Questions Flashcards
What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose Two)
A. Blocked ports
B. Simple Custom Detections
C. Command and Control
D. Allowed Applications
E. URL
BD
Which command enables 802.1x globally on a Cisco switch?
A. dot1x system-auth-control
B. dot1x pae authenticator
C. authentication port-control auto
D. aaa new-model
A
What is the function of Cisco Cloudlock for data security?
A. DLP
B. Controls malicious cloud apps.
C. Detects anomalies
D. User and entity behavior analytics
A
For which two conditions can an Endpoint be checked using ISE posture assessment?
A. Computer Identity
B. Windows Service
C. User Identity
D. Windows Firewall
E. Default Browser
BD
What is a characteristic of Dynamic ARP Inspection?
DAI determines the validity of an ARP packet based on Valid IP
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?
A. NGFW
B. AMP
C. WSA
D. ESA
B
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A. Application Settings
B. Content Categories
C. Security Settings
D. Destination Lists
D
Which statement about IOS zone-based Firewalls is true?
A. An unassigned interface can communicate with assigned interfaces.
B. Only one interface can be assigned to a zone.
C. An interface can be assigned to multiple zones
D. An interface can be assigned only to one zone.
D
Which two activities can be done use Cisco DNA Center? (Choose Two)
A. DHCP
B. design
C. Accounting
D. DNS
E. Provision
BE
Which ID Store requires that a shadow user be created on Cisco ISE for the admin login to work?
A. RSA SecureID
B. Internal Database
C. Active Directory
D. LDAP
A
Which VPN Technology can support a multivendor environment and secure traffic between sites?
A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN
C
Which SNMPv3 Config must be used to support the strongest security possible?
V3 priv
priv aes 256
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
A. Cisco Security Intelligence
B. Cisco Application Visibility and Control.
C. Cisco Model Driven Telemetry
D. Cisco DNA Center
B
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)
A. Patch for cross-site scripting
B. Perform backups to the private cloud.
C. Protect against input validation and character escapes in the endpoint.
D. Install a spam and virus email filter.
E. Protect systems with an up-to-date antimaleware program.
DE
An ENG used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.
Which two solutions mitigate the risk of this ransomware infection? (Choose two)
A. Configure a posture policy in Cisco ISE to install the MS17-010 patch before allowing access on the network.
B. Set up a profiling policy in the Cisco ISE to check and endpoint patch level before allowing access on the network.
C. Configure a posture policy in Cisco ISE to check that an endpoint patch level is met before allowing access on the network.
D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely manner.
AC
Why would a user choose an on-prem ESA versus the CES solution?
A. Sensitive data must remain onsite.
B. Demand is unpredictable.
C. The server team wants to outsource this service.
D. ESA is deployed inline.
A
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
A. DMVPN
B. FlexVPN.
C. IPsec DVTI
D. GET VPN
D
Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?
A. PaaS
B. XaaS
C. IaaS
D. SaaS
A
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
A. Enable IP Layer Enforcement
B. Activate the Advanced Malware Protection License
C. Activate SSL Decryption
D. Enable Intelligent Proxy
D
Which two features are used to configure Cisco ESA with a mutilayer approach to fight viruses and malware? (Choose Two)
A. Sophos engine
B. White list
C. RAT
D. outbreak filters
E. DLP
AD
How is Cisco Umbrella configured to log only security events?
A. per policy
B. In the reporting settings
C. In the security settings
D. per network in the deployment section
A
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?
A. EPP focuses on prevention, , EDR on advanced threats.
B. EDR focuses on prevention and EPP focus on advanced threats.
C. EPP focuses on network security, EDR is device security.
D. EDR is network security, EPP is device security.
A
On which part of the IT environment does DevSecOps focus?
A. Application Development
B. WIreless network
C. Data Center
D. Perimeter Network
A
Which functions of an SDN architecture require southbound APIs to enable communication?
A. SDN controller and the network elements.
B. Management console and the SDN controller.
C. Management console and the cloud.
D. SDN controller and the cloud
A
What is a characteristic of traffic storm control behavior?
A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
B. Traffic storm control cannot determine if the packet is unicast or broadcast.
C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.
A
Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two)
A. put
B. options
C. get
D. push
E. connect
AC
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
A. hypervisor
B. virtual machine
C. network
D. application
C
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?
A. Device flow correlation
B. Simple detections
C. Application blocking list
D. Advanced Custom Detections
C
Which ASA deployment mode can provide separation of management on a shared appliance?
A. DMZ multiple zone mode
B. Transparents firewall mode
C. multiple context mode
D. routed mode
C
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose Two)
A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS.
B. Cisco FTDv with one management interface and two traffic interfaces configured.
C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises.
D. Cisco FTDv with two management interfaces and one traffic interface configured.
E. Cisco FTDv configured in routed mode and IPv6 configured.
AC
What can be integrated with Cisco Talos Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
A. Cisco Umbrella
B. External Threat Feeds
C. Cisco Threat Grid
D. Cisco Stealthwatch
B
What provides visibility and awareness into what is currently occurring on the network?
A. CMX
B. WMI
C. Prime Infrastructure
D. Telemetry
D
What attack is commonly associated with C and C++ programming languages?
A. Cross-site scripting
B. Water holing
C. DDoS
D. Buffer Overflow
D
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.
Which CoA type achieves this goal?
A. Port Bounce
B. CoA Terminate
C. CoA Reauth
D. CoA Session Query
C
Refer to Exhibit:
Which command was used to display this output?
A. show dot1x all
B. show dot1x
C. show dot1x all summary
D. show dot1x interface gi1/0/12
A
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
C. Secure the connection between the web and the app tier.
D. Write SQL code instead of using object-relational mapping libraries.
E. Block SQL code execution in the web application database login.
AB
How does Cisco Stealthwatch Cloud provide security for cloud environments?
A. It delivers visibility and threat detection.
B. It prevents exfiltration of sensitive datA.
C. It assigns internet-based DNS protection for clients and servers.
D. it facilitates secure connectivity between public and private networks.
A
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two).
A. SIP
B. inline normalization
C. SSL
D. packet decoder
E. modbus
AC
Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?
A. quality of service
B. time synchronization
C. network address translations
D. intrusion policy
B
The main function of northbound API s in the SDN architecture is to enable communication between which two areas of a network?
A. SDN controller and the cloud.
B. management console and the SDN controller
C. management console and the cloud.
D. SDN controller and the management solution
D
REFER TO THE EXHIBIT: What is a result of the configuration?
A. Traffic from the DMZ network is redirected.
B. Traffic from the inside network is redirected.
C. All TCP traffic is redirected.
D. Traffic from the inside and DMZ networks is redirected.
D
Which information is required when adding a device to FMC?
A. username and password
B. encryption method
C. device serial number
D. registration key
D
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)
A. DDoS
B. antispam
C. antivirus
D. encryption
E. DLP
DE
What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?
A. It tracks flow-create, flow-teardown, and flow-denied events.
B. It provides stateless IP flow tracking that exports all records of a specific flow.
C. It tracks the flow continuously and provides updates every 10 seconds.
D. Its events match all traffic classes in parallel.
A
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
A. File Analysis
B. SafeSearch
C. SSL Decryption
D. Destination Lists
C
Which two kinds of attacks are prevented by MFA? (Choose Two)
A. phishing
B. brute force
C. man-in-the-middle
D. DDoS
E. tear drop
AB
With Cisco AMP for Endpoints, which option shows a list of all files that have ben executed in your environment?
A. vulnerable software
B. file analysis
C. detections
D. prevalence
E. threat root cause
D
Which RADIUS attribute can you use to filter MAB requests in a 802.1x deployment?
A. 1
B. 6
C. 31
D. 2
B
Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)
A. time-based on-time passwords.
B. data loss prevention
C. heurisitic-based filtering
D. geolocation-based filtering
E. NetFlow
BD
DRAG AND DROP
Correct order to enable AppDynamics to monitor EC2 Instance?
- Install monitoring extension for AWS EC2
- Restart the Machine Agent
- Update config.yaml.
- Configure a Machine Agent or SIM Agent.
Configure a Machine Agent
Install Monitoring
Update config.yaml
Restart the Machine Agent
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
A. Security Intelligence
B. Impact Flags
C. Health Monitoring
D. URL filtering
B
REFER TO EXHIBIT:
Which statement about the authentication protocol used in the configuration is true?
A. The authentication request contains only a password.
B. The authentication request contains only a username.
C. The authentication and authorization requests are grouped in a single packet.
D. There are separate authentication and authorization request packets.
C
Which two preventive measures are used to control cross-site scripting? (Choose Two)
A. Enable client-side scripts on a per-domain basis.
B. Incorporate contextual output encoding/escaping.
C. Disable cooking inspection in the HTML inspection engine.
D. Run untrusted HTML input through an HTML sanitization engine.
E. SameSite cookie attribute should not be used.
BD
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrustion Prevention System?
A. correlation
B. intrusion
C. access control
D. network discovery
D
REFER TO THE EXHIBIT:
Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?
A. show authentication registrations
B. show authentication method
C. show dot1x all
D. show authentication sessions.
D
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?
A. SAT
B. BAT
C. HAT
D. RAT
D
Which two capabilities does TAXII support? (Choose two)
A. exchange
B. pull messaging
C. binding
D. correlation
E. mitigating
AB
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
A. group policy
B. access control policy
C. device management policy
D. platform service policy
D
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network.
The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.
What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?
A. Cisco ISE and AnyConect Posture Module.
B. Cisco Stealthwatch and Cisco ISE integration.
C. Cisco ASA FW and Dynamic Access Policies configured.
D. Cisco ISE with PxGrid services enabled.
A
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose Two)
A. data exfiltration
B. command and control communication
C. intelligent proxy
D. snort
E. URL categorization
AB
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
A. smurf
B. distributed denial of service
C. cross-site scripting
D. rootkit exploit
C
Which two conditions are prerequisites for stateful failover for IPSec? (Choose two)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
C. The IPsec configuration that is et up on the active device must be duplicated on the standby device.
D. Only the IPsec configuration that is et up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
CE
Which Cisco command shows you the status of the 802.1x connection on interface gi0/1?
A. show authorization status
B. show authen sess int gi0/1
C. show connection status gi0/1
D. show ver gi0/1
B
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time.
What two catalyst switch security features will prevent further violations? (Choose Two)
A. DHCP Snooping
B. 802.1AE MacSec
C. Port security
D. IP Device tracking
E. Dynamic ARP inspection
F. Private VLANs
AE
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture mode?
A. RADIUS Change of Authorization
B. device tracking
C. DHCP snooping
D. VLAN hopping
A
What is the result of running the crypto isakmp key ciscxxxxxxxxxx address 172.16.0.0 command?
A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscxxxxxxxxx
B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscxxxxxxxx
C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscxxxxxxxxxxx.
D. secure all the certificates in the IKE exchange by using the key ciscxxxxxxxxx
B
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose Two)
A. RADIUS
B. TACACS+
C. DHCP
D. sFLow
E. SMTP
AC
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
A. Nexus
B. Stealthwatch
C. Firepower
D. Tetration
D
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
A. biometric factor
B. time factor
C. confidentiality factor
D. knowledge factor
E. encryption factor
BD
Which two key and block sizes are valid for AES? (Choose Two)
A. 64-bit block size, 112-bit key length
B. 64-bit block size, 168-bit key length
C. 128-bit block size, 192-bit key length
D. 128-bit block size, 256-bit key length
E. 192-bit block size, 256-bit key length
CD
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.
Which task can you perform to determine where each message was lost?
A. Configure the trackingconfig command to enable message tracking.
B. Generate a system report.
C. Review the log files.
D. Perform a trace.
A
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?
A. 3DES
B. RSA
C. DES
D. AES
B
How is ICMP used an exfiltration technique?
A. by flooding the destination host with unreachable packets.
B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address.
C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host.
D. by overwhelming a targeted host with ICMP echo-request packets.
C
What is a difference between deceptive phishing and spear phishing?
A. Deceptive phishing is an attacke aimed at a specific user in the organization who holds a C-level role.
B. A spear phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.
B
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1x, MAB, or WebAuth.
Which product meets all of these requirements?
A. Cisco Prime Infrastructure
B. Cisco Identity Services Engine
C. Cisco Stealthwatch
D. Cisco AMP for Endpoints
B
When wired 802.1x authentication is implemented, which two components are required? (Choose two)
A. authentication server: Cisco ISE
B. Supplicant: Cisco AnyConnect ISE Posture module
C. authenticator: Cisco Catalyst switch
D. authenticator: Cisco ISE
E. authentication serverL Cisco Prime Infrastructe
AC
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?
A. Certificate Trust List
B. Endpoint Trust List
C. Enterprise Proxy Service
D. Secure Collaboration Proxy
A
Which API is used for Content Security?
A. NX-OS API
B. IOS XR API
C. OpenVuln API
D. AsyncOS API
D
Which two behavorial patterns characterize a ping of death attack? (Choose two)
A. The Attack is fragmented into groups of 16 octets before transmission.
B. The attack is fragmented into groups of 8 octets before transmission.
C. Short synchronized bursts of traffic are used to disrupt TCP connections.
D. Malformed packets are used to crash systems.
E. Publicily accessible DNS servers are typically used to execute the attack.
BD
Which two mechanisms are used to control phishing attacks? (Choose Two)
A. Enable browser alerts for fradulent websites.
B. Define security group memberships.
C. Revoke expired CRL of the websites.
D. Use antispyware software
E. Implement email filtering techniques.
AE
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?
A. Application Control
B. Security Category Blocking
C. Content Category Blocking
D. File Analysis
B
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two)
A. TACACS+
B. central web auth
C. single sign-on
D. Multiple Factor auth
E. local web auth
BE
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A. user input validation in a web page or web application
B. Linux and Windows operating systems
C. database
D. web page images
A
Which deployment model is the most secure when considering risks to cloud adoption?
A. public cloud
B. hybrid cloud
C. community cloud
D. private cloud
D
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
A. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.
B. It discovers and controls cloud apps that are connected to a company’s corporate environment.
C. It deletes any application that does not belong in the network.
D. It sends the application information to an administrator to act on.
B
What is the primary benefit of deploying an ESA in hybrid mode?
A. You can fine-tune its settings to provide the optimum balance between security and performance for your environment.
B. It provides the lowest total cost of ownership by reducing the need for physical appliances.
C. It provides the maximum protection and control of outbound messages.
D. It provides email security while supporting the transition to the cloud.
D
Which option is the main function of Cisco Firepower impact flags?
A. They alert administrators when critical events occur.
B. They highlight known and suspected malicious IP addresses in reports.
C. They correlate data about intrusions and vulnerability.
D. They identify data that the ASA sends to the Firepower module.
C
Which two deployment modes does the Cisco ASA FirePower module support?
A. transparent mode
B. routed mode
C. inline mode
D. active mode
E. passive monitor-only mode
CE
DROP AND DRAG
PortScan
Port Sweep
Decoy PortScan
Distributed PortScan
Dis
Dec
Port Sweet
Port Scan
DID PORT SWEEP
DRAG AND DROP
IKEv1
Uses 3 packets
Uses 6 packets
Which Cisco Solution does Cisco Umbrella integrate with to determine if a URL is malicious?
A. AMP
B. AnyConnect
C. DynDNS
D. Talos
D
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
A. It decrypts HTTPS application traffic for unauthenticated users.
B. It alerts users when the WSA decrypts their traffic.
C. It decrypts HTTPS application traffic for authenticated users.
D. It provides enhanced HTTPS application detection for AsyncOS
D
What is the primary role of the Cisco Email Security Appliance?
A. Mail Submission Agent
B. Mail Transfer Agent
C. Mail Delivery Agent
D. Mail User Agent
B
Which two features of Cisco DNA Center are used in a Software Defined Network Solution? (Choose Two)
A. accounting
B. Assurance
C. Automation
D. Authentication
E. Encryption
BC
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
A. DNS tunneling
B. DNSCrypt
C. DNS Security
D. DNSSEC
A
Which algorithm provides encryption and authentication for data plane communication?
A. AES-GCM
B. SHA-96
C. AES-256
D. SHA-384
A
How does Cisco Umbrella archive logs to an enterprise-owned storage?
A. by using the Application Programming interface to fetch the logs.
B. by sending logs via syslog to an on-premise or cloud-based syslog server
C. by the system administrator downloading the logs from the Cisco Umbrella web portal.
D. by being configured to send logs to a self-managed AWS S3 bucket.
D
In which cloud services model is the tenant responsible for virtual machine OS patching?
A. IaaS
B. UCaaS
C. PaaS
D. SaaS
A
Which two descriptions of AES encryption are true? (Choose two)
A. AES is less secure than 3DES
B. AES is more secure than 3DES
C. AES can use a 168-bit key for encryption
D. AES can use a 256-bit key for encryption.
E. AES Encrypts and decrypts a key three times a sequence.
BD
Which technology is used to improve web traffic performance by proxy caching?
A. WSA
B. Firepower
C. FireSIGHT
D. ASA
A
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
A. It can handle explicit HTTP requests
B. It requires a PAC file for the client web portal
C. It requires a proxy for the client web browser
D. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
E. Layer 4 switches can automatically redirect traffic destined to Port 80
DE
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
A. Configure the datasecurityconfig command
B. Configure the advancedproxyconfig command with HTTPS subcommand
C. Configure a small log-entry size
D. Configure a maximum packet size.
B
Which technology reduces data loss by identifying sensitive information stored in public computing environments?
A. Cisco SDA
B. Cisco Firepower
C. Cisco HyperFlex
D. Cisco Cloudlock
D
Refer to the exhibit. What does the number 15 represent in this configuration?
[snmp-server group SNMP v3 auth access 15]
A. privilege level for an authorized user to this router.
B. access list that identifies the SNMP devices that can access the router.
C. interval in seconds between SNMPv3 authentication attempts.
D. number of possible failed attempts until the SNMPv3 user is locked out.
B
Which feature is supported when deploying Cisco ASAv within AWS public cloud?
A. multiple context mode
B. user deployment of Layer 3 networks
C. IPv6
D. clustering
B
Which networking monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?
A. SNMP
B. SMTP
C. syslog
D. model-drive telemetry
D
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. transparent
B. redirection
C. forward
D. proxy gateway
A
An MDM provides which two advantages to an organization with regards to device management? (Choose two)
A. assest inventory management.
B. allowed application management
C. Active Directory group policy management
D. network device management
E. critical device management
AB
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
A. IP Blacklist Center
B. File Reputation Center
C. AMP Reputation Center
D. IP and Domain Reputation Center
D
Under which two circumstances is a CoA Issued? (Choose two)
A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is deleted on the ISE server
C. A new identify Source Sequence is created and referenced in the authentication policy.
D. A new ISE server is added to the deployment with the Administration Persona.
BD
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
A. To view bandwidth usage for NetFlow records, the Qos feature must be enabled.
B. A sysopt command can be used to enable NSEL on a specific interface
C. NSEL can be sued without a collector configured
D. a flow-export event type must be defined under a policy
D
Which benefit does endpoint security provide the overall security posture of an organization?
A. It streamlines the incident response process to automatically perform digital forensics on the endpoint.
B. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.
C. It allows the organization to detect and respond to threats at the edge of the network.
D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.
D
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?
A. Ensure that the client computers are pointing to the on-premises DNS servers.
B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
C. Add the public IP address that the client comptuers are behind to a Core Identity.
D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.
D
What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?
A. STIX
B. XMPP
C. pxGrid
D. SMTP
A
When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud for analysis?
A. Spero Analysis
B. dynamic analysis
C. sandbox analysis
D. malware analysis
B
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?
A. cloud web services
B. network AMP
C. private cloud
D. public cloud
C
Which IPS engine detects ARP spoofing?
A. Atomic ARP Engine
B. Service Generic Engine
C. ARP Inspection Engine
D. AIC Engine
A
Which Statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
A. It allows traffic if it does not meet the profile.
B. It defines a traffic baseline for traffic anomaly deduction.
C. It inspects hosts that meet the profile with more intrusion rules.
D. It blocks traffic if it does not meet the profile.
B
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System?
A. Port
B. Rule
C. Source
D. Application
E. Protocol
BC
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?
A. control
B. Malware
C. URL Filtering
D. protect
D
Which policy is used to capture host information on the Cisco Next Generation Intrusion Prevention System?
A. Network discovery
B. correlation
C. intrusion
D. access control
A
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?
A. health policy
B. system policy
C. correlation policy
D. access control policy
E. health awareness policy
A
Which CLI command is used to register a Cisco Firepower sensor to Firepower Management Center?
A. configure system add <host><key>
B. configure manager <key>add host
C. configure manager delete
D. configure manager add <host><key></key></host></key></key></host>
D
Which Cisco AMP file disposition valid?
A. pristine
B. malware
C. dirty
D. nonmalicious
B
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
A. RBAC
B. ETHOS detection engine
C. SPERO detection engine
D. TETRA detection engine
B
Which function is the primary function of Cisco AMP threat Grid?
A. automated email encryption
B. applying a real-time URI blacklist
C. automated malware analysis
D. monitoring network traffic
C
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two)
A. Malware infects the messenger application on the user endpoint to send company data.
B. Outgoing traffic is allowed so users can communicate with outside organizations.
C. An exposed API for the messaging platform is used to send large amounts of data.
D. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
E. Messenger applications cannot be segmented with standard network controls.
BD
How many interfaces per bridge group does an ASA bridge group deployment support?
A. Up to 16
B. Up to 8
C. Up to 4
D. Up to 2
C
Which benefit is provided by ensuring that an endpoint is complaint with a posture policy configured in Cisco ISE?
A. It adds endpoints to identify groups dynamically.
B. It verifies that the endpoint has the latest Microsoft security patches installed.
C. It allows the endpoint to authenticate with 802.1x or MAB
D. It allows CoA to be applied if the endpoint status is compliant.
B
What is a feature of the open platform capabilities of Cisco DNA Center?
A. Domain integration
B. intent-based API
C. automation adapters
D. application adapters
B
Which telemetry data captures variations seen with the flow, such as the packets TTL, IP/TCP flags, and payload length?
A. Process details variation
B. flow insight variation
C. interpacket variation
D. software package variation
C
In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two)
A. configure policy-based routing on the network infrastructure.
B. reference a Proxy Auto Config file
C. use Web Cache Communication Protocol
D. configure the proxy IP address in the web-browser settings.
E. configure Active Directory Group Policies to push proxy settings
AC
Which form of attack is launched using botnets?
A. virus
B. EIDDOS
C. TCP Flood
D. DDoS
D
How is DNS tunneling used to exfiltrate data out of a corporate network?
A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.
B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
C. It redirects the DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.
D. It corrupts DNS servers by replacing the actual IP address with a rouge address to collect information or start other attack.
B
Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?
A. Cisco Firepower
B. Cisco Umbrella
C. Cisco Stealthwatch
D. NGIPS
B
Which two tasks allow NetFlow on a Cisco ASA 5500 series Firewall? (Choose two)
A. Create an ACL to allow UDP traffic on port 9996
B. Enable Netflow version 9
C. Create a class map to match interesting traffic.
D. Apply Netflow Exporter to the outside interface in the inbound direction
E. Define a NetFlow collector by using the flow-export command
CE
What is the difference between FlexVPN and DMVPN?
A. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2.
B. DMVPN uses only IKEv1. FlexVPN uses only IKEv2
C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1
D. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2
D
A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?
A. multiple context mode
B. transparent mode
C. routed mode
D. multiple zone mode
A
Which is the function of the Context Directory Agent?
A. accepts user authentication requests on behalf of Web Security Appliance for user identification.
B. relays user authentication requests from Web Security Appliance to Active Directory
C. maintains users’ group memberships
D. reads the active directory logs to map IP addresses to usernames.
D
What is a commonality between DMVPN and FlexVPN technologies?
A. FlexVPN and DMVPN use the same hashing algorithms.
B. IOS routers run the same NHRP code for DMVPN and FlexVPN
C. FlexVPN and DMVPN use the new key management protocol.
D. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes.
B
Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)
A. eavesdropping
B. denial-of-service attacks
C. ARP spoofing
D. malware
E. exploits
DE
Which threat involves software being used to gain unauthorized access to a computer system?
A. ping of death
B. NTP amplification
C. HTTP flood
D. virus
D