Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

my cards > my cards > Flashcards

my cards Flashcards

1
Q

Topic 1

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN controller and the network elements
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the cloud

A

A. SDN controller and the network elements

southbound APIs are used to communicate between the SDN controller and t

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Topic 1

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)

A. put
B. options
C. get
D. push
E. connect

A

A. put
C. get

GET – Retrieves data from the specified o

Available request methods are:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Topic 1

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the management solution

A

D. SDN controller and the management solution

Northbound APIs (SDN northbound APIs) are typically RESTful APIs that ar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Topic 1

What is a feature of the open platform capabilities of Cisco DNA Center?

A. application adapters
B. domain integration
C. intent-based APIs
D. automation adapters

A

C. intent-based APIs

Intent APIs: The Intent APIs are northbound REST APIs that expose specif

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?

import requests
client_id = 'a1b2c3d4e5'
api_key = 'a1b2c3d4-e5f6-g7h8'
url = 'https://api.amp.cisco.com/v1/computers'
response = requests.get(url, auth=(client_id, api_key))
response_json = response.json()
for computer in response_json['data']: network_addresses = computer['network_addresses'] for network_interface in network_addresses: mac = network_interface.get('mac')
ip network_interface.get('ip')
ipv6 network_interface.get('ipv6') print(mac, ip, ipv6)

A. create an SNMP pull mechanism for managing AMP
B. gather network telemetry information from AMP for endpoints
C. get the process and PID information from the computers in the network
D. gather the network interface information about the computers AMP sees

A

D. gather the network interface information about the computers AMP sees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Topic 1

Which form of attack is launched using botnets?

A. TCP flood
B. DDOS
C. DOS
D. virus

A

B. DDOS

A botnet is a collection of compromised machines that the attacker can m

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Topic 1

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. smurf
B. distributed denial of service
C. cross-site scripting
D. rootkit exploit

A

C. cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. user input validation in a web page or web application
B. Linux and Windows operating systems
C. database
D. web page images

A

A. user input validation in a web page or web application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference between deceptive phishing and spear phishing?

A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
B. A spear phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

A

B. A spear phishing campaign is aimed at a specific person versus a group of people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

A. The attack is fragmented into groups of 16 octets before transmission.
B. The attack is fragmented into groups of 8 octets before transmission.
C. Short synchronized bursts of traffic are used to disrupt TCP connections.
D. Malformed packets are used to crash systems.
E. Publicly accessible DNS servers are typically used to execute the attack.

A

B. The attack is fragmented into groups of 8 octets before transmission.
D. Malformed packets are used to crash systems.

A Ping of death attack is a type of denial-of-service attack that sends

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which two mechanisms are used to control phishing attacks? (Choose two.)

A. Enable browser alerts for fraudulent websites.
B. Define security group memberships.
C. Revoke expired CRL of the websites.
D. Use antispyware software.
E. Implement email filtering techniques.

A

A. Enable browser alerts for fraudulent websites
E. Implement email filtering techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which attack is commonly associated with C and C++ programming languages?

A. cross-site scripting
B. water holing
C. DDoS
D. buffer overflow

A

D. buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)

A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
C. Secure the connection between the web and the app tier.
D. Write SQL code instead of using object-relational mapping libraries.
E. Block SQL code execution in the web application database login.

A

A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.

https://tools.cisco.com/security/center/resources/sql_injection.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)

A. phishing
B. brute force
C. man-in-the-middle
D. DDOS
E. tear drop

A

A. phishing Most
B. brute force Most

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are two rootkit types? (Choose two.)

A. registry
B. buffer mode
C. user mode
D. bootloader
E. virtual

A

C. user mode
D. bootloader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How is DNS tunneling used to exfiltrate data out of a corporate network?

A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers
B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data
C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network
D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

A

B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data Most Voted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which type of attack is social engineering?

A. trojan
B. MITM
C. phishing
D. malware

A

C. phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are two DDoS attack categories? (Choose two.)

A. protocol
B. source-based
C. database
D. sequential
E. volume-based

A

A. protocol
E. volume-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A. man-in-the-middle
B. LDAP injection
C. insecure API
D. cross-site scripting

A

A. man-in-the-middle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How does Cisco Advanced Phishing Protection protect users?

