my cards 4

Question 1

What are two things to consider when using PAC files with the Cisco WSA? (Choose two.)

A. If the WSA host port is changed, the default port redirects web traffic to the correct port automatically.
B. PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.
C. The WSA hosts PAC files on port 9001 by default.
D. The WSA hosts PAC files on port 6001 by default.
E. By default, they direct traffic through a proxy when the PC and the host are on the same subnet.

Answer 1

B. PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.
C. The WSA hosts PAC files on port 9001 by default.

Question 2

Which IETF attribute is supported for the RADIUS CoA feature?

A. 24 State
B. 30 Calling-Station-ID
C. 42 Acct-Session-ID
D. 81 Message-Authenticator

Answer 2

A. 24 State

Question 3

When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?

A. guest
B. limited Internet
C. blocked
D. full Internet

Answer 3

C. blocked

Question 4

What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)

A. Allows developers to create code once and deploy to multiple clouds
B. helps maintain source code for cloud deployments
C. manages Docker containers
D. manages Kubernetes clusters
E. Creates complex tasks for managing code

Answer 4

A. Allows developers to create code once and deploy to multiple clouds
E. Creates complex tasks for managing code

Question 5

Drag and drop the posture assessment flow actions from the left into a sequence on the right.
Select and Place: order

Validate user credentials
check device compliance with security policy
grant appropiate access with compliance device
apply updates or take other neccesary action
permit just enough for the posture assesment

Answer 5

Validate user credentials
permit just enough for the posture assesment
check device compliance with security policy
apply updates or take other neccesary action
grant appropiate access with compliance device

Question 6

Refer to the exhibit.
What does the API key do while working with https://api.amp.cisco.com/v1/computers?

import requests
client_id = 'a1jjgñalsjfñaslkjflñajsñ'
api_key = 'sldfjñasldjkfañlsjdfñaslkjfñlasjfñakdjflñasdjf'

A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication

Answer 6

D. HTTP authentication

Question 7

Which statement describes a serverless application?

A. The application delivery controller in front of the server farm designates on which server the application runs each time.
B. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.
C. The application is installed on network equipment and not on physical servers.
D. The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

Answer 7

B. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

Question 8

What is a description of microsegmentation?

A. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.
B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.
C. Environments deploy centrally managed host-based firewall rules on each server or container.
D. Environments implement private VLAN segmentation to group servers with similar applications.

Answer 8

B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

Question 9

Which Cisco WSA feature supports access control using URL categories?

A. transparent user identification
B. SOCKS proxy services
C. web usage controls
D. user session restrictions

Answer 9

C. web usage controls

Question 10

Which technology limits communication between nodes on the same network segment to individual applications?

A. serverless infrastructure
B. microsegmentation
C. SaaS deployment
D. machine-to-machine firewalling

Answer 10

B. microsegmentation

Question 11

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?

A. Restrict access to only websites with trusted third-party signed certificates.
B. Modify the user’s browser settings to suppress errors from Cisco Umbrella.
C. Upload the organization root CA to Cisco Umbrella.
D. Install the Cisco Umbrella root CA onto the user’s device.

Answer 11

D. Install the Cisco Umbrella root CA onto the user’s device.

Question 12

What is the purpose of joining Cisco WSAs to an appliance group?

A. All WSAs in the group can view file analysis results.
B. The group supports improved redundancy
C. It supports cluster operations to expedite the malware analysis process.
D. It simplifies the task of patching multiple appliances.

Answer 12

B. The group supports improved redundancy

Question 13

Why should organizations migrate to an MFA strategy for authentication?

A. Single methods of authentication can be compromised more easily than MFA.
B. Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.
C. MFA methods of authentication are never compromised.
D. MFA does not require any piece of evidence for an authentication mechanism.

Answer 13

A. Single methods of authentication can be compromised more easily than MFA.

Question 14

Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?

A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication

Answer 14

C. Dynamic ARP Inspection

Question 15

Which type of attack is MFA an effective deterrent for?

