my cards 2

Question 1

Cisco Threat Intelligence Director

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
A. Cisco Umbrella
B. External Threat Feeds
C. Cisco Threat Grid
D. Cisco Stealthwatch

Answer 1

B. External Threat Feeds

Question 2

AAA

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
A. aaa server radius dynamic-author
B. auth-type all
C. aaa new-model
D. ip device-tracking

Answer 2

C. aaa new-model

Question 3

Firepower

What is a characteristic of Firepower NGIPS inline deployment mode?
A. ASA with Firepower module cannot be deployed
B. It cannot take actions such as blocking traffic
C. It is out-of-band from traffic
D. It must have inline interface pairs configured

Answer 3

D. It must have inline interface pairs configured

Question 4

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?
A. routed mode
B. multiple zone mode
C. multiple context mode
D. transparent mode

Answer 4

C. multiple context mode

Question 5

What is managed by Cisco Security Manager?
A. Cisco WLC
B. Cisco ESA
C. Cisco WSA
D. Cisco ASA

Answer 5

D. Cisco ASA

Question 6

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?
A. Cisco Firepower
B. Cisco Umbrella
C. Cisco ISE
D. Cisco AMP

Answer 6

D. Cisco AMP

Question 7

An engineer notices traffic interruptions on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?
A. Storm Control
B. embedded event monitoring
C. access control lists
D. Bridge Protocol Data Unit guard

Answer 7

A. Storm Control

Question 8

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?
A. Multiple NetFlow collectors are supported.
B. Advanced NetFlow v9 templates and legacy v5 formatting are supported.
C. Secure NetFlow connectors are optimized for Cisco Prime Infrastructure
D. Flow-create events are delayed.

Answer 8

A. Multiple NetFlow collectors are supported.

Question 9

What is a key difference between Cisco Firepower and Cisco ASA?
A. Cisco Firepower provides identity based access control while Cisco ASA does not.
B. Cisco ASA provides access control while Cisco Firepower does not.
C. Cisco ASA provides SSL inspection while Cisco Firepower does not.
D. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Answer 9

D. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Question 10

DRAG DROP -
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.
Select and Place:

Privilege escalation
user login suspicious behavior
interesting file access
file access from a different user

-

Tetration platform learns the normal behavior of users
Tetration platform is armed to look at sensitive files
Tetration patform watches user access failures and methods
Tetration platform watches for movement in the process lienage tee

Answer 10

Tetration platform learns the normal behavior of users - file access from a different user

Tetration platform is armed to look at sensitive files - interesting file access

Tetration patform watches user access failures and methods - user login suspicious behavior

Tetration platform watches for movement in the process lienage tee - Privilege escalation

Question 11

FMC ASDM

What is a benefit of using Cisco FMC over Cisco ASDM?
A. Cisco FMC uses Java while Cisco ASDM uses HTML5.
B. Cisco FMC provides centralized management while Cisco ASDM does not.
C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices.

Answer 11

B. Cisco FMC provides centralized management while Cisco ASDM does not.

Question 12

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
A. Threat Intelligence Director
B. Encrypted Traffic Analytics.
C. Cognitive Threat Analytics.
D. Cisco Talos Intelligence

Answer 12

A. Threat Intelligence Director.

Question 13

A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)
A. permit
B. allow
C. reset
D. trust
E. monitor

Answer 13

B. allow
D. trust

Question 14

What is a characteristic of a bridge group in a Cisco ASA Firewall running in transparent mode?
A. It has an IP address on its BVI interface and is used for management traffic.
B. It allows ARP traffic with a single access rule.
C. It includes multiple interfaces and access rules between interfaces are customizable.
D. It is a Layer 3 segment and includes one port and customizable access rules.

Answer 14

C. It includes multiple interfaces and access rules between interfaces are customizable.

Question 15

While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)
A. IP addresses
B. URLs
C. port numbers
D. protocol IDs
E. MAC addresses

Answer 15

A. IP addresses
B. URLs

Question 16

What features does Cisco FTDv provide over Cisco ASAv?
A. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not.
B. Cisco FTDv runs on VMware while Cisco ASAv does not.
C. Cisco FTDv runs on AWS while Cisco ASAv does not.
D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

Answer 16

D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

Question 17

A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?
A. need to be reestablished with stateful failover and preserved with stateless failover
B. preserved with both stateful and stateless failover
C. need to be reestablished with both stateful and stateless failover
D. preserved with stateful failover and need to be reestablished with stateless failover

Answer 17

D. preserved with stateful failover and need to be reestablished with stateless failover

Question 18

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
A. authoring
B. consumption
C. sharing
D. analysis

Answer 18

B. consumption

Question 19

An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
A. Set a trusted interface for the DHCP server.
B. Set the DHCP snooping bit to 1.
C. Enable ARP inspection for the required VLAN.
D. Add entries in the DHCP snooping database.