A. It utilizes sensors that send messages securely.
B. It uses machine learning and real-time behavior analytics.
C. It validates the sender by using DKIM.
D. It determines which identities are perceived by the sender.

A

B. It uses machine learning and real-time behavior analytics. Most Voted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How does DNS Tunneling exfiltrate data?

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
B. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.
C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
D. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.

A

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

A. unencrypted links for traffic
B. weak passwords for authentication
C. improper file security
D. software bugs on applications

A

A. unencrypted links for traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

A. SYN flood
B. slowloris
C. phishing
D. pharming

A

A. SYN flood Most Voted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which two preventive measures are used to control cross-site scripting? (Choose two.)

A. Enable client-side scripts on a per-domain basis.
B. Incorporate contextual output encoding/escaping.
C. Disable cookie inspection in the HTML inspection engine.
D. Run untrusted HTML input through an HTML sanitization engine.
E. SameSite cookie attribute should not be used.

A

B. Incorporate contextual output encoding/escaping.
D. Run untrusted HTML input through an HTML sanitization engine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death
B. HTTP flood
C. NTP amplification
D. virus

A

D. virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which two capabilities does TAXII support? (Choose two.)

A. exchange
B. pull messaging
C. binding
D. correlation
E. mitigating

A

A. exchange.
B. pull messaging.

TAXII is an exchange utility using Pull Messaging, Push Messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

A

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which algorithm provides encryption and authentication for data plane communication?

A. AES-GCM
B. SHA-96
C. AES-256
D. SHA-384

A

A. AES-GCM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

DRAG DROP -
Drag and drop the capabilities from the left onto the correct technologies on the right.
Select and Place:

  1. detection, blocking, tracking, analysis, and remediation to protect against targeted persistent malware attacks
  2. superior threat prevention and mitigation for known and unknown threats
  3. application-layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs
  4. combined integrated solution of strong defense and web protection, visibility, and controlling

solutions:
1. Next Generation Intrusion Prevention System
2. Advanced Malware Protection
3 application control and URL filtering
4. Cisco Web Security Appliance

A
  1. Next Generation Intrusion Prevention System - 2. superior threat prevention and mitigation for known and unknown threats
  2. Advanced Malware Protection - 1. detection, blocking, tracking, analysis, and remediation to protect against targeted persistent malware attacks

3 application control and URL filtering - 3. application-layer control and ability to enforce usage and tailor detection policies based on custom applications and URL

  1. Cisco Web Security Appliance - 4. combined integrated solution of strong defense and web protection, visibility, and controlling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Encryption

Which two key and block sizes are valid for AES? (Choose two.)

A. 64-bit block size, 112-bit key length
B. 64-bit block size, 168-bit key length
C. 128-bit block size, 192-bit key length
D. 128-bit block size, 256-bit key length
E. 192-bit block size, 256-bit key length

A

C. 128-bit block size, 192-bit key length
D. 128-bit block size, 256-bit key length

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Encryption

Which two descriptions of AES encryption are true? (Choose two.)

A. AES is less secure than 3DES.
B. AES is more secure than 3DES.
C. AES can use a 168-bit key for encryption.
D. AES can use a 256-bit key for encryption.
E. AES encrypts and decrypts a key three times in sequence.

A

B. AES is more secure than 3DES.
D. AES can use a 256-bit key for encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

TAXII

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. STIX
B. XMPP
C. pxGrid
D. SMTP

A

A. STIX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

VPN

DRAG DROP -
Drag and drop the descriptions from the left onto the correct protocol versions on the right. (ikev1, ikev2
Select and Place:

standard includes NAT-T
uses six packets in main mode to establish phase 1
users four packets to establish phase 1 and phase 2
users three packets in aggressive mode to estabilsh phase 1
uses EAP for authenticate remote access clients

A

IKEv1:
uses six packets in main mode to establish phase 1
users three packets in aggressive mode to estabilsh phase 1

IKEv2:
standard includes NAT-T
users four packets to establish phase 1 and phase 2
uses EAP for authenticate remote access clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

VPN

Which VPN technology can support a multivendor environment and secure traffic between sites?