A. ping of death
B. phishing
C. teardrop
D. syn flood

Answer 15

B. phishing

Question 16

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

A. Cisco AMP for Endpoints
B. Cisco AnyConnect
C. Cisco Umbrella
D. Cisco Duo

Answer 16

A. Cisco AMP for Endpoints

Question 17

Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two.)

A. Assignments to endpoint groups are made dynamically, based on endpoint attributes.
B. Endpoint supplicant configuration is deployed.
C. A centralized management solution is deployed.
D. Patch management remediation is performed.
E. The latest antivirus updates are applied before access is allowed.

Answer 17

D. Patch management remediation is performed.
E. The latest antivirus updates are applied before access is allowed.

Question 18

What is an advantage of the Cisco Umbrella roaming client?

A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections
C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment

Answer 18

B. visibility into IP-based threats by tunneling suspicious IP connections

Question 19

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect

Answer 19

B. Cisco Stealthwatch

Question 20

Which two Cisco ISE components must be configured for BYOD? (Choose two.)

A. local WebAuth
B. central WebAuth
C. null WebAuth
D. guest
E. dual

Answer 20

B. central WebAuth
D. guest

Question 21

Which system performs compliance checks and remote wiping?

A. MDM
B. ISE
C. AMP
D. OTP

Answer 21

A. MDM

Question 22

An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?

A. single interface
B. multi-context
C. transparent
D. two-interface

Answer 22

D. two-interface

Question 23

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)

A. RADIUS communication must be permitted between the ISE server and the domain controller.
B. The ISE account must be a domain administrator in Active Directory to perform JOIN operations.
C. Active Directory only supports user authentication by using MSCHAPv2.
D. LDAP communication must be permitted between the ISE server and the domain controller.
E. Active Directory supports user and machine authentication by using MSCHAPv2.

Answer 23

D. LDAP communication must be permitted between the ISE server and the domain controller.
E. Active Directory supports user and machine authentication by using MSCHAPv2.

Question 24

Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?

A. inter-EPG isolation
B. inter-VLAN security
C. intra-EPG isolation
D. placement in separate EPGs

Answer 24

C. intra-EPG isolation

Question 25

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)

A. Create an LDAP authentication realm and disable transparent user identification.
B. Create NTLM or Kerberos authentication realm and enable transparent user identification.
C. Deploy a separate Active Directory agent such as Cisco Context Directory Agent.
D. The eDirectory client must be installed on each client workstation.
E. Deploy a separate eDirectory server; the client IP address is recorded in this server.

Answer 25

B. Create NTLM or Kerberos authentication realm and enable transparent user identification.
C. Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

Question 26

Which baseline form of telemetry is recommended for network infrastructure devices?
A. SDNS
B. NetFlow
C. passive taps
D. SNMP

Answer 26

B. NetFlow

Question 27

In which scenario is endpoint-based security the solution?

A. inspecting encrypted traffic
B. device profiling and authorization
C. performing signature-based application control
D. inspecting a password-protected archive

Answer 27

D. inspecting a password-protected archive

Question 28

Refer to the exhibit. What is the result of the Python script?

import requests
from requests.auth import HTTPBasicAuth

def dnac_login(host, username, password):
    url = f"https://{host}/api/system/v1/auth/token"
    response = requests.request("POST",url, auth=HTTPBasicAuth(username, password), verify=False)
    return response.json()["Token"]

A. It uses the POST HTTP method to obtain a username and password to be used for authentication.
B. It uses the POST HTTP method to obtain a token to be used for authentication.
C. It uses the GET HTTP method to obtain a token to be used for authentication.
D. It uses the GET HTTP method to obtain a username and password to be used for authentication

Answer 28

B. It uses the POST HTTP method to obtain a token to be used for authentication.

Question 29

Why is it important to patch endpoints consistently?

A. Patching reduces the attack surface of the infrastructure.
B. Patching helps to mitigate vulnerabilities.
C. Patching is required per the vendor contract.
D. Patching allows for creating a honeypot.

Answer 29

B. Patching helps to mitigate vulnerabilities.

Question 30

Which two parameters are used for device compliance checks? (Choose two.)

A. endpoint protection software version
B. Windows registry values
C. DHCP snooping checks
D. DNS integrity checks
E. device operating system version

Answer 30

B. Windows registry values
E. device operating system version

Question 31

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?

A. Cisco Defense Orchestrator
B. Cisco Configuration Professional
C. Cisco Secureworks
D. Cisco DNAC

Answer 31

A. Cisco Defense Orchestrator

Question 32

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

A. Cisco Endpoint Security Analytics
B. Cisco AMP for Endpoints
C. Endpoint Compliance Scanner
D. Security Posture Assessment Service

Answer 32

D. Security Posture Assessment Service

Question 33

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

A. OpenIOC
B. OpenC2
C. CybOX
D. STIX

Answer 33

A. OpenIOC

Question 34

What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?

A. Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not
B. Cisco AMP for Endpoints automatically researches indicators of compromise and confirms threats and Cisco Umbrella does not
C. Cisco AMP for Endpoints prevents, detects, and responds to attacks before damage can be done, and Cisco Umbrella provides the first line of defense against Internet threats
D. Cisco AMP for Endpoints prevents connections to malicious destinations, and Cisco Umbrella works at the file level to prevent the initial execution of malware

Answer 34

C. Cisco AMP for Endpoints prevents, detects, and responds to attacks before damage can be done, and Cisco Umbrella provides the first line of defense against Internet threats

Question 35

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

A. Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE
B. Southbound APIs utilize CLI, SNMP, and RESTCONF
C. Southbound APIs are used to define how SDN controllers integrate with applications
D. Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices
E. Southbound interfaces utilize device configurations such as VLANs and IP addresses

Answer 35

A. Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE
B. Southbound APIs utilize CLI, SNMP, and RESTCONF

Question 36

Refer to the exhibit. What is the function of the Python script code snippet for the Cisco ASA REST API?

#{code snipped)
api_path="/api/access/global/rules"
url = server + api_path
f = None
post_data = {
"sourceService":{
"kind" serviceKind,
"value" sourceServiceValue
).
"destinationAddress": {
"kind": destinationAddressKind, "value" destinationAddress
).
"remarks" []. "destinationService":{ "kind": serviceKind,
"value" destinationServiceValue
).
"permit": trueORfalse,
"active" "true",
"position": "1", "sourceAddress":{
"kind": sourceAddressKind, "value" sourceAddress
}
req= urllib2 Request(url, json.dumps(post_data), headers)
base64string = base64.encodestring("%s %s' % (username, password)) replace("\n", ") req.add_header("Authorization", "Basic %s" % base6-4string)
try.
1= urllib2 urlopen(req)
status_code = fgetcode()
print "Status code is "+str(status_code)
if status_code == 201:
print "Operation successful"
except urllib2.HTTPError, err
print "Error received from server. HTTP Status code :"+str(err.code)
try.

A. changes the hostname of the Cisco ASA
B. adds a global rule into policies
C. deletes a global rule from policies
D. obtains the saved configuration of the Cisco ASA firewall

Answer 36

B. adds a global rule into policies

Question 37

DRAG DROP -
Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.
Select and Place:

Full Context Awareness
NGIPS
AMP
Collective Security Intelligence

detection, blocking and remediation to protect the enterprise against targeted malware attacks
policy enforcement based on complete visibility of users and communication between virtual machines
real-time threat intelligence and security protection
threat prevention and mitigation for known and unknown threats

Answer 37

AMP - detection, blocking and remediation to protect the enterprise against targeted malware attacks
Full Context Awareness - policy enforcement based on complete visibility of users and communication between virtual machines
Collective Security Intelligence - real-time threat intelligence and security protection
NGIPS - threat prevention and mitigation for known and unknown threats

Question 38

What are two functions of secret key cryptography? (Choose two.)

A. utilization of less memory
B. utilization of large prime number iterations
C. utilization of different keys for encryption and decryption
D. key selection without integer factorization
E. provides the capability to only know the key on one side

Answer 38

A. utilization of less memory
D. key selection without integer factorization

Question 39

Refer to the exhibit. When creating an access rule for URL filtering a network engineer adds certain categories and individual URLs to block. What is the result of the configuration?

https://www.examtopics.com/assets/media/exam-media/04313/0016900001.jpg

A. Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked.
B. Only URLs for botnets with reputation scores of 1-3 will be blocked.
C. Only URLs for botnets with reputation scores of 3-5 will be blocked.
D. Only URLs for botnets with a reputation score of 3 will be blocked.

Answer 39

B. Only URLs for botnets with reputation scores of 1-3 will be blocked.

Question 40

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?

A. Cisco Container Controller
B. Cisco Cloud Platform
C. Cisco Container Platform
D. Cisco Content Platform

Answer 40

C. Cisco Container Platform

Question 41

A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?

A. The hosts must run Cisco AsyncOS 10.0 or greater.
B. The hosts must run different versions of Cisco AsyncOS.
C. The hosts must have access to the same defined network.
D. The hosts must use a different datastore than the virtual appliance.

Answer 41

C. The hosts must have access to the same defined network.

Question 42

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements. What else must be done to accomplish this task?

A. Create a destination list for addresses to be allowed or blocked
B. Use content categories to block or allow specific addresses
C. Add the specified addresses to the identities list and create a block action
D. Modify the application settings to allow only applications to connect to required addresses

Answer 42

A. Create a destination list for addresses to be allowed or blocked

Question 43

What must be enabled to secure SaaS-based applications?

A. two-factor authentication
B. end-to-end encryption
C. application security gateway
D. modular policy framework

Answer 43

A. two-factor authentication

Question 44

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

A. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them
B. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below
C. Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device
D. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories

Answer 44

D. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories

Question 45

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?

A. Place the policy with the most-specific configuration last in the policy order
B. Configure the default policy to redirect the requests to the correct policy
C. Make the correct policy first in the policy order
D. Configure only the policy with the most recently changed timestamp

Answer 45

C. Make the correct policy first in the policy order

Question 46

a Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?

A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
B. Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.
C. Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
D. Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.

Answer 46

A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.

Question 47

What is the intent of a basic SYN flood attack?

A. to solicit DNS responses
B. to flush the register stack to re-initiate the buffers
C. to exceed the threshold limit of the connection queue
D. to cause the buffer to overflow

Answer 47

C. to exceed the threshold limit of the connection queue

Question 48

What is an advantage of network telemetry over SNMP pulls?

A. security
B. scalability
C. accuracy
D. encapsulation

Answer 48

C. accuracy

Question 49

Which security solution protects users leveraging DNS-layer security?

A. Cisco ISE
B. Cisco Umbrella
C. Cisco ASA
D. Cisco FTD

Answer 49

B. Cisco Umbrella

Question 50

**

What are two functions of TAXII in threat intelligence sharing? (Choose two.)

A. allows users to describe threat motivations and abilities
B. determines how threat intelligence information is relayed
C. determines the “what” of threat intelligence
D. exchanges trusted anomaly intelligence information
E. supports STIX information

Answer 50

B. determines how threat intelligence information is relayed
E. supports STIX information

Question 51

What are two functionalities of SDN Northbound APIs? (Choose two.)

A. OpenFlow is a standardized northbound API protocol
B. Northbound APIs form the interface between the SDN controller and business applications
C. Northbound APIs provide a programmable interface for applications to dynamically configure the network
D. Northbound APIs form the interface between the SDN controller and the network switches or routers
E. Northbound APIs use the NETCONF protocol to communicate with applications.

Answer 51

B. Northbound APIs form the interface between the SDN controller and business applications
C. Northbound APIs provide a programmable interface for applications to dynamically configure the network

Question 52

What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?

A. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds
B. After four unsuccessful log in attempts the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL 60
C. After four unsuccessful log in attempts the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL 100
D. If four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt

Answer 52

A. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds

Question 53

What is a benefit of using a multifactor authentication strategy?

A. It provides an easy, single sign-on experience against multiple applications
B. It provides secure remote access for applications
C. It protects data by enabling the use of a second validation of identity
D. It provides visibility into devices to establish device trust

Answer 53

C. It protects data by enabling the use of a second validation of identity

Question 54

Which endpoint solution protects a user from a phishing attack?

