioral patterns characterize a ping of death attack? (Choose two)
A. Malformed packets are used to crash systems.
B. The attack is fragmented into groups of 8 octets before transmission.
C. The attack is fragmented into groups of 16 octets before transmission.
D. Publicly accessible DNS servers are typically used to execute the attack.
E. Short synchronized bursts of traffic are used to disrupt TCP connections.
Malformed packets are used to crash systems.
The attack is fragmented into groups of 8 octets before transmission.
What is the difference between deceptive phishing and spear phishing?
A. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.
B. A spear phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
A spear phishing campaign is aimed at a specific person versus a group of people.
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)
A. Patch for cross-site scripting.
B. Perform backups to the private cloud.
C. Protect systems with an up-to-date antimalware program.
D. Protect against input validation and character escapes in the endpoint.
E. Install a spam and virus email filter.
Protect systems with an up-to-date antimalware program.
Install a spam and virus email filter.
Which two capabilities does TAXII support? (Choose two)
A. Binding
B. Exchange
C. Mitigating
D. Pull messaging
E. Correlation
Binding
Pull messaging
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A. web page images
B. database
C. Linux and Windows operating systems
D. user input validation in a web page or web application
user input validation in a web page or web application
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
A. Secure the connection between the web and the app tier.
B. Use prepared statements and parameterized queries.
C. Check integer, float, or Boolean string parameters to ensure accurate values.
D. Block SQL code execution in the web application database login.
E. Write SQL code instead of using object-relational mapping libraries.
Use prepared statements and parameterized queries.
Check integer, float, or Boolean string parameters to ensure accurate values.
Which form of attack is launched using botnets?
A. DDOS
B. EIDDOS
C. TCP flood
D. virus
DDOS
Which type of attack is social engineering?
A. trojan
B. malware
C. phishing
D. MITM
phishing
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A. profile
B. url
C. terminal
D. selfsigned
profile
Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)
A. ARP spoofing
B. exploits
C. malware
D. eavesdropping
E. denial-of-service attacks
exploits
malware
What are two rootkit types? (Choose two)
A. bootloader
B. buffer mode
C. registry
D. virtual
E. user mode
bootloader
user mode
Which threat involves software being used to gain unauthorized access to a computer system?
A. ping of death
B. HTTP flood
C. virus
D. NTP amplification
virus
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?
A. 3DES
B. DES
C. RSA
D. AES
RSA
Which two descriptions of AES encryption are true? (Choose two)
A. AES is more secure than 3DES.
B. AES can use a 168-bit key for encryption.
C. AES can use a 256-bit key for encryption.
D. AES encrypts and decrypts a key three times in sequence.
E. AES is less secure than 3DES.
AES is more secure than 3DES.
AES can use a 256-bit key for encryption.
Which algorithm provides encryption and authentication for data plane communication?
A. SHA-96
B. SHA-384
C. AES-GCM
D. AES-256
AES-GCM
Which two key and block sizes are valid for AES? (Choose two)
A. 128-bit block size, 192-bit key length
B. 128-bit block size, 256-bit key length
C. 64-bit block size, 168-bit key length
D. 192-bit block size, 256-bit key length
E. 64-bit block size, 112-bit key length
128-bit block size, 192-bit key length
128-bit block size, 256-bit key length
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
A. DMVPN
B. FlexVPN
C. IPsec DVTI
D. GET VPN
GET VPN
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically
B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device
D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
The IPsec configuration that is set up on the active device must be duplicated on the standby device
The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
Which VPN technology can support a multivendor environment and secure traffic between sites?
A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN
GET VPN
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?
A. Change isakmp to ikev2 in the command on hostA.
B. Enter the command with a different password on hostB.
C. Enter the same command on hostB.
D. Change the password on hostA to the default password.
Enter the same command on hostB.
What is a difference between FlexVPN and DMVPN?
A. DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1
B. DMVPN uses only IKEv1 FlexVPN uses only IKEv2
C. FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2
D. FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2
FlexVPN uses IKEv2
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
A. TLSv1.2
B. TLSv1.1
C. BJTLSv1
D. DTLSv1
DTLSv1
What is a commonality between DMVPN and FlexVPN technologies?
A. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
B. FlexVPN and DMVPN use the new key management protocol
C. FlexVPN and DMVPN use the same hashing algorithms
D. IOS routers run the same NHRP code for DMVPN and FlexVPN
IOS routers run the same NHRP code for DMVPN and FlexVPN
Which functions of an SDN architecture require southbound APIs to enable communication?
A. management console and the cloud
B. management console and the SDN controller
C. SDN controller and the cloud
D. SDN controller and the network elements
SDN controller and the network elements
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
A. accounting
B. encryption
C. assurance
D. automation
E. authentication
assurance
automation
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?
A. SDN controller and the cloud
B. management console and the cloud
C. management console and the SDN controller
D. SDN controller and the management solution
SDN controller and the management solution
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)
A. push
B. options
C. connect
D. put
E. get
push
put
Which API is used for Content Security?
