Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco 350-701 > Exam F > Flashcards

Exam F Flashcards

1
Q

Which attack is commonly associated with C and C++ programming languages?

A. cross-site scriptingwrong
B. DDoS
C. buffer overflow
D. water holing

A

buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. SMTPwrong
B. pxGrid
C. STIX
D. XMPP

A

STIX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which two preventive measures are used to control cross-site scripting? (Choose two)

A. Disable cookie inspection in the HTML inspection engine.wrong

B. Incorporate contextual output encoding/escaping

C. Enable client-side scripts on a per-domain basis

D. Run untrusted HTML input through an HTML sanitization engine.

E. Same Site cookie attribute should not be used.

A

Incorporate contextual output encoding/escaping

Enable client-side scripts on a per-domain basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which two mechanisms are used to control phishing attacks? (Choose two)

A. Use antispyware software.wrong
B. Implement email filtering techniques.
C. Revoke expired CRL of the websites.
D. Enable browser alerts for fraudulent websites.
E. Define security group memberships.

A

Implement email filtering techniques.

Enable browser alerts for fraudulent websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. rootkit exploitwrong
B. Smurf
C. distributed denial of service
D. cross-site scripting

A

cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which two behavioral patterns characterize a ping of death attack? (Choose two)

A. Malformed packets are used to crash systems.

B. The attack is fragmented into groups of 8 octets before transmission.

C. The attack is fragmented into groups of 16 octets before transmission.

D. Publicly accessible DNS servers are typically used to execute the attack.

E. Short synchronized bursts of traffic are used to disrupt TCP connections.

A

Malformed packets are used to crash systems.

The attack is fragmented into groups of 8 octets before transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between deceptive phishing and spear phishing?

A. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

B. A spear phishing campaign is aimed at a specific person versus a group of people.

C. Spear phishing is when the attack is aimed at the C-level executives of an organization.

D. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A

A spear phishing campaign is aimed at a specific person versus a group of people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

A. Patch for cross-site scripting.
B. Perform backups to the private cloud.
C. Protect systems with an up-to-date antimalware program.
D. Protect against input validation and character escapes in the endpoint.
E. Install a spam and virus email filter.

A

Protect systems with an up-to-date antimalware program.

Install a spam and virus email filter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which two capabilities does TAXII support? (Choose two)

A. Binding
B. Exchange
C. Mitigating
D. Pull messaging
E. Correlation

A

Binding

Pull messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. web page images
B. database
C. Linux and Windows operating systems
D. user input validation in a web page or web application

A

user input validation in a web page or web application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A. Secure the connection between the web and the app tier.
B. Use prepared statements and parameterized queries.
C. Check integer, float, or Boolean string parameters to ensure accurate values.
D. Block SQL code execution in the web application database login.
E. Write SQL code instead of using object-relational mapping libraries.

A

Use prepared statements and parameterized queries.

Check integer, float, or Boolean string parameters to ensure accurate values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which form of attack is launched using botnets?

A. DDOS
B. EIDDOS
C. TCP flood
D. virus

A

DDOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which type of attack is social engineering?

A. trojan
B. malware
C. phishing
D. MITM

A

phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A. profile
B. url
C. terminal
D. selfsigned

A

profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)

A. ARP spoofing
B. exploits
C. malware
D. eavesdropping
E. denial-of-service attacks

A

exploits

malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are two rootkit types? (Choose two)

A. bootloader
B. buffer mode
C. registry
D. virtual
E. user mode

A

bootloader

user mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death
B. HTTP flood
C. virus
D. NTP amplification

A

virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

A. 3DES
B. DES
C. RSA
D. AES

A

RSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which two descriptions of AES encryption are true? (Choose two)

A. AES is more secure than 3DES.
B. AES can use a 168-bit key for encryption.
C. AES can use a 256-bit key for encryption.
D. AES encrypts and decrypts a key three times in sequence.
E. AES is less secure than 3DES.

A

AES is more secure than 3DES.

AES can use a 256-bit key for encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which algorithm provides encryption and authentication for data plane communication?

A. SHA-96
B. SHA-384
C. AES-GCM
D. AES-256

A

AES-GCM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which two key and block sizes are valid for AES? (Choose two)

A. 128-bit block size, 192-bit key length
B. 128-bit block size, 256-bit key length
C. 64-bit block size, 168-bit key length
D. 192-bit block size, 256-bit key length
E. 64-bit block size, 112-bit key length

A

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

A

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A. DMVPN
B. FlexVPN
C. IPsec DVTI
D. GET VPN

A

GET VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically

B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device

D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

A

The IPsec configuration that is set up on the active device must be duplicated on the standby device

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which VPN technology can support a multivendor environment and secure traffic between sites?

A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN

A

GET VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

A. Change isakmp to ikev2 in the command on hostA.
B. Enter the command with a different password on hostB.
C. Enter the same command on hostB.
D. Change the password on hostA to the default password.

A

Enter the same command on hostB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is a difference between FlexVPN and DMVPN?

A. DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1
B. DMVPN uses only IKEv1 FlexVPN uses only IKEv2
C. FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2
D. FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

A

FlexVPN uses IKEv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A. TLSv1.2
B. TLSv1.1
C. BJTLSv1
D. DTLSv1

A

DTLSv1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a commonality between DMVPN and FlexVPN technologies?

A. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
B. FlexVPN and DMVPN use the new key management protocol
C. FlexVPN and DMVPN use the same hashing algorithms
D. IOS routers run the same NHRP code for DMVPN and FlexVPN

A

IOS routers run the same NHRP code for DMVPN and FlexVPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which functions of an SDN architecture require southbound APIs to enable communication?

A. management console and the cloud
B. management console and the SDN controller
C. SDN controller and the cloud
D. SDN controller and the network elements

A

SDN controller and the network elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

A. accounting
B. encryption
C. assurance
D. automation
E. authentication

A

assurance

automation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud
B. management console and the cloud
C. management console and the SDN controller
D. SDN controller and the management solution

A

SDN controller and the management solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

A. push
B. options
C. connect
D. put
E. get

A

push

put

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which API is used for Content Security?

A. OpenVuln API
B. IOS XR API
C. NX-OS API
D. AsyncOS API

A

AsyncOS API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which option is the main function of Cisco Firepower impact flags?

A. They alert administrators when critical events occur.

B. They identify data that the ASA sends to the Firepower module.

C. They correlate data about intrusions and vulnerability.

D. They highlight known and suspected malicious IP addresses in reports.

A

They correlate data about intrusions and vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

A. Cisco FTDv configured in routed mode and IPv6 configured

B. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

C. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

D. Cisco FTDv with two management interfaces and one traffic interface configured

E. Cisco FTDv with one management interface and two traffic interfaces configured

A

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

A. Endpoint Trust List
B. Secured Collaboration Proxy
C. Certificate Trust List
D. Enterprise Proxy Service

A

Certificate Trust List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

A. routed mode
B. active mode
C. transparent mode
D. inline mode
E. passive monitor-only mode

A

inline mode

passive monitor-only mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

A. time synchronization
B. network address translations
C. quality of service
D. intrusion policy

A

time synchronization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which information is required when adding a device to Firepower Management Center?

A. encryption method
B. username and password
C. device serial number
D. registration key

A

registration key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

A. Protocol
B. Source
C. Port
D. Application
E. Rule

A

Source

Rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

A. Security Intelligence
B. URL Filtering
C. Impact Flags
D. Health Monitoring

A

Impact Flags

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?

A. protect
B. malware
C. URL filtering
D. control

A

protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

A. health policy
B. correlation policy
C. system policy
D. health awareness policy
E. access control policy

A

health policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

A. Its events match all traffic classes in parallel.

B. It tracks the flow continuously and provides updates every 10 seconds.

C. It tracks flow-create, flow-teardown, and flow-denied events.

D. It provides stateless IP flow tracking that exports all records of a specific flow.

A

It tracks flow-create

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)

A. SSL
B. packet decoder
C. SIP
D. modbus
E. inline normalization

A

SSL

SIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A. user deployment of Layer 3 networks
B. multiple context mode
C. clustering
D. IPv6

A

user deployment of Layer 3 networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?

A. routed mode
B. transparent mode
C. multiple zone mode
D. multiple context mode

A

multiple context mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)

A. Define a NetFlow collector by using the flow-export command.
B. Enable NetFlow Version 9.
C. Create an ACL to allow UDP traffic on port 9996.
D. Create a class map to match interesting traffic.
E. Apply NetFlow Exporter to the outside interface in the inbound direction.

A

Define a NetFlow collector by using the flow-export command.

Apply NetFlow Exporter to the outside interface in the inbound direction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

How many interfaces per bridge group does an ASA bridge group deployment support?

A. up to 8
B. up to 4
C. up to 16
D. up to 2

A

up to 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

A. Intrusion
B. Correlation
C. Access Control
D. Network Discovery

A

Network Discovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

A. It inspects hosts that meet the profile with more intrusion rules.
B. It defines a traffic baseline for traffic anomaly deduction.
C. It allows traffic if it does not meet the profile.
D. It blocks traffic if it does not meet the profile.

A

It defines a traffic baseline for traffic anomaly deduction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
B. A flow-export event type must be defined under a policy.
C. NSEL can be used without a collector configured.
D. A sysopt command can be used to enable NSEL on a specific interface.

A

A flow-export event type must be defined under a policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which ASA deployment mode can provide separation of management on a shared appliance?

A. transparent firewall mode
B. routed mode
C. multiple context mode
D. DMZ multiple zone mode

A

multiple context mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A. Device Management Policy
B. Group Policy
C. Platform Service Policy
D. Access Control Policy

A

Platform Service Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

```Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?

A. configure manager <key> add host
B. configure system add <host><key>
C. configure manager add <host><key>
D. configure manager delete```</key></host></key></host></key>

A 
configure manager add <host><key>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?

A. ip flow monitor input
B. flow-export destination inside 1.1.1.1 2055
C. flow exporter
D. ip flow-export destination 1.1.1.1 2055

A

flow-export destination inside 1.1.1.1 2055

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which statement about IOS zone-based firewalls is true?

A. An unassigned interface can communicate with assigned interfaces

B. An interface can be assigned to multiple zones.

C. An interface can be assigned only to one zone.

D. Only one interface can be assigned to a zone.

A

An interface can be assigned only to one zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is a characteristic of Firepower NGIPS inline deployment mode?

A. It must have inline interface pairs configured.
B. ASA with Firepower module cannot be deployed.
C. It is out-of-band from traffic.
D. It cannot take actions such as blocking traffic.

A

It must have inline interface pairs configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which technology is used to improve web traffic performance by proxy caching?

A. FireSIGHT
B. WSA
C. ASA
D. Firepower

A

WSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is the primary benefit of deploying an ESA in hybrid mode?

A. You can fine-tune its settings to provide the optimum balance between security and performance for your environment

B. It provides the lowest total cost of ownership by reducing the need for physical appliances

C. It provides email security while supporting the transition to the cloud

D. It provides maximum protection and control of outbound messages

A

It provides email security while supporting the transition to the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

A. redirection
B. forward
C. transparent
D. proxy gateway

A

transparent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A. It alerts users when the WSA decrypts their traffic.
B. It provides enhanced HTTPS application detection for AsyncOS.
C. It decrypts HTTPS application traffic for unauthenticated users.
D. It decrypts HTTPS application traffic for authenticated users.

A

It provides enhanced HTTPS application detection for AsyncOS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What is the primary role of the Cisco Email Security Appliance?

A. Mail Submission Agent
B. Mail User Agent
C. Mail Transfer Agent
D. Mail Delivery Agent

A

Mail Transfer Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)

A. RAT
B. white list
C. Sophos engine
D. outbreak filters
E. DLP

A

Sophos engine

outbreak filters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Which action controls the amount of URI text that is stored in Cisco WSA logs files?

A. Configure the advancedproxyconfig command with the HTTPS subcommand
B. Configure a maximum packet size.
C. Configure a small log-entry size.
D. Configure the datasecurityconfig command

A

Configure the advancedproxyconfig command with the HTTPS subcommand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

A. NetFlow
B. Data loss prevention
C. Time-based one-time passwords
D. Heuristic-based filtering
E. Geolocation-based filtering

A

Data loss prevention

Geolocation-based filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two)

A. reference a Proxy Auto Config file
B. configure policy-based routing on the network infrastructure
C. use Web Cache Communication Protocol
D. configure the proxy IP address in the web-browser settings
E. configure Active Directory Group Policies to push proxy settings

A

reference a Proxy Auto Config file

use Web Cache Communication Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform to determine where each message was lost?

A. Perform a trace.
B. Configure the trackingconfig command to enable message tracking.
C. Review the log files.
D. Generate a system report.

A

Configure the trackingconfig command to enable message tracking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

A. It can handle explicit HTTP requests.

B. It requires a proxy for the client web browser.

C. Layer 4 switches can automatically redirect traffic destined to port 80.

D. It requires a PAC file for the client web browser.

E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

A

Layer 4 switches can automatically redirect traffic destined to port 80.

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?

A. RAT
B. HAT
C. SAT
D. BAT

A

RAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

A. antispam
B. DDoS
C. encryption
D. antivirus
E. DLP

A

encryption

DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A. AMP Reputation Center
B. IP Blacklist Center
C. IP and Domain Reputation Center
D. File Reputation Center

A

IP and Domain Reputation Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Why would a user choose an on-premises ESA versus the CES solution?

A. Demand is unpredictable.
B. ESA is deployed inline.
C. Sensitive data must remain onsite.
D. The server team wants to outsource this service.

A

Sensitive data must remain onsite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Which deployment model is the most secure when considering risks to cloud adoption?

A. Public Cloud
B. Community Cloud
C. Private Cloud
D. Hybrid Cloud

A

Private Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which technology reduces data loss by identifying sensitive information stored in public computing environments?

A. Cisco HyperFlex
B. Cisco Cloudlock
C. Cisco Firepower
D. Cisco SDA

A

Cisco Cloudlock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

On which part of the IT environment does DevSecOps focus?

A. application development
B. perimeter network
C. data center
D. wireless network

A

application development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

A. Tetration
B. Firepower
C. Nexus
D. Stealthwatch

A

Tetration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

In which cloud services model is the tenant responsible for virtual machine OS patching?

A. SaaS
B. PaaS
C. UCaaS
D. IaaS

A

IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

A. XaaS
B. PaaS
C. SaaS
D. IaaS

A

PaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

A. virtual machine
B. hypervisor
C. application
D. network

A

application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What is the function of Cisco Cloudlock for data security?

A. user and entity behavior analytics
B. controls malicious cloud apps
C. detects anomalies
D. data loss prevention

A

data loss prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

A. It sends the application information to an administrator to act on.

B. It discovers and controls cloud apps that are connected to a company’s corporate environment.

C. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.

