my cards 7

Question 1

Refer to the exhibit. An administrator is configuring a VPN tunnel on a Cisco router. The information provided by the administrator of the remote end of the VPN tunnel was that IKEv1 is the tunnel protocol with a preshared key of C1$c0463835440!. The encryption for both phases is AES and the hash for both phases is SHA-256. The source subnet is 10.10.10.x/24 and the destination subnet is 10.10.20.x/24. The local device cannot establish a VPN tunnel and the debug message shown here is seen in the log file. What must be verified to correct the configuration?

ISAKMP: ipsec policy invlidated proposal
ISAKMP: sa not acceptable
QM rejected

A. Ensure that the IKE version is identical on both ends
B. Ensure that the ISAKMP policy configuration is identical on both ends
C. Ensure that the preshared key is identical on both ends
D. Ensure that the ACLs that define interesting traffic are symmetrical on both ends

Answer 1

B. Ensure that the ISAKMP policy configuration is identical on both ends

Question 2

Which attack gives unauthorized access to files on the web server?

A. DHCP snooping
B. path traversal
C. broadcast storm
D. distributed DoS

Answer 2

B. path traversal

Question 3

Which feature does the IaaS model provide?

A. software-defined network segmentation
B. granular control of data
C. automatic updates and patching of software
D. dedicated, restricted workstations

Answer 3

A. software-defined network segmentation

Question 4

A network administrator needs a solution to match traffic and allow or deny the traffic based on the type of application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement?

A. nextgeneration firewall
B. web application firewall
C. next generation intrusion prevention system
D. intrusion detection system

Answer 4

A. nextgeneration firewall

Question 5

What is a benefit of using Cisco CWS compared to an on-premises Cisco Secure Web Appliance?

A. CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Secure Web Appliance does not.
B. Content scanning for SAAS cloud applications is available through CWS and not available through Secure Web Appliance.
C. CWS minimizes the load on the internal network and security infrastructure as compared to Secure Web Appliance.
D. URL categories are updated more frequently on CWS than they are on Secure Web Appliance.

Answer 5

A. CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Secure Web Appliance does not.

Question 6

Which key feature of Cisco ZFW is unique among other Cisco IOS firewall solutions?

A. SSL inspection
B. security levels
C. stateless inspection
D. security zones

Answer 6

D. security zones

Question 7

Which Cisco solution secures the cloud users, data and applications with the cloud-native CASB and cloud cybersecurity platform?

A. Cisco Appdynamics
B. Cisco Umbrella
C. Cisco CloudLock
D. Cisco Secure Network Analytics

Answer 7

C. Cisco CloudLock

Question 8

What are the components of endpoint protection against social engineering attacks?

A. Cisco Secure Email Gateway
B. IPsec
C. firewall
D. IDS

Answer 8

A. Cisco Secure Email Gateway

Question 9

Which feature is used to restrict communication between interfaces on a Cisco ASA?

A. VLAN subinterfaces
B. traffic zones
C. VxLAN interfaces
D. security levels

Answer 9

D. security levels

Question 10

A network administrator is modifying a remote access VPN on an FTD managed by an FMC. The administrator wants to offload traffic to certain trusted domains. The administrator wants this traffic to go out of the client’s local internet and send other internet-bound traffic over the VPN. Which feature must the administrator configure?

A. reverse route injection
B. dynamic access policies
C. local LAN access
D. dynamic split tunneling

Answer 10

D. dynamic split tunneling

Question 11

Refer to the exhibit. Logins from internal users to a Cisco Adaptive Security Appliance firewall must be performed by using a TACACS server. The firewall is already configured. Which additional configuration must be performed to configure the TACACS+ server group with a key of Cisco4512!?

INTERFACE NAME EXERNAL, ANSWER IS

aaa-server SERVERGROUP (external) host 4.4.4.2
key Cisco 4512!

Answer 11

INTERFACE NAME EXERNAL, ANSWER IS

aaa-server SERVERGROUP (external) host 4.4.4.2
key Cisco 4512!

Question 12

A network engineer must create a workflow to detect when a device joins a network and send the onboarding configuration to the device by using the Cisco DNA Center API. Which two method and endpoint pairs must be used to implement the workflow? (Choose two.)

A. POST /dna/intent/api/v1/onboarding/pnp-device/site- claim

B. POST /dna/intent/api/v1/onboarding/pnp-device/import

C. GET /dna/intent/api/v1/discovery/{discovery_id}/network-device

D. GET /dna/intent/api/v1/topology/site-topology

E. POST /dna/intent/api/v1/discovery

Answer 12

A. POST /dna/intent/api/v1/onboarding/pnp-device/site- claim

B. POST /dna/intent/api/v1/onboarding/pnp-device/import

Question 13

Which IPsec mode must be used when encrypting data over a public network between two servers with RFC1918 IP addresses?

A. main mode
B. aggressive mode
C. transport mode
D. tunnel mode

Answer 13

D. tunnel mode

Question 14

Which platform uses Cyber Threat Intelligence as its main source of information?

A. EPP
B. EDR
C. Cisco ASA
D. Cisco Secure Endpoint

Answer 14

D. Cisco Secure Endpoint

Question 15

Refer to the exhibit. Which task is the Python script performing by using the Umbrella Enforcement API?

import requests
from datetime import datetime import json
custkey "daw79ad8v9a7"
eventurl="https://s-platform.api.opendns.com/1.0/events"
time = datetime.now().isoformat()
domain= "maliciouswebsite.com"
UrlPost eventurl+'?customerKey='+custkey
data = {
"alertTime": time + "Z",
"deviceId": "flq802v6-1d92-1824-ba42-sf7sfk927c81",
"deviceVersion": "13.7a",
"dstDomain": domain,
"dstUrl": "http://" + domain + "/",
"eventTime": time + "Z",
"protocolVersion": "1.0a",
"providerName": "Security Platform"
}
req = requests.post (Url Post, data=json.dumps (data), headers = {'Content-type': 'application/json', 'Accept': 'application/json'})
if (req.status_code == 202):
print("SUCCESS: domain ( (domain) s) was accepted, HTTP response: 202, timestamp: (time) s" % ('domain': domain, 'time': time))
else:
print ("An error has occurred with the following code % (error)s, please consult the following link: https://enforcement-api.readme.io/"
{'error': req.status_code})

A. importing malicious domains to Cisco Umbrella Enforcement for additional processing
B. importing malicious domains to Cisco Umbrella Enforcement for blocking
C. editing malicious domains in Cisco Umbrella Enforcement that have changed status
D. editing malicious domains in Cisco Umbrella Enforcement that have changed IP address

Answer 15

B. importing malicious domains to Cisco Umbrella Enforcement for blocking

Question 16

Which security mechanism is designed to protect against “offline brute-force” attacks?

A. Token
B. MFA
C. Salt
D. CAPTCHA

Answer 16

C. Salt

Question 17

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?

A. reset
B. buffer
C. drop
D. pass

Answer 17

D. pass

Question 18

Which method is used on a Cisco IOS router to redirect traffic to the Cisco Secure Web Appliance for URL inspection?

A. WCCP
B. route map
C. PAC file
D. WPAD

Answer 18

A. WCCP

Question 19

Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.)

A. service tcp-keepalives-in
B. no service password-recovery
C. no cdp run
D. no ip http server
E. ip ssh version 2

Answer 19

D. no ip http server

E. ip ssh version 2

Question 20

Refer to the exhibit. An engineer created a policy named usera1 on a Cisco Secure Email Gateway to enable the antispam feature for an email address of usera1@cisco.com. Which configuration step must be performed next to apply the policy only to the usera1@cisco.com email address?

A. Specify the user in Mail Policies > Mail Policies Settings
B. Click the Policy Name usera1 Policy, and then click Add User.
C. Set the user in Mail Policies > Exception Table.
D. Click IronPort Anti-Spam, and then click Add User.

Answer 20

B. Click the Policy Name usera1 Policy, and then click Add User.

Question 21

Which Cisco firewall solution supports configuration via Cisco Policy Language?

A. NGFW
B. CBAC
C. IPS
D. ZFW

Answer 21

D. ZFW

Question 22

A network administrator has configured DHCP snooping on a Cisco switch to prevent unauthorized DHCP servers from assigning IP addresses. During configuration, a device with MAC address 04:66:96:79:0:AB received an IP address from an unauthorized DHCP server. Which configuration step must the network administrator take to accomplish the requirement?

A. Apply DHCP option 82 to identify the trusted DHCP server.
B. Configure each device on the network to use authorize DHCP server manually.
C. Configure an access control list to only allow DHCP traffic from trusted DHCP server.
D. Implement DHCP option 82 to relay DHCP requests to the trusted DHCP server.

Answer 22

D. Implement DHCP option 82 to relay DHCP requests to the trusted DHCP server.

Question 23

What are two examples of code injection vulnerabilities? (Choose two.)

A. XML external entity injection
B. cross-site scripting
C. session hijacking
D. SQL injection
E. arbitrary command injection

Answer 23

B. cross-site scripting

D. SQL injection

Question 24

What is the purpose of the certificate signing request when adding a new certificate for a server?

A. It provides the certificate client information so the server can authenticate against it when installing.

B. It provides the server information so a certificate can be created and signed.

C. It is the password for the certificate that is needed to install it with.

D. It is the certificate that will be loaded onto the server.

Answer 24

B. It provides the server information so a certificate can be created and signed.

Question 25

Which Secure Email Gateway implementation method segregates inbound and outbound email?

A. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address

B. pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces

C. one listener on one logical IPv4 address on a single logical interface

D. one listener on a single physical interface

Answer 25

B. pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces

Question 26

What is a feature of an endpoint detection and response solution?

A. ensuring the security of network devices by choosing which devices are allowed to reach the network

B. capturing and clarifying data on email, endpoints, and servers to mitigate threats

C. rapidly and consistently observing and examining data to mitigate threats

D. preventing attacks by identifying harmful events with machine learning and conduct-based defense

Answer 26

C. rapidly and consistently observing and examining data to mitigate threats

Question 27

An engineer is deploying a Cisco Secure Email Gateway and must ensure it reaches the Cisco update servers to retrieve new rules. The engineer must now manually configure the Outbreak Filter rules on an AsyncOS for Cisco Secure Email Gateway. Only outdated rules must be replaced. Up-to-date rules must be retained. Which action must the engineer take next to complete the configuration?

A. Use the outbreakconfig command in CLI.
B. Select Outbreak Filters.
C. Perform a backup/restore of the database.
D. Click Update Rules Now.

Answer 27

A. Use the outbreakconfig command in CLI.

Question 28

A website administrator wants to prevent SQL injection attacks against the company’s customer database, which is referenced by the web server. Which two methods help prevent SQL injection attacks? (Choose two.)

A. using load balancers with NAT
B. performing input validation
C. enforcing TLS 1.3 only
D. using SSL certificates
E. using web application firewalls

Answer 28

B. performing input validation

E. using web application firewalls

Question 29

An engineer is configuring DHCP on a Cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition will this occur?

A. A packet from a DHCP server is received from inside the network or firewall.
B. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database.
C. A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match.
D. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0.

Answer 29

C. A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match.

Question 30

An engineer is configuring guest WLAN access using Cisco ISE and the Cisco WLC. Which action temporarily gives guest endpoints access dynamically while maintaining visibility into who or what connecting?

A. Configure ISE and the WLC for quest redirection and services using a self-registered portal.
B. Modify the WLC configuration to allow any endpoint to access an internet-only VLAN.
C. Configure ISE and the WLC for guest redirection and services using a hotspot portal.
D. Modify the WLC configuration to require local WLC logins for the authentication prompts.

Answer 30

A. Configure ISE and the WLC for quest redirection and services using a self-registered portal.

Question 31

An engineer needs to configure cloud logging on Cisco ASA with SAL (secure analytics, stealthwatch) integration. Which parameter must be considered for this configuration?

A. Events can be viewed only from one regional cloud.
B. All CSM versions are supported.
C. Onboard Cisco ASA device to CDO is needed.
D. Required storage size can be allocated dynamically.

Answer 31

C. Onboard Cisco ASA device to CDO is needed.

Question 32

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

A. Cisco Secure Client
B. Cisco ISE
C. Cisco Secure Workload
D. Cisco AMP for Network

Answer 32

C. Cisco Secure Workload

Question 32

A network administrator has installed Secure Endpoint in the network. During setup it was noticed an endpoint has been exhibiting unusual behavior, including slow performance and unexpected network activity. Administrator discovers a suspicious file named abc0467145535.exe running in the background. Which step must the network administrator take to investigate and remediate the potential malware?

A. Isolate the endpoint from the network.
B. Reset the endpoint password and enable multi-factor authentication.
C. Format and reinstall the operating system on the endpoint.
D. Disable all non-essential processes running on the endpoint.

Answer 32

A. Isolate the endpoint from the network.

Question 32

What are two targets in cross-site scripting attacks? (Choose two.)

A. footer
B. cookie
C. input
D. header
E. image

Answer 32

C. input

E. image

Question 33

Which component performs the resolution between the tunnel address and mGRE address in DMVPN?

A. GDOI
B. NBMA
C. NHRP
D. NHS

Answer 33

C. NHRP

Question 34

Refer to the exhibit. A network engineer must retrieve the interface configuration on a Cisco router by using the NETCONF API. The engineer uses a Python script to automate the activity. Which code snippet completes the script?

1 GET/api/running/interfaces? deep HTTP/1.1 2 Host: 10.22.52.246:8008
3 Authorization: Basic YWRtaW46YWRtaw4=
4
5 Accept: application/vnd.yang.data+json
6 Cache-Control: no-cache
7 Postman-Token:
93bfbd7d-c25b-993b-2ed2-b464e7d926de

A. Content-Type: applications/json/vnd.yang.data
B. Content-Type: application/vnd.yang.data+json
C. Content-Type: application/vnd.yang.data
D. Content-Type: application/vnd.yang.data+api

Answer 34

B. Content-Type: application/vnd.yang.data+json

Question 35

What is a difference between encrypted passwords and hardcoded passwords?

A. Encrypted passwords are easier to obtain, and hardcoded passwords are known only to developers.
B. Encrypted passwords are generated by an application user, and hardcoded passwords are generated randomly.
C. Encrypted passwords are used for frontend applications, and hardcoded passwords are used for backend applications.
D. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code.

Answer 35

D. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code

Question 36

Which action adds IOCs to customize detections for a new attack?

A. Use the initiate Endpoint IOCs scan feature to gather the IOC information and push it to clients.
B. Upload the IOCs into the Installed Endpoint IOC feature within Cisco Secure Endpoint.
C. Add a custom advanced detection to include the IOCs needed within Cisco Secure Endpoint.
D. Modify the base policy within Cisco Secure Endpoint to include simple custom detections.

Answer 36

B. Upload the IOCs into the Installed Endpoint IOC feature within Cisco Secure Endpoint.

Question 37

A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full?

A. It overwrites the oldest log files.
B. It suspends logging and reporting functions.
C. It deletes logs older than a configurable age.
D. It archives older logs in a compressed file to free space.

Answer 37

B. It suspends logging and reporting functions.

Question 38

What limits communication between applications or containers on the same node?

A. container orchestration
B. microservicing
C. software-define access
D. microsegmentation

Answer 38

D. microsegmentation

Question 39

A network administrator has configured TACACS on a network device using the key Cisc0466974274 for authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is falling. Which configuration step must the administrator complete?

A. Configure the TACACS key on the server to match with the network device.
B. Install a compatible operating system version on the TACACS server.
C. Implement synchronized system clock on TACACS server that matches the network device.
D. Apply an access control list on TACACS server to allow communication with the network device.

Answer 39

A. Configure the TACACS key on the server to match with the network device.

Question 40

How do the features of DMVPN compare to IPsec VPN?

A. DMVPN supports high availability routing, and IPsec VPN supports stateless failover.
B. DMVPN uses hub-and-spoke topology, and IPsec VPN uses on-demand spoke topology.
C. DMVPN supports non-IP protocols, and IPsec VPN only supports IP protocols.
D. DMVPN supports multiple vendors, and IPsec VPN only supports Cisco products.

Answer 40

A. DMVPN supports high availability routing, and IPsec VPN supports stateless failover.

Question 41

Drag and drop the Cisco Secure Email Gateway benefits from the left to the corresponding deployment options on the right.

lowers the cost of developing in highly distributed networks
highest levels of data protection
highest levels of service availability
respond instantly to increasing traffic growth

cloud or virtual

Answer 41

Cloud:
highest levels of data protection
highest levels of service availability

Virtual
respond instantly to increasing traffic growth
lowers the cost of deploying in highly distributed networks

Question 42

What has driven an increase in the need for endpoint-based security?

A. minimal endpoint-based security manual configuration and implementation
B. increased data volumes and value in data center storage
C. increased number of BYOD policies and hybrid remote worker
D. stricter control mechanism requirements for enterprise access

Answer 42

C. increased number of BYOD policies and hybrid remote worker

Question 43

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?

A. man-in-the-middle
B. cross-site request forgery
C. SQL injection
D. denial-of-service

Answer 43

C. SQL injection

Question 44

Which problem is solved by deploying a multicontext firewall?

A. overlapping IP addressing plan
B. resilient high availability design
C. faster inspection
D. more secure policy

Answer 44

A. overlapping IP addressing plan

Question 45

What must be configured on Cisco Secure Endpoint to create a custom detection file list to detect and quarantine future files?

A. Create an advanced custom detection and upload the hash of each file.
B. Add a network IP block allowed list to the configuration and add the blocked files.
C. Use the simple custom detection feature and add each detection to the list.
D. Configure an application control allowed applications list to block the files.

Answer 45

A. Create an advanced custom detection and upload the hash of each file.

Question 46

Which Cisco solution provides a comprehensive view of internet domains, IP addresses, and autonomous systems to help pinpoint attackers and malicious infrastructures?

A. Cisco Secure Workload Cloud
B. Cisco Advanced Malware Investigate
C. Cisco Threat Indication Database
D. Cisco Umbrella Investigate

Answer 46

D. Cisco Umbrella Investigate

Question 47

An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two.)

A. Enter a network public IP address.
B. Install the Umbrella root certificate.
C. Configure the DNS security settings.
D. Point DNS to Umbrella platform DNS servers.
E. Point DHCP to Umbrella platform DHCP servers.

Answer 47

A. Enter a network public IP address.

D. Point DNS to Umbrella platform DNS servers.

Question 48

Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains, IPs, and files, and helps to pinpoint attackers’ infrastructures and predict future threat?

A. Cisco Umbrella Investigate
B. Cisco Secure Network Analytics
C. Cisco pxGrid
D. Cisco Secure Cloud Analytics

Answer 48

A. Cisco Umbrella Investigate

Question 49

Which action configures the iEEE 802.1X Flexible Authentication feature to support Layer 3 authentication mechanisms?

A. Modify the Dot1x configuration on the VPN server to send Layer 3 authentications to an external authentication database.
B. Identify the devices using this feature and create a policy that allows them to pass Layer 2 authentication.
C. Add MAB into the switch to allow redirection to a Layer 3 device for authentication.
D. Configure WebAuth so the hosts are redirected to a web page for authentication.

Answer 49

D. Configure WebAuth so the hosts are redirected to a web page for authentication.

Question 50

Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches?

A. rest APIs
B. northbound APIs
C. southbound APIs
D. unprotected APIs

Answer 50

C. southbound APIs

Question 51

Which solution should a network administrator deploy to protect a webserver from SQL injection attacks?

A. IDS
B. Secure Web Appliance
C. ISE
D. IPS

Answer 51

D. IPS

Question 52

What is a capability of Cisco AVC?

A. application bandwidth enforcement on Cisco IOS platforms
B. interoperates by using GET VPN on tunnel interfaces
C. traffic filtering by using a Security Intelligence policy
D. deep packet inspection on IPsec encapsulated traffic

Answer 52

A. application bandwidth enforcement on Cisco IOS platforms

Question 53

Which parameter must be set for an invalid certificate handling on a Cisco Seucure Web Appliance with a policy for HTTPS traffic?

A. Decrypt
B. Reject
C. Accept
D. Scan

Answer 53

A. Decrypt

Question 54

A networking team must harden an organization’s network from VLAN hopping attacks. The team disables Dynamic Trunking Protocol and puts any unused ports in an unused VLAN. A trunk port is used as a trunk link. What must the team configure next to harden the network against VLAN hopping attacks?

A. dedicated navite VLAN ID for all trunk ports
B. disable STP on the network devices
C. DHCP snooping on all the switches
D. enable port-based network access control

Answer 54

A. dedicated native VLAN ID for all trunk ports

Question 55

A network engineer configures a site-to-site VPN with a colleague. During testing, the engineer discovers that only phase 1 is up, and application traffic cannot pass. Which configuration parameter must be checked on each device?

A. hash algorithm
B. peer IP address
C. encryption domain
D. preshared key

Answer 55

C. encryption domain

Question 56

An engineer is deploying a Cisco Email Security Appliance and must configure a sender group that decides which mail policy will process the mail. The configuration must accept incoming mails and relay the outgoing mails from the internal server. Which component must be configured to accept the connection to the listener and meet these requirements on a Cisco Secure Email Gateway?

A. access list
B. HAT
C. RAT
D. sender list

Answer 56

C. RAT

Question 57

Refer to the exhibit. A network engineer wants to reduce the operational costs of SNMPv3 by using trapping instead of polling. Which code snippet completes the configuration to enable authentication for SNMPv3 trapping?

snmp-server enable traps
snmp-server group trapgroup v3 auth
********************************
snmp-server host 10.1.1.161 traps version 3 auth trapuser

A.snmp-server user trapuser trapgroup version 3 auth sha AuthPass
B.snmp-server user trapuser trapgroup v3 auth sha AuthPass
C. snmp-server user trap trapgroup v3 auth sha AuthPass
D. snmp-server user trapuser trapgroup version 3 AuthPass

Answer 57

B.snmp-server user trapuser trapgroup v3 auth sha AuthPass

Question 58

What is the definition of phishing?

A. malicious email spoofing attack that targets a specific organization or individual
B. impersonation of an authorized website to deceive users into entering their credentials
C. any kind of unwanted, unsolicited digital communication that gets sent out in bulk
D. sending fraudulent communications that appear to come from a reputable source

Answer 58

D. sending fraudulent communications that appear to come from a reputable source

Question 59

What is capability of EPP compared to EDR?

A. EPP protects against malware that has already entered the environment, and EDR focuses on protecting against botnets.
B. EDR protects against email attacks, and EPP focuses on detecting and monitoring phishing and ransomware email attacks.
C. EDR protects against malicious email attacks, and EPP focuses on suspicious website attacks including DoS and DDoS attempts.
D. EDR protects against malware that has already entered the environment, and EPP focuses on preventing malware from entering.

Answer 59

D. EDR protects against malware that has already entered the environment, and EPP focuses on preventing malware from entering.

Question 60

What is considered a cloud data breach?

A. cyber threats posing as authorized entities
B. exploitation of cloud application access
C. deprivation of computing resources
D. leaked information that is private

Answer 60

B. exploitation of cloud application access

Question 61

Which type of attack does multifactor authentication help protect against?

A. cross-site scripting
B. brute force
C. SQL injection
D. man-in-the-middle

Answer 61

B. brute force

Question 62

An engineer must use Cisco Secure Firewall Management Center to send Cisco Secure Firewall Threat Defense events to the cloud. The engineer performed these actions already:
* FTD devices were added to FMC
* FTD devices were assigned licenses

Which action must be taken to complete Cisco Cloud Event Configuration?

A. Register with Cisco Smart Licensing.
B. Enable cloud event connector.
C. Create a Cisco Cloud Region.
D. Assign a Cloud Event License.

Answer 62

B. Enable cloud event connector.

Question 63

What is a benefit of using Cisco AVC for application control?

A. dynamic application scanning
B. management of application sessions
C. retrospective application analysis
D. zero-trust approach

Answer 63

B. management of application sessions

Question 64

What is the purpose of CA in a PKI?

A. to generate a pkcs12 certificate from certificate key-pair
B. to issue and revoke digital certificates
C. to certify the ownership of a public key by the named subject
D. to create the private key for a digital certificate

Answer 64

B. to issue and revoke digital certificates

Question 65

An engineer is onboarding a teleworker to Cisco Umbrella. After the worker’s home network identity is configured, which additional action must be taken to complete the network registration?

A. Change the public IP addresses from static to dynamic.
B. Point the home modem DHCP to Cisco Umbrella DHCP.
C. Set up a point-to-point VPN with the head-office.
D. Point the home modem DNS to Cisco Umbrella DNS.

Answer 65

D. Point the home modem DNS to Cisco Umbrella DNS.

Question 66

What must be disabled on a Cisco Secure Web Appliance to ensure HTTPS traffic with a good reputation score bypasses decryption?

A. Decrypt ACL
B. Decrypt Policies
C. Decrypt for End-User Acknowledgment
D. Decrypt for End-User Notification

Answer 66

B. Decrypt Policies

Question 67

A network engineer must use the Cisco DNA Center API to create a configuration template to provision a device. Which two method and endpoint pairs must be used to create the template? (Choose two.)

A- POST /dna/intent/api/v1/discovery

B. POST /dna/intent/api/v1/template-programmer/project/{project_id}/template

C. GET /dna/intent/api/v1/global-pool

D. POST /dna/intent/api/v1/template-programmer/template/ version

E. GET /dna/intent/api/v1/global-credential/{credential_id}

Answer 67

B. POST /dna/intent/api/v1/template-programmer/project/{project_id}/template

D. POST /dna/intent/api/v1/template-programmer/template/ version

Question 68

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization’s inside network 192.168.1.0/24. Which IOS command must be used to create the access control list?

A. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0

B. access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80.

C. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

D. access-list permit http 192.168.1.0 255.255.255.0 any

Answer 68

C. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

Question 69

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.

customer responsible for application patching
customer responsible for operating system patching
provider responsible for operating system patching
privider responsible for applicaton patching

Answer 69

IaaS
customer responsible for application patching
customer responsible for operating system patching

SaaS
provider responsible for operating system patching
privider responsible for applicaton patching

Question 70

An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generated by the user is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goal?

A. NAT exemption
B. encryption domain
C. routing table
D. group policy

Answer 70

D. group policy

Question 71

An engineer must configure a Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of emails that violate the DLP policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet the requirements?

A. DLP Message Action
B. Matched Content Logging
C. Secure Reply All
D. Secure Message Forwarding

Answer 71

B. Matched Content Logging

Question 72

Which email security feature protects users from phishing attempts?

A. anti-malware file scanning
B. intrusion prevention
C. reputation-based filtering
D. malicious signature detection

Answer 72

C. reputation-based filtering

Question 73

Refer to the exhibit. Which protocol should be used to encrypt a client connection that signs in to the router remotely to make common configuration changes?

remote management to a router

A. SSH
B. FTPS
C. SCP
D. SFTP

Answer 73

A. SSH

Question 74

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

A. Cisco Secure Workload
B. Cisco Secure Network Analytics
C. Cisco AMP
D. Cisco Umbrella

Answer 74

A. Cisco Secure Workload

Question 75

How does a Cisco Secure Firewall help to lower the risk of exfiltration techniques that steal customer data?

A. blocking UDP port 53
B. blocking TCP port 53
C. inspecting the DNS traffic
D. encrypting the DNS communication

Answer 75

C. inspecting the DNS traffic

Question 76

Refer to the exhibit. Which task is the Python script performing by using the Cisco Umbrella API?

import requests
import json
from datetime import datetime
API key = "<insert-investigate-api-key-here>"
investigateUrl = "https://investigate.api.umbrella.com/domains/categorization/" domains = ["internetbadguys.com", "cnn.com", "cisco.com"]
values = str(json.dumps (domains))
headers = {
}
'Authorization': 'Bearer' + API key
req = requests.post (investigateUrl, data=values, headers=headers) time = datetime.now().isoformat()
if (req.status_code
== 200):
print ("SUCCESS: request has the following code: 200\n")
output = req.json()
for domain in domains:
domainOutput = output [domain]
domainStatus =
domainOutput ["status"]
if (domainStatus == -1):
print ("The domain (domain) s is found MALICIOUS at % (time) s\n"% {'domain': domain, 'time': time}}
elif (domainStatus == 1):
else:
print ("The domain % (domain) s is found CLEAN at % (time) s\n"% {'domain': domain, 'time': time}}
print ("The domain % (domain) s is found UNDEFINED RISKY at % (time) s\n"% {'domain': domain, 'time': time}}

A. changing the disposition of domains that were previously malicious to clean
B. checking the disposition of previously identified domains in bulk
C. changing the disposition of domains that were previously clean to malicious
D. checking the disposition of potentially malicious domains in bulk

Answer 76

B. checking the disposition of previously identified domains in bulk

number of times in the script is the key

Question 77

Refer to the exhibit. A network engineer must implement a new multidevice management solution and must retrieve information about all the Cisco devices that are directly attached to a Cisco IOS router. Which IOS command must the engineer use to display detailed information about the attached devices?

screenshot of neighbors

A. show cdp neighbors
B. show cdp
C. show neighbors
D. cdp neigbors

Answer 77

A. show cdp neighbors

Question 78

Refer to the exhibit. Network access control is implemented on the LAN and an engineer must now configure the switch port level so that users with new corporate devices can connect to the corporate LAN without issues. What must be configured next?

interface gig1/0/1
switchport mode access
authentication violation restrict

A. clear port-security dynamic
B. shut and no shut
C. errdisable recovery cause psesecure-violation
D. authentication violation replace

Answer 78

D. authentication violation replace

“without issues”

Question 79

What is a difference between an EPP solution and an EDR solution?

A. EPP detects malicious activity on endpoints, and EDR only detects file-based malware on endpoints.
B. EDR provides endpoint data loss prevention, and EPP remediates hosts to a preinfection state.
C. EDR focuses on detecting network-level threats, and EPP focuses on detecting host-level threats.
D. EPP contains a security incident at the network traffic level, and EDR contains a security incident at the endpoint.

Answer 79

D. EPP contains a security incident at the network traffic level, and EDR contains a security incident at the endpoint.

Question 80

A company is planning to deploy an application to a secure cloud environment. The solution must meet these requirements:

• A third-party must control the underlying cloud infrastructure.
• The company must control the deployed applications.
• A third-party must control networking components.

Which cloud service model must be used?

A. SaaS
B. IaaS
C. PaaS
D. private cloud

Answer 80

C. PaaS

Question 81

An organization plans to upgrade its current email security solutions, and an engineer must deploy Cisco Secure Email. The requirements for the upgrade are:
* Implement Data Loss Prevention
* Implement mail encryption
* Integrate with an existing Cisco IronPort Secure Email Gateway solution

Which Cisco Secure Email license needed to accomplish this task?

A. Cisco Secure Email Domain Protection
B. Cisco Secure Email Inbound Essentials
C. Cisco Secure Email Outbound Essentials
D. Cisco Secure Email Phishing Defense

Answer 81

C. Cisco Secure Email Outbound Essentials

Question 82

Which Cisco ISE service checks the state of all the endpoints connecting to a network for compliance with corporate security policies?

A. Threat Centric NAC service
B. posture service
C. Cisco TrustSec
D. compliance module

Answer 82

B. posture service

Question 83

What is a difference between an SQL injection and a cross-site scripting attack?

A. SQL injection intercepts user information, and XSS causes false or unpredictable results.
B. SQL injection modifies SQL queries, and XSS cloaks by encoding tags.
C. SQL injection detects environments, and XSS cloaks by encoding tags.
D. SQL injection modifies SQL queries, and XSS allows access to files beyond the root folder.

Answer 83

B. SQL injection modifies SQL queries, and XSS cloaks by encoding tags.

Question 84

Drag and drop the firewall capabilities from the left onto the corresponding firewall deployment modes on the right.

Routed firewalls / Transparent firewalls

A. The device acts as a secured bridge that switches traffic from one interface to another.

B. The firewall does not provide a way to filter packets that traverse from one host to another in the same LAN segment.

C. The firewall requires a new network segment to be created when they are inserted into a network.

D. The firewall can optionally inspect Layer 2 traffic and filter unwanted traffic.

Answer 84

Routed firewalls:
B. The firewall does not provide a way to filter packets that traverse from one host to another in the same LAN segment.
C. The firewall requires a new network segment to be created when they are inserted into a network.

Transparent firewalls:
A. The device acts as a secured bridge that switches traffic from one interface to another.
D. The firewall can optionally inspect Layer 2 traffic and filter unwanted traffic.

Question 85

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall to permit TCP DNS traffic to the internet from the organization’s inside network 192.168.1.0/24. Which IOS command must be used to implement the access control list?

A. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq 53 any
B. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq domain
C. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq 53
D. access-list 102 permit tcp 192.168.1.0 0.0.0.255 any eq 53

Answer 85

D. access-list 102 permit tcp 192.168.1.0 0.0.0.255 any eq 53

Question 86

What is a capability of Cisco Secure Email Cloud Gateway compared to Cisco Secure Email Gateway?

A. Secure Email Cloud Gateway is an add-on that is deployed to a web browser by using a group policy, and Secure Email Gateway requires a server infrastructure.
B. Secure Email Cloud Gateway requires that a proxy be deployed to a web browser, and Secure Email Gateway requires a network reconfiguration.
C. Secure Email Cloud Gateway protects email without having to deploy an infrastructure, and Secure Email Gateway requires a server infrastructure.
D. Secure Email Cloud Gateway requires an ASA to redirect email by using WCCP, and Secure Email Gateway requires that the ASA be inline.

Answer 86

C. Secure Email Cloud Gateway protects email without having to deploy an infrastructure, and Secure Email Gateway requires a server infrastructure.

Question 87

An engineer must prevent communication with a cloud application being decrypted. The application database uses AES-256 with SHA-512 and web access to the application uses HTTPS with SSLv2 self-signed certificates. What must the engineer implement next?

A. SSLV3 with self-signed certificates
B. TLS 1.3 with signed certificates
C. SSLv3 with signed certificates
D. TLS 1.3 with self-signed certificates

Answer 87

B. TLS 1.3 with signed certificates

Question 88

Which action blocks specific IP addresses whenever a computer with Cisco Secure Endpoint installed connects to the network?

A. Create an application block list and add the IP addresses.
B. Create an IP Block & Allow list and add the IP addresses.
C. Create an advanced custom detection policy and add the IP addresses.
D. Create a simple custom detection policy and add the IP addresses

Answer 88

B. Create an IP Block & Allow list and add the IP addresses.

Question 89

An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware?

A. Block Malware
B. Detect Files
C. Malware Cloud Lookup
D. Block Files

Answer 89

A. Block Malware

Question 90

Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organizations cloud environment?

A. Cisco Secure Workload
B. Cisco CSR1000v
C. Cisco DNA
D. Cisco FTD

Answer 90

A. Cisco Secure Workload

Question 91

An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal?

A. Cisco analytics
B. CDO event viewer
C. SWC service
D. SDC VM

Answer 91

D. SDC VM (secure device connector)

Question 92

When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?

A. Cisco ASA
B. Cisco CloudLock
C. Cisco ISE
D. Cisco AMP Private Cloud

Answer 92

B. Cisco CloudLock

Question 93

An engineer implements Cisco CloudLock to secure a Microsoft Office 365 application in the cloud. The engineer must configure protection for corporate files in case of any incidents. Which two actions must be taken to complete the implementation? (Choose two.)

A. Remove all users as collaborators on the files.
B. Transfer ownership of the files to a specified owner and folder.
C. Expire the public share URL.
D. Disable the ability for commenters and viewers to download and copy the files.
E. Send Cisco Webex message to specified users when an incident is triggered.

Answer 93

A. Remove all users as collaborators on the files.

C. Expire the public share URL.

Question 94

Which common exploit method is TLS 1.3 designed to prevent?

A. man-in-the-middle attack
B. denial-of-service attack
C. cross-site request forgery
D. cross-site scripting

Answer 94

A. man-in-the-middle attack

Question 95

Refer to the exhibit. A company named ABC has a Cisco Secure Email Gateway and an engineer must configure the incoming mail policy so that emails containing malware files are quarantined instead of dropped and to prevent an increase in false positives causing emails to be dropped erroneously. What must be configured on the Secure Email Gateway?

https://img.examtopics.com/350-701/image70.png

A. Change the Policies Order.
B. Open Default Policy, Malware File, and then Action Applied to Message.
C. Delete usera1 policy.
D. Open usera1 policy, Messages with Malware Attachments, and then Action Applied to Message.

Answer 95

D. Open usera1 policy, Messages with Malware Attachments, and then Action Applied to Message.

Question 96

How does a Cisco Secure Web Appliance integrated with LDAP handle the permissions of a currently logged in Active Directory group member when the Active Directory administrator changes the permissions of the user’s group mid session?

A. If the Cisco Secure Client Mobility Client is configured on the endpoint to provide Active Directory updates, the Cisco Secure Web Appliance changes the user’s permissions immediately when alerted by the client.
B. If the Cisco Secure Web Appliance is configured to receive real-time updates from the Active Directory user agent, it changes the user’s permissions immediately when the agent sends the update.
C. The Cisco Secure Web Appliance terminates the current session and prompts the user to re-authenticate in order to update the effective permissions.
D. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session.

Answer 96

D. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s sessio

Question 97

Refer to the exhibit. An engineer must forward all web traffic sent from Client-SiteA to the monitoring server to build a baseline of expected traffic once a new Cisco Secure Web Appliance is deployed. What must be configured on the switch to meet the requirement?

A. ERSPAN
B. RSPAN
C. WCCP
D. SPAN

Answer 97

D. SPAN

Question 98

What is the difference between EPP and EDR?

A. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.
B. EPP focuses primarily on threats that have evaded front-line defenses that entered the environment.
C. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.
D. EDR focuses solely on prevention at the perimeter.

Answer 98

A. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

Question 99

What are two benefits of adaptive multifactor authentication? (Choose two.)

A. no need to remember passwords
B. secure remote access
C. contextual factor-based authentication
D. improved access management
E. managed encryption policies

Answer 99

B. secure remote access

C. contextual factor-based authentication

Question 100

The security team has installed a Cisco Secure Email Gateway. During setup, a large number of email messages containing the string “abcde1111111111” are being blocked. The security team wants to investigate and determine if the emails are part of a phishing or malware attack. Which configuration step must the security team apply?

A. Implement a policy to only allow email from trusted to the network senders.
B. Apply a policy to route all blocked emails to a separate quarantine folder.
C. Configure sender domain reputation policy to check if sender email domain is known to be malicious.
D. Configure a policy to disable spam filtering in order to expedite email delivery.

Answer 100

B. Apply a policy to route all blocked emails to a separate quarantine folder.

They need to study the emails

Question 101

Which two facts must be considered when deciding whether to deploy the Cisco Secure Web Appliance in Standard mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two.)

A. External DLP is available only in Standard mode and Hybrid Web Security mode.
B. The onsite web proxy is not supported in Cloud Web Security Connector mode.
C. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy.
D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring.
E. ISE integration is available only in Standard mode and Hybrid Web Security mode.

Answer 101

B. The onsite web proxy is not supported in Cloud Web Security Connector mode.

D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring.