Questions Flashcards

1
Q

What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose Two)

A. Blocked ports
B. Simple Custom Detections
C. Command and Control
D. Allowed Applications
E. URL

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which command enables 802.1x globally on a Cisco switch?

A. dot1x system-auth-control
B. dot1x pae authenticator
C. authentication port-control auto
D. aaa new-model

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the function of Cisco Cloudlock for data security?

A. DLP
B. Controls malicious cloud apps.
C. Detects anomalies
D. User and entity behavior analytics

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

For which two conditions can an Endpoint be checked using ISE posture assessment?

A. Computer Identity
B. Windows Service
C. User Identity
D. Windows Firewall
E. Default Browser

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a characteristic of Dynamic ARP Inspection?

A

DAI determines the validity of an ARP packet based on Valid IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

A. NGFW
B. AMP
C. WSA
D. ESA

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A. Application Settings
B. Content Categories
C. Security Settings
D. Destination Lists

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which statement about IOS zone-based Firewalls is true?

A. An unassigned interface can communicate with assigned interfaces.

B. Only one interface can be assigned to a zone.

C. An interface can be assigned to multiple zones

D. An interface can be assigned only to one zone.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which two activities can be done use Cisco DNA Center? (Choose Two)

A. DHCP
B. design
C. Accounting
D. DNS
E. Provision

A

BE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which ID Store requires that a shadow user be created on Cisco ISE for the admin login to work?

A. RSA SecureID
B. Internal Database
C. Active Directory
D. LDAP

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which VPN Technology can support a multivendor environment and secure traffic between sites?

A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which SNMPv3 Config must be used to support the strongest security possible?

A

V3 priv
priv aes 256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

A. Cisco Security Intelligence
B. Cisco Application Visibility and Control.
C. Cisco Model Driven Telemetry
D. Cisco DNA Center

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

A. Patch for cross-site scripting
B. Perform backups to the private cloud.
C. Protect against input validation and character escapes in the endpoint.
D. Install a spam and virus email filter.
E. Protect systems with an up-to-date antimaleware program.

A

DE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An ENG used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.

Which two solutions mitigate the risk of this ransomware infection? (Choose two)

A. Configure a posture policy in Cisco ISE to install the MS17-010 patch before allowing access on the network.

B. Set up a profiling policy in the Cisco ISE to check and endpoint patch level before allowing access on the network.

C. Configure a posture policy in Cisco ISE to check that an endpoint patch level is met before allowing access on the network.

D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely manner.

A

AC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why would a user choose an on-prem ESA versus the CES solution?

A. Sensitive data must remain onsite.
B. Demand is unpredictable.
C. The server team wants to outsource this service.
D. ESA is deployed inline.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A. DMVPN
B. FlexVPN.
C. IPsec DVTI
D. GET VPN

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

A. PaaS
B. XaaS
C. IaaS
D. SaaS

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

A. Enable IP Layer Enforcement
B. Activate the Advanced Malware Protection License
C. Activate SSL Decryption
D. Enable Intelligent Proxy

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which two features are used to configure Cisco ESA with a mutilayer approach to fight viruses and malware? (Choose Two)

A. Sophos engine
B. White list
C. RAT
D. outbreak filters
E. DLP

A

AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How is Cisco Umbrella configured to log only security events?

A. per policy
B. In the reporting settings
C. In the security settings
D. per network in the deployment section

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

A. EPP focuses on prevention, , EDR on advanced threats.

B. EDR focuses on prevention and EPP focus on advanced threats.

C. EPP focuses on network security, EDR is device security.

D. EDR is network security, EPP is device security.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

On which part of the IT environment does DevSecOps focus?

A. Application Development
B. WIreless network
C. Data Center
D. Perimeter Network

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN controller and the network elements.
B. Management console and the SDN controller.
C. Management console and the cloud.
D. SDN controller and the cloud

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a characteristic of traffic storm control behavior?

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

B. Traffic storm control cannot determine if the packet is unicast or broadcast.

C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two)

A. put
B. options
C. get
D. push
E. connect

A

AC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

A. hypervisor
B. virtual machine
C. network
D. application

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?

A. Device flow correlation
B. Simple detections
C. Application blocking list
D. Advanced Custom Detections

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which ASA deployment mode can provide separation of management on a shared appliance?

A. DMZ multiple zone mode
B. Transparents firewall mode
C. multiple context mode
D. routed mode

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose Two)

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS.

B. Cisco FTDv with one management interface and two traffic interfaces configured.

C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises.

D. Cisco FTDv with two management interfaces and one traffic interface configured.

E. Cisco FTDv configured in routed mode and IPv6 configured.

A

AC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What can be integrated with Cisco Talos Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

A. Cisco Umbrella
B. External Threat Feeds
C. Cisco Threat Grid
D. Cisco Stealthwatch

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What provides visibility and awareness into what is currently occurring on the network?

A. CMX
B. WMI
C. Prime Infrastructure
D. Telemetry

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What attack is commonly associated with C and C++ programming languages?

A. Cross-site scripting
B. Water holing
C. DDoS
D. Buffer Overflow

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.
Which CoA type achieves this goal?

A. Port Bounce
B. CoA Terminate
C. CoA Reauth
D. CoA Session Query

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Refer to Exhibit:

Which command was used to display this output?

A. show dot1x all
B. show dot1x
C. show dot1x all summary
D. show dot1x interface gi1/0/12

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
C. Secure the connection between the web and the app tier.
D. Write SQL code instead of using object-relational mapping libraries.
E. Block SQL code execution in the web application database login.

A

AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A. It delivers visibility and threat detection.
B. It prevents exfiltration of sensitive datA.
C. It assigns internet-based DNS protection for clients and servers.
D. it facilitates secure connectivity between public and private networks.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two).

A. SIP
B. inline normalization
C. SSL
D. packet decoder
E. modbus

A

AC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

A. quality of service
B. time synchronization
C. network address translations
D. intrusion policy

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

The main function of northbound API s in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud.
B. management console and the SDN controller
C. management console and the cloud.
D. SDN controller and the management solution

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

REFER TO THE EXHIBIT: What is a result of the configuration?

A. Traffic from the DMZ network is redirected.
B. Traffic from the inside network is redirected.
C. All TCP traffic is redirected.
D. Traffic from the inside and DMZ networks is redirected.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which information is required when adding a device to FMC?

A. username and password
B. encryption method
C. device serial number
D. registration key

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

A. DDoS
B. antispam
C. antivirus
D. encryption
E. DLP

A

DE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?

A. It tracks flow-create, flow-teardown, and flow-denied events.
B. It provides stateless IP flow tracking that exports all records of a specific flow.
C. It tracks the flow continuously and provides updates every 10 seconds.
D. Its events match all traffic classes in parallel.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

A. File Analysis
B. SafeSearch
C. SSL Decryption
D. Destination Lists

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which two kinds of attacks are prevented by MFA? (Choose Two)

A. phishing
B. brute force
C. man-in-the-middle
D. DDoS
E. tear drop

A

AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

With Cisco AMP for Endpoints, which option shows a list of all files that have ben executed in your environment?

A. vulnerable software
B. file analysis
C. detections
D. prevalence
E. threat root cause

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which RADIUS attribute can you use to filter MAB requests in a 802.1x deployment?

A. 1
B. 6
C. 31
D. 2

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

A. time-based on-time passwords.
B. data loss prevention
C. heurisitic-based filtering
D. geolocation-based filtering
E. NetFlow

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

DRAG AND DROP

Correct order to enable AppDynamics to monitor EC2 Instance?

  1. Install monitoring extension for AWS EC2
  2. Restart the Machine Agent
  3. Update config.yaml.
  4. Configure a Machine Agent or SIM Agent.
A

Configure a Machine Agent

Install Monitoring

Update config.yaml

Restart the Machine Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

A. Security Intelligence
B. Impact Flags
C. Health Monitoring
D. URL filtering

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

REFER TO EXHIBIT:

Which statement about the authentication protocol used in the configuration is true?

A. The authentication request contains only a password.

B. The authentication request contains only a username.

C. The authentication and authorization requests are grouped in a single packet.

D. There are separate authentication and authorization request packets.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which two preventive measures are used to control cross-site scripting? (Choose Two)

A. Enable client-side scripts on a per-domain basis.

B. Incorporate contextual output encoding/escaping.

C. Disable cooking inspection in the HTML inspection engine.

D. Run untrusted HTML input through an HTML sanitization engine.

E. SameSite cookie attribute should not be used.

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrustion Prevention System?

A. correlation

B. intrusion

C. access control

D. network discovery

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

REFER TO THE EXHIBIT:

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

A. show authentication registrations

B. show authentication method

C. show dot1x all

D. show authentication sessions.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.

Which list contains the allowed recipient addresses?

A. SAT

B. BAT

C. HAT

D. RAT

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which two capabilities does TAXII support? (Choose two)

A. exchange

B. pull messaging

C. binding

D. correlation

E. mitigating

A

AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A. group policy

B. access control policy

C. device management policy

D. platform service policy

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network.

The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

A. Cisco ISE and AnyConect Posture Module.

B. Cisco Stealthwatch and Cisco ISE integration.

C. Cisco ASA FW and Dynamic Access Policies configured.

D. Cisco ISE with PxGrid services enabled.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose Two)

A. data exfiltration

B. command and control communication

C. intelligent proxy

D. snort

E. URL categorization

A

AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. smurf

B. distributed denial of service

C. cross-site scripting

D. rootkit exploit

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which two conditions are prerequisites for stateful failover for IPSec? (Choose two)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

C. The IPsec configuration that is et up on the active device must be duplicated on the standby device.

D. Only the IPsec configuration that is et up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

A

CE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which Cisco command shows you the status of the 802.1x connection on interface gi0/1?

A. show authorization status

B. show authen sess int gi0/1

C. show connection status gi0/1

D. show ver gi0/1

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time.

What two catalyst switch security features will prevent further violations? (Choose Two)

A. DHCP Snooping

B. 802.1AE MacSec

C. Port security

D. IP Device tracking

E. Dynamic ARP inspection

F. Private VLANs

A

AE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture mode?

A. RADIUS Change of Authorization
B. device tracking
C. DHCP snooping
D. VLAN hopping

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is the result of running the crypto isakmp key ciscxxxxxxxxxx address 172.16.0.0 command?

A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscxxxxxxxxx

B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscxxxxxxxx

C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscxxxxxxxxxxx.

D. secure all the certificates in the IKE exchange by using the key ciscxxxxxxxxx

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose Two)

A. RADIUS

B. TACACS+

C. DHCP

D. sFLow

E. SMTP

A

AC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

A. Nexus

B. Stealthwatch

C. Firepower

D. Tetration

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

A. biometric factor

B. time factor

C. confidentiality factor

D. knowledge factor

E. encryption factor

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Which two key and block sizes are valid for AES? (Choose Two)

A. 64-bit block size, 112-bit key length

B. 64-bit block size, 168-bit key length

C. 128-bit block size, 192-bit key length

D. 128-bit block size, 256-bit key length

E. 192-bit block size, 256-bit key length

A

CD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

A. Configure the trackingconfig command to enable message tracking.

B. Generate a system report.

C. Review the log files.

D. Perform a trace.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

A. 3DES

B. RSA

C. DES

D. AES

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

How is ICMP used an exfiltration technique?

A. by flooding the destination host with unreachable packets.

B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address.

C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host.

D. by overwhelming a targeted host with ICMP echo-request packets.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is a difference between deceptive phishing and spear phishing?

A. Deceptive phishing is an attacke aimed at a specific user in the organization who holds a C-level role.

B. A spear phishing campaign is aimed at a specific person versus a group of people.

C. Spear phishing is when the attack is aimed at the C-level executives of an organization.

D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1x, MAB, or WebAuth.

Which product meets all of these requirements?

A. Cisco Prime Infrastructure

B. Cisco Identity Services Engine

C. Cisco Stealthwatch

D. Cisco AMP for Endpoints

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

When wired 802.1x authentication is implemented, which two components are required? (Choose two)

A. authentication server: Cisco ISE

B. Supplicant: Cisco AnyConnect ISE Posture module

C. authenticator: Cisco Catalyst switch

D. authenticator: Cisco ISE

E. authentication serverL Cisco Prime Infrastructe

A

AC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

A. Certificate Trust List

B. Endpoint Trust List

C. Enterprise Proxy Service

D. Secure Collaboration Proxy

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Which API is used for Content Security?

A. NX-OS API

B. IOS XR API

C. OpenVuln API

D. AsyncOS API

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which two behavorial patterns characterize a ping of death attack? (Choose two)

A. The Attack is fragmented into groups of 16 octets before transmission.

B. The attack is fragmented into groups of 8 octets before transmission.

C. Short synchronized bursts of traffic are used to disrupt TCP connections.

D. Malformed packets are used to crash systems.

E. Publicily accessible DNS servers are typically used to execute the attack.

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Which two mechanisms are used to control phishing attacks? (Choose Two)

A. Enable browser alerts for fradulent websites.

B. Define security group memberships.

C. Revoke expired CRL of the websites.

D. Use antispyware software

E. Implement email filtering techniques.

A

AE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

A. Application Control

B. Security Category Blocking

C. Content Category Blocking

D. File Analysis

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two)

A. TACACS+

B. central web auth

C. single sign-on

D. Multiple Factor auth

E. local web auth

A

BE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. user input validation in a web page or web application

B. Linux and Windows operating systems

C. database

D. web page images

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Which deployment model is the most secure when considering risks to cloud adoption?

A. public cloud

B. hybrid cloud

C. community cloud

D. private cloud

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

A. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.

B. It discovers and controls cloud apps that are connected to a company’s corporate environment.

C. It deletes any application that does not belong in the network.

D. It sends the application information to an administrator to act on.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What is the primary benefit of deploying an ESA in hybrid mode?

A. You can fine-tune its settings to provide the optimum balance between security and performance for your environment.

B. It provides the lowest total cost of ownership by reducing the need for physical appliances.

C. It provides the maximum protection and control of outbound messages.

D. It provides email security while supporting the transition to the cloud.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Which option is the main function of Cisco Firepower impact flags?

A. They alert administrators when critical events occur.

B. They highlight known and suspected malicious IP addresses in reports.

C. They correlate data about intrusions and vulnerability.

D. They identify data that the ASA sends to the Firepower module.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Which two deployment modes does the Cisco ASA FirePower module support?

A. transparent mode

B. routed mode

C. inline mode

D. active mode

E. passive monitor-only mode

A

CE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

DROP AND DRAG

PortScan
Port Sweep
Decoy PortScan
Distributed PortScan

A

Dis
Dec
Port Sweet
Port Scan

DID PORT SWEEP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

DRAG AND DROP

IKEv1

A

Uses 3 packets

Uses 6 packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which Cisco Solution does Cisco Umbrella integrate with to determine if a URL is malicious?

A. AMP
B. AnyConnect
C. DynDNS
D. Talos

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A. It decrypts HTTPS application traffic for unauthenticated users.

B. It alerts users when the WSA decrypts their traffic.

C. It decrypts HTTPS application traffic for authenticated users.

D. It provides enhanced HTTPS application detection for AsyncOS

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

What is the primary role of the Cisco Email Security Appliance?

A. Mail Submission Agent
B. Mail Transfer Agent
C. Mail Delivery Agent
D. Mail User Agent

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Which two features of Cisco DNA Center are used in a Software Defined Network Solution? (Choose Two)

A. accounting

B. Assurance

C. Automation

D. Authentication

E. Encryption

A

BC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

A. DNS tunneling

B. DNSCrypt

C. DNS Security

D. DNSSEC

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Which algorithm provides encryption and authentication for data plane communication?

A. AES-GCM

B. SHA-96

C. AES-256

D. SHA-384

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

How does Cisco Umbrella archive logs to an enterprise-owned storage?

A. by using the Application Programming interface to fetch the logs.

B. by sending logs via syslog to an on-premise or cloud-based syslog server

C. by the system administrator downloading the logs from the Cisco Umbrella web portal.

D. by being configured to send logs to a self-managed AWS S3 bucket.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

In which cloud services model is the tenant responsible for virtual machine OS patching?

A. IaaS
B. UCaaS
C. PaaS
D. SaaS

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Which two descriptions of AES encryption are true? (Choose two)

A. AES is less secure than 3DES
B. AES is more secure than 3DES
C. AES can use a 168-bit key for encryption
D. AES can use a 256-bit key for encryption.
E. AES Encrypts and decrypts a key three times a sequence.

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Which technology is used to improve web traffic performance by proxy caching?

A. WSA
B. Firepower
C. FireSIGHT
D. ASA

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

A. It can handle explicit HTTP requests
B. It requires a PAC file for the client web portal
C. It requires a proxy for the client web browser
D. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
E. Layer 4 switches can automatically redirect traffic destined to Port 80

A

DE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Which action controls the amount of URI text that is stored in Cisco WSA logs files?

A. Configure the datasecurityconfig command
B. Configure the advancedproxyconfig command with HTTPS subcommand
C. Configure a small log-entry size
D. Configure a maximum packet size.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Which technology reduces data loss by identifying sensitive information stored in public computing environments?

A. Cisco SDA
B. Cisco Firepower
C. Cisco HyperFlex
D. Cisco Cloudlock

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Refer to the exhibit. What does the number 15 represent in this configuration?

[snmp-server group SNMP v3 auth access 15]

A. privilege level for an authorized user to this router.
B. access list that identifies the SNMP devices that can access the router.
C. interval in seconds between SNMPv3 authentication attempts.
D. number of possible failed attempts until the SNMPv3 user is locked out.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A. multiple context mode
B. user deployment of Layer 3 networks
C. IPv6
D. clustering

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Which networking monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

A. SNMP
B. SMTP
C. syslog
D. model-drive telemetry

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

A. transparent
B. redirection
C. forward
D. proxy gateway

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

An MDM provides which two advantages to an organization with regards to device management? (Choose two)

A. assest inventory management.
B. allowed application management
C. Active Directory group policy management
D. network device management
E. critical device management

A

AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A. IP Blacklist Center
B. File Reputation Center
C. AMP Reputation Center
D. IP and Domain Reputation Center

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

Under which two circumstances is a CoA Issued? (Choose two)

A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is deleted on the ISE server
C. A new identify Source Sequence is created and referenced in the authentication policy.
D. A new ISE server is added to the deployment with the Administration Persona.

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A. To view bandwidth usage for NetFlow records, the Qos feature must be enabled.

B. A sysopt command can be used to enable NSEL on a specific interface

C. NSEL can be sued without a collector configured

D. a flow-export event type must be defined under a policy

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

Which benefit does endpoint security provide the overall security posture of an organization?

A. It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C. It allows the organization to detect and respond to threats at the edge of the network.

D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

A. Ensure that the client computers are pointing to the on-premises DNS servers.

B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.

C. Add the public IP address that the client comptuers are behind to a Core Identity.

D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. STIX
B. XMPP
C. pxGrid
D. SMTP

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud for analysis?

A. Spero Analysis
B. dynamic analysis
C. sandbox analysis
D. malware analysis

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?

A. cloud web services
B. network AMP
C. private cloud
D. public cloud

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

Which IPS engine detects ARP spoofing?

A. Atomic ARP Engine
B. Service Generic Engine
C. ARP Inspection Engine
D. AIC Engine

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

Which Statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

A. It allows traffic if it does not meet the profile.
B. It defines a traffic baseline for traffic anomaly deduction.
C. It inspects hosts that meet the profile with more intrusion rules.
D. It blocks traffic if it does not meet the profile.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System?

A. Port
B. Rule
C. Source
D. Application
E. Protocol

A

BC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?

A. control
B. Malware
C. URL Filtering
D. protect

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

Which policy is used to capture host information on the Cisco Next Generation Intrusion Prevention System?

A. Network discovery
B. correlation
C. intrusion
D. access control

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

A. health policy
B. system policy
C. correlation policy
D. access control policy
E. health awareness policy

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

Which CLI command is used to register a Cisco Firepower sensor to Firepower Management Center?

A. configure system add <host><key>
B. configure manager <key>add host
C. configure manager delete
D. configure manager add <host><key></key></host></key></key></host>

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

Which Cisco AMP file disposition valid?

A. pristine
B. malware
C. dirty
D. nonmalicious

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A. RBAC
B. ETHOS detection engine
C. SPERO detection engine
D. TETRA detection engine

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

Which function is the primary function of Cisco AMP threat Grid?

A. automated email encryption
B. applying a real-time URI blacklist
C. automated malware analysis
D. monitoring network traffic

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two)

A. Malware infects the messenger application on the user endpoint to send company data.
B. Outgoing traffic is allowed so users can communicate with outside organizations.
C. An exposed API for the messaging platform is used to send large amounts of data.
D. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
E. Messenger applications cannot be segmented with standard network controls.

A

BD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

How many interfaces per bridge group does an ASA bridge group deployment support?

A. Up to 16
B. Up to 8
C. Up to 4
D. Up to 2

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

Which benefit is provided by ensuring that an endpoint is complaint with a posture policy configured in Cisco ISE?

A. It adds endpoints to identify groups dynamically.
B. It verifies that the endpoint has the latest Microsoft security patches installed.
C. It allows the endpoint to authenticate with 802.1x or MAB
D. It allows CoA to be applied if the endpoint status is compliant.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

What is a feature of the open platform capabilities of Cisco DNA Center?

A. Domain integration
B. intent-based API
C. automation adapters
D. application adapters

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

Which telemetry data captures variations seen with the flow, such as the packets TTL, IP/TCP flags, and payload length?

A. Process details variation
B. flow insight variation
C. interpacket variation
D. software package variation

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two)

A. configure policy-based routing on the network infrastructure.
B. reference a Proxy Auto Config file
C. use Web Cache Communication Protocol
D. configure the proxy IP address in the web-browser settings.
E. configure Active Directory Group Policies to push proxy settings

A

AC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

Which form of attack is launched using botnets?

A. virus
B. EIDDOS
C. TCP Flood
D. DDoS

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

How is DNS tunneling used to exfiltrate data out of a corporate network?

A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

C. It redirects the DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.

D. It corrupts DNS servers by replacing the actual IP address with a rouge address to collect information or start other attack.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

A. Cisco Firepower
B. Cisco Umbrella
C. Cisco Stealthwatch
D. NGIPS

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

Which two tasks allow NetFlow on a Cisco ASA 5500 series Firewall? (Choose two)

A. Create an ACL to allow UDP traffic on port 9996

B. Enable Netflow version 9

C. Create a class map to match interesting traffic.

D. Apply Netflow Exporter to the outside interface in the inbound direction

E. Define a NetFlow collector by using the flow-export command

A

CE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

What is the difference between FlexVPN and DMVPN?

A. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2.

B. DMVPN uses only IKEv1. FlexVPN uses only IKEv2

C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1

D. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?

A. multiple context mode
B. transparent mode
C. routed mode
D. multiple zone mode

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

Which is the function of the Context Directory Agent?

A. accepts user authentication requests on behalf of Web Security Appliance for user identification.

B. relays user authentication requests from Web Security Appliance to Active Directory

C. maintains users’ group memberships

D. reads the active directory logs to map IP addresses to usernames.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

What is a commonality between DMVPN and FlexVPN technologies?

A. FlexVPN and DMVPN use the same hashing algorithms.

B. IOS routers run the same NHRP code for DMVPN and FlexVPN

C. FlexVPN and DMVPN use the new key management protocol.

D. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)

A. eavesdropping

B. denial-of-service attacks

C. ARP spoofing

D. malware

E. exploits

A

DE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death

B. NTP amplification

C. HTTP flood

D. virus

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

What is a characteristic of FIrepower NGIPS inline deployment mode?

A. It cannot take actions such as blocking traffic.

B. ASA with firepower module cannot be deployed.

C. It must have inline interface pairs configured.

D. it is out-of-band from traffic.

A

C

139
Q

What are two rootkit types? (Choose two)

A. registry
B. bootloader
C. buffer mode
D. user mode
E. virutal

A

BD

140
Q

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?

A. flow exporter <name>
B. ip flow monitor <name> inpurt
C. ip flow-export destination 1.1.1.1 2055
D. flow-export destination inside 1.1.1.1 2055</name></name>

A

D

141
Q

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

A. ip device-tracking
B. aaa new-model
C. aaa server radius dynamic-author
D. auth-type all

A

B

142
Q

REFER TO THE EXHIBIT

What is the result of this Python script of the Cisco DNA Center API?

a. adds authentication to a switch

B. receives information about a switch

C. adds a switch to Cisco DNA Center

D. deletes a switch from Cisco DNA Center

A

C

143
Q

What are two reasons for implementing a MFA solution such as Duo Security provides to an organization? (Choose two)

A. integration with 802.1x security using native Microsoft Windows supplicant.

B. indentification and correction of application vulnerabilities before allowing access to resources.

C. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications.

D. secure access to on-premise and cloud applications.

E. single sign-on access to on-premises and cloud applications.

A

CD

144
Q

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A. TLSv1.2
B. TLSv1
C. TLSv1.1
D. DTLSv1

A

D

145
Q

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

A. Platform Exchange Grid

B. Advanced Malware Protection

C. Multifactor Platform Integration

D. Firepower Threat Defense

A

A

146
Q

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aws 256 cico0380739941 command and needs to send SNMP information to a host at 10.255.254.1.

Which command achieves this goal?

A. snmp-server host inside 10.255.254.1 snmpv3 myv3

B. snmp-server host inside 10.255.254.1 snmpv3 andy

C. anmp-server host inside 10.255.254.1 version 3 myv3

D. snmp-server host inside 10.255.254.1 version 3 andy

A

D

147
Q

Which type of attack is social engineering?

A. trojan

B. MITM

C. phishing

D. malware

A

C

148
Q

Which compliance status is shown when a configured posture policy requirement is not met?

A. unknown

B. authorized

C. compliant

D. noncompliant

A

D

149
Q

What must be used to share data between multiple security products?

A. Cisco Stealthwatch Cloud

B. Cisco Advanced Malware Protection

C. Cisco Platform Exchange Grid

D. Cisco Rapid Threat Containment

A

C

150
Q

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?

A. NetFlow
B. DHCP
C. SNMP
D. NMAP

A

D

151
Q

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A. url

B. profile

C. Terminal

D. selfsigned

A

B

152
Q

A network engineer is configuring DMVPN and entered the crypto is akmp key cisc0380739941 address 0.0.0.0 command on host A the tunnel is not being established to host B. What action is needed to authenticate the VPN?

A. Enter the same command on host B.

B. Enter the command with a different password on Host B.

C. Change isakmp to ikev2 in the command on host A.

D. Change the password on host A to the default password.

A

A

153
Q

A network administrator configures Dynamic ARP inspection on a switch. After Dynamic ARP inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

B. DHCP snooping has not been enabled on all VLANs

C. The no ip arp inspection trust command is applied on all user host interfaces.

D. Dynamic ARP inspection has not been enabled on all VLANs.

A

B

154
Q

REFER TO THE EXHIBIT: What does the API do when connected to a Cisco Security Appliance?

A. Gather network telemetry information from AMP for Endpionts

B. Create an SNMP pull mechanism for managing AMP

C. Get the process and PID information from the computers in the network.

D. Gather the network interface information about the computers AMP see.

A

D

155
Q

REFER TO THE EXHIBIT: An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate.

Which port configuration is missing?

A. cisp enable
B. dotlx reauthentication
C. authentication open
D. dot1x pae authentication

A

D

156
Q

REFER TO THE EXHIBIT:

A network administrator configures command authorization for the admm5 user. What is the admin5 user able to do on HQ_Router after this configuration?

A. complete no configurations
B. add subinterfaces
C. complete all configurations
D. set the IP address of an interface.

A

A

157
Q

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?

A. Configure the Cisco ESA to drop the malicious emails.

B. Configure policies to quarantine malicious emails.

C. Configure policies to stop and reject communication

D. Configure the Cisco ESA to reset the TCP connection.

A

D

158
Q

What is a key difference between Cisco Firepower and Cisco ASA?

A. Cisco ASA provides access control while Cisco Firepower does not.

B. Cisco Firepower provides identity-based access control while Cisco ASA does not.

C. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D. Cisco ASA provides SSL inspection while Cisco Firepower does not.

A

C

159
Q

While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two)

A. protocol IDs
B. URLs
C. IP addresses
D. port numbers
E. MAC addresses

A

BC

160
Q

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications.

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

A. weak passwords for authentication
B. improper file security.
C. software bugs on applications
D. unencrypted links for traffic

A

D

161
Q

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication.

How will the Cisco ESA handle any files which need analysis?

A. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

B. The file is queued for upload when connectivity is restored.

C. The file upload is abandoned.

D. The ESA immediately makes another attempt to upload the file.

A

C

162
Q

What are two DDoS attack categories? (Choose two)

A. sequential
B. protocol
C. database
D. volume-based
E. screen-based

A

BD

163
Q

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A. Multiple NetFlow collectors are supported.

B. Advanced NetFlow v9 and legacy v5 formatting are supported.

C. Flow-create events are delayed.

D. Secure NetFlow connections are optimized for Cisco Prime Infrastructure.

A

A

164
Q

Which product allows Cisco FMC to push security intelligence observables to its sensors from other products?

A. Encrypted Traffic Analytics
B. Threat Intelligence Director
C. Cognitive Threat Analytics
D. Cisco Talos Intelligence

A

B

165
Q

An organization has two machines hosting web application. Machine 1 is vulnerable to SQL Injection while Machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to Machine 1 but not Machine 2?

A. sniffing the packets between the two hosts.

B. sending continuous pings

C. overflowing the buffer’s memory

D. inserting malicious commands into the database

A

D

166
Q

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established.

The solution must be able to block certain applications from being used within the network.

Which product should be used to accomplish this goal?

A. Cisco Firepower
B. Cisco Umbrella
C. ISE
D. AMP

A

B

167
Q

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network.

What must be configured, based on a predefined threshold, to address this issue?

A. Bridge Protocol Data Unit guard
B. Embedded Event Monitoring
C. Access control lists
D. storm control

A

D

168
Q

In which situation should an endpoint detection and response solution be chosen versus an Endpoint Protection Platform?

A. when there is a need for traditional anti-malware detection

B. when there is no need to have the solution centrally managed

C. when there is no firewall on the network.

D. when there is a need to have more advanced detection capabilities.

A

D

169
Q

What is provided by the Secure Hash Algorithm in a VPN?

A Integrity
B. Key Exchange
C. Encryption
D. Authentication

A

A

170
Q

Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

A. westbound API
B. southbound API
C. northbound API
D. eastbound API

A

B

171
Q

An Engineer needs behavior analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device.

Which mechanism should the engineer configure to accomplish this goal?

A. mirror port
B. NetFlow
C. Flow
D. VPN flow logs

A

D

172
Q

What is managed by Cisco Security Manager?

A. Cisco WSA
B. Cisco ASA
C. Cisco WLC
D. Cisco ESA

A

B

173
Q

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

A. to prevent theft of the endpoints
B. because defense-in-depth stops at the network
C. to expose the endpoint to more threats
D. because human error or insider threats will still exist.

A

D

174
Q

What is the benefit of installing Cisco AMP for Endpoints on a network?

A. it provides operating system patches on the endpoints for security.

B. it provides flow-based visibility for the endpoints network connections.

C. it protects endpoint systems through application control and real-time scanning.

D. it enables behavioral analysis to be used for the endpoints.

A

C

175
Q

Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

A. IP and Domain Reputation Center
B. File Reputation Center
C. IP Slock List Center
D. AMP Reputation Center

A

A

176
Q

An engineer is configuring 802.1x authentication on Cisco Switches in the network and is using CoA as a mechanism.

Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

A. TCP 6514
B. UDP 1700
C. TCP 49
D. UDP 1812

A

B

177
Q

What is the purpose of the certificate signing request when adding a new certificate for a server?

A. It is the password for the certificate that is needed to install it with.

B. It provides the server information so a certificate can be created and signed.

C. It is the certificate that will be loaded onto the server.

D. It provides the certificate client information so the server can authenticate against it when installing.

A

B

178
Q

What is the purpose of the My Devices Portal in a Cisco ISE environment?

A. to manage and deploy antivirus definitions and patches on systems owned by the end user.

B. to register new laptops and mobile devices

C. to provision userless and agentless systems.

D. to request a newly provisioned mobile device

A

B

179
Q

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A. Configure the Cisco WSA to modify policies based on the traffic seen.

B. Configure the Cisco ESA to receive real-time updates from Talos.

C. Configure the Cisco WSA to recieve real-time updates from Talos.

D. Configure the Cisco ESA to modify policies based on the traffic seen.

A

B

180
Q

What is an attribute of the DevSecOps process?

A. development security
B. isolated security team
C. mandated security controls and check lists.
D. security scanning and theoretical vulnerabilites

A

A

181
Q

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

A. SYN flood
B. slowloris
C. pharming
D. phishing

A

A

182
Q

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise.

The company needs to be able to protect sensitive data throughout the full environment.

Which tool should be used to accomplish this goal?

A. Security manager
B. Cloudlock
C. Web Security Appliance
D. Cisco ISE

A

B

183
Q

Which algorithm provides asymmetric encryption?

A. RC4
B. RSA
C. AES
D. 3DES

A

B

184
Q

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs?

A. LDAP
B. SDP
C. subordinate CA
D. HTTP
E. SCP

A

AD

185
Q

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

A. Common Vulnerabilities and Exposures
B. Common Exploits and Vulnerabilites
C. Common Security Exploits
D. Common Vulnerabilites, Exploits, and Threats

A

A

186
Q

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A. Cisco Cloudlock
B. Cisco Umbrella
C. Cisco AMP
D. Cisco App Dynamics

A

A

187
Q

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

A. Cisco WiSM
B. Cisco ESA
C. Cisco ISE
D. Cisco Prime Infrastructure

A

C

188
Q

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network.

Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)

A. permit
B. trust
C. reset
D. allow
E. monitor

A

BD

189
Q

Which two fields are defined in the NetFlow flow? (Choose two)

A. type of service byte
B. Layer 4 protocol type
C. class of service bits
D. output logical interface
E. destination port

A

AE

190
Q

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

A. Client computers do not have the Cisco Umbrella Root CA certificate installed.

B. IP-Layer Enforcement is not configured.

C. Intelligent proxy and SSL decryption is disabled in the policy.

D. Client computers do not have an SSL certificate deployed from an internal CA server.

A

A

191
Q

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing.

Which action should be taken to accomplish this goal?

A. Configure the port using the ip ssh port 22 command.

B. Enable to SSH server using the ip ssh server command.

C. Disable telnet using the no ip telnet command.

D. Generate the RSA key using the crypto key generate rsa command.

A

D

192
Q

How does DNS tunneling exfiltrate data?

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

B. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.

D. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

A

A

193
Q

What is the function of SDN southbound API protocols?

A. To enable the controller to make changes
B. to allow for the dynamic configuration of control plane applications
C. to enable the controller to use REST
D. to allow for the static configuration of control plane applications.

A

A

194
Q

What is a characteristic of a bridge group in ASA Firewall transparent mode?

A. it allows ARP traffic with a single access rule.

B. It is a Layer 3 segment and includes one port and customizable access rules.

C. it includes multiple interfaces and access rules between interfaces are customizable

D. It has an IP address on its BVI interface and is used for management traffic.

A

C

195
Q

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the ‘Chat and Instant Messaging’ category.

Which reputation score should be selected to accomplish this goal?

A. 1
B. 10
C. 5
D. 3

A

D

196
Q

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A. Google Cloud Platform
B. RedHat Exterprise Visualization
C. VMWare ESXi
D. Amazon Web Services

A

D

197
Q

What provides the ability to program and monitor networks from somewhere other than the Cisco DNA Center GUI?

A. NetFLow
B. desktop client
C. ASDM
D. API

A

D

198
Q

What is a benefit of using Cisco FMC over Cisco ASDM?

A. Cisco FMC uses Java while Cisco ASDM uses HTML5

B. Cisco FMC provides centrailized management while Cisco ASDM does not.

C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

D. Cisco FMC supports all firewall products wheras Cisco ASDM only supports Cisco ASA devices.

A

B

199
Q

What are two types of managed Intercloud Fabric deployment models? (Choose Two)

A. Public Managed
B. Service Provider Managed
C. Enterprise Managed
D. User managed
E. Hybrid Managed

A

BC

200
Q

Which type of algorithm provides the highest level of protection against brute-force attacks?

A. PFS
B. HMAC
C. MD5
D. SHA

A

D

201
Q

Which two aspects of the cloud PaaS model are managed by the customer but not the provider?

A. virtualization
B. middleware
C. operation systems
D. data

A

DE

202
Q

Which two cryptographic algorithms are used with IPSec? (Choose two)

A. AES-BAC
B. AES-ABC
C. HMAC-SHA1/SHA2
D. Triple AMC-CBC
E. AES-CBC

A

CE

203
Q

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

A. CoA
B. external identity group
C. posture assessment
D. SNMP probe

A

A

204
Q

How does Cisco Advanced Phishing Protection protect users?

A. it validates the sender by using DKIM

B. It determines which identifies are perceived by the sender.

C. It uses machine learning and real-time behavior analytics.

D. It utilizes sensors that send messages securely.

A

C

205
Q

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

A. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.

B. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

C. The Cisco WSA is configured in a web browser only if it is running in transparent mode.

D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E. The Cisco WSA responds with it’s own IP address only if it is running in transparent mode.

A

BD

206
Q

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

A. PSIRT
B. DEVNET
C. CSIRT
D. Talos

A

D

207
Q

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A. LDAP Injection

B. cross-site scripting

C. man-in-the-middle

D. insecure API

A

C

208
Q

REFER TO THE EXHIBIT:

Which type of authentication is in use?

A. LDAP authentication for Microsoft Outlook
B. POP3 authentication
C. SMTP relay server authentication
D. external user and relay mail authentication

A

A

209
Q

What are two benefits of Flexible NetFlow records? (Choose two)

A. They provide attack prevention by dropping the traffic.

B. They allow the user to configure flow information to perform customized traffic identification.

C. They provide accounting and billing enhancements.

D. They provide monitoring of a wider range of IP packet information from Layer 2 to 4.

E. They converge multiple accounting technologies into one accounting mechanism.

A

BE

210
Q

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence.

The information gained from the phishing attack was a result of users visiting known malicious websites.

What must be done in order to prevent this from happening in the future?

A. Modify an access policy
B. Modify identification profiles.
C. Modify outbound malware scanning policies
D. Modify web proxy settings

A

D

211
Q

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients.

What must be done on the Cisco ESA to accomplish this goal?

A. Use Bounce Varification
B. Configure incoming content filters.
C. Bypass LDAP access queries in the recipient access table.
D. Configure Directory Harvest Attack Prevention

A

D

212
Q

DRAG AND DROP

‘Asymmetric vs Symetric’

Choices:

Requires secret keys
Requires more time
Diffie-Hellman exchange
3DES

A

ASYM - Requires More Time & Diffle-Helleman

213
Q

DRAG AND DROP

‘Threats and Examples’

DoS
Insecure APIs
Data Breach
Compromised Credentials

A

DDos - Application Attack
Insecure APIs - Malicious User
Data Breach - Stolen customer credential
Comprised Credential - Phishing Site

214
Q

DRAG AND DROP

‘VPN Functions

RSA
AES
SHA-1
ISAKMP

‘ensures data integrity’
‘defines IKE SAs’
‘ensures data confidentiality’
‘provides authentication’

A

RSA - Provides Authentication
AES - Data Confidentialy
SHA-1 - Data Integrity
ISAKMP - Defines IKE SAs

215
Q

What is a difference between DMVPN and sVTI?

A DMVPN supports tunnel encryptions, whereas sVTI does not.

B. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C. DMVPN supports static tunnel establishment, whereas sVTI does not.

D. DMVPN provides interoperability with other vendors, whereas sVTI does not.

A

B

216
Q

What are two functions of secret key cryptography? (Choose Two)

A. key selection without integer factorization

B. utilization of different keys for encryption and decryption

C. utilization of large prime number iterations.

D. utilization of less memory

E. provides the capability to only know the key on one side.

A

AD

217
Q

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A. westbound API
B. southbound API
C. northbound API
D. eastbound API

A

C

218
Q

Which type of protection encrypts RSA keys when they are exported and imported?

A. file
B. passphrase
C. NGE
D. nonexportable

A

B

219
Q

Which attack type attempts to shut down a machine or network so that users are not able to access it?

A. IP Spoofing
B. bluesnarfing
C. MAC spoofing
D. smurf

A

D

220
Q

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

A. need to reestablish with stateful failover and preserved with stateless failover.

B. need to be reestablished with both stateful and stateless failover.

C. preserved with both stateful and stateless failover

D. perserved with stateful failover and need to be restablished with stateless failover.

A

D

221
Q

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?

A. Multiple Vendors or VRFs are required.

B. Traffic is distributed statically by default.

C. Floating static routes are required.

D. HSRP is used for failover

A

B

222
Q

What features does Cisco FTDv provide over Cisco ASAv?

A. Cisco FTDv runs on VMWare while ASAv does not.

B. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not.

C. Cisco FTDv supports URL filtering while ASAv does not

D. Cisco FTDv run on AWS while ASAv does not.

A

C

223
Q

An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?

A. missing encryption
B. lack of file permission
C. weak passwords
D. lack of input validation

A

C

224
Q

Which DDoS attack uses fragmented packets in an attempt to crash a target machine?

A. teardrop
B. MITM
C. smurf
D. LAND

A

A

225
Q

What is a function of 3DES in reference to cryptography?

A. it encrypts traffic
B. it creates one-time use passwords
C. it hashes files
D. it generates private keys

A

A

226
Q

DRAG AND DROP

‘Deployment Models’

Routed
Passive
Passive with ERSPAN
Transparent

1.) A GRE Tunnel is utilized in this solution.
2.) This solution allows inspection between hosts on the same subnet
3.) Attacks are not prevented with this solution.
4.) This solution does not provide filtering between hosts on the same subnet.

A
  1. ) Passive
  2. ) Transparent
    3.) passive
    4.) routed
227
Q

Which risk is created when using an internet browser to access cloud-based service?

A. misconfiguration of infra, which allows unauthorized access.
B. intermittent connection to the cloud connectors
C. vulnerabilities within protocol
D. insecure implementation of API

A

C

228
Q

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict.

During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

A. The policy was created to send a message to quarantine instead of drop

B. The file has a reputation score that is above the threshold

C. The file has a reputation score that is below the threshold

D. the policy was created to disable file analysis.

A

C

229
Q

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

A. NetFlow
B. Packet Tracer
C. Network Discovery
D. Access Control

A

C

230
Q

Which attack is preventable by Cisco ESA but not by Cisco WSA?

A. buffer overflow
B. DoS
C. SQL injection
D. phishing

A

D

231
Q

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose Two)

A. Use outbreak filters from SenderBase
B. Enable a message tracking service
C. Configure a recipient access table.
D. Deploy the Cisco ESA in the DMZ
E. Scan quarantined emails using AntiVirus signatures

A

AE

232
Q

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A. service management
B. centralized management
C. application management
D. distributed management

A

B

233
Q

In an IaaS cloud services model, which security function is the provider responsible for managing?

A. internet proxy
B. Firewalling virtual machines
C. CASB
D. hypervisor OS hardening

A

D

234
Q

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

A. Use MAB with profiling
B. Use MAB with posture assessment
C. Use 802.1x with posture assessment
D. Use 802.1x with profiling

A

A

235
Q

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authention-key 1 md5 Cisco392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so.

Which command is required to enable the client to accept the server’s authentication key?

A. ntp peer 1.1.1.1 key 1
B. ntp server 1.1.1.1 key 1
C. ntp server 1.1.1.2 key 1
D. ntp peer 1.1.1.2 key 1

A

B

236
Q

What is the role of an endpoint in protecting a user from a phishing attack?

A. Use Cisco Stealthwatch and CIsco ISE integration.

B. Utilize 802.1x network security to ensure unauthorized access to resources.

C. Use machine learning models to help identify anomalies and determine expected sending behavior.

D. Ensure that antivirus and antimalware software is up to date.

A

C

237
Q

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

A. Set content settings to high
B. Configure the intelligent proxy
C. Use destination block lists.
D. Configure application block lists.

A

B

238
Q

With which components does a southbound API within a software-defined network architecture communicate?

A. controllers within the network.
B. applications
C. appliances
D. devices such as routers and switches.

A

D

239
Q

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

A. Network Discovery policy to receive data from the host.

B. Threat Intelligence policy to download the data from the host.

C. File Analysis policy to send file data into Cisco Firepower.

D. Network Analysis policy to receive NetFlow data from the host.

A

A

240
Q

When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

A. They key server that is managing the keys for the connection will be at 1.2.3.4

B. The remote connection will only be allowed from 1.2.3.4.

C. The address that will be used as the crypto validation authority.

D. All IP addresses other than 1.2.3.4 will be allowed

A

B

241
Q

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A. file access from a different user.
B. interesting file access.
C. user login suspicious behavior
D. privilege escalation

A

A

242
Q

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two).

A. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after preconfigured interval.

B. Use EEM to have the ports return to service automatically in less than 300 seconds.

C. Enter the shutdown and no shutdown commands on the interfaces.

D. Enable the snmp-server enable traps command and wait 300 seconds.

E. Ensure that interfaces are configured with the error-disable detection and recovery feature.

A

CE

243
Q

What is the difference between Cross-site scripting and SQL injection attacks?

A. Cross-site scripting is an attack where code is injected into a database, whereas SQL injection is an attack where code is injected into a browser.

B. Cross-site scripting is a brute force attack targeting remote sites, where SQL Injection is a social engineering attack.

C. Cross-site scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

D. Cross-site scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

A

D

244
Q

A network administrator is configuring a switch to use Cisco ISE for 802.1x. An endpoint is failing authentication and is unable to access the network.

Where should the administrator begin troubleshooting to verify the authentication details?

A. Adaptive Network Control Policy List
B. Context Visibility
C. Accounting Reports
D. RADIUS Live Logs

A

D

245
Q

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

A. Place the Cisco ISE server and the AD server in the same subnet.

B. Configure a common administrator account.

C. Configure a common DNS server

D. Synchronize the clocks of the Cisco ISE server and the AD server

A

D

246
Q

An organization recently installed a Cisco WSA and would liek to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

A. Use security services to configure the traffic monitor.
B. User URL categorization to prevent the application traffic.
C. Use an access policy group to configure application control settings.
D. Use web security reporting to validate engine functionality.

A

C

247
Q

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

A. BYOD on boarding
B. Simple Certificate Enrollment Protocol
C. Client provisioning
D. MAC authentication bypass

A

A

248
Q

REFER TO THE EXHIBIT:

What will happen when this Python script is run?

A. The compromised computers and malware trajectories will be received from Cisco AMP.

B. The list of computers and their current vulnerabilities will be received from Cisco AMP.

C. The compromised computers and what compromised them will be received from Cisco AMP.

D. The list of computers, policies, and connector statuses will be received from Cisco AMP.

A

D

249
Q

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance.

Which product should be used to meet these requirements?

A. Cisco Umbrella
B. Cisco AMP
C. Cisco Stealthwatch
D. Cisco Tetration

A

D

250
Q

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

A. With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it.

B. With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C. With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud based solution, the provider is responsible for it.

A

D

251
Q

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A. consumption
B. sharing
C. analysis
D. authoring

A

A

252
Q

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud.

B. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud.

C. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud.

D. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

A

D

253
Q

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

A. Ethos Engine to perform fuzzy fingerprinting
B. Tetra Engine to detect malware when we endpoint is connected to the cloud.
C. Claim AV Engine to preform email scanning
D. Spero Engine with machine learning to perform dynamic analysis

A

A

254
Q

What are two characteristics of Cisco DNA Center APIs? (Choose two)

A. Postman is required to utilize Cisco DNA Center API calls.
B. They do not support Python scripts
C. They are Cisco proprietary.
D. They quickly provision new devices.
E. They view the overall health of the network.

A

DE

255
Q

What is a benefit of conducting device compliance checks?

A. It indicates what type of operating system is connecting to the network.

B. It validates if anti-virus software is installed.

C. It scans endpoints to determine if malicious activity is taking place.

D. It detects email phishing attacks

A

B

256
Q

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A. It allows multiple security products to share information and work together to enhance security posture in the network.

B. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D. It integrates with third-party products to provide better visibility throughout the network.

E. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID)

A

CE

257
Q

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?

A. It forwards the packet without validation

B. It forwards the packet after validation by using the MAC Binding Table

C. It drops the packet after validation by using the IP & MAC Binding Table

D. It drops the packet without validation

A

A

258
Q

An Administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped.

How would this be accomplished?

A. Set a trusted interface for the DHCP server.

B. Set the DHCP snooping bit to 1

C. Add entries in the DHCP snooping database

D. Enable ARP inspection for the required VLAN

A

A

259
Q

REFER TO THE EXHIBIT

What will happen when the Python Script is executed?

A. The hostname will be translated to an IP address and printed

B. The hostname will be printed for the client in the client ID field.

C. The script will pull all computer hostnames and print them.

D. The script will translate the IP address to FQDN and print it.

A

C

260
Q

REFER TO THE EXHIBIT

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA Authentication using machine certificates. Which configuration item must be modified to allow this?

A Group Policy

B. Method

C. SAML. Server

D. DHCP Servers

A

B

261
Q

An engineer has been tasked with implementing a solution that can leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco dcloud native CASB and cloud cybersecurity platform. What should be used to meet these requirements?

A. Cisco Umbrella

B. Cisco Cloud Email Security

C. Cisco MGFW

D. Cisco Cloudlock

A

D

262
Q

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?

A. SIEM

B. CASB

C. Adaptive MFA

D. Cisco Cloudlock

A

D

263
Q

Why is it important to implement MFA inside of an organization?

A. To prevent man-in-the-middle attacks from being successful.

B. To prevent DoS attacks from being successful

C. To prevent brute force attacks from being successful.

D. To prevent phishing attacks from being successful.

A

C

264
Q

A Network administrator is configuring SNMPv3 on a new router. The users have already been created, however, an additional configuration is needed to facilitate access to the SNMP views.

What must the administrator do to accomplish this?

A. map SNMPv3 users to SNMP views

B. set the password to be used for SNMPv3 authentication.

C. Define the encryption algorithm to be used by SNMPv3

D. Specify the UDP port used by SNMP.

A

A

265
Q

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs centrally managed cloud policies across these platforms.

Which software should be used to accomplish this goal?

A. Cisco Defense Orchestrator

B. Cisco Secureworks

C. Cisco DNA Center

D. Cisco Configuration Professional.

A

A

266
Q

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24.

Which command on the hub will allow the administrator to accomplish this?

A. crypto ca identity 172.19.20.24

B. crypto isakmp key Cisco023456789 172.19.20.24

C. crypto enrollment peer address 172.19.20.24

D. crypto isakmp idenitity address 172.19.20.24

A

B

267
Q

DRAG AND DROP

Netflow Export formats from left, onto the descriptions on the right.

Version 1
Version 5
Version 8
Version 9

a.) appropriate only for legacy systems

b.) appropriate only for the main cache

c.) introduced extensibility

d.) introduced support for aggregation caches

A

Version 1 = Appropriate only for legacy systems.

Version 5 = Appropriate only for the main cache

Version 8 = Introduced support for aggregation caches.

Version 9 = Introduced extensibility

268
Q

REFER TO THE EXHIBIT

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A. configure manager add DONTRESOLVE <registration></registration>

B. configure manager add <FMC> <registration> 16</registration></FMC>

C. configure manager add DONTRESOLVE <registration> FTD123</registration>

D. configure manager add <FMC> < registration key></FMC>

A

D

269
Q

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation.

Which actions must be performed in order to provide this capability?

A. quarantine and alter the subject header with a DLP violation.

B. deliver and add disclaimer text

C. deliver and send copies to other recipients

D. quarantine and send a DLP violation notification.

A

D

270
Q

Where are individual sites specified to be black listed in Cisco Umbrella?

A. application settings

B. content categories

C. destination lists

D. security settings

A

C

271
Q

DRAG AND DROP

Common security threat with definitions on right.

phishing
botnet
spam
worm

a. a software program that copies itself from one computer to antoerh, without human interaction.

b. unwanted messages in an email inbox

c. group of computers connected

d. fradulent attempts by cyber criminals to obtain private information.

A

Worm - A
Spam - B
Botnet - C
Phishing - D

272
Q

What is the purpose of a NetFlow version 9 template record?

A. it specifies the data format of NetFlow processes.

B. It provides a standardized set of information about an IP flow.

C. it defines the format of data records.

D. It serves as a unique identification number to distinguish individual data records.

A

C

273
Q

What is the purpose of CA in a PKI?

A. to create the private key for a digital certificate.

B. to validate the authenticity of a digital certificate.

C. to issue and revoke digital certificates.

D. to certify the ownership of a public key by the named subject.

A

C

274
Q

When choosing an algorithm to use what should be considered about Diffie Hellaman and RSA for key establishment?

A. RSA is an asymmetric key establishment algorithm intended to output symmetric keys.

B. DH is a symmetric key establishment algorithm intended to output asymmetric keys.

C. DH is an asymmetric key establishment algorithm intended to output symmetric keys.

D. RSA is a symmetric key establishment algorithm intended to output asymmetric keys.

A

C

275
Q

Which category includes DoS Attacks?

A. virus attacks
B. trojan attacks
C. flood attacks
D. phishing attacks

A

C

276
Q

Which service allows a user export application usage and performances statistics with Cisco Application Visibility and control?

A. SNORT
B. 802.1x
C. SNMP
D. NetFlow

A

D

277
Q

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS Policies, and update software versions on switches?

A. Integration
B. event
C. intent
D. multivender

A

C

278
Q

Which parameter is required when configuring a Netflow exporter on a Cisco Router?

A. DSCP value
B. exporter name
C. source interface
D. exporter description

A

B

279
Q

What are two advantages of using Cisco AnyConnect over DMVPN? (Choose two)

A. It provides spoke-to-spoke communications without traversing the hub.

B. It allows diferent routing protocols to work over the tunnel.

C. It allows customization of access policies based on user identity.

D. IT allows multiple sites to connect to the data center.

E. It enables VPN access for individual users from their machines.

A

CE

280
Q

A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?

A. DMVPN because it supports IKEv2 and FlexVPN does not.

B. FlexVPN because it supports IKEv2 and DMVPN does not.

C. FlexVPN because it uses multiple SAs and DMVPN does not.

D. DMVPN because it uses multiple SAs and FlexVPN does not.

A

C

281
Q

Which algorithm is an NGE hash function?

A. HMAC
B. SHA-1
C. MD5
D. SHA-2

A

D

282
Q

What is a capability of Cisco ASA Netflow?

A. It sends Netflow data records from active and standby ASAs in an active standby failover pair.

B. It filters NSEL events based on traffic.

C. It logs all event types only to the same collector.

D. It generates NSEL events even if they MPF is not configured.

A

B

283
Q

Which type of encryption uses a public key and private key?

A. asymmetric
B. symmetric
C. linear
D. nonlinear

A

A

284
Q

What are two Trojan malware attacks? (Choose Two)

A. rootkit
B. frontdoor
C. smurf
D. backdoor
E. sync

A

AD

285
Q

Which two capabilities of integration APIs are utilized with Cisco DNA Center? (Choose Two)

A. Application monitors for power utilization of devices and IoT Sensors.

B. Upgrade software on switches and routers.

C. Automatically deploy new virtual routers.

D. Connect to Information Technology Service Management Platforms.

E. Create new SSIDs on a wireless LAN controller

A

AD

286
Q

An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal?

A. AES-192
B. IKEv1
C. AES-256
D. ESP

A

D

287
Q

What are two features of NetFlow flow monitoring? (Choose two)

A. Copies all ingress flow information to an interface.

B. Include the flow record and the flow importer

C. Can track ingress and egress information

D. Can be used to track mutlicast, MPLS, or bridged traffic.

E. Does not require packet sampling on interfaces

A

CD

288
Q

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

A. ESP
B. AH
C. IKEv1
D. IKEv2

A

A

289
Q

What is a benefit of performing device compliance?

A. providing multi-factor authentication

B. device classification and authorization

C. providing attribute-drive policies

D. verification of the latest OS patches

A

D

290
Q

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

A. to ensure that assets are secure from malicious links on and off the corporate network

B. to protect the endpoint against malicious file transfers

C. to establish secure VPN connectivity to the corporate network.

D. To enforce posture compliance and mandatory software.

A

A

291
Q

A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?

A. Create an IP block list for the website from which the file was downloaded.

B. Block the application that the file was using to open.

C. Upload the hash for the file into the policy

D. Send the file to Cisco Threat Grid for dynamic analysis.

A

C

292
Q

A network engineer must monitor user and device behavior within the on-premise network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement using the Ubuntu-Based vM appliance deployed in a VMWare-based hypervisor?

A. Configure a Cisco FMC to send syslogs to Cisco Stealwatch Cloud.

B. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

C. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

D. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

A

D

293
Q

What is a difference between a DoS Attack and DDoS Attack?

A. A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets.

B. A DoS Attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN.

C. A DoS attack is hwere a computer is used to flood a server with TCP and UDP packets, whereas a DDoS attack is where mutliple systems target a single system with a DoS Attack.

D. A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoD attack is where a computer is used to flood a server with UDP packets.

A

C

294
Q

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

A. Implement pre-filter policies for the CIP preprocessor.

B. Enable traffic analysis in the Cisco FTD

C. Configure Intrusion rules for the DNP2 preprocessor.

D. Modify the access control policy to trust the industrial traffic.

A

C

295
Q

What is the benefit of integrating Cisco ISE with a MDM solution?

A. It provides the ability to update after applications on the mobile device.

B. It provides compliance checks for access to the network.

C. It provides the ability to add applications to the mobile device through Cisco ISE

D. It provides network device administration access

A

B

296
Q

REFER TO THE EXHIBIT:

A network engineer is testing NTP authentication and realizes that synchronizes time with this router and that NTP authentication is not enforced.

What is the cause of this issue?

‘ntp authentication-key 10 md5 Cisco123
ntp trusted-key 10’

A. The hashing algorithm that was used was MD5 which is unsupported.

B. The key was configured in plain text

C. NTP authentication is not enabled.

D. The router was not rebooted after the NTP configuration updated.

A

C

297
Q

Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?

A. audio
B. mandatory
C. optional
D. Visibility

A

B

298
Q

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen, however the attributes for CDP or DHCP are not.

What should the administrator do to address this issue?

A. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE.

B. Configure the device sensor feature within the switch to send the appropriate protocol information.

C. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.

D. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect.

A

B

299
Q

What is a functional difference between a Cisco ASA and Cisco IOS router with Zone-Based Policy Firewall?

A. The Cisco IOS router with Zone-based policy firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing traffic until rules are added.

B. The Cisco IOS router with Zone-based policy firewall can be configured for high availability, whereas the Cisco ASA cannot.

C. The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot.

D. The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based policy firewall starts out by allowing all traffic , even on untrusted interfaces.

A

A

300
Q

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy.

What should be done in order to support this?

A. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy.

B. Make the priority for the new policy 5 and the primary policy 1.

C. Change the encryption to AES* to support all AES algorithms in the primary policy.

D. Make the priority for the primary policy 10 and the new policy 1

A

B

301
Q

Which cloud model is a collaborative effort where infrastructure is shared and jointly assessed by several organizations from a specific group?

A. private
B. hybrid
C. community
D. public

A

C

302
Q

A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode.

Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

A. Transport mode
B. Forward file.
C. PAC file
D. Bridge mode

A

C

303
Q

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communication s on the network and must be changed. What must be done to ensure that all device can communicate together?

A. Set the sftunnel to go through the Cisco FTD

B. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices.

C. Set the sftunnel port to 8305

D. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.

A

D

304
Q

REFER TO THE EXHIBIT:

What does the Python Script Accomplish?

A. it lists the LDAP users from the external identity store configured on Cisco ISE.

B. it authenticates to a Cisco ISE server using the username of ersad

C. it allows authentication with TLSv1 SSL protocol

D. it authenticates to a Cisco ISE with an SSH connection.

A

B

305
Q

Which component of Cisco Umbrella architecture increases reliability of the service?

A. Anycast IP
B. AMP Threat Grid
C. Cisco Talos
D. BGP route reflector

A

A

306
Q

An organization wants to use Cisco FTD or Cisco ASA deicces Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy.

Which solution should be used to meet this requirement?

A. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not.

B. Cisco ASA because it includes URL filtering in the access control policy capabilities whereas Cisco FTD does not.

C. Cisco FTD because it includes URL filtering in the access control policy capabilities whereas the Cisco ASA does not.

D. Cisco FTD because it enables URL filtering and block malicious URLs by deafult, wheras Cisco ASA does not.

A

C

307
Q

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

A. malware installation
B. command-and-control communication
C. network footprinting
D. data exfiltration

A

B

308
Q

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

A. orchestration
B. CI/CD pipeline
C. container
D. security

A

B

309
Q

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs.

Which solution meets the needs of the organization?

A. Cisco FMC
B. CSM
C. Cisco FDM
D. CDO

A

A

310
Q

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done to the Cisco WSA to support these requirements?

A. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device.

B. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device.

C. Use the Layer 4 setting in teh Cisco WSA to receive explicit forward requests from the network device.

D. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA.

A

A

311
Q

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but sees only the requests from its public IP addresses instead of each internal IP address. What must be done to resolve this issue?

A. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.

B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard.

C. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard.

D. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains.

A

A

312
Q

An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

A. virtual routing and forwarding

B. microsegmentation

C. access control policy

D. virtual LAN

A

B

313
Q

An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?

A. It can grant 3rd party SIEM integrations write access to the S3 bucket.

B. Data can be stored offline for 30 days

C. No other applications except Cisco Umbrella can write to the S3 bucket.

D. It is included in the license cost for the multi-org console of Cisco Umbrella.

A

A

314
Q

How does Cisco Workload Optimization Manager help mitigate application performance issues?

A. It deploys an AWS Lambda system.

B. It automates resources resizing

C. It optimizes a flow path.

D. it sets up a workload forensic score

A

B

315
Q

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the has is not 64 characters and is non-zero. What is the issue?

A. The hash being uploaded is part of a set in an incorrect format.

B. The file being uploaded is incompatible with simple detections and must use advanced detections.

C. The engineer is attempting to upload a has created using MD5 instead of SHA-256

D. The engineer is attempting to upload a file instead of a hash?

A

C

316
Q

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

A. Telemetry uses a pull, method which makes it more reliable than SNMP.

B. Telemetry uses push and pull, which makes it more scalable than SNMP.

C. Telemetry uses a push method which makes it faster than SNMP.

D. Telemetry uses push and pull which makes it more secure than SNMP

A

C

317
Q

An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network.

Which solution meets these requirements?

A. Cisco Umbrella Cloud
B. Cisco Stealthwatch Cloud PNM
C. Cisco Stealthwatch Cloud PCM
D. CIsco Umbrella On-Premises

A

B

318
Q

What is a difference between GETVPN and IPsec?

A. GETVPN provides key management and security association management.

B. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub.

C. GETVPN is based on IKEv2 and does not support IKEv1

D. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices.

A

B

319
Q

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices.

What should be done to ensure that all subdomains of domain.com are blocked?

A. Configure the *.com address in the block list.

B. Configure the *.domain.com address in the block list.

C. Configure the *domain.com address in the block list.

D. Configure the domain.com address in the block list.

A

D

320
Q

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based on operate as a cloud-native CASB. Which solution must be used for this implementation?

A. Cisco Firepower Next-Generation Firewall.

B. Cisco Cloud Email Security

C. Cisco Umbrella

D. Cisco Cloudlock

A

D

321
Q

Which attribute has the ability to change during the RADIUS CoA?

A. NTP
B. authorization
C. accessibility
D. membership

A

B

322
Q

What is a difference between an XSS attack and an SQL injection attack?

A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications.

B. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.

C. SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

D. XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them.

A

C

323
Q

Which VMWare platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

A. VMware APIC
B. VMwarevRealize
C. VMware fusion
D. VMware Horizons

A

B

324
Q

REFER TO THE EXHIBIT: How does Cisco Umbrella manage traffic that is directed toward risky domains?

A. Traffic is managed by the application setting, unhandled and allowed.

B. Traffic is allowed by logged.

C. Traffic is managed by the security settings and blocked.

D. Traffic is proxied through the intelligent proxy.

A

C

325
Q

DRAG AND DROP

BLUE:
Cloud Data Protection
Cloud Security Strategy
Cloud Security Architecture
User Entity

YELLOW:
Review the Security posture of documents

Conduct whiteboarding sessions

Experts educate customer

Examine how users are provisioned

A

Cloud Data Protection - Review Security Posture

Cloud Security Architecture - Conduct Whiteboarding

Cloud Security Strategy - Experts Educate

User Entity - Examine how users provisioned

326
Q

REFER TO THE EXHIBIT:

A Cisco ISE administrator adds a new switch to 802.1x deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials; however, printers and video cameras cannot. Based on the interface configuration provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls?

A. Change the default policy in Cisco ISE to allow all devices not using machine authentication.

B. Enable insecure protocols within Cisco ISE in the allowed protocols configuration.

C. Configure authentication event fail retry 2 action authroize vlan 41on the interface.

D. Add mab to the interface configuration

A

D

327
Q

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.

B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface.

C. RADIUS requests are generated only by a router if a RADIUS source interface is defined.

D. Encrypted RADIUS authentication requires the RADIUS source interface be defined.

A

A

328
Q

An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 CIsco427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source.

What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?

A. ntp server 192.168.1.110 primary key 1

B. ntp peer 192.168.1.110 prefer key 1

C. ntp server 192.168.1.110 key 1 prefer

D. ntp peer 192.168.1.110 key 1 primary

A

C

329
Q

What does endpoint isolation in Cisco AMP for Endpoints security protect from?

A. An infection spreading across the LDAP or Active Directory domain from a user account

B. a malware spreading across the user device.

C. an infection spreading across the network.

D. a malware spreading across the LDAP or Active Directory domain from a user account.

A

C

330
Q

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

A. SDLC

B. Docker

C. Lambda

D. Contiv

A

D

331
Q

Which feature is leveraged by advanced antimalware capabilities to be an effective endpoint protection platform?

A. big data

B. storm centers

C. sandboxing

D. blocklisting

A

C

332
Q

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead.

Which solution meets these requirements?

A. Cisco Stealthwatch Cloud
B. Cisco Umbrella
C. NetFlow Collectors
D. Cisco Cloudlock

A

A

333
Q

What is the difference between a vulnerability and an exploit?

A. A vulnerability is a hypothetical event for an attacker to exploit.

B. A vulnerability is a weakness that can be exploited by an attacker.

C. An exploit is a weakness that can cause a vulnerability in the network.

D. An exploit is a hypothetical event that causes a vulnerability in the network.

A

B

334
Q

Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find pattern on threats. Which term describes this process?

A. deployment
B. consumption
C. authoring
D. sharing

A

D

335
Q

An engineer is configuring their router to send NetFlow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealtwatch406143794 command. Which additional command is required to complete the flow record?

A. transport udp 2055
B. match ipv4 ttl
C. cache timeout active 60
D. destination 1.1.1.1

A

B

336
Q

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

A. Tetration
B. ISE
C. AMP
D. AnyConnect

A

A

337
Q

How is data sent out to the attacker during a DNS tunneling attack?

A. as part of the UDP/53 packet payload

B. as part of the domain name.

C. as part of the TCP/53 packet header

D. as part of the DNS response packet

A

A

338
Q

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.

B. Install and configure the Cisco DUO authentication proxy and configure the identity source sequence within Cisco ISE.

C. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

D. Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE.

A

B

339
Q

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?

A. The admin must upload the file instead of the has for Cisco AMP to use.

B. The MD5 hash uploaded to the simple detection policy is in the incorrect format.

C. The APK must be uploaded for the application that the detection is intended.

D. Detections for MD5 signatures must be configured in the advanced custom detection policies.

A

D

340
Q

An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems.

Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?

A. Platform as a Service because the customer manages the operating system.

B. Infrastructure as a Service because the customer manages the operating system.

C. Platform as a Service because the service provider manages the operating system.

D. Infrastructure as a Service because the service provider manages the operating system.

A

C

341
Q

An administrator is adding a new Cisco ISE node to an existing deployment.

What must be done to ensure that the addition of the node will be successful when inputting the FQDN?

A. Change the IP address of the new Cisco ISE node to the same network as the others.

B. Make the new Cisco ISE node a secondary PAN before registering it with the primary.

C. Open port 8905 on the firewall between the Cisco ISE nodes.

D. Add the DNS entry for the new Cisco ISE node into the DNS service.

A

D

342
Q

REFER TO THE EXHIBIT:

What will occur when this device tries to connect to the port?

A. 802.1x will not work, but MAB will start and allow the device on the network.

B. 802.1x will not work and the device will not be allowed network access.

C. 802.1x will work and the device will be allowed on the network.

D. 802.1x and MAB will both be used and ISE can use policy to determine the access level.

A

C

343
Q

A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access. The Cisco ESA must also join a cluster machine using preshared keys. What must be configured to meet these requirements.

A. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.

B. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI.

C. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI.

D. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI

A

A

344
Q

Which portion of the network do EPP solutions solely focus on and EDR solutions do not?

A. server farm
B. perimeter
C. core
D. East-West gateways

A

B

345
Q

REFER TO THE EXHIBIT:

An engineer is implementing a certificate based VPN. What is the result of the existing configuration?

A. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.

B. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully.

C. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER

D. The OU of the IKEv2 peer certificate is set MANGLER

A

A

346
Q

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not.

B. Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C. URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA.

D. Content scanning for SaaS Cloud applications is available through Cisco CWS and not available through Cisco WSA.

A

A

347
Q

What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?

A. trusted automated exchange
B. Indicators of Compromise
C. The Exploit Database
D. Threat Intelligence

A

D

348
Q

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose Two).

A. Configure Cisco ACI to ingest AWS information.
B. Configure Cisco ThousandEyes to ingest AWS information.
C. Send syslog from AWS to Cisco Stealthwatch Cloud.
D. Send VPC flow logs to Cisco Stealtwatch Cloud.
E. Configure Cisco Stealthwatch Cloud to ingest AWS information.

A

DE

349
Q

What is the function of the ‘crypto isakmp key cisco123456789 address 192.168.50.1 255.255.255.255’ command when establishing an IPsec VPN tunnel?

A. It defines the data destined to 192.168.50.1 is going to be encrypted.

B. It configures the pre-shared authentication key for host 192.168.50.1

C. It prevents 192.168.50.1 from connecting to the VPN server.

D. It configures the local address for the VPN server 192.168.50.1

A

B

350
Q

Question 362

A
351
Q
A