D. It deletes any application that does not belong in the network.

A

It discovers and controls cloud apps that are connected to a company’s corporate environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

A. Cisco Identity Services Engine with PxGrid services enabled
B. Cisco Identity Services Engine and AnyConnect Posture module
C. Cisco ASA firewall with Dynamic Access Policies configured
D. Cisco Stealthwatch and Cisco Identity Services Engine integration

A

Cisco Identity Services Engine and AnyConnect Posture module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

A. It allows the endpoint to authenticate with 802.1x or MAB.
B. It allows CoA to be applied if the endpoint status is compliant.
C. It adds endpoints to identity groups dynamically.
D. It verifies that the endpoint has the latest Microsoft security patches installed.

A

It allows the endpoint to authenticate with 802.1x or MAB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two)

A. single sign-on
B. local web auth
C. multiple factor auth
D. central web auth
E. TACACS+

A

local web auth

central web auth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

A. RADIUS Change of Authorization
B. DHCP snooping
C. device tracking
D. VLAN hopping

A

RADIUS Change of Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

A. Windows service
B. computer identity
C. default browser
D. Windows firewall
E. user identity

A

Windows service

Windows firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two)

A. sFlow
B. TACACS+
C. DHCP
D. SMTP
E. RADIUS

A

DHCP

RADIUS

90
Q

Which compliance status is shown when a configured posture policy requirement is not met?

A. noncompliant
B. authorized
C. unknown
D. compliant

A

noncompliant

91
Q

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransom ware infection? (Choose two)

A. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

B. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

D. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

E. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

A

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

92
Q

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

A. Port Bounce
B. CoA Reauth
C. CoA Session Query
D. CoA Terminate

A

CoA Reauth

93
Q

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

A. Internal Database
B. RSA SecureID
C. LDAP
D. Active Directory

A

Active Directory

94
Q

What is a characteristic of Dynamic ARP Inspection?

A. DAI intercepts all ARP requests and responses on trusted ports only.

B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

C. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

D. DAI associates a trust state with each switch.

A

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

95
Q

A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)

A. Dynamic ARP inspection
B. 802.1AE MacSec
C. Private VLANs
D. DHCP Snooping
E. Port security
F. IP Device track

A

Dynamic ARP inspection

DHCP Snooping

96
Q

Which command enables 802.1X globally on a Cisco switch?

A. dot1x pae authenticator
B. authentication port-control aut
C. dot1x system-auth-control
D. aaa new-model

A

dot1x system-auth-control

97
Q

What is a characteristic of traffic storm control behavior?

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

B. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

C. Traffic storm control cannot determine if the packet is unicast or broadcast.

D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

A

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

98
Q

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A. The no ip arp inspection trust command is applied on all user host interfaces

B. Dynamic ARP Inspection has not been enabled on all VLANs

C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

D. DHCP snooping has not been enabled on all VLANs.

A

The no ip arp inspection trust command is applied on all user host interfaces

99
Q

Which IPS engine detects ARP spoofing?

A. AIC Engine
B. Atomic ARP Engine
C. Service Generic Engine
D. ARP Inspection Engine

A

Atomic ARP Engine

100
Q

Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?

A. 2
B. 6
C. 1
D. 31

A

6

101
Q

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

A. snmp-server host inside 10.255.254.1 version 3 andy
B. snmp-server host inside 10.255.254.1 version 3 myv3
C. snmp-server host inside 10.255.254.1 snmpv3 andy
D. snmp-server host inside 10.255.254.1 snmpv3 myv3

A

snmp-server host inside 10.255.254.1 version 3 andy

102
Q

Which SNMPv3 configuration must be used to support the strongest security possible?

A. asa-host(config)#snmpserver group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

B. asa-host(config)#snmp-server group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

C. asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D. asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

A

asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

103
Q

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

A. process details variation
B. software package variation
C. flow insight variation
D. interpacket variation

A

interpacket variation

104
Q

What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

A. show authorization status
B. show ver gi0/1
C. show authen sess int gi0/1
D. show connection status gi0/1

A

show authen sess int gi0/1

105
Q

Refer to the exhibit.

HQ_Router(config)#username admin5 privilege 5
HQ_Router(config)#privilege interface level 5 shutdown
HQ_Router(config)#privilege interface level 5 ip
HQ_Router(config)#privilege interface level 5 description

A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?

A. set the IP address of an interface
B. complete no configurations
C. complete all configurations
D. add subinterfaces

A

complete no configurations

106
Q

Refer to the exhibit.

snmp-server group SNMP v3 auth access 15

What does the number 15 represent in this configuration?

A. privilege level for an authorized user to this router
B. access list that identifies the SNMP devices that can access the router
C. interval in seconds between SNMPv3 authentication attempts
D. number of possible failed attempts until the SNMPv3 user is locked out

A

access list that identifies the SNMP devices that can access the router

107
Q

Under which two circumstances is a CoA issued? (Choose two)

A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is profiled for the first time.
C. A new Identity Service Engine server is added to the deployment with the Administration persona
D. A new Identity Source Sequence is created and referenced in the authentication policy.
E. An endpoint is deleted on the Identity Service Engine server.

A

An endpoint is profiled for the first time.

An endpoint is deleted on the Identity Service Engine server.

108
Q

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

A. DNSSEC
B. DNS tunneling
C. DNS security
D. DNSCrypt

A

DNS tunneling

109
Q

How is ICMP used an exfiltration technique?

A. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

B. by overwhelming a targeted host with ICMP echo-request packets

C. by flooding the destination host with unreachable packets

D. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

A

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

110
Q

How is DNS tunneling used to exfiltrate data out of a corporate network?

A. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

B. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.

D. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

A

It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

111
Q

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two)

A. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

B. An exposed API for the messaging platform is used to send large amounts of data.

C. Outgoing traffic is allowed so users can communicate with outside organizations.

D. Malware infects the messenger application on the user endpoint to send company data.

E. Messenger applications cannot be segmented with standard network controls.

A

Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

Messenger applications cannot be segmented with standard network controls.

112
Q

What are two list types within AMP for Endpoints Outbreak Control? (Choose two)

A. URL
B. allowed applications
C. simple custom detections
D. command and control
E. blocked ports

A

allowed applications

simple custom detections

113
Q

Which function is the primary function of Cisco AMP threat Grid?

A. monitoring network traffic
B. automated malware analysis
C. applying a real-time URI blacklist
D. automated email encryption

A

automated malware analysis

114
Q

Which Cisco AMP file disposition valid?

A. malware
B. non malicious
C. pristine
D. dirty

A

malware

115
Q

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?

A. public cloud
B. private cloud
C. cloud web services
D. network AMP

A

private cloud

116
Q

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A. TETRA detection engine
B. ETHOS detection engine
C. RBAC
D. SPERO detection engine

A

ETHOS detection engine

117
Q

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

A. Spero analysis
B. sandbox analysis
C. dynamic analysis
D. malware analysis

A

dynamic analysis

118
Q

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

A. Activate SSL decryption.
B. Activate the Advanced Malware Protection license
C. Enable IP Layer enforcement.
D. Enable Intelligent Proxy.

A

Enable Intelligent Proxy.

119
Q

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?

A. device flow correlation
B. simple detections
C. application blocking list
D. advanced custom detections

A

application blocking list

120
Q

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

A. authentication server: Cisco Identity Service Engine
B. authenticator: Cisco Identity Services Engine
C. authenticator: Cisco Catalyst switch
D. authentication server: Cisco Prime Infrastructure
E. supplicant: Cisco AnyConnect ISE Posture module

A

authentication server: Cisco Identity Service Engine

authenticator: Cisco Catalyst switch

121
Q

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

A. aaa new-model
B. auth-type all
C. ip device-tracking
D. aaa server radius dynamic-author

A

aaa new-model

122
Q

Refer to the exhibit.

aaa new-model
radius-server host 10.0.0.12 key secret12

Which statement about the authentication protocol used in the configuration is true?
A. There are separate authentication and authorization request packets
B. The authentication request contains only a username
C. The authentication request contains only a password
D. The authentication and authorization requests are grouped in a single packet

A

The authentication and authorization requests are grouped in a single packet

123
Q

An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

A. Cisco Identity Services Engine
B. Cisco AMP for Endpoints
C. Cisco Stealthwatch
D. Cisco Prime Infrastructure

A

Cisco Identity Services Engine

124
Q

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

A. NGFW
B. WSA
C. AMP
D. ESA

A

AMP

125
Q

An MDM provides which two advantages to an organization with regards to device management? (Choose two)

A. Active Directory group policy management
B. network device management
C. allowed application management
D. critical device management
E. asset inventory management

A

allowed application management

asset inventory management

126
Q

Which benefit does endpoint security provide the overall security posture of an organization?

A. It allows the organization to detect and respond to threats at the edge of the network.

B. It streamlines the incident response process to automatically perform digital forensics on the endpoint.

C. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

A

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

127
Q

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?

A. DHCP
B. NMAP
C. NetFlow
D. SNMP

A

NMAP

128
Q

What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two)

A. secure access to on-premises and cloud applications

B. identification and correction of application vulnerabilities before allowing access to resources

C. single sign-on access to on-premises and cloud applications

D. integration with 802.1x security using native Microsoft Windows supplicant

E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

A

secure access to on-premises and cloud applications

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

129
Q

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

A. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

B. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

C. EPP focuses on network security, and EDR focuses on device security.

D. EDR focuses on network security, and EPP focuses on device security.

A

EPP focuses on prevention

130
Q

Which two kinds of attacks are prevented by multifactor authentication? (Choose two)

A. phishing
B. teardrop
C. DDOS
D. brute force
E. man-in-the-middle

A

brute force

man-in-the-middle

131
Q

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

A. encryption factor
B. time factor
C. confidentiality factor
D. knowledge factor
E. biometric factor

A

time factor

knowledge factor

132
Q

How is Cisco Umbrella configured to log only security events?

A. per policy
B. per network in the Deployments section
C. in the Reporting settings
D. in the Security Settings section

A

per policy

133
Q

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

A. SSL Decryption
B. Destination Lists
C. SafeSearch
D. File Analysis

A

SSL Decryption

134
Q

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A. destination lists
B. security settings
C. content categories
D. application settings

A

destination lists

135
Q

How does Cisco Umbrella archive logs to an enterprise owned storage?

A. by sending logs via syslog to an on-premises or cloud-based syslog server

B. by using the Application Programming Interface to fetch the logs

C. by being configured to send logs to a self-managed AWS S3 bucket

D. by the system administrator downloading the logs from the Cisco Umbrella web portal

A

by being configured to send logs to a self-managed AWS S3 bucket

136
Q

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

A. File Analysis
B. Security Category Blocking
C. Application Control
D. Content Category Blocking

A

Security Category Blocking

137
Q

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

A. Add the public IP address that the client computers are behind to a Core Identity.

B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.

C. Ensure that the client computers are pointing to the on-premises DNS servers.

D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

A

Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

138
Q

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

A. Cisco Firepower
B. NGIPS
C. Cisco Umbrella
D. Cisco Stealthwatch

A

Cisco Umbrella

139
Q

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

A. AMP
B. DynDNS
C. AnyConnect
D. Talos

A

Talos

140
Q

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

A. Cisco Threat Grid
B. Cisco Umbrella
C. External Threat Feeds
D. Cisco Stealthwatch

A

Cisco Threat Grid

141
Q

What must be used to share data between multiple security products?

A. Cisco Rapid Threat Containment
B. Cisco Platform Exchange Grid
C. Cisco Stealthwatch Cloud
D. Cisco Advanced Malware Protection

A

Cisco Platform Exchange Grid

142
Q

Which two activities can be done using Cisco DNA Center? (Choose two)

A. Design
B. Provision
C. DHCP
D. DNS
E. Accounting

A

Design

Provision

143
Q

What provides visibility and awareness into what is currently occurring on the network?

A. Prime Infrastructure
B. Telemetry
C. CMX
D. WMI

A

Prime Infrastructure

144
Q

What is the function of the Context Directory Agent?

A. reads the Active Directory logs to map IP addresses to usernames

B. accepts user authentication requests on behalf of Web Security Appliance for user identification

C. relays user authentication requests from Web Security Appliance to Active Directory

D. maintains users’ group memberships

A

reads the Active Directory logs to map IP addresses to usernames

145
Q

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

A. Advanced Malware Protection
B. Platform Exchange Grid
C. Multifactor Platform Integration
D. Firepower Threat Defense

A

Platform Exchange Grid

146
Q

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

A. command and control communication
B. snort
C. data exfiltration
D. intelligent proxy
E. URL categorization

A

command and control communication

data exfiltration

147
Q

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A. It delivers visibility and threat detection.
B. It assigns Internet-based DNS protection for clients and servers.
C. It facilitates secure connectivity between public and private networks.
D. It prevents exfiltration of sensitive data.

A

It delivers visibility and threat detection.

148
Q

Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

A. SNMP
B. model-driven telemetry
C. SMTP
D. syslog

A

model-driven telemetry

149
Q

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

A. Cisco Security Intelligence
B. Cisco Application Visibility and Control
C. Cisco DNA Center
D. Cisco Model Driven Telemetry

A

Cisco Application Visibility and Control

150
Q

What is a feature of the open platform capabilities of Cisco DNA Center?

A. domain integration
B. application adapters
C. intent-based APIs
D. automation adapters

A

intent-based APIs

151
Q

What is a characteristic of a bridge group in ASA Firewall transparent mode?

A. It includes multiple interfaces and access rules between interfaces are customizable

B. It is a Layer 3 segment and includes one port and customizable access rules

C. It allows ARP traffic with a single access rule

D. It has an IP address on its BVI interface and is used for management traffic

A

It includes multiple interfaces and access rules between interfaces are customizable

152
Q

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

A. Common Security Exploits
B. Common Vulnerabilities and Exposures
C. Common Exploits and Vulnerabilities
D. Common Vulnerabilities, Exploits and Threats

A

Common Vulnerabilities and Exposures

153
Q

Which two fields are defined in the NetFlow flow? (Choose two)

A. type of service byte
B. class of service bits
C. Layer 4 protocol type
D. destination port
E. output logical interface

A

type of service byte

destination port

154
Q

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

A. NetFlow
B. desktop client
C. ASDM
D. API

A

API

155
Q

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

A. sniffing the packets between the two hosts
B. sending continuous pings
C. overflowing the buffer’s memory
D. inserting malicious commands into the database

A

inserting malicious commands into the database

156
Q

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

A. Cisco Firepower
B. Cisco Umbrella
C. ISE
D. AMP

A

Cisco Umbrella

157
Q

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?

A. Security Manager
B. Cloudlock
C. Web Security Appliance
D. Cisco ISE

A

Cloudlock

158
Q

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?

A. Disable telnet using the no ip telnet command.
B. Enable the SSH server using the ip ssh server command.
C. Configure the port using the ip ssh port 22 command.
D. Generate the RSA key using the crypto key generate rsa command.

A

Generate the RSA key using the crypto key generate rsa command.

159
Q

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

A. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
B. The file is queued for upload when connectivity is restored.
C. The file upload is abandoned.
D. The ESA immediately makes another attempt to upload the file.

A

The file upload is abandoned.

160
Q

Which type of algorithm provides the highest level of protection against brute-force attacks?

A. PFS
B. HMAC
C. MD5
D. SHA

A

SHA

161
Q

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

A. posture assessment
B. CoA
C. external identity source
D. SNMP probe

A

CoA

162
Q

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

A. 1
B. 3
C. 5
D. 10

A

10

163
Q

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

A. PSIRT
B. Talos
C. CSIRT
D. DEVNET

A

Talos

164
Q

What are the two types of managed Intercloud Fabric deployment models? (Choose two)

A. Service Provider managed
B. Public managed
C. Hybrid managed
D. User managed
E. Enterprise managed

A

Service Provider managed

Enterprise managed

165
Q

What are two DDoS attack categories? (Choose two)

A. sequential
B. protocol
C. database
D. volume-based
E. screen-based

A

protocol

volume-based

166
Q

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?

A. Configure the Cisco WSA to modify policies based on the traffic seen

B. Configure the Cisco ESA to receive real-time updates from Talos

C. Configure the Cisco WSA to receive real-time updates from Talos

D. Configure the Cisco ESA to modify policies based on the traffic seen

A

Configure the Cisco ESA to modify policies based on the traffic seen

167
Q

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