A. OpenVuln API
B. IOS XR API
C. NX-OS API
D. AsyncOS API
AsyncOS API
Which option is the main function of Cisco Firepower impact flags?
A. They alert administrators when critical events occur.
B. They identify data that the ASA sends to the Firepower module.
C. They correlate data about intrusions and vulnerability.
D. They highlight known and suspected malicious IP addresses in reports.
They correlate data about intrusions and vulnerability.
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)
A. Cisco FTDv configured in routed mode and IPv6 configured
B. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
C. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
D. Cisco FTDv with two management interfaces and one traffic interface configured
E. Cisco FTDv with one management interface and two traffic interfaces configured
Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?
A. Endpoint Trust List
B. Secured Collaboration Proxy
C. Certificate Trust List
D. Enterprise Proxy Service
Certificate Trust List
Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)
A. routed mode
B. active mode
C. transparent mode
D. inline mode
E. passive monitor-only mode
inline mode
passive monitor-only mode
Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?
A. time synchronization
B. network address translations
C. quality of service
D. intrusion policy
time synchronization
Which information is required when adding a device to Firepower Management Center?
A. encryption method
B. username and password
C. device serial number
D. registration key
registration key
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
A. Protocol
B. Source
C. Port
D. Application
E. Rule
Source
Rule
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
A. Security Intelligence
B. URL Filtering
C. Impact Flags
D. Health Monitoring
Impact Flags
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?
A. protect
B. malware
C. URL filtering
D. control
protect
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?
A. health policy
B. correlation policy
C. system policy
D. health awareness policy
E. access control policy
health policy
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
A. Its events match all traffic classes in parallel.
B. It tracks the flow continuously and provides updates every 10 seconds.
C. It tracks flow-create, flow-teardown, and flow-denied events.
D. It provides stateless IP flow tracking that exports all records of a specific flow.
It tracks flow-create
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
A. SSL
B. packet decoder
C. SIP
D. modbus
E. inline normalization
SSL
SIP
Which feature is supported when deploying Cisco ASAv within AWS public cloud?
A. user deployment of Layer 3 networks
B. multiple context mode
C. clustering
D. IPv6
user deployment of Layer 3 networks
A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?
A. routed mode
B. transparent mode
C. multiple zone mode
D. multiple context mode
multiple context mode
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)
A. Define a NetFlow collector by using the flow-export command.
B. Enable NetFlow Version 9.
C. Create an ACL to allow UDP traffic on port 9996.
D. Create a class map to match interesting traffic.
E. Apply NetFlow Exporter to the outside interface in the inbound direction.
Define a NetFlow collector by using the flow-export command.
Apply NetFlow Exporter to the outside interface in the inbound direction.
How many interfaces per bridge group does an ASA bridge group deployment support?
A. up to 8
B. up to 4
C. up to 16
D. up to 2
up to 4
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?
A. Intrusion
B. Correlation
C. Access Control
D. Network Discovery
Network Discovery
Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
A. It inspects hosts that meet the profile with more intrusion rules.
B. It defines a traffic baseline for traffic anomaly deduction.
C. It allows traffic if it does not meet the profile.
D. It blocks traffic if it does not meet the profile.
It defines a traffic baseline for traffic anomaly deduction.
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
B. A flow-export event type must be defined under a policy.
C. NSEL can be used without a collector configured.
D. A sysopt command can be used to enable NSEL on a specific interface.
A flow-export event type must be defined under a policy.
Which ASA deployment mode can provide separation of management on a shared appliance?
A. transparent firewall mode
B. routed mode
C. multiple context mode
D. DMZ multiple zone mode
multiple context mode
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
A. Device Management Policy
B. Group Policy
C. Platform Service Policy
D. Access Control Policy
Platform Service Policy
```Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?
A. configure manager <key> add host
B. configure system add <host><key>
C. configure manager add <host><key>
D. configure manager delete```</key></host></key></host></key>
configure manager add <host><key>
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
A. ip flow monitor input
B. flow-export destination inside 1.1.1.1 2055
C. flow exporter
D. ip flow-export destination 1.1.1.1 2055
flow-export destination inside 1.1.1.1 2055
Which statement about IOS zone-based firewalls is true?
A. An unassigned interface can communicate with assigned interfaces
B. An interface can be assigned to multiple zones.
C. An interface can be assigned only to one zone.
D. Only one interface can be assigned to a zone.
An interface can be assigned only to one zone.
What is a characteristic of Firepower NGIPS inline deployment mode?
A. It must have inline interface pairs configured.
B. ASA with Firepower module cannot be deployed.
C. It is out-of-band from traffic.
D. It cannot take actions such as blocking traffic.
It must have inline interface pairs configured.
Which technology is used to improve web traffic performance by proxy caching?
A. FireSIGHT
B. WSA
C. ASA
D. Firepower
WSA
What is the primary benefit of deploying an ESA in hybrid mode?
A. You can fine-tune its settings to provide the optimum balance between security and performance for your environment
B. It provides the lowest total cost of ownership by reducing the need for physical appliances
C. It provides email security while supporting the transition to the cloud
D. It provides maximum protection and control of outbound messages
It provides email security while supporting the transition to the cloud
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. redirection
B. forward
C. transparent
D. proxy gateway
transparent
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
A. It alerts users when the WSA decrypts their traffic.
B. It provides enhanced HTTPS application detection for AsyncOS.
C. It decrypts HTTPS application traffic for unauthenticated users.
D. It decrypts HTTPS application traffic for authenticated users.
It provides enhanced HTTPS application detection for AsyncOS.
What is the primary role of the Cisco Email Security Appliance?
A. Mail Submission Agent
B. Mail User Agent
C. Mail Transfer Agent
D. Mail Delivery Agent
Mail Transfer Agent
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
A. RAT
B. white list
C. Sophos engine
D. outbreak filters
E. DLP
Sophos engine
outbreak filters
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
A. Configure the advancedproxyconfig command with the HTTPS subcommand
B. Configure a maximum packet size.
C. Configure a small log-entry size.
D. Configure the datasecurityconfig command
Configure the advancedproxyconfig command with the HTTPS subcommand
Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)
A. NetFlow
B. Data loss prevention
C. Time-based one-time passwords
D. Heuristic-based filtering
E. Geolocation-based filtering
Data loss prevention
Geolocation-based filtering
In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two)
A. reference a Proxy Auto Config file
B. configure policy-based routing on the network infrastructure
C. use Web Cache Communication Protocol
D. configure the proxy IP address in the web-browser settings
E. configure Active Directory Group Policies to push proxy settings
reference a Proxy Auto Config file
use Web Cache Communication Protocol
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform to determine where each message was lost?
A. Perform a trace.
B. Configure the trackingconfig command to enable message tracking.
C. Review the log files.
D. Generate a system report.
Configure the trackingconfig command to enable message tracking.
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
A. It can handle explicit HTTP requests.
B. It requires a proxy for the client web browser.
C. Layer 4 switches can automatically redirect traffic destined to port 80.
D. It requires a PAC file for the client web browser.
E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
Layer 4 switches can automatically redirect traffic destined to port 80.
WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?
A. RAT
B. HAT
C. SAT
D. BAT
RAT
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)
A. antispam
B. DDoS
C. encryption
D. antivirus
E. DLP
encryption
DLP
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
A. AMP Reputation Center
B. IP Blacklist Center
C. IP and Domain Reputation Center
D. File Reputation Center
IP and Domain Reputation Center
Why would a user choose an on-premises ESA versus the CES solution?
A. Demand is unpredictable.
B. ESA is deployed inline.
C. Sensitive data must remain onsite.
D. The server team wants to outsource this service.
Sensitive data must remain onsite.
Which deployment model is the most secure when considering risks to cloud adoption?
A. Public Cloud
B. Community Cloud
C. Private Cloud
D. Hybrid Cloud
Private Cloud
Which technology reduces data loss by identifying sensitive information stored in public computing environments?
A. Cisco HyperFlex
B. Cisco Cloudlock
C. Cisco Firepower
D. Cisco SDA
Cisco Cloudlock
On which part of the IT environment does DevSecOps focus?
A. application development
B. perimeter network
C. data center
D. wireless network
application development
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
A. Tetration
B. Firepower
C. Nexus
D. Stealthwatch
Tetration
In which cloud services model is the tenant responsible for virtual machine OS patching?
A. SaaS
B. PaaS
C. UCaaS
D. IaaS
IaaS
Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?
A. XaaS
B. PaaS
C. SaaS
D. IaaS
PaaS
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
A. virtual machine
B. hypervisor
C. application
D. network
application
What is the function of Cisco Cloudlock for data security?
A. user and entity behavior analytics
B. controls malicious cloud apps
C. detects anomalies
D. data loss prevention
data loss prevention
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
A. It sends the application information to an administrator to act on.
B. It discovers and controls cloud apps that are connected to a company’s corporate environment.
C. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.
D. It deletes any application that does not belong in the network.
It discovers and controls cloud apps that are connected to a company’s corporate environment.
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?
A. Cisco Identity Services Engine with PxGrid services enabled
B. Cisco Identity Services Engine and AnyConnect Posture module
C. Cisco ASA firewall with Dynamic Access Policies configured
D. Cisco Stealthwatch and Cisco Identity Services Engine integration
Cisco Identity Services Engine and AnyConnect Posture module
Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?
A. It allows the endpoint to authenticate with 802.1x or MAB.
B. It allows CoA to be applied if the endpoint status is compliant.
C. It adds endpoints to identity groups dynamically.
D. It verifies that the endpoint has the latest Microsoft security patches installed.
It allows the endpoint to authenticate with 802.1x or MAB.
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two)
A. single sign-on
B. local web auth
C. multiple factor auth
D. central web auth
E. TACACS+
local web auth
central web auth
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?
A. RADIUS Change of Authorization
B. DHCP snooping
C. device tracking
D. VLAN hopping
RADIUS Change of Authorization
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)
A. Windows service
B. computer identity
C. default browser
D. Windows firewall
E. user identity
Windows service
Windows firewall
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two)
A. sFlow
B. TACACS+
C. DHCP
D. SMTP
E. RADIUS
DHCP
RADIUS
Which compliance status is shown when a configured posture policy requirement is not met?
A. noncompliant
B. authorized
C. unknown
D. compliant
noncompliant
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransom ware infection? (Choose two)
A. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
B. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.
C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.
D. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
E. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.
Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.
Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?
A. Port Bounce
B. CoA Reauth
C. CoA Session Query
D. CoA Terminate
CoA Reauth
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
A. Internal Database
B. RSA SecureID
C. LDAP
D. Active Directory
Active Directory
What is a characteristic of Dynamic ARP Inspection?
A. DAI intercepts all ARP requests and responses on trusted ports only.
B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted
C. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
D. DAI associates a trust state with each switch.
DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)
A. Dynamic ARP inspection
B. 802.1AE MacSec
C. Private VLANs
D. DHCP Snooping
E. Port security
F. IP Device track
Dynamic ARP inspection
DHCP Snooping
Which command enables 802.1X globally on a Cisco switch?
A. dot1x pae authenticator
B. authentication port-control aut
C. dot1x system-auth-control
D. aaa new-model
dot1x system-auth-control
What is a characteristic of traffic storm control behavior?
A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
B. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
C. Traffic storm control cannot determine if the packet is unicast or broadcast.
D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.
Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?
A. The no ip arp inspection trust command is applied on all user host interfaces
B. Dynamic ARP Inspection has not been enabled on all VLANs
C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
D. DHCP snooping has not been enabled on all VLANs.
The no ip arp inspection trust command is applied on all user host interfaces
Which IPS engine detects ARP spoofing?
A. AIC Engine
B. Atomic ARP Engine
C. Service Generic Engine
D. ARP Inspection Engine
Atomic ARP Engine
Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?
A. 2
B. 6
C. 1
D. 31
6
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?
A. snmp-server host inside 10.255.254.1 version 3 andy
B. snmp-server host inside 10.255.254.1 version 3 myv3
C. snmp-server host inside 10.255.254.1 snmpv3 andy
D. snmp-server host inside 10.255.254.1 snmpv3 myv3
snmp-server host inside 10.255.254.1 version 3 andy
Which SNMPv3 configuration must be used to support the strongest security possible?
A. asa-host(config)#snmpserver group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
B. asa-host(config)#snmp-server group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
C. asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
D. asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?
A. process details variation
B. software package variation
C. flow insight variation
D. interpacket variation
interpacket variation
What Cisco command shows you the status of an 802.1X connection on interface gi0/1?
A. show authorization status
B. show ver gi0/1
C. show authen sess int gi0/1
D. show connection status gi0/1
show authen sess int gi0/1
Refer to the exhibit.
HQ_Router(config)#username admin5 privilege 5
HQ_Router(config)#privilege interface level 5 shutdown
HQ_Router(config)#privilege interface level 5 ip
HQ_Router(config)#privilege interface level 5 description
A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?
A. set the IP address of an interface
B. complete no configurations
C. complete all configurations
D. add subinterfaces
complete no configurations
Refer to the exhibit.
snmp-server group SNMP v3 auth access 15
What does the number 15 represent in this configuration?
A. privilege level for an authorized user to this router
B. access list that identifies the SNMP devices that can access the router
C. interval in seconds between SNMPv3 authentication attempts
D. number of possible failed attempts until the SNMPv3 user is locked out
access list that identifies the SNMP devices that can access the router
Under which two circumstances is a CoA issued? (Choose two)
A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is profiled for the first time.
C. A new Identity Service Engine server is added to the deployment with the Administration persona
D. A new Identity Source Sequence is created and referenced in the authentication policy.
E. An endpoint is deleted on the Identity Service Engine server.
An endpoint is profiled for the first time.
An endpoint is deleted on the Identity Service Engine server.
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
A. DNSSEC
B. DNS tunneling
C. DNS security
D. DNSCrypt
DNS tunneling
How is ICMP used an exfiltration technique?
A. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address
B. by overwhelming a targeted host with ICMP echo-request packets
C. by flooding the destination host with unreachable packets
D. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host
by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host
How is DNS tunneling used to exfiltrate data out of a corporate network?
A. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
B. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.
C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.
D. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.
It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two)
A. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
B. An exposed API for the messaging platform is used to send large amounts of data.
C. Outgoing traffic is allowed so users can communicate with outside organizations.
D. Malware infects the messenger application on the user endpoint to send company data.
E. Messenger applications cannot be segmented with standard network controls.
Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
Messenger applications cannot be segmented with standard network controls.
What are two list types within AMP for Endpoints Outbreak Control? (Choose two)
A. URL
B. allowed applications
C. simple custom detections
D. command and control
E. blocked ports
allowed applications
simple custom detections
Which function is the primary function of Cisco AMP threat Grid?
A. monitoring network traffic
B. automated malware analysis
C. applying a real-time URI blacklist
D. automated email encryption
automated malware analysis
Which Cisco AMP file disposition valid?
A. malware
B. non malicious
C. pristine
D. dirty
malware
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?
A. public cloud
B. private cloud
C. cloud web services
D. network AMP
private cloud
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
A. TETRA detection engine
B. ETHOS detection engine
C. RBAC
D. SPERO detection engine
ETHOS detection engine
When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?
A. Spero analysis
B. sandbox analysis
C. dynamic analysis
D. malware analysis
dynamic analysis
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
A. Activate SSL decryption.
B. Activate the Advanced Malware Protection license
C. Enable IP Layer enforcement.
D. Enable Intelligent Proxy.
Enable Intelligent Proxy.
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?
A. device flow correlation
B. simple detections
C. application blocking list
D. advanced custom detections
application blocking list
When wired 802.1X authentication is implemented, which two components are required? (Choose two)
A. authentication server: Cisco Identity Service Engine
B. authenticator: Cisco Identity Services Engine
C. authenticator: Cisco Catalyst switch
D. authentication server: Cisco Prime Infrastructure
E. supplicant: Cisco AnyConnect ISE Posture module
authentication server: Cisco Identity Service Engine
authenticator: Cisco Catalyst switch
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
A. aaa new-model
B. auth-type all
C. ip device-tracking
D. aaa server radius dynamic-author
aaa new-model
Refer to the exhibit.
aaa new-model
radius-server host 10.0.0.12 key secret12
Which statement about the authentication protocol used in the configuration is true?
A. There are separate authentication and authorization request packets
B. The authentication request contains only a username
C. The authentication request contains only a password
D. The authentication and authorization requests are grouped in a single packet
The authentication and authorization requests are grouped in a single packet
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?
A. Cisco Identity Services Engine
B. Cisco AMP for Endpoints
C. Cisco Stealthwatch
D. Cisco Prime Infrastructure
Cisco Identity Services Engine
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?
A. NGFW
B. WSA
C. AMP
D. ESA
AMP
An MDM provides which two advantages to an organization with regards to device management? (Choose two)
A. Active Directory group policy management
B. network device management
C. allowed application management
D. critical device management
E. asset inventory management
allowed application management
asset inventory management
Which benefit does endpoint security provide the overall security posture of an organization?
A. It allows the organization to detect and respond to threats at the edge of the network.
B. It streamlines the incident response process to automatically perform digital forensics on the endpoint.
C. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.
D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.
It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?
A. DHCP
B. NMAP
C. NetFlow
D. SNMP
NMAP
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two)
A. secure access to on-premises and cloud applications
B. identification and correction of application vulnerabilities before allowing access to resources
C. single sign-on access to on-premises and cloud applications
D. integration with 802.1x security using native Microsoft Windows supplicant
E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
secure access to on-premises and cloud applications
flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?
A. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.
B. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.
C. EPP focuses on network security, and EDR focuses on device security.
D. EDR focuses on network security, and EPP focuses on device security.
EPP focuses on prevention
Which two kinds of attacks are prevented by multifactor authentication? (Choose two)
A. phishing
B. teardrop
C. DDOS
D. brute force
E. man-in-the-middle
brute force
man-in-the-middle
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
A. encryption factor
B. time factor
C. confidentiality factor
D. knowledge factor
E. biometric factor
time factor
knowledge factor
How is Cisco Umbrella configured to log only security events?
A. per policy
B. per network in the Deployments section
C. in the Reporting settings
D. in the Security Settings section
per policy
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
A. SSL Decryption
B. Destination Lists
C. SafeSearch
D. File Analysis
SSL Decryption
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A. destination lists
B. security settings
C. content categories
D. application settings
destination lists
How does Cisco Umbrella archive logs to an enterprise owned storage?
A. by sending logs via syslog to an on-premises or cloud-based syslog server
B. by using the Application Programming Interface to fetch the logs
C. by being configured to send logs to a self-managed AWS S3 bucket
D. by the system administrator downloading the logs from the Cisco Umbrella web portal
by being configured to send logs to a self-managed AWS S3 bucket
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?
A. File Analysis
B. Security Category Blocking
C. Application Control
D. Content Category Blocking
Security Category Blocking
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?
A. Add the public IP address that the client computers are behind to a Core Identity.
B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
C. Ensure that the client computers are pointing to the on-premises DNS servers.
D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.
Browse to http://welcome.umbrella.com/ to validate that the new identity is working.
Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?
A. Cisco Firepower
B. NGIPS
C. Cisco Umbrella
D. Cisco Stealthwatch
Cisco Umbrella
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
A. AMP
B. DynDNS
C. AnyConnect
D. Talos
Talos
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
A. Cisco Threat Grid
B. Cisco Umbrella
C. External Threat Feeds
D. Cisco Stealthwatch
Cisco Threat Grid
What must be used to share data between multiple security products?
A. Cisco Rapid Threat Containment
B. Cisco Platform Exchange Grid
C. Cisco Stealthwatch Cloud
D. Cisco Advanced Malware Protection
Cisco Platform Exchange Grid
Which two activities can be done using Cisco DNA Center? (Choose two)
A. Design
B. Provision
C. DHCP
D. DNS
E. Accounting
Design
Provision
What provides visibility and awareness into what is currently occurring on the network?
A. Prime Infrastructure
B. Telemetry
C. CMX
D. WMI
Prime Infrastructure
What is the function of the Context Directory Agent?
A. reads the Active Directory logs to map IP addresses to usernames
B. accepts user authentication requests on behalf of Web Security Appliance for user identification
C. relays user authentication requests from Web Security Appliance to Active Directory
D. maintains users’ group memberships
reads the Active Directory logs to map IP addresses to usernames
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?
A. Advanced Malware Protection
B. Platform Exchange Grid
C. Multifactor Platform Integration
D. Firepower Threat Defense
Platform Exchange Grid
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)
A. command and control communication
B. snort
C. data exfiltration
D. intelligent proxy
E. URL categorization
command and control communication
data exfiltration
How does Cisco Stealthwatch Cloud provide security for cloud environments?
A. It delivers visibility and threat detection.
B. It assigns Internet-based DNS protection for clients and servers.
C. It facilitates secure connectivity between public and private networks.
D. It prevents exfiltration of sensitive data.
It delivers visibility and threat detection.
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?
A. SNMP
B. model-driven telemetry
C. SMTP
D. syslog
model-driven telemetry
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
A. Cisco Security Intelligence
B. Cisco Application Visibility and Control
C. Cisco DNA Center
D. Cisco Model Driven Telemetry
Cisco Application Visibility and Control
What is a feature of the open platform capabilities of Cisco DNA Center?
A. domain integration
B. application adapters
C. intent-based APIs
D. automation adapters
intent-based APIs
What is a characteristic of a bridge group in ASA Firewall transparent mode?
A. It includes multiple interfaces and access rules between interfaces are customizable
B. It is a Layer 3 segment and includes one port and customizable access rules
C. It allows ARP traffic with a single access rule
D. It has an IP address on its BVI interface and is used for management traffic
It includes multiple interfaces and access rules between interfaces are customizable
When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?
A. Common Security Exploits
B. Common Vulnerabilities and Exposures
C. Common Exploits and Vulnerabilities
D. Common Vulnerabilities, Exploits and Threats
Common Vulnerabilities and Exposures
Which two fields are defined in the NetFlow flow? (Choose two)
A. type of service byte
B. class of service bits
C. Layer 4 protocol type
D. destination port
E. output logical interface
type of service byte
destination port
What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?
A. NetFlow
B. desktop client
C. ASDM
D. API
API
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?
A. sniffing the packets between the two hosts
B. sending continuous pings
C. overflowing the buffer’s memory
D. inserting malicious commands into the database
inserting malicious commands into the database
An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?
A. Cisco Firepower
B. Cisco Umbrella
C. ISE
D. AMP
Cisco Umbrella
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?
A. Security Manager
B. Cloudlock
C. Web Security Appliance
D. Cisco ISE
Cloudlock
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?
A. Disable telnet using the no ip telnet command.
B. Enable the SSH server using the ip ssh server command.
C. Configure the port using the ip ssh port 22 command.
D. Generate the RSA key using the crypto key generate rsa command.
Generate the RSA key using the crypto key generate rsa command.
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?
A. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
B. The file is queued for upload when connectivity is restored.
C. The file upload is abandoned.
D. The ESA immediately makes another attempt to upload the file.
The file upload is abandoned.
Which type of algorithm provides the highest level of protection against brute-force attacks?
A. PFS
B. HMAC
C. MD5
D. SHA
SHA
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?
A. posture assessment
B. CoA
C. external identity source
D. SNMP probe
CoA
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?
A. 1
B. 3
C. 5
D. 10
10
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?
A. PSIRT
B. Talos
C. CSIRT
D. DEVNET
Talos
What are the two types of managed Intercloud Fabric deployment models? (Choose two)
A. Service Provider managed
B. Public managed
C. Hybrid managed
D. User managed
E. Enterprise managed
Service Provider managed
Enterprise managed
What are two DDoS attack categories? (Choose two)
A. sequential
B. protocol
C. database
D. volume-based
E. screen-based
protocol
volume-based
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?
A. Configure the Cisco WSA to modify policies based on the traffic seen
B. Configure the Cisco ESA to receive real-time updates from Talos
C. Configure the Cisco WSA to receive real-time updates from Talos
D. Configure the Cisco ESA to modify policies based on the traffic seen
Configure the Cisco ESA to modify policies based on the traffic seen
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
A. Encrypted Traffic Analytics
B. Threat Intelligence Director
C. Cognitive Threat Analytics
D. Cisco Talos Intelligence
Threat Intelligence Director
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
A. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.
B. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
C. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
E. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
The Cisco WSA responds with its own IP address only if it is running in transparent mode.
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify an access policy
B. Modify identification profiles
C. Modify outbound malware scanning policies
D. Modify web proxy settings
Modify an access policy
What is the function of SDN southbound API protocols?
A. to allow for the dynamic configuration of control plane applications
B. to enable the controller to make changes
C. to enable the controller to use REST
D. to allow for the static configuration of control plane applications
to enable the controller to make changes
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?
A. weak passwords for authentication
B. unencrypted links for traffic
C. software bugs on applications
D. improper file security
unencrypted links for traffic
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two)
A. URLs
B. protocol IDs
C. IP addresses
D. MAC addresses
E. port numbers
URLs
IP addresses
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?
A. Cisco WiSM
B. Cisco ESA
C. Cisco ISE
D. Cisco Prime Infrastructure
Cisco ISE
What are two benefits of Flexible NetFlow records? (Choose two)
A. They allow the user to configure flow information to perform customized traffic identification
B. They provide attack prevention by dropping the traffic
C. They provide accounting and billing enhancements
D. They converge multiple accounting technologies into one accounting mechanism
E. They provide monitoring of a wider range of IP packet information from Layer 2 to 4
They allow the user to configure flow information to perform customized traffic identification
They provide accounting and billing enhancements
How does DNS Tunneling exfiltrate data?
A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
B. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.
C. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.
D. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?
A. phishing
B. slowloris
C. pharming
D. SYN flood
SYN flood
An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?
A. Configure the Cisco ESA to drop the malicious emails
B. Configure policies to quarantine malicious emails
C. Configure policies to stop and reject communication
D. Configure the Cisco ESA to reset the TCP connection
Configure the Cisco ESA to drop the malicious emails
A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)
A. permit
B. trust
C. reset
D. allow
E. monitor
trust
monitor
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?
A. mirror port
B. Flow
C. NetFlow
D. VPC flow logs
NetFlow
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
A. Configure incoming content filters
B. Use Bounce Verification
C. Configure Directory Harvest Attack Prevention
D. Bypass LDAP access queries in the recipient access table
Bypass LDAP access queries in the recipient access table
What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?
A. Multiple NetFlow collectors are supported
B. Advanced NetFlow v9 templates and legacy v5 formatting are supported
C. Secure NetFlow connections are optimized for Cisco Prime Infrastructure
D. Flow-create events are delayed
Flow-create events are delayed
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
A. TCP 6514
B. UDP 1700
C. TCP 49
D. UDP 1812
UDP 1700
Which public cloud provider supports the Cisco Next Generation Firewall Virtual?
A. Google Cloud Platform
B. Red Hat Enterprise Visualization
C. VMware ESXi
D. Amazon Web Services
Amazon Web Services
What is the purpose of the My Devices Portal in a Cisco ISE environment?
A. to register new laptops and mobile devices
B. to request a newly provisioned mobile device
C. to provision userless and agentless systems
D. to manage and deploy antivirus definitions and patches on systems owned by the end user
to register new laptops and mobile devices
Refer to the exhibit.
ip dhcp snooping
ip dhcp snooping vlan 41,44
!
interface GigabitEthernet1/0/1
description Uplink_To_Distro_Switch_g1/0/11
switchport trunk native vlan 999
switchport trunk allowed vlan 40,41,44
switchport mode trunk
An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?
A. ip dhcp snooping verify mac-address
B. ip dhcp snooping limit 41
C. ip dhcp snooping vlan 41
D. ip dhcp snooping trust
ip dhcp snooping trust
What is the purpose of the certificate signing request when adding a new certificate for a server?
A. It is the password for the certificate that is needed to install it with.
B. It provides the server information so a certificate can be created and signed
C. It provides the certificate client information so the server can authenticate against it when installing
D. It is the certificate that will be loaded onto the server
It provides the server information so a certificate can be created and signed
What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?
A. Cisco Cloudlock
B. Cisco Umbrella
C. Cisco AMP
D. Cisco App Dynamics
Cisco Cloudlock
What is managed by Cisco Security Manager?
A. access point
B. WSA
C. ASA
D. ESA
ASA
How does Cisco Advanced Phishing Protection protect users?
A. It validates the sender by using DKIM.
B. It determines which identities are perceived by the sender
C. It utilizes sensors that send messages securely.
D. It uses machine learning and real-time behavior analytics.
It uses machine learning and real-time behavior analytics.
What is a benefit of using Cisco FMC over Cisco ASDM?
A. Cisco FMC uses Java while Cisco ASDM uses HTML5.
B. Cisco FMC provides centralized management while Cisco ASDM does not.
C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices
Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices
What is a key difference between Cisco Firepower and Cisco ASA?
A. Cisco ASA provides access control while Cisco Firepower does not.
B. Cisco Firepower provides identity-based access control while Cisco ASA does not.
C. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.
D. Cisco ASA provides SSL inspection while Cisco Firepower does not.
Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?
A. Client computers do not have the Cisco Umbrella Root CA certificate installed.
B. IP-Layer Enforcement is not configured.
C. Client computers do not have an SSL certificate deployed from an internal CA server.
D. Intelligent proxy and SSL decryption is disabled in the policy.
Intelligent proxy and SSL decryption is disabled in the policy.
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)
A. virtualization
B. middleware
C. operating systems
D. applications
E. data
virtualization
operating systems
What is an attribute of the DevSecOps process?
A. mandated security controls and check lists
B. security scanning and theoretical vulnerabilities
C. development security
D. isolated security team
development security
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?
A. Bridge Protocol Data Unit guard
B. embedded event monitoring
C. storm control
D. access control lists
storm control
Which two cryptographic algorithms are used with IPsec? (Choose two)
A. AES-BAC
B. AES-ABC
C. HMAC-SHA1/SHA2
D. Triple AMC-CBC
E. AES-CBC
HMAC-SHA1/SHA2
AES-CBC
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
A. LDAP injection
B. man-in-the-middle
C. cross-site scripting
D. insecure API
man-in-the-middle
Which Dos attack uses fragmented packets to crash a target machine?
A. smurf
B. MITM
C. teardrop
D. LAND
teardrop
Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?
A. to prevent theft of the endpoints
B. because defense-in-depth stops at the network
C. to expose the endpoint to more threats
D. because human error or insider threats will still exist
because human error or insider threats will still exist
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose two)
A. westbound AP
B. southbound API
C. northbound API
D. eastbound API
southbound API
northbound API
When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?
A. Multiple routers or VRFs are required.
B. Traffic is distributed statically by default.
C. Floating static routes are required.
D. HSRP is used for fallover.
Traffic is distributed statically by default.
Which algorithm provides asymmetric encryption?
A. RC4
B. AES
C. RSA
D. 3DES
RSA
What are two functions of secret key cryptography? (Choose two)
A. key selection without integer factorization
B. utilization of different keys for encryption and decryption
C. utilization of large prime number iterations
D. provides the capability to only know the key on one side
E. utilization of less memory
utilization of different keys for encryption and decryption
provides the capability to only know the key on one side
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)
A. SDP
B. LDAP
C. subordinate CA
D. SCP
E. HTTP
LDAP
HTTP
Which attack type attempts to shut down a machine or network so that users are not able to access it?
A. smurf
B. bluesnarfing
C. MAC spoofing
D. IP spoofing
smurf
What is a difference between DMVPN and sVTI?
A. DMVPN supports tunnel encryption, whereas sVTI does not.
B. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.
C. DMVPN supports static tunnel establishment, whereas sVTI does not.
D. DMVPN provides interoperability with other vendors, whereas sVTI does not.
DMVPN supports dynamic tunnel establishment
What features does Cisco FTDv provide over ASAv?
A. Cisco FTDv runs on VMWare while ASAv does not
B. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not
C. Cisco FTDv runs on AWS while ASAv does not
D. Cisco FTDv supports URL filtering while ASAv does not
Cisco FTDv supports URL filtering while ASAv does not
In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?
A. when there is a need for traditional anti-malware detection
B. when there is no need to have the solution centrally managed
C. when there is no firewall on the network
D. when there is a need to have more advanced detection capabilities
when there is a need to have more advanced detection capabilities
Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?
A. westbound AP
B. southbound API
C. northbound API
D. eastbound API
southbound API
An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?
A. weak passwords
B. lack of input validation
C. missing encryption
D. lack of file permission
weak passwords
What is the purpose of a Netflow version 9 template record?
A. It specifies the data format of NetFlow processes.
B. It provides a standardized set of information about an IP flow.
C. It defines the format of data records.
D. It serves as a unique identification number to distinguish individual data records
It defines the format of data records.
What is provided by the Secure Hash Algorithm in a VPN?
A. integrity
B. key exchange
C. encryption
D. authentication
key exchange
A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?
A. need to be reestablished with stateful failover and preserved with stateless failover
B. preserved with stateful failover and need to be reestablished with stateless failover
C. preserved with both stateful and stateless failover
D. need to be reestablished with both stateful and stateless failover
preserved with stateful failover and need to be reestablished with stateless failover
Which type of protection encrypts RSA keys when they are exported and imported?
A. file
B. passphrase
C. NGE
D. nonexportable
passphrase
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?
A. The policy was created to send a message to quarantine instead of drop
B. The file has a reputation score that is above the threshold
C. The file has a reputation score that is below the threshold
D. The policy was created to disable file analysis
The file has a reputation score that is below the threshold
An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?
A. NetFlow
B. Packet Tracer
C. Network Discovery
D. Access Control
Network Discovery
Which attack is preventable by Cisco ESA but not by the Cisco WSA?
A. buffer overflow
B. DoS
C. SQL injection
D. phishing
phishing
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)
A. Use outbreak filters from SenderBase
B. Enable a message tracking service
C. Configure a recipient access table
D. Deploy the Cisco ESA in the DMZ
E. Scan quarantined emails using AntiVirus signatures.
Use outbreak filters from SenderBase
Scan quarantined emails using AntiVirus signatures.
Which type of dashboard does Cisco DNA Center provide for complete control of the network?
A. service management
B. centralized management
C. application management
D. distributed management
centralized management
In an IaaS cloud services model, which security function is the provider responsible for managing?
A. Internet proxy
B. firewalling virtual machines
C. CASB
D. hypervisor OS hardening
firewalling virtual machines
A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?
A. Use MAB with profiling
B. Use MAB with posture assessment.
C. Use 802.1X with posture assessment.
D. Use 802.1X with profiling.
Use MAB with profiling