A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN

A

C. FlexVPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

VPN

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A. DMVPN
B. FlexVPN
C. IPsec DVTI
D. GET VPN

A

D. GET VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

VPN

What is a commonality between DMVPN and FlexVPN technologies?

A. FlexVPN and DMVPN use the new key management protocol, IKEv2
B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
C. IOS routers run the same NHRP code for DMVPN and FlexVPN
D. FlexVPN and DMVPN use the same hashing algorithms

A

C. IOS routers run the same NHRP code for DMVPN and FlexVPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A. DTLSv1
B. TLSv1
C. TLSv1.1
D. TLSv1.2

A

A. DTLSv1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

A. Talos
B. PSIRT
C. SCIRT
D. DEVNET

A

A. Talos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

VULNERABILITIES

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

A. Common Vulnerabilities, Exploits and Threats
B. Common Vulnerabilities and Exposures
C. Common Exploits and Vulnerabilities
D. Common Security Exploits

A

B. Common Vulnerabilities and Exposures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

DNAC

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)

A. accounting
B. assurance
C. automation
D. authentication
E. encryption

A

B. assurance
C. automation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

DNAC

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

A. ASDM
B. NetFlow
C. API
D. desktop client

A

C. API

42
Q

vpn

What is a function of 3DES in reference to cryptography?

A. It encrypts traffic.
B. It creates one-time use passwords.
C. It hashes files.
D. It generates private keys.

A

A. It encrypts traffic.

43
Q

Which two activities can be done using Cisco DNA Center? (Choose two.)

A. DHCP
B. design
C. accounting
D. DNS
E. provision

A

B. design
E. provision

44
Q

PKI

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A. terminal
B. selfsigned
C. url
D. profile

A

D. profile

45
Q

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A. southbound API
B. westbound API
C. eastbound API
D. northbound API

A

D. northbound API

46
Q

SQL

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

A. sniffing the packets between the two hosts
B. sending continuous pings
C. overflowing the buffer’s memory
D. inserting malicious commands into the database

A

D. inserting malicious commands into the database

47
Q

SDN

What is the function of SDN southbound API protocols?

A. to allow for the static configuration of control plane applications
B. to enable the controller to use REST
C. to enable the controller to make changes
D. to allow for the dynamic configuration of control plane applications

A

C. to enable the controller to make changes

48
Q

SECURITY

DRAG DROP -
Drag and drop the threats from the left onto examples of that threat on the right.
Select and Place:
1. DoS/DDoS
2. insucure APIs
3. data breach
4. compromised credentials

Match:
1. A stolen customer database that contained socal security numbers and was published online
2. A phising site appearing to be a legitimate login page captures user login information
3. An application attack using botnets from multiple remote locations that flood a web application causnig a degraded performance or a complete outage
4. A malicious user gained access to an organization database from a cloud-based application programming interface that lacked strong authentication controls

A
  1. A stolen customer database that contained socal security numbers and was published online - data breach
  2. A phising site appearing to be a legitimate login page captures user login information - compromised credentials
  3. An application attack using botnets from multiple remote locations that flood a web application causnig a degraded performance or a complete outage - DoS/DDoS
  4. A malicious user gained access to an organization database from a cloud-based application programming interface that lacked strong authentication controls - insecure APIs
49
Q

SQL

What is the difference between Cross-site Scripting and SQL Injection attacks?

A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
B. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.
C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

A

B. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

50
Q

SECURITY

DRAG DROP -
Drag and drop the common security threats from the left onto the definitions on the right.
Select and Place:

Match
1. phitshing
2. botnet
3. spam
4. worm

With
1. a software program that copies itself from one computer to another, without human interaction
2. unwanted messages in an email inbox
3. group of computers connected to the internet that have been compromised by a hacker using a virus or Trojan horse
4. fraudulent attempts by cyber criminals to obtain private information

A
  1. a software program that copies itself from one computer to another, without human interaction - worm
  2. unwanted messages in an email inbox - spam
  3. group of computers connected to the internet that have been compromised by a hacker using a virus or Trojan horse - botnet
  4. fraudulent attempts by cyber criminals to obtain private information - phising
51
Q

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A. distributed management
B. service management
C. application management
D. centralized management
A

D. centralized management

52
Q

Refer to the exhibit. What will happen when this Python script is run?

import requests
url=https://api.amp.cisco.com/v1/computers
headers = {
}
'accept': 'application/json',
'Content-type': 'application/json',
'authorization': "Basic <API Credentials", 'cache-control': "no-cache",
response = requests.request("GET", url, headers-headers) print (response.text)
A. The list of computers, policies, and connector statuses will be received from Cisco AMP.
B. The list of computers and their current vulnerabilities will be received from Cisco AMP.
C. The compromised computers and malware trajectories will be received from Cisco AMP.
D. The compromised computers and what compromised them will be received from Cisco AMP.
A

A. The list of computers, policies, and connector statuses will be received from Cisco AMP.

53
Q

Refer to the exhibit. What will happen when the Python script is executed?

import requests
clinet_id = '<Client ID>'
api_key = '<API Key>'
-
url = 'https://api.amp.cisco.com/v1/computers'
response = requests.get(url, auth=(client_id, api_key)) response_json = response.json()
for computer in response_json['data']:
hostname = computer['hostname']
print (hostname)
A. The hostname will be printed for the client in the client ID field.
B. The hostname will be translated to an IP address and printed.
C. The script will pull all computer hostnames and print them.
D. The script will translate the IP address to FQDN and print it.
A

C. The script will pull all computer hostnames and print them.

54
Q

With which components does a southbound API within a software-defined network architecture communicate?

A. applications
B. controllers within the network
C. appliances
D. devices such as routers and switches
A

D. devices such as routers and switches

55
Q

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

A. BYOD onboarding
B. MAC authentication bypass
C. client provisioning
D. Simple Certificate Enrollment Protocol
A

D. Simple Certificate Enrollment Protocol

56
Q

What are two characteristics of Cisco DNA Center APIs? (Choose two.)

A. They are Cisco proprietary.
B. They do not support Python scripts.
C. They view the overall health of the network.
D. They quickly provision new devices.
E. Postman is required to utilize Cisco DNA Center API calls.
A

C. They view the overall health of the network.
D. They quickly provision new devices.

57
Q

A company discovered an attack propagating through their network via a file. A custom file detection policy was created in order to track this in the future and ensure no other endpoints execute to infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the policy created is functioning as it should?

A. Create an IP block list for the website from which the file was downloaded.
B. Block the application that the file was using to open.
C. Upload the hash for the file into the policy.
D. Send the file to Cisco Threat Grid for dynamic analysis.
A

C. Upload the hash for the file into the policy.

58
Q

Refer to the exhibit. What does the Python script accomplish?

import http.client import base64 import ssl
import sys
host sys.argv[1] # "10.10.10.240" user sys.argv[2] # "ersad"

password sys.argv[3] # "Password1"
conn =
http.client.HTTPSConnection("{}:9060".format (host),
context=ssl.SSLContext (ssl.PROTOCOL_TLSv1_2))
creds = str.encode(':'.join((user, password))) encodedAuth = bytes.decode (base64.b64encode (creds))
headers = {
}
'accept': "application/json",
'authorization': " ".join(("Basic", encodedAuth)), 'cache-control": "no-cache",
conn.request("GET", "/ers/config/internaluser/", headers-headers)
res = conn.getresponse()
data
res.read()
print ("Status: {}".format(res.status)) print ("Header: \n{}".format(res.header))
print ("Body: \n{}".format(data.decode("utf-8")))
A. It authenticates to a Cisco ISE server using the username or ersad.
B. It lists the LDAP users from the external identity store configured on Cisco ISE.
C. It authenticates to a Cisco ISE with an SSH connection.
D. It allows authentication with TLSv1 SSL protocol.
A

A. It authenticates to a Cisco ISE server using the username or ersad.

59
Q

What is a difference between GETVPN and IPsec?

A. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices.
B. GETVPN is based on IKEv2 and does not support IKEv1.
C. GETVPN provides key management and security association management.
D. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub.
A

D. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

60
Q

Which algorithm provides asymmetric encryption?