A. Encrypted Traffic Analytics
B. Threat Intelligence Director
C. Cognitive Threat Analytics
D. Cisco Talos Intelligence

A

Threat Intelligence Director

168
Q

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

A. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.

B. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

C. The Cisco WSA is configured in a web browser only if it is running in transparent mode.

D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E. The Cisco WSA responds with its own IP address only if it is running in transparent mode.

A

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

169
Q

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

A. Modify an access policy
B. Modify identification profiles
C. Modify outbound malware scanning policies
D. Modify web proxy settings

A

Modify an access policy

170
Q

What is the function of SDN southbound API protocols?

A. to allow for the dynamic configuration of control plane applications
B. to enable the controller to make changes
C. to enable the controller to use REST
D. to allow for the static configuration of control plane applications

A

to enable the controller to make changes

171
Q

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

A. weak passwords for authentication
B. unencrypted links for traffic
C. software bugs on applications
D. improper file security

A

unencrypted links for traffic

172
Q

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two)

A. URLs
B. protocol IDs
C. IP addresses
D. MAC addresses
E. port numbers

A

URLs

IP addresses

173
Q

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

A. Cisco WiSM
B. Cisco ESA
C. Cisco ISE
D. Cisco Prime Infrastructure

A

Cisco ISE

174
Q

What are two benefits of Flexible NetFlow records? (Choose two)

A. They allow the user to configure flow information to perform customized traffic identification

B. They provide attack prevention by dropping the traffic

C. They provide accounting and billing enhancements

D. They converge multiple accounting technologies into one accounting mechanism

E. They provide monitoring of a wider range of IP packet information from Layer 2 to 4

A

They allow the user to configure flow information to perform customized traffic identification

They provide accounting and billing enhancements

175
Q

How does DNS Tunneling exfiltrate data?

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

B. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.

D. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

A

An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

176
Q

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

A. phishing
B. slowloris
C. pharming
D. SYN flood

A

SYN flood

177
Q

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?
A. Configure the Cisco ESA to drop the malicious emails
B. Configure policies to quarantine malicious emails
C. Configure policies to stop and reject communication
D. Configure the Cisco ESA to reset the TCP connection

A

Configure the Cisco ESA to drop the malicious emails

178
Q

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)

A. permit
B. trust
C. reset
D. allow
E. monitor

A

trust

monitor

179
Q

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?

A. mirror port
B. Flow
C. NetFlow
D. VPC flow logs

A

NetFlow

180
Q

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A. Configure incoming content filters
B. Use Bounce Verification
C. Configure Directory Harvest Attack Prevention
D. Bypass LDAP access queries in the recipient access table

A

Bypass LDAP access queries in the recipient access table

181
Q

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A. Multiple NetFlow collectors are supported

B. Advanced NetFlow v9 templates and legacy v5 formatting are supported

C. Secure NetFlow connections are optimized for Cisco Prime Infrastructure

D. Flow-create events are delayed

A

Flow-create events are delayed

182
Q

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

A. TCP 6514
B. UDP 1700
C. TCP 49
D. UDP 1812

A

UDP 1700

183
Q

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A. Google Cloud Platform
B. Red Hat Enterprise Visualization
C. VMware ESXi
D. Amazon Web Services

A

Amazon Web Services

184
Q

What is the purpose of the My Devices Portal in a Cisco ISE environment?

A. to register new laptops and mobile devices
B. to request a newly provisioned mobile device
C. to provision userless and agentless systems
D. to manage and deploy antivirus definitions and patches on systems owned by the end user

A

to register new laptops and mobile devices

185
Q

Refer to the exhibit.

ip dhcp snooping
ip dhcp snooping vlan 41,44
!
interface GigabitEthernet1/0/1
description Uplink_To_Distro_Switch_g1/0/11
switchport trunk native vlan 999
switchport trunk allowed vlan 40,41,44
switchport mode trunk

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?

A. ip dhcp snooping verify mac-address
B. ip dhcp snooping limit 41
C. ip dhcp snooping vlan 41
D. ip dhcp snooping trust

A

ip dhcp snooping trust

186
Q

What is the purpose of the certificate signing request when adding a new certificate for a server?

A. It is the password for the certificate that is needed to install it with.

B. It provides the server information so a certificate can be created and signed

C. It provides the certificate client information so the server can authenticate against it when installing

D. It is the certificate that will be loaded onto the server

A

It provides the server information so a certificate can be created and signed

187
Q

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A. Cisco Cloudlock
B. Cisco Umbrella
C. Cisco AMP
D. Cisco App Dynamics

A

Cisco Cloudlock

188
Q

What is managed by Cisco Security Manager?

A. access point
B. WSA
C. ASA
D. ESA

A

ASA

189
Q

How does Cisco Advanced Phishing Protection protect users?

A. It validates the sender by using DKIM.

B. It determines which identities are perceived by the sender

C. It utilizes sensors that send messages securely.

D. It uses machine learning and real-time behavior analytics.

A

It uses machine learning and real-time behavior analytics.

190
Q

What is a benefit of using Cisco FMC over Cisco ASDM?

A. Cisco FMC uses Java while Cisco ASDM uses HTML5.

B. Cisco FMC provides centralized management while Cisco ASDM does not.

C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

A

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

191
Q

What is a key difference between Cisco Firepower and Cisco ASA?

A. Cisco ASA provides access control while Cisco Firepower does not.

B. Cisco Firepower provides identity-based access control while Cisco ASA does not.

C. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D. Cisco ASA provides SSL inspection while Cisco Firepower does not.

A

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

192
Q

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

A. Client computers do not have the Cisco Umbrella Root CA certificate installed.

B. IP-Layer Enforcement is not configured.

C. Client computers do not have an SSL certificate deployed from an internal CA server.

D. Intelligent proxy and SSL decryption is disabled in the policy.

A

Intelligent proxy and SSL decryption is disabled in the policy.

193
Q

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

A. virtualization
B. middleware
C. operating systems
D. applications
E. data

A

virtualization

operating systems

194
Q

What is an attribute of the DevSecOps process?

A. mandated security controls and check lists
B. security scanning and theoretical vulnerabilities
C. development security
D. isolated security team

A

development security

195
Q

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?

A. Bridge Protocol Data Unit guard
B. embedded event monitoring
C. storm control
D. access control lists

A

storm control

196
Q

Which two cryptographic algorithms are used with IPsec? (Choose two)

A. AES-BAC
B. AES-ABC
C. HMAC-SHA1/SHA2
D. Triple AMC-CBC
E. AES-CBC

A

HMAC-SHA1/SHA2

AES-CBC

197
Q

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A. LDAP injection
B. man-in-the-middle
C. cross-site scripting
D. insecure API

A

man-in-the-middle

198
Q

Which Dos attack uses fragmented packets to crash a target machine?

A. smurf
B. MITM
C. teardrop
D. LAND

A

teardrop

199
Q

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

A. to prevent theft of the endpoints

B. because defense-in-depth stops at the network

C. to expose the endpoint to more threats

D. because human error or insider threats will still exist

A

because human error or insider threats will still exist

200
Q

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose two)

A. westbound AP
B. southbound API
C. northbound API
D. eastbound API

A

southbound API

northbound API

201
Q

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?

A. Multiple routers or VRFs are required.
B. Traffic is distributed statically by default.
C. Floating static routes are required.
D. HSRP is used for fallover.

A

Traffic is distributed statically by default.

202
Q

Which algorithm provides asymmetric encryption?

A. RC4
B. AES
C. RSA
D. 3DES

A

RSA

203
Q

What are two functions of secret key cryptography? (Choose two)

A. key selection without integer factorization

B. utilization of different keys for encryption and decryption

C. utilization of large prime number iterations

D. provides the capability to only know the key on one side

E. utilization of less memory

A

utilization of different keys for encryption and decryption

provides the capability to only know the key on one side

204
Q

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

A. SDP
B. LDAP
C. subordinate CA
D. SCP
E. HTTP

A

LDAP

HTTP

205
Q

Which attack type attempts to shut down a machine or network so that users are not able to access it?

A. smurf
B. bluesnarfing
C. MAC spoofing
D. IP spoofing

A

smurf

206
Q

What is a difference between DMVPN and sVTI?

A. DMVPN supports tunnel encryption, whereas sVTI does not.

B. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C. DMVPN supports static tunnel establishment, whereas sVTI does not.

D. DMVPN provides interoperability with other vendors, whereas sVTI does not.

A

DMVPN supports dynamic tunnel establishment

207
Q

What features does Cisco FTDv provide over ASAv?

A. Cisco FTDv runs on VMWare while ASAv does not

B. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C. Cisco FTDv runs on AWS while ASAv does not

D. Cisco FTDv supports URL filtering while ASAv does not

A

Cisco FTDv supports URL filtering while ASAv does not

208
Q

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?

A. when there is a need for traditional anti-malware detection

B. when there is no need to have the solution centrally managed

C. when there is no firewall on the network

D. when there is a need to have more advanced detection capabilities

A

when there is a need to have more advanced detection capabilities

209
Q

Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

A. westbound AP
B. southbound API
C. northbound API
D. eastbound API

A

southbound API

210
Q

An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?

A. weak passwords
B. lack of input validation
C. missing encryption
D. lack of file permission

A

weak passwords

211
Q

What is the purpose of a Netflow version 9 template record?

A. It specifies the data format of NetFlow processes.

B. It provides a standardized set of information about an IP flow.

C. It defines the format of data records.

D. It serves as a unique identification number to distinguish individual data records

A

It defines the format of data records.

212
Q

What is provided by the Secure Hash Algorithm in a VPN?

A. integrity
B. key exchange
C. encryption
D. authentication

A

key exchange

213
Q

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

A. need to be reestablished with stateful failover and preserved with stateless failover

B. preserved with stateful failover and need to be reestablished with stateless failover

C. preserved with both stateful and stateless failover

D. need to be reestablished with both stateful and stateless failover

A

preserved with stateful failover and need to be reestablished with stateless failover

214
Q

Which type of protection encrypts RSA keys when they are exported and imported?

A. file
B. passphrase
C. NGE
D. nonexportable

A

passphrase

215
Q

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

A. The policy was created to send a message to quarantine instead of drop

B. The file has a reputation score that is above the threshold

C. The file has a reputation score that is below the threshold

D. The policy was created to disable file analysis

A

The file has a reputation score that is below the threshold

216
Q

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

A. NetFlow
B. Packet Tracer
C. Network Discovery
D. Access Control

A

Network Discovery

217
Q

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

A. buffer overflow
B. DoS
C. SQL injection
D. phishing

A

phishing

218
Q

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

A. Use outbreak filters from SenderBase
B. Enable a message tracking service
C. Configure a recipient access table
D. Deploy the Cisco ESA in the DMZ
E. Scan quarantined emails using AntiVirus signatures.

A

Use outbreak filters from SenderBase

Scan quarantined emails using AntiVirus signatures.

219
Q

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A. service management
B. centralized management
C. application management
D. distributed management

A

centralized management

220
Q

In an IaaS cloud services model, which security function is the provider responsible for managing?

A. Internet proxy
B. firewalling virtual machines
C. CASB
D. hypervisor OS hardening

A

firewalling virtual machines

221
Q

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

A. Use MAB with profiling
B. Use MAB with posture assessment.
C. Use 802.1X with posture assessment.
D. Use 802.1X with profiling.

A

Use MAB with profiling

Cisco 350-701 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions