Questions

Question 1

What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose Two)

A. Blocked ports
B. Simple Custom Detections
C. Command and Control
D. Allowed Applications
E. URL

Answer 1

BD

Question 2

Which command enables 802.1x globally on a Cisco switch?

A. dot1x system-auth-control
B. dot1x pae authenticator
C. authentication port-control auto
D. aaa new-model

Answer 2

A

Question 3

What is the function of Cisco Cloudlock for data security?

A. DLP
B. Controls malicious cloud apps.
C. Detects anomalies
D. User and entity behavior analytics

Answer 3

A

Question 4

For which two conditions can an Endpoint be checked using ISE posture assessment?

A. Computer Identity
B. Windows Service
C. User Identity
D. Windows Firewall
E. Default Browser

Answer 4

BD

Question 5

What is a characteristic of Dynamic ARP Inspection?

Answer 5

DAI determines the validity of an ARP packet based on Valid IP

Question 6

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

A. NGFW
B. AMP
C. WSA
D. ESA

Answer 6

B

Question 7

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A. Application Settings
B. Content Categories
C. Security Settings
D. Destination Lists

Answer 7

D

Question 8

Which statement about IOS zone-based Firewalls is true?

A. An unassigned interface can communicate with assigned interfaces.

B. Only one interface can be assigned to a zone.

C. An interface can be assigned to multiple zones

D. An interface can be assigned only to one zone.

Answer 8

D

Question 9

Which two activities can be done use Cisco DNA Center? (Choose Two)

A. DHCP
B. design
C. Accounting
D. DNS
E. Provision

Answer 9

BE

Question 10

Which ID Store requires that a shadow user be created on Cisco ISE for the admin login to work?

A. RSA SecureID
B. Internal Database
C. Active Directory
D. LDAP

Answer 10

A

Question 11

Which VPN Technology can support a multivendor environment and secure traffic between sites?

A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN

Answer 11

C

Question 12

Which SNMPv3 Config must be used to support the strongest security possible?

Answer 12

V3 priv
priv aes 256

Question 13

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

A. Cisco Security Intelligence
B. Cisco Application Visibility and Control.
C. Cisco Model Driven Telemetry
D. Cisco DNA Center

Answer 13

B

Question 14

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

A. Patch for cross-site scripting
B. Perform backups to the private cloud.
C. Protect against input validation and character escapes in the endpoint.
D. Install a spam and virus email filter.
E. Protect systems with an up-to-date antimaleware program.

Answer 14

DE

Question 15

An ENG used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.

Which two solutions mitigate the risk of this ransomware infection? (Choose two)

A. Configure a posture policy in Cisco ISE to install the MS17-010 patch before allowing access on the network.

B. Set up a profiling policy in the Cisco ISE to check and endpoint patch level before allowing access on the network.

C. Configure a posture policy in Cisco ISE to check that an endpoint patch level is met before allowing access on the network.

D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely manner.

Answer 15

AC

Question 16

Why would a user choose an on-prem ESA versus the CES solution?

A. Sensitive data must remain onsite.
B. Demand is unpredictable.
C. The server team wants to outsource this service.
D. ESA is deployed inline.

Answer 16

A

Question 17

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A. DMVPN
B. FlexVPN.
C. IPsec DVTI
D. GET VPN

Answer 17

D

Question 18

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

A. PaaS
B. XaaS
C. IaaS
D. SaaS

Answer 18

A

Question 19

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

A. Enable IP Layer Enforcement
B. Activate the Advanced Malware Protection License
C. Activate SSL Decryption
D. Enable Intelligent Proxy

Answer 19

D

Question 20

Which two features are used to configure Cisco ESA with a mutilayer approach to fight viruses and malware? (Choose Two)

A. Sophos engine
B. White list
C. RAT
D. outbreak filters
E. DLP

Answer 20

AD

Question 21

How is Cisco Umbrella configured to log only security events?

A. per policy
B. In the reporting settings
C. In the security settings
D. per network in the deployment section

Answer 21

A

Question 22

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

A. EPP focuses on prevention, , EDR on advanced threats.

B. EDR focuses on prevention and EPP focus on advanced threats.

C. EPP focuses on network security, EDR is device security.

D. EDR is network security, EPP is device security.

Answer 22

A

Question 23

On which part of the IT environment does DevSecOps focus?

A. Application Development
B. WIreless network
C. Data Center
D. Perimeter Network

Answer 23

A

Question 24

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN controller and the network elements.
B. Management console and the SDN controller.
C. Management console and the cloud.
D. SDN controller and the cloud

Answer 24

A

Question 25

What is a characteristic of traffic storm control behavior?

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

B. Traffic storm control cannot determine if the packet is unicast or broadcast.

C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Answer 25

A

Question 26

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two)

A. put
B. options
C. get
D. push
E. connect

Answer 26

AC

Question 27

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

A. hypervisor
B. virtual machine
C. network
D. application

Answer 27

C

Question 28

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?

A. Device flow correlation
B. Simple detections
C. Application blocking list
D. Advanced Custom Detections

Answer 28

C

Question 29

Which ASA deployment mode can provide separation of management on a shared appliance?

A. DMZ multiple zone mode
B. Transparents firewall mode
C. multiple context mode
D. routed mode

Answer 29

C

Question 30

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose Two)

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS.

B. Cisco FTDv with one management interface and two traffic interfaces configured.

C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises.

D. Cisco FTDv with two management interfaces and one traffic interface configured.

E. Cisco FTDv configured in routed mode and IPv6 configured.

Answer 30

AC

Question 31

What can be integrated with Cisco Talos Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

A. Cisco Umbrella
B. External Threat Feeds
C. Cisco Threat Grid
D. Cisco Stealthwatch

Answer 31

B

Question 32

What provides visibility and awareness into what is currently occurring on the network?

A. CMX
B. WMI
C. Prime Infrastructure
D. Telemetry

Answer 32

D

Question 33

What attack is commonly associated with C and C++ programming languages?

A. Cross-site scripting
B. Water holing
C. DDoS
D. Buffer Overflow

Answer 33

D

Question 34

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.
Which CoA type achieves this goal?

A. Port Bounce
B. CoA Terminate
C. CoA Reauth
D. CoA Session Query

Answer 34

C

Question 35

Refer to Exhibit:

Which command was used to display this output?

A. show dot1x all
B. show dot1x
C. show dot1x all summary
D. show dot1x interface gi1/0/12

Answer 35

A

Question 36

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
C. Secure the connection between the web and the app tier.
D. Write SQL code instead of using object-relational mapping libraries.
E. Block SQL code execution in the web application database login.

Answer 36

AB

Question 37

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A. It delivers visibility and threat detection.
B. It prevents exfiltration of sensitive datA.
C. It assigns internet-based DNS protection for clients and servers.
D. it facilitates secure connectivity between public and private networks.

Answer 37

A

Question 38

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two).

A. SIP
B. inline normalization
C. SSL
D. packet decoder
E. modbus

Answer 38

AC

Question 39

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

A. quality of service
B. time synchronization
C. network address translations
D. intrusion policy

Answer 39

B

Question 40

The main function of northbound API s in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud.
B. management console and the SDN controller
C. management console and the cloud.
D. SDN controller and the management solution

Answer 40

D

Question 41

REFER TO THE EXHIBIT: What is a result of the configuration?

A. Traffic from the DMZ network is redirected.
B. Traffic from the inside network is redirected.
C. All TCP traffic is redirected.
D. Traffic from the inside and DMZ networks is redirected.

Answer 41

D

Question 42

Which information is required when adding a device to FMC?

A. username and password
B. encryption method
C. device serial number
D. registration key

Answer 42

D

Question 43

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

A. DDoS
B. antispam
C. antivirus
D. encryption
E. DLP

Answer 43

DE

Question 44

What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?

A. It tracks flow-create, flow-teardown, and flow-denied events.
B. It provides stateless IP flow tracking that exports all records of a specific flow.
C. It tracks the flow continuously and provides updates every 10 seconds.
D. Its events match all traffic classes in parallel.

Answer 44

A

Question 45

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

A. File Analysis
B. SafeSearch
C. SSL Decryption
D. Destination Lists

Answer 45

C

Question 46

Which two kinds of attacks are prevented by MFA? (Choose Two)

A. phishing
B. brute force
C. man-in-the-middle
D. DDoS
E. tear drop

Answer 46

AB

Question 47

With Cisco AMP for Endpoints, which option shows a list of all files that have ben executed in your environment?

A. vulnerable software
B. file analysis
C. detections
D. prevalence
E. threat root cause

Answer 47

D

Question 48

Which RADIUS attribute can you use to filter MAB requests in a 802.1x deployment?

A. 1
B. 6
C. 31
D. 2

Answer 48

B

Question 49

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

A. time-based on-time passwords.
B. data loss prevention
C. heurisitic-based filtering
D. geolocation-based filtering
E. NetFlow

Answer 49

BD

Question 50

DRAG AND DROP

Correct order to enable AppDynamics to monitor EC2 Instance?

1. Install monitoring extension for AWS EC2
2. Restart the Machine Agent
3. Update config.yaml.
4. Configure a Machine Agent or SIM Agent.

Answer 50

Configure a Machine Agent

Install Monitoring

Update config.yaml

Restart the Machine Agent

Question 51

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

A. Security Intelligence
B. Impact Flags
C. Health Monitoring
D. URL filtering

Answer 51

B

Question 52

REFER TO EXHIBIT:

Which statement about the authentication protocol used in the configuration is true?

A. The authentication request contains only a password.

B. The authentication request contains only a username.

C. The authentication and authorization requests are grouped in a single packet.

D. There are separate authentication and authorization request packets.

Answer 52

C

Question 53

Which two preventive measures are used to control cross-site scripting? (Choose Two)

A. Enable client-side scripts on a per-domain basis.

B. Incorporate contextual output encoding/escaping.

C. Disable cooking inspection in the HTML inspection engine.

D. Run untrusted HTML input through an HTML sanitization engine.

E. SameSite cookie attribute should not be used.

Answer 53

BD

Question 54

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrustion Prevention System?

A. correlation

B. intrusion

C. access control

D. network discovery

Answer 54

D

Question 55

REFER TO THE EXHIBIT:

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

A. show authentication registrations

B. show authentication method

C. show dot1x all

D. show authentication sessions.

Answer 55

D

Question 56

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.

Which list contains the allowed recipient addresses?

A. SAT

B. BAT

C. HAT

D. RAT

Answer 56

D

Question 57

Which two capabilities does TAXII support? (Choose two)

A. exchange

B. pull messaging

C. binding

D. correlation

E. mitigating

Answer 57

AB

Question 58

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A. group policy

B. access control policy

C. device management policy

D. platform service policy

Answer 58

D

Question 59

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network.

The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

A. Cisco ISE and AnyConect Posture Module.

B. Cisco Stealthwatch and Cisco ISE integration.

C. Cisco ASA FW and Dynamic Access Policies configured.

D. Cisco ISE with PxGrid services enabled.

Answer 59

A

Question 60

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose Two)

A. data exfiltration

B. command and control communication

C. intelligent proxy

D. snort

E. URL categorization

Answer 60

AB

Question 60

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. smurf

B. distributed denial of service

C. cross-site scripting

D. rootkit exploit

Answer 60

C

Question 60

Which two conditions are prerequisites for stateful failover for IPSec? (Choose two)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

C. The IPsec configuration that is et up on the active device must be duplicated on the standby device.

D. Only the IPsec configuration that is et up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

Answer 60

CE

Question 61

Which Cisco command shows you the status of the 802.1x connection on interface gi0/1?

A. show authorization status

B. show authen sess int gi0/1

C. show connection status gi0/1

D. show ver gi0/1

Answer 61

B

Question 61

A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time.

What two catalyst switch security features will prevent further violations? (Choose Two)

A. DHCP Snooping

B. 802.1AE MacSec

C. Port security

D. IP Device tracking

E. Dynamic ARP inspection

F. Private VLANs

Answer 61

AE

Question 62

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture mode?

A. RADIUS Change of Authorization
B. device tracking
C. DHCP snooping
D. VLAN hopping

Answer 62

A

Question 63

What is the result of running the crypto isakmp key ciscxxxxxxxxxx address 172.16.0.0 command?

A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscxxxxxxxxx

B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscxxxxxxxx

C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscxxxxxxxxxxx.

D. secure all the certificates in the IKE exchange by using the key ciscxxxxxxxxx

Answer 63

B

Question 64

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose Two)

A. RADIUS

B. TACACS+

C. DHCP

D. sFLow

E. SMTP

Answer 64

AC

Question 65

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

A. Nexus

B. Stealthwatch

C. Firepower

D. Tetration

Answer 65

D

Question 66

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

A. biometric factor

B. time factor

C. confidentiality factor

D. knowledge factor

E. encryption factor

Answer 66

BD

Question 67

Which two key and block sizes are valid for AES? (Choose Two)

A. 64-bit block size, 112-bit key length

B. 64-bit block size, 168-bit key length

C. 128-bit block size, 192-bit key length

D. 128-bit block size, 256-bit key length

E. 192-bit block size, 256-bit key length

Answer 67

CD

Question 68

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

A. Configure the trackingconfig command to enable message tracking.

B. Generate a system report.

C. Review the log files.

D. Perform a trace.

Answer 68

A

Question 69

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

A. 3DES

B. RSA

C. DES

D. AES

Answer 69

B

Question 70

How is ICMP used an exfiltration technique?

A. by flooding the destination host with unreachable packets.

B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address.

C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host.

D. by overwhelming a targeted host with ICMP echo-request packets.

Answer 70

C

Question 71

What is a difference between deceptive phishing and spear phishing?

A. Deceptive phishing is an attacke aimed at a specific user in the organization who holds a C-level role.

B. A spear phishing campaign is aimed at a specific person versus a group of people.

C. Spear phishing is when the attack is aimed at the C-level executives of an organization.

D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Answer 71

B

Question 72

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1x, MAB, or WebAuth.

Which product meets all of these requirements?

A. Cisco Prime Infrastructure

B. Cisco Identity Services Engine

C. Cisco Stealthwatch

D. Cisco AMP for Endpoints

Answer 72

B

Question 73

When wired 802.1x authentication is implemented, which two components are required? (Choose two)

A. authentication server: Cisco ISE

B. Supplicant: Cisco AnyConnect ISE Posture module

C. authenticator: Cisco Catalyst switch

D. authenticator: Cisco ISE

E. authentication serverL Cisco Prime Infrastructe

Answer 73

AC

Question 74

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

A. Certificate Trust List

B. Endpoint Trust List

C. Enterprise Proxy Service

D. Secure Collaboration Proxy

Answer 74

A

Question 75

Which API is used for Content Security?

A. NX-OS API

B. IOS XR API

C. OpenVuln API

D. AsyncOS API

Answer 75

D

Question 76

Which two behavorial patterns characterize a ping of death attack? (Choose two)

A. The Attack is fragmented into groups of 16 octets before transmission.

B. The attack is fragmented into groups of 8 octets before transmission.

C. Short synchronized bursts of traffic are used to disrupt TCP connections.

D. Malformed packets are used to crash systems.

E. Publicily accessible DNS servers are typically used to execute the attack.

Answer 76

BD

Question 77

Which two mechanisms are used to control phishing attacks? (Choose Two)

A. Enable browser alerts for fradulent websites.

B. Define security group memberships.

C. Revoke expired CRL of the websites.

D. Use antispyware software

E. Implement email filtering techniques.

Answer 77

AE

Question 78

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

A. Application Control

B. Security Category Blocking

C. Content Category Blocking

D. File Analysis

Answer 78

B

Question 79

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two)

A. TACACS+

B. central web auth

C. single sign-on

D. Multiple Factor auth

E. local web auth

Answer 79

BE

Question 80

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. user input validation in a web page or web application

B. Linux and Windows operating systems

C. database

D. web page images

Answer 80

A

Question 81

Which deployment model is the most secure when considering risks to cloud adoption?

A. public cloud

B. hybrid cloud

C. community cloud

D. private cloud

Answer 81

D

Question 82

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

A. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.

B. It discovers and controls cloud apps that are connected to a company’s corporate environment.

C. It deletes any application that does not belong in the network.

D. It sends the application information to an administrator to act on.

Answer 82

B

Question 83

What is the primary benefit of deploying an ESA in hybrid mode?

A. You can fine-tune its settings to provide the optimum balance between security and performance for your environment.

B. It provides the lowest total cost of ownership by reducing the need for physical appliances.

C. It provides the maximum protection and control of outbound messages.

D. It provides email security while supporting the transition to the cloud.

Answer 83

D

Question 84

Which option is the main function of Cisco Firepower impact flags?

A. They alert administrators when critical events occur.

B. They highlight known and suspected malicious IP addresses in reports.

C. They correlate data about intrusions and vulnerability.

D. They identify data that the ASA sends to the Firepower module.

Answer 84

C

Question 85

Which two deployment modes does the Cisco ASA FirePower module support?

A. transparent mode

B. routed mode

C. inline mode

D. active mode

E. passive monitor-only mode

Answer 85

CE

Question 86

DROP AND DRAG

PortScan
Port Sweep
Decoy PortScan
Distributed PortScan

Answer 86

Dis
Dec
Port Sweet
Port Scan

DID PORT SWEEP

Question 87

DRAG AND DROP

IKEv1

Answer 87

Uses 3 packets

Uses 6 packets

Question 88

Which Cisco Solution does Cisco Umbrella integrate with to determine if a URL is malicious?

A. AMP
B. AnyConnect
C. DynDNS
D. Talos

Answer 88

D

Question 89

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A. It decrypts HTTPS application traffic for unauthenticated users.

B. It alerts users when the WSA decrypts their traffic.

C. It decrypts HTTPS application traffic for authenticated users.

D. It provides enhanced HTTPS application detection for AsyncOS

Answer 89

D

Question 90

What is the primary role of the Cisco Email Security Appliance?

A. Mail Submission Agent
B. Mail Transfer Agent
C. Mail Delivery Agent
D. Mail User Agent

Answer 90

B

Question 91

Which two features of Cisco DNA Center are used in a Software Defined Network Solution? (Choose Two)

A. accounting

B. Assurance

C. Automation

D. Authentication

E. Encryption

Answer 91

BC

Question 92

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

A. DNS tunneling

B. DNSCrypt

C. DNS Security

D. DNSSEC

Answer 92

A

Question 93

Which algorithm provides encryption and authentication for data plane communication?

A. AES-GCM

B. SHA-96

C. AES-256

D. SHA-384

Answer 93

A

Question 94

How does Cisco Umbrella archive logs to an enterprise-owned storage?

A. by using the Application Programming interface to fetch the logs.

B. by sending logs via syslog to an on-premise or cloud-based syslog server

C. by the system administrator downloading the logs from the Cisco Umbrella web portal.

D. by being configured to send logs to a self-managed AWS S3 bucket.

Answer 94

D

Question 95

In which cloud services model is the tenant responsible for virtual machine OS patching?

A. IaaS
B. UCaaS
C. PaaS
D. SaaS

Answer 95

A

Question 96

Which two descriptions of AES encryption are true? (Choose two)

A. AES is less secure than 3DES
B. AES is more secure than 3DES
C. AES can use a 168-bit key for encryption
D. AES can use a 256-bit key for encryption.
E. AES Encrypts and decrypts a key three times a sequence.

Answer 96

BD

Question 97

Which technology is used to improve web traffic performance by proxy caching?

A. WSA
B. Firepower
C. FireSIGHT
D. ASA

Answer 97

A

Question 98

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

A. It can handle explicit HTTP requests
B. It requires a PAC file for the client web portal
C. It requires a proxy for the client web browser
D. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
E. Layer 4 switches can automatically redirect traffic destined to Port 80

Answer 98

DE

Question 99

Which action controls the amount of URI text that is stored in Cisco WSA logs files?

A. Configure the datasecurityconfig command
B. Configure the advancedproxyconfig command with HTTPS subcommand
C. Configure a small log-entry size
D. Configure a maximum packet size.

Answer 99

B

Question 100

Which technology reduces data loss by identifying sensitive information stored in public computing environments?

A. Cisco SDA
B. Cisco Firepower
C. Cisco HyperFlex
D. Cisco Cloudlock

Answer 100

D

Question 101

Refer to the exhibit. What does the number 15 represent in this configuration?

[snmp-server group SNMP v3 auth access 15]

A. privilege level for an authorized user to this router.
B. access list that identifies the SNMP devices that can access the router.
C. interval in seconds between SNMPv3 authentication attempts.
D. number of possible failed attempts until the SNMPv3 user is locked out.

Answer 101

B

Question 102

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A. multiple context mode
B. user deployment of Layer 3 networks
C. IPv6
D. clustering

Answer 102

B

Question 102

Which networking monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

A. SNMP
B. SMTP
C. syslog
D. model-drive telemetry

Answer 102

D

Question 103

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

A. transparent
B. redirection
C. forward
D. proxy gateway

Answer 103

A

Question 104

An MDM provides which two advantages to an organization with regards to device management? (Choose two)

A. assest inventory management.
B. allowed application management
C. Active Directory group policy management
D. network device management
E. critical device management

Answer 104

AB

Question 105

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A. IP Blacklist Center
B. File Reputation Center
C. AMP Reputation Center
D. IP and Domain Reputation Center

Answer 105

D

Question 106

Under which two circumstances is a CoA Issued? (Choose two)

A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is deleted on the ISE server
C. A new identify Source Sequence is created and referenced in the authentication policy.
D. A new ISE server is added to the deployment with the Administration Persona.

Answer 106

BD

Question 107

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A. To view bandwidth usage for NetFlow records, the Qos feature must be enabled.

B. A sysopt command can be used to enable NSEL on a specific interface

C. NSEL can be sued without a collector configured

D. a flow-export event type must be defined under a policy

Answer 107

D

Question 108

Which benefit does endpoint security provide the overall security posture of an organization?

A. It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C. It allows the organization to detect and respond to threats at the edge of the network.

D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Answer 108

D

Question 109

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

A. Ensure that the client computers are pointing to the on-premises DNS servers.

B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.

C. Add the public IP address that the client comptuers are behind to a Core Identity.

D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Answer 109

D

Question 110

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. STIX
B. XMPP
C. pxGrid
D. SMTP

Answer 110

A

Question 111

When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud for analysis?

A. Spero Analysis
B. dynamic analysis
C. sandbox analysis
D. malware analysis

Answer 111

B

Question 112

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?

A. cloud web services
B. network AMP
C. private cloud
D. public cloud

Answer 112

C

Question 113

Which IPS engine detects ARP spoofing?

A. Atomic ARP Engine
B. Service Generic Engine
C. ARP Inspection Engine
D. AIC Engine

Answer 113

A

Question 114

Which Statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

A. It allows traffic if it does not meet the profile.
B. It defines a traffic baseline for traffic anomaly deduction.
C. It inspects hosts that meet the profile with more intrusion rules.
D. It blocks traffic if it does not meet the profile.

Answer 114

B

Question 115

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System?

A. Port
B. Rule
C. Source
D. Application
E. Protocol

Answer 115

BC

Question 116

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?

A. control
B. Malware
C. URL Filtering
D. protect

Answer 116

D

Question 117

Which policy is used to capture host information on the Cisco Next Generation Intrusion Prevention System?

A. Network discovery
B. correlation
C. intrusion
D. access control

Answer 117

A

Question 117

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

A. health policy
B. system policy
C. correlation policy
D. access control policy
E. health awareness policy

Answer 117

A

Question 118

Which CLI command is used to register a Cisco Firepower sensor to Firepower Management Center?

A. configure system add <host><key>
B. configure manager <key>add host
C. configure manager delete
D. configure manager add <host><key></key></host></key></key></host>

Answer 118

D

Question 119

Which Cisco AMP file disposition valid?

A. pristine
B. malware
C. dirty
D. nonmalicious

Answer 119

B

Question 120

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A. RBAC
B. ETHOS detection engine
C. SPERO detection engine
D. TETRA detection engine

Answer 120

B

Question 121

Which function is the primary function of Cisco AMP threat Grid?

A. automated email encryption
B. applying a real-time URI blacklist
C. automated malware analysis
D. monitoring network traffic

Answer 121

C

Question 122

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two)

A. Malware infects the messenger application on the user endpoint to send company data.
B. Outgoing traffic is allowed so users can communicate with outside organizations.
C. An exposed API for the messaging platform is used to send large amounts of data.
D. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
E. Messenger applications cannot be segmented with standard network controls.

Answer 122

BD

Question 123

How many interfaces per bridge group does an ASA bridge group deployment support?

A. Up to 16
B. Up to 8
C. Up to 4
D. Up to 2

Answer 123

C

Question 124

Which benefit is provided by ensuring that an endpoint is complaint with a posture policy configured in Cisco ISE?

A. It adds endpoints to identify groups dynamically.
B. It verifies that the endpoint has the latest Microsoft security patches installed.
C. It allows the endpoint to authenticate with 802.1x or MAB
D. It allows CoA to be applied if the endpoint status is compliant.

Answer 124

B

Question 125

What is a feature of the open platform capabilities of Cisco DNA Center?

A. Domain integration
B. intent-based API
C. automation adapters
D. application adapters

Answer 125

B

Question 126

Which telemetry data captures variations seen with the flow, such as the packets TTL, IP/TCP flags, and payload length?

A. Process details variation
B. flow insight variation
C. interpacket variation
D. software package variation

Answer 126

C

Question 127

In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two)

A. configure policy-based routing on the network infrastructure.
B. reference a Proxy Auto Config file
C. use Web Cache Communication Protocol
D. configure the proxy IP address in the web-browser settings.
E. configure Active Directory Group Policies to push proxy settings

Answer 127

AC

Question 128

Which form of attack is launched using botnets?

A. virus
B. EIDDOS
C. TCP Flood
D. DDoS

Answer 128

D

Question 129

How is DNS tunneling used to exfiltrate data out of a corporate network?

A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

C. It redirects the DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.

D. It corrupts DNS servers by replacing the actual IP address with a rouge address to collect information or start other attack.

Answer 129

B

Question 130

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

A. Cisco Firepower
B. Cisco Umbrella
C. Cisco Stealthwatch
D. NGIPS

Answer 130

B

Question 131

Which two tasks allow NetFlow on a Cisco ASA 5500 series Firewall? (Choose two)

A. Create an ACL to allow UDP traffic on port 9996

B. Enable Netflow version 9

C. Create a class map to match interesting traffic.

D. Apply Netflow Exporter to the outside interface in the inbound direction

E. Define a NetFlow collector by using the flow-export command

Answer 131

CE

Question 132

What is the difference between FlexVPN and DMVPN?

A. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2.

B. DMVPN uses only IKEv1. FlexVPN uses only IKEv2

C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1

D. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2

Answer 132

D

Question 133

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?

A. multiple context mode
B. transparent mode
C. routed mode
D. multiple zone mode

Answer 133

A

Question 134

Which is the function of the Context Directory Agent?

A. accepts user authentication requests on behalf of Web Security Appliance for user identification.

B. relays user authentication requests from Web Security Appliance to Active Directory

C. maintains users’ group memberships

D. reads the active directory logs to map IP addresses to usernames.

Answer 134

D

Question 135

What is a commonality between DMVPN and FlexVPN technologies?

A. FlexVPN and DMVPN use the same hashing algorithms.

B. IOS routers run the same NHRP code for DMVPN and FlexVPN

C. FlexVPN and DMVPN use the new key management protocol.

D. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes.

Answer 135

B

Question 136

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)

A. eavesdropping

B. denial-of-service attacks

C. ARP spoofing

D. malware

E. exploits

Answer 136

DE

Question 137

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death

B. NTP amplification

C. HTTP flood

D. virus

Answer 137

D

Question 138

What is a characteristic of FIrepower NGIPS inline deployment mode?

A. It cannot take actions such as blocking traffic.

B. ASA with firepower module cannot be deployed.

C. It must have inline interface pairs configured.

D. it is out-of-band from traffic.

Answer 138

C

Question 139

What are two rootkit types? (Choose two)

A. registry
B. bootloader
C. buffer mode
D. user mode
E. virutal

Answer 139

BD

Question 140

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?

A. flow exporter <name>
B. ip flow monitor <name> inpurt
C. ip flow-export destination 1.1.1.1 2055
D. flow-export destination inside 1.1.1.1 2055</name></name>

Answer 140

D

Question 141

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

A. ip device-tracking
B. aaa new-model
C. aaa server radius dynamic-author
D. auth-type all

Answer 141

B

Question 142

REFER TO THE EXHIBIT

What is the result of this Python script of the Cisco DNA Center API?

a. adds authentication to a switch

B. receives information about a switch

C. adds a switch to Cisco DNA Center

D. deletes a switch from Cisco DNA Center

Answer 142

C

Question 143

What are two reasons for implementing a MFA solution such as Duo Security provides to an organization? (Choose two)

A. integration with 802.1x security using native Microsoft Windows supplicant.

B. indentification and correction of application vulnerabilities before allowing access to resources.

C. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications.

D. secure access to on-premise and cloud applications.

E. single sign-on access to on-premises and cloud applications.

Answer 143

CD

Question 144

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A. TLSv1.2
B. TLSv1
C. TLSv1.1
D. DTLSv1

Answer 144

D

Question 145

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

A. Platform Exchange Grid

B. Advanced Malware Protection

C. Multifactor Platform Integration

D. Firepower Threat Defense

Answer 145

A

Question 146

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aws 256 cico0380739941 command and needs to send SNMP information to a host at 10.255.254.1.

Which command achieves this goal?

A. snmp-server host inside 10.255.254.1 snmpv3 myv3

B. snmp-server host inside 10.255.254.1 snmpv3 andy

C. anmp-server host inside 10.255.254.1 version 3 myv3

D. snmp-server host inside 10.255.254.1 version 3 andy

Answer 146

D

Question 147

Which type of attack is social engineering?

A. trojan

B. MITM

C. phishing

D. malware

Answer 147

C

Question 148

Which compliance status is shown when a configured posture policy requirement is not met?

A. unknown

B. authorized

C. compliant

D. noncompliant

Answer 148

D

Question 149

What must be used to share data between multiple security products?

A. Cisco Stealthwatch Cloud

B. Cisco Advanced Malware Protection

C. Cisco Platform Exchange Grid

D. Cisco Rapid Threat Containment

Answer 149

C

Question 150

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?

A. NetFlow
B. DHCP
C. SNMP
D. NMAP

Answer 150

D

Question 151

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A. url

B. profile

C. Terminal

D. selfsigned

Answer 151

B

Question 152

A network engineer is configuring DMVPN and entered the crypto is akmp key cisc0380739941 address 0.0.0.0 command on host A the tunnel is not being established to host B. What action is needed to authenticate the VPN?

A. Enter the same command on host B.

B. Enter the command with a different password on Host B.

C. Change isakmp to ikev2 in the command on host A.

D. Change the password on host A to the default password.

Answer 152

A

Question 153

A network administrator configures Dynamic ARP inspection on a switch. After Dynamic ARP inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

B. DHCP snooping has not been enabled on all VLANs

C. The no ip arp inspection trust command is applied on all user host interfaces.

D. Dynamic ARP inspection has not been enabled on all VLANs.

Answer 153

B

Question 154

REFER TO THE EXHIBIT: What does the API do when connected to a Cisco Security Appliance?

A. Gather network telemetry information from AMP for Endpionts

B. Create an SNMP pull mechanism for managing AMP

C. Get the process and PID information from the computers in the network.

D. Gather the network interface information about the computers AMP see.

Answer 154

D

Question 155

REFER TO THE EXHIBIT: An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate.

Which port configuration is missing?

A. cisp enable
B. dotlx reauthentication
C. authentication open
D. dot1x pae authentication

Answer 155

D

Question 156

REFER TO THE EXHIBIT:

A network administrator configures command authorization for the admm5 user. What is the admin5 user able to do on HQ_Router after this configuration?

A. complete no configurations
B. add subinterfaces
C. complete all configurations
D. set the IP address of an interface.

Answer 156

A

Question 157

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?

A. Configure the Cisco ESA to drop the malicious emails.

B. Configure policies to quarantine malicious emails.

C. Configure policies to stop and reject communication

D. Configure the Cisco ESA to reset the TCP connection.

Answer 157

D

Question 158

What is a key difference between Cisco Firepower and Cisco ASA?

A. Cisco ASA provides access control while Cisco Firepower does not.

B. Cisco Firepower provides identity-based access control while Cisco ASA does not.

C. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D. Cisco ASA provides SSL inspection while Cisco Firepower does not.

Answer 158

C

Question 159

While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two)

A. protocol IDs
B. URLs
C. IP addresses
D. port numbers
E. MAC addresses

Answer 159

BC

Question 160

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications.

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

A. weak passwords for authentication
B. improper file security.
C. software bugs on applications
D. unencrypted links for traffic

Answer 160

D

Question 161

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication.

How will the Cisco ESA handle any files which need analysis?

A. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

B. The file is queued for upload when connectivity is restored.

C. The file upload is abandoned.

D. The ESA immediately makes another attempt to upload the file.

Answer 161

C

Question 162

What are two DDoS attack categories? (Choose two)

A. sequential
B. protocol
C. database
D. volume-based
E. screen-based

Answer 162

BD

Question 163

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A. Multiple NetFlow collectors are supported.

B. Advanced NetFlow v9 and legacy v5 formatting are supported.

C. Flow-create events are delayed.

D. Secure NetFlow connections are optimized for Cisco Prime Infrastructure.

Answer 163

A

Question 164

Which product allows Cisco FMC to push security intelligence observables to its sensors from other products?

A. Encrypted Traffic Analytics
B. Threat Intelligence Director
C. Cognitive Threat Analytics
D. Cisco Talos Intelligence

Answer 164

B

Question 165

An organization has two machines hosting web application. Machine 1 is vulnerable to SQL Injection while Machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to Machine 1 but not Machine 2?

A. sniffing the packets between the two hosts.

B. sending continuous pings

C. overflowing the buffer’s memory

D. inserting malicious commands into the database

Answer 165

D

Question 166

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established.

The solution must be able to block certain applications from being used within the network.

Which product should be used to accomplish this goal?

A. Cisco Firepower
B. Cisco Umbrella
C. ISE
D. AMP

Answer 166

B

Question 167

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network.

What must be configured, based on a predefined threshold, to address this issue?

A. Bridge Protocol Data Unit guard
B. Embedded Event Monitoring
C. Access control lists
D. storm control

Answer 167

D

Question 168

In which situation should an endpoint detection and response solution be chosen versus an Endpoint Protection Platform?

A. when there is a need for traditional anti-malware detection

B. when there is no need to have the solution centrally managed

C. when there is no firewall on the network.

D. when there is a need to have more advanced detection capabilities.

Answer 168

D

Question 169

What is provided by the Secure Hash Algorithm in a VPN?

A Integrity
B. Key Exchange
C. Encryption
D. Authentication

Answer 169

A

Question 170

Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

A. westbound API
B. southbound API
C. northbound API
D. eastbound API

Answer 170

B

Question 171

An Engineer needs behavior analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device.

Which mechanism should the engineer configure to accomplish this goal?

A. mirror port
B. NetFlow
C. Flow
D. VPN flow logs

Answer 171

D

Question 172

What is managed by Cisco Security Manager?

A. Cisco WSA
B. Cisco ASA
C. Cisco WLC
D. Cisco ESA

Answer 172

B

Question 173

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

A. to prevent theft of the endpoints
B. because defense-in-depth stops at the network
C. to expose the endpoint to more threats
D. because human error or insider threats will still exist.

Answer 173

D

Question 174

What is the benefit of installing Cisco AMP for Endpoints on a network?

A. it provides operating system patches on the endpoints for security.

B. it provides flow-based visibility for the endpoints network connections.

C. it protects endpoint systems through application control and real-time scanning.

D. it enables behavioral analysis to be used for the endpoints.

Answer 174

C

Question 175

Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

A. IP and Domain Reputation Center
B. File Reputation Center
C. IP Slock List Center
D. AMP Reputation Center

Answer 175

A

Question 176

An engineer is configuring 802.1x authentication on Cisco Switches in the network and is using CoA as a mechanism.

Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

A. TCP 6514
B. UDP 1700
C. TCP 49
D. UDP 1812

Answer 176

B

Question 177

What is the purpose of the certificate signing request when adding a new certificate for a server?

A. It is the password for the certificate that is needed to install it with.

B. It provides the server information so a certificate can be created and signed.

C. It is the certificate that will be loaded onto the server.

D. It provides the certificate client information so the server can authenticate against it when installing.

Answer 177

B

Question 178

What is the purpose of the My Devices Portal in a Cisco ISE environment?

A. to manage and deploy antivirus definitions and patches on systems owned by the end user.

B. to register new laptops and mobile devices

C. to provision userless and agentless systems.

D. to request a newly provisioned mobile device

Answer 178

B

Question 179

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A. Configure the Cisco WSA to modify policies based on the traffic seen.

B. Configure the Cisco ESA to receive real-time updates from Talos.

C. Configure the Cisco WSA to recieve real-time updates from Talos.

D. Configure the Cisco ESA to modify policies based on the traffic seen.

Answer 179

B

Question 180

What is an attribute of the DevSecOps process?

A. development security
B. isolated security team
C. mandated security controls and check lists.
D. security scanning and theoretical vulnerabilites

Answer 180

A

Question 181

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

A. SYN flood
B. slowloris
C. pharming
D. phishing

Answer 181

A

Question 182

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise.

The company needs to be able to protect sensitive data throughout the full environment.

Which tool should be used to accomplish this goal?

A. Security manager
B. Cloudlock
C. Web Security Appliance
D. Cisco ISE

Answer 182

B

Question 183

Which algorithm provides asymmetric encryption?

A. RC4
B. RSA
C. AES
D. 3DES

Answer 183

B

Question 184

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs?

A. LDAP
B. SDP
C. subordinate CA
D. HTTP
E. SCP

Answer 184

AD

Question 185

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

A. Common Vulnerabilities and Exposures
B. Common Exploits and Vulnerabilites
C. Common Security Exploits
D. Common Vulnerabilites, Exploits, and Threats

Answer 185

A

Question 186

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A. Cisco Cloudlock
B. Cisco Umbrella
C. Cisco AMP
D. Cisco App Dynamics

Answer 186

A

Question 187

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

A. Cisco WiSM
B. Cisco ESA
C. Cisco ISE
D. Cisco Prime Infrastructure

Answer 187

C

Question 188

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network.

Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)

A. permit
B. trust
C. reset
D. allow
E. monitor

Answer 188

BD

Question 189

Which two fields are defined in the NetFlow flow? (Choose two)

A. type of service byte
B. Layer 4 protocol type
C. class of service bits
D. output logical interface
E. destination port

Answer 189

AE

Question 190

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

A. Client computers do not have the Cisco Umbrella Root CA certificate installed.

B. IP-Layer Enforcement is not configured.

C. Intelligent proxy and SSL decryption is disabled in the policy.

D. Client computers do not have an SSL certificate deployed from an internal CA server.

Answer 190

A

Question 191

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing.

Which action should be taken to accomplish this goal?

A. Configure the port using the ip ssh port 22 command.

B. Enable to SSH server using the ip ssh server command.

C. Disable telnet using the no ip telnet command.

D. Generate the RSA key using the crypto key generate rsa command.

Answer 191

D

Question 192

How does DNS tunneling exfiltrate data?

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

B. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.

D. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

Answer 192

A

Question 193

What is the function of SDN southbound API protocols?

A. To enable the controller to make changes
B. to allow for the dynamic configuration of control plane applications
C. to enable the controller to use REST
D. to allow for the static configuration of control plane applications.

Answer 193

A

Question 194

What is a characteristic of a bridge group in ASA Firewall transparent mode?

A. it allows ARP traffic with a single access rule.

B. It is a Layer 3 segment and includes one port and customizable access rules.

C. it includes multiple interfaces and access rules between interfaces are customizable

D. It has an IP address on its BVI interface and is used for management traffic.

Answer 194

C

Question 195

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the ‘Chat and Instant Messaging’ category.

Which reputation score should be selected to accomplish this goal?

A. 1
B. 10
C. 5
D. 3

Answer 195

D

Question 196

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A. Google Cloud Platform
B. RedHat Exterprise Visualization
C. VMWare ESXi
D. Amazon Web Services

Answer 196

D

Question 197

What provides the ability to program and monitor networks from somewhere other than the Cisco DNA Center GUI?

A. NetFLow
B. desktop client
C. ASDM
D. API

Answer 197

D

Question 198

What is a benefit of using Cisco FMC over Cisco ASDM?

A. Cisco FMC uses Java while Cisco ASDM uses HTML5

B. Cisco FMC provides centrailized management while Cisco ASDM does not.

C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

D. Cisco FMC supports all firewall products wheras Cisco ASDM only supports Cisco ASA devices.

Answer 198

B

Question 199

What are two types of managed Intercloud Fabric deployment models? (Choose Two)

A. Public Managed
B. Service Provider Managed
C. Enterprise Managed
D. User managed
E. Hybrid Managed

Answer 199

BC

Question 200

Which type of algorithm provides the highest level of protection against brute-force attacks?

A. PFS
B. HMAC
C. MD5
D. SHA

Answer 200

D

Question 201

Which two aspects of the cloud PaaS model are managed by the customer but not the provider?

A. virtualization
B. middleware
C. operation systems
D. data

Answer 201

DE

Question 202

Which two cryptographic algorithms are used with IPSec? (Choose two)

A. AES-BAC
B. AES-ABC
C. HMAC-SHA1/SHA2
D. Triple AMC-CBC
E. AES-CBC

Answer 202

CE

Question 203

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

A. CoA
B. external identity group
C. posture assessment
D. SNMP probe

Answer 203

A

Question 204

How does Cisco Advanced Phishing Protection protect users?

A. it validates the sender by using DKIM

B. It determines which identifies are perceived by the sender.

C. It uses machine learning and real-time behavior analytics.

D. It utilizes sensors that send messages securely.

Answer 204

C

Question 205

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

A. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.

B. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

C. The Cisco WSA is configured in a web browser only if it is running in transparent mode.

D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E. The Cisco WSA responds with it’s own IP address only if it is running in transparent mode.

Answer 205

BD

Question 206

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

A. PSIRT
B. DEVNET
C. CSIRT
D. Talos

Answer 206

D

Question 207

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A. LDAP Injection

B. cross-site scripting

C. man-in-the-middle

D. insecure API

Answer 207

C

Question 208

REFER TO THE EXHIBIT:

Which type of authentication is in use?

A. LDAP authentication for Microsoft Outlook
B. POP3 authentication
C. SMTP relay server authentication
D. external user and relay mail authentication

Answer 208

A

Question 209

What are two benefits of Flexible NetFlow records? (Choose two)

A. They provide attack prevention by dropping the traffic.

B. They allow the user to configure flow information to perform customized traffic identification.

C. They provide accounting and billing enhancements.

D. They provide monitoring of a wider range of IP packet information from Layer 2 to 4.

E. They converge multiple accounting technologies into one accounting mechanism.

Answer 209

BE

Question 210

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence.

The information gained from the phishing attack was a result of users visiting known malicious websites.

What must be done in order to prevent this from happening in the future?

A. Modify an access policy
B. Modify identification profiles.
C. Modify outbound malware scanning policies
D. Modify web proxy settings

Answer 210

D

Question 211

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients.

What must be done on the Cisco ESA to accomplish this goal?

A. Use Bounce Varification
B. Configure incoming content filters.
C. Bypass LDAP access queries in the recipient access table.
D. Configure Directory Harvest Attack Prevention

Answer 211

D

Question 212

DRAG AND DROP

‘Asymmetric vs Symetric’

Choices:

Requires secret keys
Requires more time
Diffie-Hellman exchange
3DES

Answer 212

ASYM - Requires More Time & Diffle-Helleman

Question 213

DRAG AND DROP

‘Threats and Examples’

DoS
Insecure APIs
Data Breach
Compromised Credentials

Answer 213

DDos - Application Attack
Insecure APIs - Malicious User
Data Breach - Stolen customer credential
Comprised Credential - Phishing Site

Question 214

DRAG AND DROP

‘VPN Functions

RSA
AES
SHA-1
ISAKMP

‘ensures data integrity’
‘defines IKE SAs’
‘ensures data confidentiality’
‘provides authentication’

Answer 214

RSA - Provides Authentication
AES - Data Confidentialy
SHA-1 - Data Integrity
ISAKMP - Defines IKE SAs

Question 215

What is a difference between DMVPN and sVTI?

A DMVPN supports tunnel encryptions, whereas sVTI does not.

B. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C. DMVPN supports static tunnel establishment, whereas sVTI does not.

D. DMVPN provides interoperability with other vendors, whereas sVTI does not.

Answer 215

B

Question 216

What are two functions of secret key cryptography? (Choose Two)

A. key selection without integer factorization

B. utilization of different keys for encryption and decryption

C. utilization of large prime number iterations.

D. utilization of less memory

E. provides the capability to only know the key on one side.

Answer 216

AD

Question 217

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A. westbound API
B. southbound API
C. northbound API
D. eastbound API

Answer 217

C

Question 218

Which type of protection encrypts RSA keys when they are exported and imported?

A. file
B. passphrase
C. NGE
D. nonexportable

Answer 218

B

Question 219

Which attack type attempts to shut down a machine or network so that users are not able to access it?

A. IP Spoofing
B. bluesnarfing
C. MAC spoofing
D. smurf

Answer 219

D

Question 220

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

A. need to reestablish with stateful failover and preserved with stateless failover.

B. need to be reestablished with both stateful and stateless failover.

C. preserved with both stateful and stateless failover

D. perserved with stateful failover and need to be restablished with stateless failover.

Answer 220

D

Question 221

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?

A. Multiple Vendors or VRFs are required.

B. Traffic is distributed statically by default.

C. Floating static routes are required.

D. HSRP is used for failover

Answer 221

B

Question 222

What features does Cisco FTDv provide over Cisco ASAv?

A. Cisco FTDv runs on VMWare while ASAv does not.

B. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not.

C. Cisco FTDv supports URL filtering while ASAv does not

D. Cisco FTDv run on AWS while ASAv does not.

Answer 222

C

Question 223

An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?

A. missing encryption
B. lack of file permission
C. weak passwords
D. lack of input validation

Answer 223

C

Question 224

Which DDoS attack uses fragmented packets in an attempt to crash a target machine?

A. teardrop
B. MITM
C. smurf
D. LAND

Answer 224

A

Question 225

What is a function of 3DES in reference to cryptography?

A. it encrypts traffic
B. it creates one-time use passwords
C. it hashes files
D. it generates private keys

Answer 225

A

Question 226

DRAG AND DROP

‘Deployment Models’

Routed
Passive
Passive with ERSPAN
Transparent

1.) A GRE Tunnel is utilized in this solution.
2.) This solution allows inspection between hosts on the same subnet
3.) Attacks are not prevented with this solution.
4.) This solution does not provide filtering between hosts on the same subnet.

Answer 226

1. ) Passive
2. ) Transparent
   3.) passive
   4.) routed

Question 227

Which risk is created when using an internet browser to access cloud-based service?

A. misconfiguration of infra, which allows unauthorized access.
B. intermittent connection to the cloud connectors
C. vulnerabilities within protocol
D. insecure implementation of API

Answer 227

C

Question 228

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict.

During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

A. The policy was created to send a message to quarantine instead of drop

B. The file has a reputation score that is above the threshold

C. The file has a reputation score that is below the threshold

D. the policy was created to disable file analysis.

Answer 228

C

Question 229

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

A. NetFlow
B. Packet Tracer
C. Network Discovery
D. Access Control

Answer 229

C

Question 230

Which attack is preventable by Cisco ESA but not by Cisco WSA?

A. buffer overflow
B. DoS
C. SQL injection
D. phishing

Answer 230

D

Question 231

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose Two)

A. Use outbreak filters from SenderBase
B. Enable a message tracking service
C. Configure a recipient access table.
D. Deploy the Cisco ESA in the DMZ
E. Scan quarantined emails using AntiVirus signatures

Answer 231

AE

Question 232

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A. service management
B. centralized management
C. application management
D. distributed management

Answer 232

B

Question 233

In an IaaS cloud services model, which security function is the provider responsible for managing?

A. internet proxy
B. Firewalling virtual machines
C. CASB
D. hypervisor OS hardening

Answer 233

D

Question 234

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

A. Use MAB with profiling
B. Use MAB with posture assessment
C. Use 802.1x with posture assessment
D. Use 802.1x with profiling

Answer 234

A

Question 235

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authention-key 1 md5 Cisco392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so.

Which command is required to enable the client to accept the server’s authentication key?

A. ntp peer 1.1.1.1 key 1
B. ntp server 1.1.1.1 key 1
C. ntp server 1.1.1.2 key 1
D. ntp peer 1.1.1.2 key 1

Answer 235

B

Question 236

What is the role of an endpoint in protecting a user from a phishing attack?

A. Use Cisco Stealthwatch and CIsco ISE integration.

B. Utilize 802.1x network security to ensure unauthorized access to resources.

C. Use machine learning models to help identify anomalies and determine expected sending behavior.

D. Ensure that antivirus and antimalware software is up to date.

Answer 236

C

Question 237

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

A. Set content settings to high
B. Configure the intelligent proxy
C. Use destination block lists.
D. Configure application block lists.

Answer 237

B

Question 238

With which components does a southbound API within a software-defined network architecture communicate?

A. controllers within the network.
B. applications
C. appliances
D. devices such as routers and switches.

Answer 238

D

Question 239

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

A. Network Discovery policy to receive data from the host.

B. Threat Intelligence policy to download the data from the host.

C. File Analysis policy to send file data into Cisco Firepower.

D. Network Analysis policy to receive NetFlow data from the host.

Answer 239

A

Question 240

When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

A. They key server that is managing the keys for the connection will be at 1.2.3.4

B. The remote connection will only be allowed from 1.2.3.4.

C. The address that will be used as the crypto validation authority.

D. All IP addresses other than 1.2.3.4 will be allowed

Answer 240

B

Question 241

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A. file access from a different user.
B. interesting file access.
C. user login suspicious behavior
D. privilege escalation

Answer 241

A

Question 242

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two).

A. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after preconfigured interval.

B. Use EEM to have the ports return to service automatically in less than 300 seconds.

C. Enter the shutdown and no shutdown commands on the interfaces.

D. Enable the snmp-server enable traps command and wait 300 seconds.

E. Ensure that interfaces are configured with the error-disable detection and recovery feature.

Answer 242

CE

Question 243

What is the difference between Cross-site scripting and SQL injection attacks?

A. Cross-site scripting is an attack where code is injected into a database, whereas SQL injection is an attack where code is injected into a browser.

B. Cross-site scripting is a brute force attack targeting remote sites, where SQL Injection is a social engineering attack.

C. Cross-site scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

D. Cross-site scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Answer 243

D

Question 244

A network administrator is configuring a switch to use Cisco ISE for 802.1x. An endpoint is failing authentication and is unable to access the network.

Where should the administrator begin troubleshooting to verify the authentication details?

A. Adaptive Network Control Policy List
B. Context Visibility
C. Accounting Reports
D. RADIUS Live Logs

Answer 244

D

Question 245

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

A. Place the Cisco ISE server and the AD server in the same subnet.

B. Configure a common administrator account.

C. Configure a common DNS server

D. Synchronize the clocks of the Cisco ISE server and the AD server

Answer 245

D

Question 246

An organization recently installed a Cisco WSA and would liek to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

A. Use security services to configure the traffic monitor.
B. User URL categorization to prevent the application traffic.
C. Use an access policy group to configure application control settings.
D. Use web security reporting to validate engine functionality.

Answer 246

C

Question 247

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

A. BYOD on boarding
B. Simple Certificate Enrollment Protocol
C. Client provisioning
D. MAC authentication bypass

Answer 247

A

Question 248

REFER TO THE EXHIBIT:

What will happen when this Python script is run?

A. The compromised computers and malware trajectories will be received from Cisco AMP.

B. The list of computers and their current vulnerabilities will be received from Cisco AMP.

C. The compromised computers and what compromised them will be received from Cisco AMP.

D. The list of computers, policies, and connector statuses will be received from Cisco AMP.

Answer 248

D

Question 249

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance.

Which product should be used to meet these requirements?

A. Cisco Umbrella
B. Cisco AMP
C. Cisco Stealthwatch
D. Cisco Tetration

Answer 249

D

Question 250

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

A. With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it.

B. With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C. With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud based solution, the provider is responsible for it.

Answer 250

D

Question 251

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A. consumption
B. sharing
C. analysis
D. authoring

Answer 251

A

Question 252

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud.

B. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud.

C. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud.

D. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Answer 252

D

Question 253

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

A. Ethos Engine to perform fuzzy fingerprinting
B. Tetra Engine to detect malware when we endpoint is connected to the cloud.
C. Claim AV Engine to preform email scanning
D. Spero Engine with machine learning to perform dynamic analysis

Answer 253

A

Question 254

What are two characteristics of Cisco DNA Center APIs? (Choose two)

A. Postman is required to utilize Cisco DNA Center API calls.
B. They do not support Python scripts
C. They are Cisco proprietary.
D. They quickly provision new devices.
E. They view the overall health of the network.

Answer 254

DE

Question 255

What is a benefit of conducting device compliance checks?

A. It indicates what type of operating system is connecting to the network.

B. It validates if anti-virus software is installed.

C. It scans endpoints to determine if malicious activity is taking place.

D. It detects email phishing attacks

Answer 255

B

Question 256

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A. It allows multiple security products to share information and work together to enhance security posture in the network.

B. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D. It integrates with third-party products to provide better visibility throughout the network.

E. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID)

Answer 256

CE

Question 257

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?

A. It forwards the packet without validation

B. It forwards the packet after validation by using the MAC Binding Table

C. It drops the packet after validation by using the IP & MAC Binding Table

D. It drops the packet without validation

Answer 257

A

Question 258

An Administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped.

How would this be accomplished?

A. Set a trusted interface for the DHCP server.

B. Set the DHCP snooping bit to 1

C. Add entries in the DHCP snooping database

D. Enable ARP inspection for the required VLAN

Answer 258

A

Question 259

REFER TO THE EXHIBIT

What will happen when the Python Script is executed?

A. The hostname will be translated to an IP address and printed

B. The hostname will be printed for the client in the client ID field.

C. The script will pull all computer hostnames and print them.

D. The script will translate the IP address to FQDN and print it.

Answer 259

C

Question 260

REFER TO THE EXHIBIT

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA Authentication using machine certificates. Which configuration item must be modified to allow this?

A Group Policy

B. Method

C. SAML. Server

D. DHCP Servers

Answer 260

B

Question 261

An engineer has been tasked with implementing a solution that can leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco dcloud native CASB and cloud cybersecurity platform. What should be used to meet these requirements?

A. Cisco Umbrella

B. Cisco Cloud Email Security

C. Cisco MGFW

D. Cisco Cloudlock

Answer 261

D

Question 262

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?

A. SIEM

B. CASB

C. Adaptive MFA

D. Cisco Cloudlock

Answer 262

D

Question 263

Why is it important to implement MFA inside of an organization?

A. To prevent man-in-the-middle attacks from being successful.

B. To prevent DoS attacks from being successful

C. To prevent brute force attacks from being successful.

D. To prevent phishing attacks from being successful.

Answer 263

C

Question 264

A Network administrator is configuring SNMPv3 on a new router. The users have already been created, however, an additional configuration is needed to facilitate access to the SNMP views.

What must the administrator do to accomplish this?

A. map SNMPv3 users to SNMP views

B. set the password to be used for SNMPv3 authentication.

C. Define the encryption algorithm to be used by SNMPv3

D. Specify the UDP port used by SNMP.

Answer 264

A

Question 265

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs centrally managed cloud policies across these platforms.

Which software should be used to accomplish this goal?

A. Cisco Defense Orchestrator

B. Cisco Secureworks

C. Cisco DNA Center

D. Cisco Configuration Professional.

Answer 265

A

Question 266

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24.

Which command on the hub will allow the administrator to accomplish this?

A. crypto ca identity 172.19.20.24

B. crypto isakmp key Cisco023456789 172.19.20.24

C. crypto enrollment peer address 172.19.20.24

D. crypto isakmp idenitity address 172.19.20.24

Answer 266

B

Question 267

DRAG AND DROP

Netflow Export formats from left, onto the descriptions on the right.

Version 1
Version 5
Version 8
Version 9

a.) appropriate only for legacy systems

b.) appropriate only for the main cache

c.) introduced extensibility

d.) introduced support for aggregation caches

Answer 267

Version 1 = Appropriate only for legacy systems.

Version 5 = Appropriate only for the main cache

Version 8 = Introduced support for aggregation caches.

Version 9 = Introduced extensibility

Question 268

REFER TO THE EXHIBIT

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A. configure manager add DONTRESOLVE <registration></registration>

B. configure manager add <FMC> <registration> 16</registration></FMC>

C. configure manager add DONTRESOLVE <registration> FTD123</registration>

D. configure manager add <FMC> < registration key></FMC>

Answer 268

D

Question 269

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation.

Which actions must be performed in order to provide this capability?

A. quarantine and alter the subject header with a DLP violation.

B. deliver and add disclaimer text

C. deliver and send copies to other recipients

D. quarantine and send a DLP violation notification.

Answer 269

D

Question 270

Where are individual sites specified to be black listed in Cisco Umbrella?

A. application settings

B. content categories

C. destination lists

D. security settings

Answer 270

C

Question 271

DRAG AND DROP

Common security threat with definitions on right.

phishing
botnet
spam
worm

a. a software program that copies itself from one computer to antoerh, without human interaction.

b. unwanted messages in an email inbox

c. group of computers connected

d. fradulent attempts by cyber criminals to obtain private information.

Answer 271

Worm - A
Spam - B
Botnet - C
Phishing - D

Question 272

What is the purpose of a NetFlow version 9 template record?

A. it specifies the data format of NetFlow processes.

B. It provides a standardized set of information about an IP flow.

C. it defines the format of data records.

D. It serves as a unique identification number to distinguish individual data records.

Answer 272

C

Question 273

What is the purpose of CA in a PKI?

A. to create the private key for a digital certificate.

B. to validate the authenticity of a digital certificate.

C. to issue and revoke digital certificates.

D. to certify the ownership of a public key by the named subject.

Answer 273

C

Question 274

When choosing an algorithm to use what should be considered about Diffie Hellaman and RSA for key establishment?

A. RSA is an asymmetric key establishment algorithm intended to output symmetric keys.

B. DH is a symmetric key establishment algorithm intended to output asymmetric keys.

C. DH is an asymmetric key establishment algorithm intended to output symmetric keys.

D. RSA is a symmetric key establishment algorithm intended to output asymmetric keys.

Answer 274

C

Question 275

Which category includes DoS Attacks?

A. virus attacks
B. trojan attacks
C. flood attacks
D. phishing attacks

Answer 275

C

Question 276

Which service allows a user export application usage and performances statistics with Cisco Application Visibility and control?

A. SNORT
B. 802.1x
C. SNMP
D. NetFlow

Answer 276

D

Question 277

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS Policies, and update software versions on switches?

A. Integration
B. event
C. intent
D. multivender

Answer 277

C

Question 278

Which parameter is required when configuring a Netflow exporter on a Cisco Router?

A. DSCP value
B. exporter name
C. source interface
D. exporter description

Answer 278

B

Question 279

What are two advantages of using Cisco AnyConnect over DMVPN? (Choose two)

A. It provides spoke-to-spoke communications without traversing the hub.

B. It allows diferent routing protocols to work over the tunnel.

C. It allows customization of access policies based on user identity.

D. IT allows multiple sites to connect to the data center.

E. It enables VPN access for individual users from their machines.

Answer 279

CE

Question 280

A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?

A. DMVPN because it supports IKEv2 and FlexVPN does not.

B. FlexVPN because it supports IKEv2 and DMVPN does not.

C. FlexVPN because it uses multiple SAs and DMVPN does not.

D. DMVPN because it uses multiple SAs and FlexVPN does not.

Answer 280

C

Question 281

Which algorithm is an NGE hash function?

A. HMAC
B. SHA-1
C. MD5
D. SHA-2

Answer 281

D

Question 282

What is a capability of Cisco ASA Netflow?

A. It sends Netflow data records from active and standby ASAs in an active standby failover pair.

B. It filters NSEL events based on traffic.

C. It logs all event types only to the same collector.

D. It generates NSEL events even if they MPF is not configured.

Answer 282

B

Question 283

Which type of encryption uses a public key and private key?

A. asymmetric
B. symmetric
C. linear
D. nonlinear

Answer 283

A

Question 284

What are two Trojan malware attacks? (Choose Two)

A. rootkit
B. frontdoor
C. smurf
D. backdoor
E. sync

Answer 284

AD

Question 285

Which two capabilities of integration APIs are utilized with Cisco DNA Center? (Choose Two)

A. Application monitors for power utilization of devices and IoT Sensors.

B. Upgrade software on switches and routers.

C. Automatically deploy new virtual routers.

D. Connect to Information Technology Service Management Platforms.

E. Create new SSIDs on a wireless LAN controller

Answer 285

AD

Question 286

An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal?

A. AES-192
B. IKEv1
C. AES-256
D. ESP

Answer 286

D

Question 287

What are two features of NetFlow flow monitoring? (Choose two)

A. Copies all ingress flow information to an interface.

B. Include the flow record and the flow importer

C. Can track ingress and egress information

D. Can be used to track mutlicast, MPLS, or bridged traffic.

E. Does not require packet sampling on interfaces

Answer 287

CD

Question 288

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

A. ESP
B. AH
C. IKEv1
D. IKEv2

Answer 288

A

Question 289

What is a benefit of performing device compliance?

A. providing multi-factor authentication

B. device classification and authorization

C. providing attribute-drive policies

D. verification of the latest OS patches

Answer 289

D

Question 290

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

A. to ensure that assets are secure from malicious links on and off the corporate network

B. to protect the endpoint against malicious file transfers

C. to establish secure VPN connectivity to the corporate network.

D. To enforce posture compliance and mandatory software.

Answer 290

A

Question 291

A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?

A. Create an IP block list for the website from which the file was downloaded.

B. Block the application that the file was using to open.

C. Upload the hash for the file into the policy

D. Send the file to Cisco Threat Grid for dynamic analysis.

Answer 291

C

Question 292

A network engineer must monitor user and device behavior within the on-premise network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement using the Ubuntu-Based vM appliance deployed in a VMWare-based hypervisor?

A. Configure a Cisco FMC to send syslogs to Cisco Stealwatch Cloud.

B. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

C. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

D. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

Answer 292

D

Question 293

What is a difference between a DoS Attack and DDoS Attack?

A. A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets.

B. A DoS Attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN.

C. A DoS attack is hwere a computer is used to flood a server with TCP and UDP packets, whereas a DDoS attack is where mutliple systems target a single system with a DoS Attack.

D. A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoD attack is where a computer is used to flood a server with UDP packets.

Answer 293

C

Question 294

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

A. Implement pre-filter policies for the CIP preprocessor.

B. Enable traffic analysis in the Cisco FTD

C. Configure Intrusion rules for the DNP2 preprocessor.

D. Modify the access control policy to trust the industrial traffic.

Answer 294

C

Question 295

What is the benefit of integrating Cisco ISE with a MDM solution?

A. It provides the ability to update after applications on the mobile device.

B. It provides compliance checks for access to the network.

C. It provides the ability to add applications to the mobile device through Cisco ISE

D. It provides network device administration access

Answer 295

B

Question 296

REFER TO THE EXHIBIT:

A network engineer is testing NTP authentication and realizes that synchronizes time with this router and that NTP authentication is not enforced.

What is the cause of this issue?

‘ntp authentication-key 10 md5 Cisco123
ntp trusted-key 10’

A. The hashing algorithm that was used was MD5 which is unsupported.

B. The key was configured in plain text

C. NTP authentication is not enabled.

D. The router was not rebooted after the NTP configuration updated.

Answer 296

C

Question 297

Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?

A. audio
B. mandatory
C. optional
D. Visibility

Answer 297

B

Question 298

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen, however the attributes for CDP or DHCP are not.

What should the administrator do to address this issue?

A. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE.

B. Configure the device sensor feature within the switch to send the appropriate protocol information.

C. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.

D. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect.

Answer 298

B

Question 299

What is a functional difference between a Cisco ASA and Cisco IOS router with Zone-Based Policy Firewall?

A. The Cisco IOS router with Zone-based policy firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing traffic until rules are added.

B. The Cisco IOS router with Zone-based policy firewall can be configured for high availability, whereas the Cisco ASA cannot.

C. The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot.

D. The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based policy firewall starts out by allowing all traffic , even on untrusted interfaces.

Answer 299

A

Question 300

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy.

What should be done in order to support this?

A. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy.

B. Make the priority for the new policy 5 and the primary policy 1.

C. Change the encryption to AES* to support all AES algorithms in the primary policy.

D. Make the priority for the primary policy 10 and the new policy 1

Answer 300

B

Question 301

Which cloud model is a collaborative effort where infrastructure is shared and jointly assessed by several organizations from a specific group?

A. private
B. hybrid
C. community
D. public

Answer 301

C

Question 302

A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode.

Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

A. Transport mode
B. Forward file.
C. PAC file
D. Bridge mode

Answer 302

C

Question 303

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communication s on the network and must be changed. What must be done to ensure that all device can communicate together?

A. Set the sftunnel to go through the Cisco FTD

B. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices.

C. Set the sftunnel port to 8305

D. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.

Answer 303

D

Question 304

REFER TO THE EXHIBIT:

What does the Python Script Accomplish?

A. it lists the LDAP users from the external identity store configured on Cisco ISE.

B. it authenticates to a Cisco ISE server using the username of ersad

C. it allows authentication with TLSv1 SSL protocol

D. it authenticates to a Cisco ISE with an SSH connection.

Answer 304

B

Question 305

Which component of Cisco Umbrella architecture increases reliability of the service?

A. Anycast IP
B. AMP Threat Grid
C. Cisco Talos
D. BGP route reflector

Answer 305

A

Question 306

An organization wants to use Cisco FTD or Cisco ASA deicces Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy.

Which solution should be used to meet this requirement?

A. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not.

B. Cisco ASA because it includes URL filtering in the access control policy capabilities whereas Cisco FTD does not.

C. Cisco FTD because it includes URL filtering in the access control policy capabilities whereas the Cisco ASA does not.

D. Cisco FTD because it enables URL filtering and block malicious URLs by deafult, wheras Cisco ASA does not.

Answer 306

C

Question 307

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

A. malware installation
B. command-and-control communication
C. network footprinting
D. data exfiltration

Answer 307

B

Question 308

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

A. orchestration
B. CI/CD pipeline
C. container
D. security

Answer 308

B

Question 309

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs.

Which solution meets the needs of the organization?

A. Cisco FMC
B. CSM
C. Cisco FDM
D. CDO

Answer 309

A

Question 310

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done to the Cisco WSA to support these requirements?

A. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device.

B. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device.

C. Use the Layer 4 setting in teh Cisco WSA to receive explicit forward requests from the network device.

D. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA.

Answer 310

A

Question 311

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but sees only the requests from its public IP addresses instead of each internal IP address. What must be done to resolve this issue?

A. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.

B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard.

C. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard.

D. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains.

Answer 311

A

Question 312

An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

A. virtual routing and forwarding

B. microsegmentation

C. access control policy

D. virtual LAN

Answer 312

B

Question 313

An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?

A. It can grant 3rd party SIEM integrations write access to the S3 bucket.

B. Data can be stored offline for 30 days

C. No other applications except Cisco Umbrella can write to the S3 bucket.

D. It is included in the license cost for the multi-org console of Cisco Umbrella.

Answer 313

A

Question 314

How does Cisco Workload Optimization Manager help mitigate application performance issues?

A. It deploys an AWS Lambda system.

B. It automates resources resizing

C. It optimizes a flow path.

D. it sets up a workload forensic score

Answer 314

B

Question 315

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the has is not 64 characters and is non-zero. What is the issue?

A. The hash being uploaded is part of a set in an incorrect format.

B. The file being uploaded is incompatible with simple detections and must use advanced detections.

C. The engineer is attempting to upload a has created using MD5 instead of SHA-256

D. The engineer is attempting to upload a file instead of a hash?

Answer 315

C

Question 316

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

A. Telemetry uses a pull, method which makes it more reliable than SNMP.

B. Telemetry uses push and pull, which makes it more scalable than SNMP.

C. Telemetry uses a push method which makes it faster than SNMP.

D. Telemetry uses push and pull which makes it more secure than SNMP

Answer 316

C

Question 317

An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network.

Which solution meets these requirements?

A. Cisco Umbrella Cloud
B. Cisco Stealthwatch Cloud PNM
C. Cisco Stealthwatch Cloud PCM
D. CIsco Umbrella On-Premises

Answer 317

B

Question 318

What is a difference between GETVPN and IPsec?

A. GETVPN provides key management and security association management.

B. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub.

C. GETVPN is based on IKEv2 and does not support IKEv1

D. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices.

Answer 318

B

Question 319

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices.

What should be done to ensure that all subdomains of domain.com are blocked?

A. Configure the *.com address in the block list.

B. Configure the *.domain.com address in the block list.

C. Configure the *domain.com address in the block list.

D. Configure the domain.com address in the block list.

Answer 319

D

Question 320

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based on operate as a cloud-native CASB. Which solution must be used for this implementation?

A. Cisco Firepower Next-Generation Firewall.

B. Cisco Cloud Email Security

C. Cisco Umbrella

D. Cisco Cloudlock

Answer 320

D

Question 321

Which attribute has the ability to change during the RADIUS CoA?

A. NTP
B. authorization
C. accessibility
D. membership

Answer 321

B

Question 322

What is a difference between an XSS attack and an SQL injection attack?

A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications.

B. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.

C. SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

D. XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them.

Answer 322

C

Question 323

Which VMWare platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

A. VMware APIC
B. VMwarevRealize
C. VMware fusion
D. VMware Horizons

Answer 323

B

Question 324

REFER TO THE EXHIBIT: How does Cisco Umbrella manage traffic that is directed toward risky domains?

A. Traffic is managed by the application setting, unhandled and allowed.

B. Traffic is allowed by logged.

C. Traffic is managed by the security settings and blocked.

D. Traffic is proxied through the intelligent proxy.

Answer 324

C

Question 325

DRAG AND DROP

BLUE:
Cloud Data Protection
Cloud Security Strategy
Cloud Security Architecture
User Entity

YELLOW:
Review the Security posture of documents

Conduct whiteboarding sessions

Experts educate customer

Examine how users are provisioned

Answer 325

Cloud Data Protection - Review Security Posture

Cloud Security Architecture - Conduct Whiteboarding

Cloud Security Strategy - Experts Educate

User Entity - Examine how users provisioned

Question 326

REFER TO THE EXHIBIT:

A Cisco ISE administrator adds a new switch to 802.1x deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials; however, printers and video cameras cannot. Based on the interface configuration provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls?

A. Change the default policy in Cisco ISE to allow all devices not using machine authentication.

B. Enable insecure protocols within Cisco ISE in the allowed protocols configuration.

C. Configure authentication event fail retry 2 action authroize vlan 41on the interface.

D. Add mab to the interface configuration

Answer 326

D

Question 327

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.

B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface.

C. RADIUS requests are generated only by a router if a RADIUS source interface is defined.

D. Encrypted RADIUS authentication requires the RADIUS source interface be defined.

Answer 327

A

Question 328

An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 CIsco427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source.

What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?

A. ntp server 192.168.1.110 primary key 1

B. ntp peer 192.168.1.110 prefer key 1

C. ntp server 192.168.1.110 key 1 prefer

D. ntp peer 192.168.1.110 key 1 primary

Answer 328

C

Question 329

What does endpoint isolation in Cisco AMP for Endpoints security protect from?

A. An infection spreading across the LDAP or Active Directory domain from a user account

B. a malware spreading across the user device.

C. an infection spreading across the network.

D. a malware spreading across the LDAP or Active Directory domain from a user account.

Answer 329

C

Question 330

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

A. SDLC

B. Docker

C. Lambda

D. Contiv

Answer 330

D

Question 331

Which feature is leveraged by advanced antimalware capabilities to be an effective endpoint protection platform?

A. big data

B. storm centers

C. sandboxing

D. blocklisting

Answer 331

C

Question 332

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead.

Which solution meets these requirements?

A. Cisco Stealthwatch Cloud
B. Cisco Umbrella
C. NetFlow Collectors
D. Cisco Cloudlock

Answer 332

A

Question 333

What is the difference between a vulnerability and an exploit?

A. A vulnerability is a hypothetical event for an attacker to exploit.

B. A vulnerability is a weakness that can be exploited by an attacker.

C. An exploit is a weakness that can cause a vulnerability in the network.

D. An exploit is a hypothetical event that causes a vulnerability in the network.

Answer 333

B

Question 334

Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find pattern on threats. Which term describes this process?

A. deployment
B. consumption
C. authoring
D. sharing

Answer 334

D

Question 335

An engineer is configuring their router to send NetFlow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealtwatch406143794 command. Which additional command is required to complete the flow record?

A. transport udp 2055
B. match ipv4 ttl
C. cache timeout active 60
D. destination 1.1.1.1

Answer 335

B

Question 336

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

A. Tetration
B. ISE
C. AMP
D. AnyConnect

Answer 336

A

Question 337

How is data sent out to the attacker during a DNS tunneling attack?

A. as part of the UDP/53 packet payload

B. as part of the domain name.

C. as part of the TCP/53 packet header

D. as part of the DNS response packet

Answer 337

A

Question 338

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.

B. Install and configure the Cisco DUO authentication proxy and configure the identity source sequence within Cisco ISE.

C. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

D. Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE.

Answer 338

B

Question 339

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?

A. The admin must upload the file instead of the has for Cisco AMP to use.

B. The MD5 hash uploaded to the simple detection policy is in the incorrect format.

C. The APK must be uploaded for the application that the detection is intended.

D. Detections for MD5 signatures must be configured in the advanced custom detection policies.

Answer 339

D

Question 340

An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems.

Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?

A. Platform as a Service because the customer manages the operating system.

B. Infrastructure as a Service because the customer manages the operating system.

C. Platform as a Service because the service provider manages the operating system.

D. Infrastructure as a Service because the service provider manages the operating system.

Answer 340

C

Question 341

An administrator is adding a new Cisco ISE node to an existing deployment.

What must be done to ensure that the addition of the node will be successful when inputting the FQDN?

A. Change the IP address of the new Cisco ISE node to the same network as the others.

B. Make the new Cisco ISE node a secondary PAN before registering it with the primary.

C. Open port 8905 on the firewall between the Cisco ISE nodes.

D. Add the DNS entry for the new Cisco ISE node into the DNS service.

Answer 341

D

Question 342

REFER TO THE EXHIBIT:

What will occur when this device tries to connect to the port?

A. 802.1x will not work, but MAB will start and allow the device on the network.

B. 802.1x will not work and the device will not be allowed network access.

C. 802.1x will work and the device will be allowed on the network.

D. 802.1x and MAB will both be used and ISE can use policy to determine the access level.

Answer 342

C

Question 343

A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access. The Cisco ESA must also join a cluster machine using preshared keys. What must be configured to meet these requirements.

A. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.

B. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI.

C. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI.

D. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI

Answer 343

A

Question 344

Which portion of the network do EPP solutions solely focus on and EDR solutions do not?

A. server farm
B. perimeter
C. core
D. East-West gateways

Answer 344

B

Question 345

REFER TO THE EXHIBIT:

An engineer is implementing a certificate based VPN. What is the result of the existing configuration?

A. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.

B. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully.

C. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER

D. The OU of the IKEv2 peer certificate is set MANGLER

Answer 345

A

Question 346

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not.

B. Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C. URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA.

D. Content scanning for SaaS Cloud applications is available through Cisco CWS and not available through Cisco WSA.

Answer 346

A

Question 347

What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?

A. trusted automated exchange
B. Indicators of Compromise
C. The Exploit Database
D. Threat Intelligence

Answer 347

D

Question 348

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose Two).

A. Configure Cisco ACI to ingest AWS information.
B. Configure Cisco ThousandEyes to ingest AWS information.
C. Send syslog from AWS to Cisco Stealthwatch Cloud.
D. Send VPC flow logs to Cisco Stealtwatch Cloud.
E. Configure Cisco Stealthwatch Cloud to ingest AWS information.

Answer 348

DE

Question 349

What is the function of the ‘crypto isakmp key cisco123456789 address 192.168.50.1 255.255.255.255’ command when establishing an IPsec VPN tunnel?

A. It defines the data destined to 192.168.50.1 is going to be encrypted.

B. It configures the pre-shared authentication key for host 192.168.50.1

C. It prevents 192.168.50.1 from connecting to the VPN server.

D. It configures the local address for the VPN server 192.168.50.1

Answer 349

B

Question 350

Question 362