A. Cisco AnyConnect with Network Access Manager module
B. Cisco AnyConnect with Umbrella Roaming Security module
C. Cisco Identity Services Engine
D. Cisco AnyConnect with ISE Posture module

Answer 54

B. Cisco AnyConnect with Umbrella Roaming Security module

Question 55

Which role is a default guest type in Cisco ISE?

A. Contractor
B. Full-Time
C. Monthly
D. Yearly

Answer 55

A. Contractor

Question 56

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be understood before choosing a solution?

A. L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol
B. GRE over IPsec cannot be used as a standalone protocol, and L2TP can
C. L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701
D. GRE over IPsec adds its own header, and L2TP does not

Answer 56

A. L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol

Question 57

An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?

A. editing
B. sharing
C. authoring
D. consumption

Answer 57

D. consumption

Question 58

Why is it important to have a patching strategy for endpoints?

A. so that patching strategies can assist with disabling nonsecure protocols in applications
B. so that known vulnerabilities are targeted and having a regular patch cycle reduces risks
C. so that functionality is increased on a faster scale when it is used
D. to take advantage of new features released with patches

Answer 58

B. so that known vulnerabilities are targeted and having a regular patch cycle reduces risks

Question 59

Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)

A. Cisco Prime Infrastructure
B. CDP AutoDiscovery
C. Seed IP
D. PowerOn Auto Provisioning
E. Cisco Cloud Director

Answer 59

C. Seed IP
D. PowerOn Auto Provisioning

Question 60

Refer to the exhibit. All servers are in the same VLAN/Subnet DNS Server-1 and DNS Server-2 must communicate with each other and all servers must communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?
https://www.examtopics.com/assets/media/exam-media/04313/0017800001.jpg

A. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, GigabitEthernet0/3 and GigabrtEthernet0/4 as isolated ports
B. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports
C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports
D. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports

Answer 60

D. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports

File server Isolated
Gateway Promiscuos
Dns1 community
Dns2 community

Question 61

Refer to the exhibit. Which configuration item makes it possible to have the AAA session on the network?

Gi1/0/18

https://www.examtopics.com/assets/media/exam-media/04313/0017900001.jpg

A. aaa authentication enable default enable
B. aaa authorization network default group ise
C. aaa authentication login console ise
D. aaa authorization exec default ise

Answer 61

B. aaa authorization network default group ise

Question 62

Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim’s web browser executes the code?

A. cross-site scripting
B. browser WGET
C. buffer overflow
D. SQL injection

Answer 62

A. cross-site scripting

Question 63

Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.)

A. Cisco ISE
B. Cisco Duo Security
C. Cisco DNA Center
D. Cisco Umbrella
E. Cisco TrustSec

Answer 63

B. Cisco Duo Security
D. Cisco Umbrella

Question 64

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CES addresses. Which DNS record must be modified to accomplish this task?

A. CNAME
B. DKIM
C. MX
D. SPF

Answer 64

C. MX

Question 65

A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?

A. Cisco Stealthwatch Cloud
B. Cisco WSAv
C. Cisco Cloud Orchestrator
D. Cisco ASAv

Answer 65

D. Cisco ASAv

Question 66

Refer to the exhibit. What are two indications of the Cisco Firepower Services Module configuration? (Choose two.)

ASA# show service-policy sfr

Global policy:
Service-policy: global_policy
Class-map: SFR
SFR: card status Up, mode fail-open monitor-only
packet input 0, packet output 44715478687, drop 0, reset-drop 0

A. The module is operating in IDS mode.
B. Traffic is blocked if the module fails.
C. The module fails to receive redirected traffic.
D. The module is operating in IPS mode.
E. Traffic continues to flow if the module fails.

Answer 66

A. The module is operating in IDS mode.
E. Traffic continues to flow if the module fails.

Question 67

Which two parameters are used to prevent a data breach in the cloud? (Choose two.)

A. DLP solutions
B. complex cloud-based web proxies
C. strong user authentication
D. antispoofing programs
E. encryption

Answer 67

C. strong user authentication
E. encryption

Question 68

What is the concept of continuous integration/continuous delivery pipelining?

A. The project code is centrally maintained, and each code change should trigger an automated build and test sequence.
B. The project is split into time-limited cycles, and focuses on pair programming for continuous code review.
C. The project is split into several phases where one phase cannot start before the previous phase finishes successfully.
D. Each project phase is independent from other phases to maintain adaptiveness and continual improvement.

Answer 68

A. The project code is centrally maintained, and each code change should trigger an automated build and test sequence.

Question 69

Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?

A. Cisco Stealthwatch
B. Cisco Encrypted Traffic Analytics
C. Cisco Umbrella
D. Cisco CTA

Answer 69

A. Cisco Stealthwatch

Question 70

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)

A. uses a static algorithm to determine malicious
B. determines if the email messages are malicious
C. provides a defense for on-premises email deployments
D. blocks malicious websites and adds them to a block list
E. does a real-time user web browsing behavior analysis

Answer 70

B. determines if the email messages are malicious Most Voted
C. provides a defense for on-premises email deployments

Question 71

Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection, enabling the platform to identify and output various applications within the network traffic flows?

A. Cisco ASAv
B. Account on Resolution
C. Cisco NBAR2
D. Cisco Prime Infrastructure

Answer 71

C. Cisco NBAR2

Question 72

Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?

A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count
B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device?parameter1=value¶meter2=vale&…
C. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/startIndex/recordsToReturn
D. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device

Answer 72

A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count

Question 73

Which function is performed by certificate authorities but is a limitation of registration authorities?

A. CRL publishing
B. certificate re-enrollment
C. verifying user identity
D. accepts enrollment requests

Answer 73

A. CRL publishing

Question 74

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A. Cisco Duo
B. Cisco NGFW
C. Cisco AnyConnect
D. Cisco AMP for Endpoints

Answer 74

A. Cisco Duo

Question 75

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?

A. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not.
B. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.
C. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas FTD does not.
D. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not.

Answer 75

A. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not.

Question 76

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?

A. Intelligent Multi-Scan
B. Anti-Virus Filtering
C. IP Reputation Filtering
D. File Analysis

Answer 76

A. Intelligent Multi-Scan

Question 77

Why is it important for the organization to have an endpoint patching strategy?

A. so the organization can identify endpoint vulnerabilities
B. so the internal PSIRT organization is aware of the latest bugs
C. so the network administrator is notified when an existing bug is encountered
D. so the latest security fixes are installed on the endpoints

Answer 77

D. so the latest security fixes are installed on the endpoints

Question 78

Which technology enables integration between Cisco ISE and other platforms to gather and share network and vulnerability data and SIEM and location information?

A. Cisco Talos
B. SNMP
C. pxGrid
D. NetFlow

Answer 78

C. pxGrid

Question 79

An administrator needs to configure the Cisco ASA via ASDM such that the network management system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two.)

A. Add an SNMP USM entry.
B. Specify an SNMP user group.
C. Add an SNMP host access entry.
D. Specify the SNMP manager and UDP port.
E. Specify a community string.

Answer 79

A. Add an SNMP USM entry.
B. Specify an SNMP user group.

Question 80

How does a WCCP-configured router identify if the Cisco WSA is functional?

A. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router.
B. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the WSA.
C. The WSA-sends a Here-I-Am message every 10 seconds, and the router acknowledges with an I-See-You message.
D. The router sends a Here-I-Am message every 10 seconds, and the WSA acknowledges with an I-See-You message.

Answer 80

C. The WSA-sends a Here-I-Am message every 10 seconds, and the router acknowledges with an I-See-You message. Most Voted

Question 81

What is the recommendation in a zero-trust model before granting access to corporate applications and resources?

A. to disconnect from the network when inactive
B. to use multifactor authentication
C. to use a wired network, not wireless
D. to use strong passwords

Answer 81

B. to use multifactor authentication

Question 82

Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?

A. InfluxDB
B. SNMP
C. Grafana
D. Splunk

Answer 82

C. Grafana

Question 83

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

A. websecurityadvancedconfig
B. webadvancedconfig
C. websecurityconfig
D. outbreakconfig

Answer 83

A. web security advanced config

Question 84

What is a feature of NetFlow Secure Event Logging?

A. It exports only records that indicate significant events in a flow.
B. It supports v5 and v8 templates.
C. It delivers data records to NSEL collectors through NetFlow over TCP only.
D. It filters NSEL events based on the traffic and event type through RSVP.

Answer 84

A. It exports only records that indicate significant events in a flow.

Question 85

A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256 cisc0123456789 command and needs to send SNMP information to a host at 10.255.255.1. Which command achieves this goal?

A. snmp-server host inside 10.255.255.1 version 3 myv7
B. snmp-server host inside 10.255.255.1 snmpv3 myv7
C. snmp-server host inside 10.255.255.1 version 3 asmith
D. snmp-server host inside 10.255.255.1 snmpv3 asmith

Answer 85

C. snmp-server host inside 10.255.255.1 version 3 asmith

Question 86

Which standard is used to automate exchanging cyber threat information?

A. MITRE
B. TAXII
C. IoC
D. STIX

Answer 86

B. TAXII

Question 87

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?

A. elastic search
B. file trajectory
C. indication of compromise
D. retrospective detection

Answer 87

C. indication of compromise

Question 88

When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources?

A. CDP
B. syslog
C. NTP
D. DNS

Answer 88

B. syslog

Question 89

Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?

A. multiple context mode
B. single context mode
C. routed mode
D. transparent mode

Answer 89

D. transparent mode

Question 90

Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is authenticated?

A. Accounting
B. Authorization
C. Authentication
D. CoA

Answer 90

D. CoA

Question 91

When NetFlow is applied to an interface, which component creates the flow monitor cache that is used to collect traffic based on the key and nonkey fields in the configured record?

A. flow exporter
B. records
C. flow sampler
D. flow monitor

Answer 91

D. flow monitor

Question 92

Which encryption algorithm provides highly secure VPN communications?

A. AES 256
B. AES 128
C. 3DES
D. DES

Answer 92

A. AES 256

Question 93

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest access, and the same guest portal is used as the BYOD portal?

A. single-SSID BYOD
B. dual-SSID BYOD
C. streamlined access
D. multichannel GUI

Answer 93

B. dual-SSID BYOD

Question 94

DRAG DROP -
Drag and drop the exploits from the left onto the type of security vulnerability on the right.
Select and Place:

causes memory access errors
makes the client the target of attack
gives unaothirzed access to web server files
accesses or modifies application data

path traversal
cross-stie request forgery
SQL injection
buffer overflow

Answer 94

gives unaothirzed access to web server files - path traversal

makes the client the target of attack - cross-stie request forgery

accesses or modifies application data - SQL injection

causes memory access errors - buffer overflow

Question 95

What is the function of the crypto isakmp key cisc123456789 address 192.168.50.1 255.255.255.255 command when establishing an IPsec VPN tunnel?

A. It configures the pre-shared authentication key for host 192.168.50.1.
B. It prevents 192.168.50.1 from connecting to the VPN server.
C. It configures the local address for the VPN server 192.168.50.1.
D. It defines the data destined to 192.168.50.1 is going to be encrypted.

Answer 95

A. It configures the pre-shared authentication key for host 192.168.50.1.

Question 96

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics?

A. cluster
B. multiple context
C. routed
D. transparent

Answer 96

B. multiple context

Question 97

An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal?

A. SubCA
B. organization owned root
C. self-signed
D. third-party

Answer 97

B. organization owned root

Question 98

Which solution stops unauthorized access to the system if a user’s password is compromised?

A. MFA
B. AMP
C. VPN
D. SSL

Answer 98

A. MFA

Question 99

An engineer needs to configure an access control policy rule to always send traffic for inspection without using the default action. Which action should be configured for this rule?

A. monitor
B. trust
C. allow
D. block

Answer 99

C. allow

Question 100

Which benefit does DMVPN provide over GETVPN?

A. DMVPN can be used over the public Internet, and GETVPN requires a private network.
B. DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.
C. DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.
D. DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.

Answer 100

A. DMVPN can be used over the public Internet, and GETVPN requires a private network.