Answer 19

A. Set a trusted interface for the DHCP server.

Question 20

What is a prerequisite when integrating a Cisco ISE server and an AD domain?
A. Configure a common administrator account.
B. Place the Cisco ISE server and the AD server in the same subnet.
C. Synchronize the clocks of the Cisco ISE server and the AD server.
D. Configure a common DNS server.

Answer 20

C. Synchronize the clocks of the Cisco ISE server and the AD server.

Question 21

When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0.
The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
A. The key server that is managing the keys for the connection will be at 1.2.3.4.
B. The address that will be used as the crypto validation authority.
C. All IP addresses other than 1.2.3.4 will be allowed.
D. The remote connection will only be allowed from 1.2.3.4.

Answer 21

D. The remote connection will only be allowed from 1.2.3.4.

Question 22

A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?
A. define the encryption algorithm to be used by SNMPv3
B. set the password to be used for SNMPv3 authentication
C. map SNMPv3 users to SNMP views
D. specify the UDP port used by SNMP

Answer 22

C. map SNMPv3 users to SNMP views

Question 23

DRAG DROP -
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
Select and Place:

Version 1
Version 5
Version 8
Version 9

introduced extensibility
appropiate only for legacy systems
introduced support for aggregation caches
appropiate only for the main cache

Answer 23

appropiate only for legacy systems - version 1
appropiate only for the main cache - version 5
introduced extensibility - version 8
introduced support for aggregation caches - version 9

Question 24

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco
Firepower. Which feature should be used to accomplish this?
A. Network Discovery
B. Access Control
C. Packet Tracer
D. NetFlow

Answer 24

A. Network Discovery

Question 24

Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?

Anyconnect connection profile screenshot

A. Method
B. SAML Server
C. AAA Server Group
D. Group Policy

Answer 24

A. Method

Question 25

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392481137. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however is unable to do so. Which command is required to enable the client to accept the server’s authentication key?
A. ntp server 1.1.1.2 key 1
B. ntp peer 1.1.1.2 key 1
C. ntp server 1.1.1.1 key 1
D. ntp peer 1.1.1.1 key 1

Answer 25

C. ntp server 1.1.1.1 key 1

Question 26

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.)
A. Enable the snmp-server enable traps command and wait 300 seconds.
B. Use EEM to have the ports return to service automatically in less than 300 seconds
C. Ensure that interfaces are configured with the error-disable detection and recovery feature.
D. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval.
E. Enter the shutdown and no shutdown commands on the interfaces.

Answer 26

C. Ensure that interfaces are configured with the error-disable detection and recovery feature.

E. Enter the shutdown and no shutdown commands on the interfaces.

Question 27

Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD uses a registration key of Cisc392481137 and is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

Screenshot firepower add device
host 1.1.2
display name ftd123
registration key
group FTD_Group
access contro policy FTD Policy

A. configure manager add <FMC> <registration> 16
B. configure manager add DONTRESOLVE <registration> FTD123
C. configure manager add <FMC> <registration>
D. configure manager add DONTRESOLVE <registration></registration></registration></FMC></registration></registration></FMC>

Answer 27

C. configure manager add <FMC> <registration></registration></FMC>

Question 28

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower.
What must be configured to accomplish this?
A. a Network Analysis policy to receive NetFlow data from the host
B. a File Analysis policy to send file data into Cisco Firepower
C. a Network Discovery policy to receive data from the host
D. a Threat Intelligence policy to download the data from the host

Answer 28

C. a Network Discovery policy to receive data from the host

Question 29

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?
A. file access from a different user
B. user login suspicious behavior
C. privilege escalation
D. interesting file access

Answer 29

A. file access from a different user

Question 30

Which attribute has the ability to change during the RADIUS CoA?
A. authorization
B. NTP
C. accessibility
D. membership

Answer 30

A. authorization

Question 31

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue?
A. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.
B. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE.
C. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect.
D. Configure the device sensor feature within the switch to send the appropriate protocol information.

Answer 31

D. Configure the device sensor feature within the switch to send the appropriate protocol information.

Question 32

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASA that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?
A. Cisco FMC
B. CDO
C. CSM
D. Cisco FDM

Answer 32

B. CDO

Question 33

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?
A. Telemetry uses push and pull, which makes it more secure than SNMP.
B. Telemetry uses push and pull, which makes it more scalable than SNMP.
C. Telemetry uses a push method, which makes it faster than SNMP.
D. Telemetry uses a pull method, which makes it more reliable than SNMP.

Answer 33

C. Telemetry uses a push method, which makes it faster than SNMP.

Question 34

Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue?
~~~
ntp authentication-key 10 md5 cisco123
ntp trusted-key 10
~~~

A. The hashing algorithm that was used was MD5, which is unsupported.
B. The key was configured in plain text.
C. NTP authentication is not enabled.
D. The router was not rebooted after the NTP configuration updated

Answer 34

C. NTP authentication is not enabled.

Question 35

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?
A. Enable traffic analysis in the Cisco FTD.
B. Implement pre-filter policies for the CIP preprocessor.
C. Configure intrusion rules for the DNP3 preprocessor.
D. Modify the access control policy to trust the industrial traffic.

Answer 35

C. Configure intrusion rules for the DNP3 preprocessor.

Question 36

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?
A. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices.
B. Set the sftunnel port to 8305.
C. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.
D. Set the sftunnel to go through the Cisco FTD.

Answer 36

C. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.

Question 37

VPN ikev1

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

A. crypto isakmp identity address 172.19.20.24
B. crypto ca identity 172.19.20.24
C. crypto enrollment peer address 172.19.20.24
D. crypto isakmp key Cisco0123456789 172.19.20.24

Answer 37

D. crypto isakmp key Cisco0123456789 172.19.20.24

Question 38

VPN ikev2

A Cisco FTD engineer is creating a newIKEv2 policy called s2s00123456789 for their organization to allow additional protocols to terminate network devices with.
They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?
A. Change the encryption to AES* to support all AES algorithms in the primary policy.
B. Make the priority for the primary policy 10 and the new policy 1.
C. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy.
D. Make the priority for the new policy 5 and the primary policy 1.

Answer 38

D. Make the priority for the new policy 5 and the primary policy 1.

Question 39

What is a functional difference between a Cisco ASA and Cisco IOS router with Zone-Based Policy Firewall?
A. The Cisco ASA can be configured for high availability, whereas the Cisco IOS router with Zone-Based Policy Firewall cannot.
B. The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot.
C. The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.
D. The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas Cisco ASA starts out by allowing traffic until rules are added.

Answer 39

C. The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.

Question 40

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealthwatch406143794 command. Which additional command is required to complete the flow record?
A. cache timeout active 60
B. destination 1.1.1.1
C. match ipv4 ttl
D. transport udp 2055

Answer 40

C. match ipv4 ttl

Question 41

DUO

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.
B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE.
C. Modify the current policy with the condition MFA: SourceSequence:DUO=true in the authorization conditions within Cisco ISE.
D. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

Answer 41

B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE.

Question 42

What is the function of the crypto isakmp key cisc406143794 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?
A. It prevents all IP addresses from connecting to the VPN server.
B. It configures the pre-shared authentication key.
C. It configures the local address for the VPN server.
D. It defines what data is going to be encrypted via the VPN.

Answer 42

B. It configures the pre-shared authentication key.

Question 43

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?
A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.
B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface.
C. RADIUS requests are generated only by a router if a RADIUS source interface is defined.
D. Encrypted RADIUS authentication requires the RADIUS source interface be defined.

Answer 43

A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.

Question 44

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
B. A sysopt command can be used to enable NSEL on a specific interface.
C. NSEL can be used without a collector configured.
D. A flow-export event type must be defined under a policy.

Answer 44

D. A flow-export event type must be defined under a policy.

Question 45

Firepower NGIPS

Which feature requires a network discovery policy on the Cisco Firepower NGIPS?
A. security intelligence
B. impact flags
C. health monitoring
D. URL filtering

Answer 45

B. impact flags

Question 46

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?
A. correlation
B. intrusion
C. access control
D. network discovery

Answer 46

D. network discovery

Question 47

What is a characteristic of traffic storm control behavior?
A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
B. Traffic storm control cannot determine if the packet is unicast or broadcast.
C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Answer 47

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Question 48

DRAG DROP -
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
Select and Place:

Portscan detection
Port sweep
decoy portscan
distributed protscan

many-to-one Portscan in witch mutiple host query a single host for open ports
one-to-one portscan, attacker mixes spoofed source ip address with the actual scanning ip address
one-to-many port sweep, and attacker against one or a few host to scan a single port or multiple target hosts
one-to-one portscan, an attacker against one or a few host to scan one or multiple hosts

Answer 48

many-to-one Portscan in witch mutiple host query a single host for open ports - distributed protscan

one-to-one portscan, attacker mixes spoofed source ip address with the actual scanning ip address - decoy portscan

one-to-many port sweep, and attacker against one or a few host to scan a single port or multiple target hosts - Port sweep

one-to-one portscan, an attacker against one or a few host to scan one or multiple hosts - Portscan detection

Question 49

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?

aaa new-model
radius-server host 10.0.0.12 key secret12

A. The authentication request contains only a password
B. The authentication request contains only a username
C. The authentication and authorization requests are grouped in a single packet.
D. There are separate authentication and authorization request packets.

Answer 49

C. The authentication and authorization requests are grouped in a single packet.

Question 50

Which deployment model is the most secure when considering risks to cloud adoption?
A. public cloud
B. hybrid cloud
C. community cloud
D. private cloud

Answer 50

D. private cloud

Question 51

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
A. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.
B. It discovers and controls cloud apps that are connected to a company’s corporate environment.
C. It deletes any application that does not belong in the network.
D. It sends the application information to an administrator to act on.

Answer 51

B. It discovers and controls cloud apps that are connected to a company’s corporate environment.

Question 52

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
A. DNS tunneling
B. DNSCrypt
C. DNS security
D. DNSSEC

Answer 52

A. DNS tunneling

Question 53

Which technology reduces data loss by identifying sensitive information stored in public computing environments?
A. Cisco SDA
B. Cisco Firepower
C. Cisco HyperFlex
D. Cisco Cloudlock

Answer 53

D. Cisco Cloudlock

Question 54

In which cloud services model is the tenant responsible for virtual machine OS patching?
A. IaaS
B. UCaaS
C. PaaS
D. SaaS

Answer 54

A. IaaS

Question 55

What is the function of Cisco Cloudlock for data security?
A. data loss prevention
B. controls malicious cloud apps
C. detects anomalies
D. user and entity behavior analytics

Answer 55

A. data loss prevention

Question 56

Which feature is supported when deploying Cisco ASAv within AWS public cloud?
A. multiple context mode
B. user deployment of Layer 3 networks
C. IPv6
D. clustering

Answer 56

B. user deployment of Layer 3 networks

Question 57

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?
A. PaaS
B. XaaS
C. IaaS
D. SaaS

Answer 57

A. PaaS

Question 58

Which risk is created when using an Internet browser to access cloud-based service?
A. misconfiguration of Infra, which allows unauthorized access
B. intermittent connection to the cloud connectors
C. vulnerabilities within protocol
D. insecure implementation of API

Answer 58

D. insecure implementation of API

Question 59

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?
A. Cisco AppDynamics
B. Cisco Cloudlock
C. Cisco Umbrella
D. Cisco AMP

Answer 59

B. Cisco Cloudlock

Question 60

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

A. middleware
B. applications
C. virtualization
D. operating systems
E. data

Answer 60

B. applications
E. data

Question 61

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A. Google Cloud Platform
B. Red Hat Enterprise Virtualization
C. Amazon Web Services
D. VMware ESXi

Answer 61

C. Amazon Web Services

Question 62

What is an attribute of the DevSecOps process?

A. security scanning and theoretical vulnerabilities
B. development security
C. isolated security team
D. mandated security controls and check lists

Answer 62

B. development security

Question 63

On which part of the IT environment does DevSecOps focus?

A. application development
B. wireless network
C. data center
D. perimeter network

Answer 63

A. application development

Question 64

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

A. hypervisor
B. virtual machine
C. network
D. application

Answer 64

D. application

Question 65

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
B. Cisco FTDv with one management interface and two traffic interfaces configured
C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
D. Cisco FTDv with two management interfaces and one traffic interface configured
E. Cisco FTDv configured in routed mode and IPv6 configured

Answer 65

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Question 66

DRAG DROP -
Drag and drop the steps from the left into the correct order on the right to enable Cisco AppDynamics to monitor an EC2 instance in AWS.
Select and Place:

Install monitoring extension for AWS EC2
Restart the Machine Agent
Update config yaml
Configure a Machine Agent or SIM Agent

Answer 66

Configure a Machine Agent or SIM Agent
Install monitoring extension for AWS EC2
Update config yaml
Restart the Machine Agent

Question 67

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

A. Enable IP Layer enforcement.
B. Activate the Cisco AMP license.
C. Activate SSL decryption.
D. Enable Intelligent Proxy.

Answer 67

D. Enable Intelligent Proxy.

Question 68

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?

A. Cisco ISE
B. Web Security Appliance
C. Security Manager
D. Cloudlock

Answer 68

D. Cloudlock

The trick is not on premise

Question 69

What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

A. Service Provider managed
B. User managed
C. Public managed
D. Hybrid managed
E. Enterprise managed

Answer 69

A. Service Provider managed
E. Enterprise managed

Question 70

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?

A. CASB
B. Cisco Cloudlock
C. Adaptive MFA
D. SIEM

Answer 70

B. Cisco Cloudlock

Question 71

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal?

A. Cisco Defense Orchestrator
B. Cisco Configuration Professional
C. Cisco Secureworks
D. Cisco DNA Center

Answer 71

A. Cisco Defense Orchestrator

Question 72

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

A. With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it.

B. With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C. With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

Answer 72

D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

Question 73

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements?

A. Cisco NGFW
B. Cisco Cloudlock
C. Cisco Cloud Email Security
D. Cisco Umbrella

Answer 73

B. Cisco Cloudlock

Question 74

In an IaaS cloud services model, which security function is the provider responsible for managing?

A. firewalling virtual machines
B. Internet proxy
C. hypervisor OS hardening
D. CASB

Answer 74

A. firewalling virtual machines

Question 75

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based on operate as a cloud-native CASB. Which solution must be used for this implementation?

A. Cisco Cloud Email Security
B. Cisco Cloudlock
C. Cisco Umbrella
D. Cisco Firepower Nest-Generation Firewall

Answer 75

B. Cisco Cloudlock

Question 76

DRAG DROP -
Drag and drop the cloud security assessment components from the left onto the definitions on the right.
Select and Place:

-user entity behavior assesment
-cloud data protection assessment
-cloud security strategy workshop
-cloud security architecture assessment

develop a cloud security strategy and roadmap aligned to business priorities

identify strengths and areas for improvement in the current security architecture during onboarding

understand the security posture of the data or activity taking place in public cloud deployments

detect potential anomalies in user behavior that suggest malicious behavior in a software-as-a-service application

Answer 76

develop a cloud security strategy and roadmap aligned to business priorities - cloud security strategy workshop

identify strengths and areas for improvement in the current security architecture during onboarding - cloud security architecture assessment

understand the security posture of the data or activity taking place in public cloud deployments - cloud data protection assessment

detect potential anomalies in user behavior that suggest malicious behavior in a software-as-a-service application - user entity behavior assesment

Question 77

An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

A. virtual routing and forwarding
B. access control policy
C. virtual LAN
D. microsegmentation

Answer 77

B. access control policy

Question 78

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

A. community
B. private
C. public
D. hybrid

Answer 78

A. community

Question 79

How does Cisco Workload Optimization Manager help mitigate application performance issues?

A. It automates resource resizing.
B. It sets up a workload forensic score.
C. It optimizes a flow path.
D. It deploys an AWS Lambda system.

Answer 79

A. It automates resource resizing.

Question 80

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

A. CI/CD pipeline
B. container
C. orchestration
D. security

Answer 80

A. CI/CD pipeline

Question 81

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

A. SDLC
B. Lambda
C. Contiv
D. Docker

Answer 81

C. Contiv

Question 82

An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?

A. Infrastructure as a Service because the customer manages the operating system.
B. Platform as a Service because the service provider manages the operating system.
C. Infrastructure as a Service because the service provider manages the operating system.
D. Platform as a Service because the customer manages the operating system.

Answer 82

B. Platform as a Service because the service provider manages the operating system.

Question 83

How does a cloud access security broker function?

A. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution.
B. It scans other cloud solutions being used within the network and identifies vulnerabilities.
C. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.
D. It acts as a security information and event management solution and receives syslog from other cloud solutions.

Answer 83

C. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.

Question 84

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two.)

A. Send syslog from AWS to Cisco Stealthwatch Cloud.
B. Configure Cisco Stealthwatch Cloud to ingest AWS information.
C. Send VPC Flow Logs to Cisco Stealthwatch Cloud.
D. Configure Cisco Thousand Eyes to ingest AWS information.
E. Configure Cisco ACI to ingest AWS information.

Answer 84

A. Send syslog from AWS to Cisco Stealthwatch Cloud.
C. Send VPC Flow Logs to Cisco Stealthwatch Cloud.

Question 85

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?

A. NetFlow collectors
B. Cisco Cloudlock
C. Cisco Stealthwatch Cloud
D. Cisco Umbrella

Answer 85

C. Cisco Stealthwatch Cloud

Question 86

Umbrella

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A. application settings
B. content categories
C. security settings
D. destination lists

Answer 86

D. destination lists

Question 87

Umbrella

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network.
Which action tests the routing?

A. Ensure that the client computers are pointing to the on-premises DNS servers.
B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
C. Add the public IP address that the client computers are behind to a Core Identity.
D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Answer 87

D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Question 88

Umbrella

How does Cisco Umbrella archive logs to an enterprise-owned storage?

A. by using the Application Programming Interface to fetch the logs
B. by sending logs via syslog to an on-premises or cloud-based syslog server
C. by the system administrator downloading the logs from the Cisco Umbrella web portal
D. by being configured to send logs to a self-managed AWS S3 bucket

Answer 88

D. by being configured to send logs to a self-managed AWS S3 bucket

Question 89

Which API is used for Content Security?
A. NX-OS API
B. IOS XR API
C. OpenVuln API
D. AsyncOS API

Answer 89

D. AsyncOS API

Question 90

talos

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
A. IP Block List Center
B. File Reputation Center
C. AMP Reputation Center
D. IP and Domain Reputation Center

Answer 90

D. IP and Domain Reputation Center

Question 91

ESA

What is the primary role of the Cisco Email Security Appliance?

A. Mail Submission Agent
B. Mail Transfer Agent
C. Mail Delivery Agent
D. Mail User Agent

Answer 91

B. Mail Transfer Agent

Question 92

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.)

A. DDoS
B. antispam
C. antivirus
D. encryption
E. DLP

Answer 92

D. encryption
E. DLP

Question 93

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?

A. Configure the Cisco ESA to reset the TCP connection.
B. Configure policies to stop and reject communication.
C. Configure the Cisco ESA to drop the malicious emails.
D. Configure policies to quarantine malicious emails.

Answer 93

A. Configure the Cisco ESA to reset the TCP connection.

Question 94

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

S*    0.0.0.0 0.0.0.0 [1/0] via 1.1.1.1, outside
C     172.16.10.10 is directly connected, outside
S     192168100 [255/255] via 192168100, inside
C     17216 is directly connected, inside
S     10-10-10-10 [110/2] via direct connect, dmz

access-list redirect-acl permit ip 192.168.10002552550 any
access-list redirect-acl permit ip 172.16.0.0. 255.255.0.0 any

class-map redirect-class
 match access-list redirect-acl

policy-map redirect-policy
 class redirect-class
   set connection advanced-options tcp-state-bypass

service-policy inside-policy global

sfr fail-open

Refer to the exhibit. What is a result of the configuration?

A. Traffic from the DMZ network is redirected.
B. Traffic from the inside network is redirected.
C. All TCP traffic is redirected.
D. Traffic from the inside and DMZ networks is redirected.

Answer 94

D. Traffic from the inside and DMZ networks is redirected.

Question 95

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?

A. Configure the Cisco WSA to modify policies based on the traffic seen.
B. Configure the Cisco ESA to modify policies based on the traffic seen.
C. Configure the Cisco WSA to receive real-time updates from Cisco Talos.
D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.

Answer 95

D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.

Question 96

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)

A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
B. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
C. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
E. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.

Answer 96

A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

Question 97

Which technology is used to improve web traffic performance by proxy caching?

A. WSA
B. Firepower
C. FireSIGHT
D. ASA

Answer 97

A. WSA

Question 98

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

A. transparent
B. redirection
C. forward
D. proxy gateway

Answer 98

A. transparent

Question 99

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A. It decrypts HTTPS application traffic for unauthenticated users.
B. It alerts users when the WSA decrypts their traffic.
C. It decrypts HTTPS application traffic for authenticated users.
D. It provides enhanced HTTPS application detection for AsyncOS.

Answer 99

D. It provides enhanced HTTPS application detection for AsyncOS.