A. 3DES
B. RC4
C. AES
D. RSA
A

D. RSA

61
Q

What is a difference between an XSS attack and an SQL injection attack?

A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attack can exist in many different types of applications.
B. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them.
C. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.
D. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.
A

D. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

62
Q

What is a difference between a DoS attack and DDos attack?

A. A DoS attack is where a computer is used to flood a server with TCP packets, whereas DDoS attack is where a computer is used to flood a server with UDP packets.
B. A DoS attack is where a computer is used to flood a server with UDP packets, whereas DDoS attack is where a computer is used to flood a server with TCP packets.
C. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN.
D. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas DDoS attack is where multiple systems target a single system with a DoS attack.
A

D. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas DDoS attack is where multiple systems target a single system with a DoS attack.

63
Q

What are two advantages of using Cisco AnyConnect over DMVPN? (Choose two.)

A. It provides spoke-to-spoke communications without traversing the hub.
B. It enables VPN access for individual users from their machines.
C. It allows multiple sites to connect to the data center.
D. It allows different routing protocols to work over the tunnel.
E. It allows customization of access policies based on user identity.
A

B. It enables VPN access for individual users from their machines.
E. It allows customization of access policies based on user identity.

64
Q

What is the difference between a vulnerability and an exploit?

A. A vulnerability is a weakness that can be exploited by an attacker.
B. A vulnerability is a hypothetical event for an attacker to exploit.
C. An exploit is a hypothetical event that causes a vulnerability in the network.
D. An exploit is a weakness that can cause a vulnerability in the network.
A

A. A vulnerability is a weakness that can be exploited by an attacker.

65
Q

What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?

A. threat intelligence
B. Indicators of Compromise
C. trusted automated exchange
D. The Exploit Database
A

A. threat intelligence

66
Q

Refer to the exhibit. An engineer is implementing a certificate based VPN. What is the result of the existing configuration?

“crypto ikev2 name-mangler MANGLER
dn organization-unit”

A. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully.
B. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.
C. The OU of the IKEv2 peer certificate is set to MANGLER.
D. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.
A

B. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.

67
Q

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?

A. event
B. intent
C. integration
D. multivendor
A

B. intent

68
Q

A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?

A. DMVPN because it uses multiple SAs and FlexVPN does not.
B. DMVPN because it supports IKEv2 and FlexVPN does not.
C. FlexVPN because it supports IKEv2 and DMVPN does not.
D. FlexVPN because it uses multiple SAs and DMVPN does not.
A

D. FlexVPN because it uses multiple SAs and DMVPN does not.

69
Q

Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

method dot1x/mab

A. show authentication registrations
B. show authentication method
C. show dot1x all
D. show authentication sessions
A

D. show authentication sessions

70
Q

Refer to the exhibit. What does the number 15 represent in this configuration?

“snmp-server group SNMP v3 auth access 15”

A. privilege level for an authorized user to this router
B. access list that identifies the SNMP devices that can access the router
C. interval in seconds between SNMPv3 authentication attempts
D. number of possible failed attempts until the SNMPv3 user is locked out
A

B. access list that identifies the SNMP devices that can access the router

71
Q

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
A

C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

72
Q

Which command enables 802.1X globally on a Cisco switch?

A. dot1x system-auth-control
B. dot1x pae authenticator
C. authentication port-control auto
D. aaa new-model
A

A. dot1x system-auth-control

73
Q

What is a characteristic of Dynamic ARP Inspection?

A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.
C. DAI associates a trust state with each switch.
D. DAI intercepts all ARP requests and responses on trusted ports only.
A

A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

74
Q

Which statement about IOS zone-based firewalls is true?

A. An unassigned interface can communicate with assigned interfaces
B. Only one interface can be assigned to a zone.
C. An interface can be assigned to multiple zones.
D. An interface can be assigned only to one zone.
A

D. An interface can be assigned only to one zone.

75
Q

When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

A. authentication server: Cisco Identity Service Engine
B. supplicant: Cisco AnyConnect ISE Posture module
C. authenticator: Cisco Catalyst switch
D. authenticator: Cisco Identity Services Engine
E. authentication server: Cisco Prime Infrastructure
A

A. authentication server: Cisco Identity Service Engine
C. authenticator: Cisco Catalyst switch

76
Q

Which SNMPv3 configuration must be used to support the strongest security possible?

A. asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

B. asa-host(config)#snmp-server group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

C. asa-host(config)#snmp-server group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D. asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

A

D. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

77
Q

Under which two circumstances is a CoA issued? (Choose two.)

A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is deleted on the Identity Service Engine server.
C. A new Identity Source Sequence is created and referenced in the authentication policy.
D. An endpoint is profiled for the first time.
E. A new Identity Service Engine server is added to the deployment with the Administration persona.
A

B. An endpoint is deleted on the Identity Service Engine server.
D. An endpoint is profiled for the first time.

78
Q

Which ASA deployment mode can provide separation of management on a shared appliance?

A. DMZ multiple zone mode
B. transparent firewall mode
C. multiple context mode
D. routed mode
A

C. multiple context mode

79
Q

Refer to the exhibit. Which command was used to display this output?

Sysauthcontrol                 Enabled
Dot1x Protocol Version     2
Dot1x Info for FastEthernet1
-----------------------------------
PAE                       = AUTHENTICATOR
PortControl               = AUTO
ControlDirection          = Both 
HostMode                  = MULTI_HOST
ReAuthentication          = Disabled
QuietPeriod               = 60
ServerTimeout             = 30
SuppTimeout               = 30
ReAuthPeriod              = 3600 (Locally configured)
ReAuthMax                 = 2
MaxReq                    = 2
TxPeriod                  = 30
RateLimitPeriod           = 0
A. show dot1x all
B. show dot1x
C. show dot1x all summary
D. show dot1x interface gi1/0/12
A

A. show dot1x all

80
Q

What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?

A. It tracks flow-create, flow-teardown, and flow-denied events.
B. It provides stateless IP flow tracking that exports all records of a specific flow.
C. It tracks the flow continuously and provides updates every 10 seconds.
D. Its events match all traffic classes in parallel.
A

A. It tracks flow-create, flow-teardown, and flow-denied events.

81
Q

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0383320506 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

A. snmp-server host inside 10.255.254.1 snmpv3 andy
B. snmp-server host inside 10.255.254.1 version 3 myv3
C. snmp-server host inside 10.255.254.1 snmpv3 myv3
D. snmp-server host inside 10.255.254.1 version 3 andy
A

D. snmp-server host inside 10.255.254.1 version 3 andy

82
Q

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?

A. flow exporter <name>
B. ip flow-export destination 1.1.1.1 2055
C. flow-export destination inside 1.1.1.1 2055
D. ip flow monitor <name> input
A

C. flow-export destination inside 1.1.1.1 2055

83
Q

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)

A. Define a NetFlow collector by using the flow-export command
B. Create a class map to match interesting traffic
C. Create an ACL to allow UDP traffic on port 9996
D. Enable NetFlow Version 9
E. Apply NetFlow Exporter to the outside interface in the inbound direction
A

A. Define a NetFlow collector by using the flow-export command
B. Create a class map to match interesting traffic

84
Q

Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?

“privilege interface level 5 shutdown
privilege interface level 5 ip address
privilege interface level 5 ip
privilege interface level 5 bandwidth
privilege configure level 5 interface
privilege exec level 5 show running-config
privilege exec level 5 show”

A. set the IP address of an interface
B. add subinterfaces
C. complete no configurations
D. complete all configurations
A

C. complete no configurations

85
Q

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0383320506 address 0.0.0.0 command on host A. The tunnel is not being established to host B. What action is needed to authenticate the VPN?

A. Change the password on host A to the default password
B. Enter the command with a different password on host B
C. Enter the same command on host B
D. Change isakmp to ikev2 in the command on host A
A

C. Enter the same command on host B

86
Q

How many interfaces per bridge group does an ASA bridge group deployment support?

A. up to 16
B. up to 2
C. up to 4
D. up to 8
A

C. up to 4

87
Q

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the Interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A. DHCP snooping has not been enabled on all VLANs
B. Dynamic ARP inspection has not been enabled on all VLANs
C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users
D. The no ip arp inspection trust command is applied on all user host interfaces
A

A. DHCP snooping has not been enabled on all VLANs

88
Q

What is a difference between FlexVPN and DMVPN?

A. DMVPN uses only IKEv1. FlexVPN uses only IKEv2
B. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2
C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1
D. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2
A

B. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2

89
Q

DRAG DROP -
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
Select and Place:
For “Cisco Firepower or Cisco AMP”

A provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks

B provides superior threat prevention and mitigation for known and unknown threats

C provides outbreak control through custom detections

D provides the root cause of a threat based on the indicators of compromise seen

E provides the ability to perform network discovery

F provides intrusion prevention before malware comprises the host Cisco AMP

A

Cisco Firepower

B provides superior threat prevention and mitigation for known and unknown threats

E provides the ability to perform network discovery

F provides intrusion prevention before malware comprises the host Cisco AMP

Cisco AMP

A provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks

C provides outbreak control through custom detections
provides the root cause of a threat
based on the indicators of compromise seen

D provides the root cause of a threat based on the indicators of compromise seen

90
Q

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?

A. sFlow
B. NetFlow
C. mirror port
D. VPC flow logs
A

D. VPC flow logs

91
Q

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?

A. Generate the RSA key using the crypto key generate rsa command.
B. Configure the port using the ip ssh port 22 command.
C. Enable the SSH server using the ip ssh server command.
D. Disable telnet using the no ip telnet command.
A

A. Generate the RSA key using the crypto key generate rsa command.

92
Q

Refer to the exhibit. Which type of authentication is in use?

info: New SMTP ICID 30 interface Management (192.168.0.100)
address 10.128.128.200 reverse dns host unknown verified no Info: ICID 30 ACCEPT SG SUSPECTLIST match sbrs [none] SBRS None Info: ICID 30 TLS success protocol TLSv1 cipher
DHE-RSA-AES256-SHA
Info: SMTP Auth: (ICID 30) succeeded for user: cisco using
AUTH mechanism: LOGIN with profile: ldap_smtp
Info: MID 80 matched all recipients for per-recipient policy DEFAULT in the outbound table
A. POP3 authentication
B. SMTP relay server authentication
C. external user and relay mail authentication
D. LDAP authentication for Microsoft Outlook
A

D. LDAP authentication for Microsoft Outlook

93
Q

Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?

ip dhcp snooping
ip dhcp snooping vlan 41,44
!
interface
GigabitEthernet1/0/1
description
Uplink_To_Distro_Switch_g1/0/11
switchport trunk native vlan 999
switchport trunk allowed vlan 40,41,44 switchport mode trunk
A. ip dhcp snooping limit 41
B. ip dhcp snooping verify mac-address
C. ip dhcp snooping trust
D. ip dhcp snooping vlan 41
A

C. ip dhcp snooping trust

94
Q

Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

“show crypto ipsec sa
pckst encap encrypt sent 0
pckts decap decrypt received all 17”

A. Site-to-site VPN preshared keys are mismatched.
B. Site-to-site VPN peers are using different encryption algorithms.
C. No split-tunnel policy is defined on the Firepower Threat Defense appliance.
D. The access control policy is not allowing VPN traffic in.
A

D. The access control policy is not allowing VPN traffic in.

95
Q

Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?

MM_KEY_EXCH retransmission

A. interesting traffic was not applied
B. encryption algorithm mismatch
C. authentication key mismatch
D. hashing algorithm mismatch
A

C. authentication key mismatch

96
Q

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A. group policy
B. access control policy
C. device management policy
D. platform settings policy
A

D. platform settings policy

97
Q

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic.
Where must the ASA be added on the Cisco UC Manager platform?

A. Certificate Trust List
B. Endpoint Trust List
C. Enterprise Proxy Service
D. Secured Collaboration Proxy
A

A. Certificate Trust List

98
Q

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

A. SIP
B. inline normalization
C. SSL
D. packet decoder
E. modbus
A

A. SIP
C. SSL

99
Q

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

A. quality of service
B. time synchronization
C. network address translations
D. intrusion policy
A

B. time synchronization

100
Q

Which information is required when adding a device to Firepower Management Center?

A. username and password
B. encryption method
C. device serial number
D. registration key
A

D. registration key

my cards (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions