Security Flashcards
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?
A. The ESA immediately makes another attempt to upload the file.
B. The file upload is abandoned.
C. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
D. The file is queued for upload when connectivity is restored
B. The file upload is abandoned.
Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?
A. PaaS
B. XaaS
C. IaaS
D. SaaS
A. PaaS
Why would a user choose an on-premises ESA versus the CES solution?
A. Sensitive data must remain onsite.
B. Demand is unpredictable.
C. The server team wants to outsource this service.
D. ESA is deployed inline.
A. Sensitive data must remain onsite.
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)
A. Sophos engine
B. white list
C. RAT
D. outbreak filters
E. DLP
A. Sophos engine
D. outbreak filters
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)
A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
B. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
C. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
E. When the Cisco WSA is running in transparent mode, it uses the WSAג€™s own IP address as the HTTP request destination.
A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify web proxy settings.
B. Modify outbound malware scanning policies.
C. Modify identification profiles.
D. Modify an access policy.
A. Modify web proxy settings.
What is a characteristic of Firepower NGIPS inline deployment mode?
A. ASA with Firepower module cannot be deployed
B. It cannot take actions such as blocking traffic
C. It is out-of-band from traffic
D. It must have inline interface pairs configured
D. It must have inline interface pairs configured
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
A. Configure Directory Harvest Attack Prevention
B. Bypass LDAP access queries in the recipient access table.
C. Use Bounce Verification.
D. Configure incoming content filters.
Configure Directory Harvest Attack Prevention
In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.)
A. use Web Cache Communication Protocol
B. configure AD Group Policies to push proxy settings
C. configure the proxy IP address in the web-browser settings
D. configure policy-based routing on the network infrastructure
E. reference a Proxy Auto-Config file
A. use Web Cache Communication Protocol
D. configure policy-based routing on the network infrastructure
What is the function of the Context Directory Agent?
A. reads the AD logs to map IP addresses to usernames
B. relays user authentication requests from Cisco WSA to AD
C. maintains users group memberships
D. accepts user authentication requests on behalf of Cisco WSA for user identification
A. reads the AD logs to map IP addresses to usernames
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the Chat and Instant Messaging category. Which reputation score should be selected to accomplish this goal?
A. 5
B. 10
C. 3
D. 1
D. 1
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?
A. The policy was created to send a message to quarantine instead of drop.
B. The file has a reputation score that is below the threshold.
C. The file has a reputation score that is above the threshold.
D. The policy was created to disable file analysis.
D. The policy was created to disable file analysis.
A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?
A. SYN flood
B. slowloris
C. phishing
D. pharming
A. SYN flood
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
A. Threat Intelligence Director
B. Encrypted Traffic Analytics.
C. Cognitive Threat Analytics.
D. Cisco Talos Intelligence
A. Threat Intelligence Director
An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?
A. deliver and add disclaimer text
B. quarantine and send a DLP violation notification
C. quarantine and alter the subject header with a DLP violation
D. deliver and send copies to other recipient
B. quarantine and send a DLP violation notification
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two.)
A. Deploy the Cisco ESA in the DMZ.
B. Use outbreak filters from SenderBase.
C. Configure a recipient access table.
D. Enable a message tracking service.
E. Scan quarantined emails using AntiVirus signatures.
B. Use outbreak filters from SenderBase.
E. Scan quarantined emails using AntiVirus signatures.
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?
A. Use destination block lists.
B. Configure application block lists.
C. Configure the intelligent proxy.
D. Set content settings to High.
C. Configure the intelligent proxy.
Which attack is preventable by Cisco ESA but not by the Cisco WSA?
A. SQL injection
B. phishing
C. buffer overflow
D. DoS
B. phishing
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application-specific activity. After enabling the AVC engine, what must be done to implement this?
A. Use security services to configure the traffic monitor.
B. Use URL categorization to prevent application traffic.
C. Use an access policy group to configure application control settings.
D. Use web security reporting to validate engine functionality.
C. Use an access policy group to configure application control settings.
Which functions of an SDN architecture require southbound APIs to enable communication?
A. SDN controller and the network elements
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the cloud
A) SDN controller and the network elements
Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)
A. put
B. options
C. get
D. push
E. connect
A. put
C. get
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?
A. SDN controller and the cloud
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the management solution
D) SDN controller and the management solution
What is a feature of the open platform capabilities of Cisco DNA Center?
A. application adapters
B. domain integration
C. intent-based APIs
D. automation adapters
C) intent-based APIs
The Cisco DNA Center open platform for intent-based networking provides 360-degree extensibility across multiple components, including:
● Intent-based APIs
● Process adapters
● Domain adapters
● SDKs
Refer to the exhibit. What does the API do when connected to a Cisco security appliance?
A. create an SNMP pull mechanism for managing AMP
B. gather network telemetry information from AMP for endpoints
C. get the process and PID information from the computers in the network
D. gather the network interface information about the computers AMP sees
import requests
client_id=adflkjlkjad
ap_key=alkjdljlf;a3dadfaf
url=’https://api.amp.cisco.com/v1/computers’
response=requests.get(url, auth=(client_id, api_key))
response_json=response.json()
for computer in response_json[‘data’]
network_addresses=computer[‘network_addresses’]
mac = network_interface.get(‘mac’)
ip = network_interface.get(‘ip’)
ipv6 = network_interface.get(‘ipv6’)
print(mac, ip, ipv6)
D. Gather the network interface information about the computers AMP sees
Which form of attack is launched using botnets?
A. TCP flood
B. DDOS
C. DOS
D. virus
B. DDOS
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A. user input validation in a web page or web application
B. Linux and Windows operating systems
C. database
D. web page images
A. user input validation in a web page or web application
What is the difference between deceptive phishing and spear phishing?
A. Deceptive phishing is an attack aimed at a specific user in the organization who holds a C-level role.
B. A spear-phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.
B. A spear-phishing campaign is aimed at a specific person versus a group of people
Verified correct
Which two behavioral patterns characterize a ping of death attack? (Choose two.)
A. The attack is fragmented into groups of 16 octets before transmission
B. The attack is fragmented into groups of 8 octets before transmission
C. Short synchronized bursts of traffic are used to disrupt TCP connections
D. Malformed packets are used to crash systems
E. Publicly accessible DNS servers are typically used to execute the attack
B) The attack is fragmented into groups of 8 octets before transmission
D) Malformed packets are used to crash systems
Which two mechanisms are used to control phishing attacks? (Choose two.)
A. Enable browser alerts for fraudulent websites.
B. Define security group memberships.
C. Revoke expired CRL of the websites.
D. Use antispyware software.
E. Implement email filtering techniques.
A. Enable browser alerts for fraudulent websites.
E. Implement email filtering techniques.
Which attack is commonly associated with C and C++ programming languages?
A. Cross-site scripting
B. Water holing
C. DDoS
D. Buffer overflow
D. Buffer overflow
https://en.wikipedia.org/wiki/Buffer_overflow
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)
A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
C. Secure the connection between the web and the app tier.
D. Write SQL code instead of using object-relational mapping libraries.
E. Block SQL code execution in the web application database login.
A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
https://en.wikipedia.org/wiki/SQL_injection
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
A. phishing
B. brute force
C. man-in-the-middle
D. DDOS
E. teardrop
A. phishing
B. brute force
https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-mfa-password-security-infographic.pdf
MFA protects against phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
What are two rootkit types? (Choose two.)
A. registry
B. buffer mode
C. user mode
D. bootloader
E. virtual
C. user mode
D. bootloader
How is DNS tunneling used to exfiltrate data out of a corporate network?
A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers
B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data
C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network
D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks
B) It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data
Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, PO28X977W, .
Which type of attack is social engineering?
A. trojan
B. MITM
C. phishing
D. malware
C. phishing
What are two DDoS attack categories? (Choose two.)
A. protocol
B. source-based
C. database
D. sequential
E. volume-based
A. protocol
E. volume-based
Protocol Attacks: Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more
Volume Based: Includes UDP floods, ICMP floods, and other spoofed-packet floods. … . … Application Layer Attacks.
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
A. man-in-the-middle
B. LDAP injection
C. insecure API
D. cross-site scripting
A. man-in-the-middle
How does Cisco Advanced Phishing Protection protect users?
A. It utilizes sensors that send messages securely.
B. It uses machine learning and real-time behavior analytics.
C. It validates the sender by using DKIM.
D. It determines which identities are perceived by the sender.
B. It uses machine learning and real-time behavior analytics.
Verified
Cisco Advanced Phishing Protection provides Business Email Compromise (BEC) and phishing detection capabilities. It detects identity deception-based threats by performing reputation checks on sender addresses by using advanced machine learning techniques and added intelligence. This intelligence continuously adapts to drive a real-time understanding of senders and provides enhanced protection.
How does DNS Tunneling exfiltrate data?
A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
B. An attacker opens a reverse DNS shell to get into the clients system and installs malware on it.
C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
D. An attacker uses a non-standard DNS port to gain access to the organizations DNS servers in order to poison the resolutions.
A) An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
DNS tunneling exploits the DNS protocol to tunnel malware and other data through a client-server model. The attacker registers a domain, such as badsite.com. The domain’s name server points to the attacker’s server, where a tunneling malware program is installed.
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the systems applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?
A. unencrypted links for traffic
B. weak passwords for authentication
C. improper file security
D. software bugs on applications
A. unencrypted links for traffic
A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?
A. SYN flood
B. slowloris
C. phishing
D. pharming
A. SYN flood
Which two preventive measures are used to control cross-site scripting? (Choose two.)
A. Enable client-side scripts on a per-domain basis.
B. Incorporate contextual output encoding/escaping.
C. Disable cookie inspection in the HTML inspection engine.
D. Run untrusted HTML input through an HTML sanitization engine.
E. SameSite cookie attribute should not be used.
B. Incorporate contextual output encoding/escaping.
D. Run untrusted HTML input through an HTML sanitization engine.
Which threat involves software being used to gain unauthorized access to a computer system?
A. ping of death
B. HTTP flood
C. NTP amplification
D. virus
D. virus
Which two capabilities does TAXII support? (Choose two.)
A. exchange
B. pull messaging
C. binding
D. correlation
E. mitigating
A. exchange
B. pull messaging
Verified correct
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.html#:~:text=Stateful%20failover%20for%20IPsec%20requires,accelerator%20or%20identical%20encryption%20accelerators.
Restrictions for Stateful Failover for IPsec When configuring redundancy for a VPN, the following restrictions apply: Both the active and standby devices must run the identical version of the Cisco IOS software, and both the active and standby devices must be connected via a hub or switch.
Which algorithm provides encryption and authentication for data plane communication?
A. AES-GCM
B. SHA-96
C. AES-256
D. SHA-384
A. AES-GCM
https://en.wikipedia.org/wiki/Galois/Counter_Mode
In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a symmetric-key algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming packets. Each router periodically generates an AES key for its data path (specifically, one key per TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP route updates. These packets contain information that the vSmart controller uses to determine the network topology, including the router’s TLOC (a tuple of the system IP address and traffic color) and AES key. The vSmart controller then places these OMP route packets into reachability advertisements that it sends to the other routers in the network. In this way, the AES keys for all the routers are distributed across the network. Even though the key exchange is symmetric, the routers use it in an asymmetric fashion. The result is a simple and scalable key exchange process that uses the Cisco vSmart Controller. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge/security-book/security-overview.html#id_112385
DRAG DROP -
Drag and drop the capabilities from the left onto the correct technologies on the right.
Select and Place:
Next-Gen IPS
Advanced Malware Protection
Application Control and URL Filtering
WSA
Detection, Blocking, Tracking, Anaylysis, and Remediation to protect against targeted persistent malware attacks
Superior Threat Prevention and mitigation for known and unknown threats
Application layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs
Combined integrated solution of strong defense and web protection, visibility and controlling solutions
Next Gen IPS - Superior Threat Prevention and mitigation for known and unknown threats
AMP - Detection, Blocking, Tracking, Anaylysis, and Remediation to protect against targeted persistent malware attacks
Application Control and URL Filtering - Application layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs
WSA - Combined integrated solution of strong defense and web protection, visibility and controlling solutions
Which two key and block sizes are valid for AES? (Choose two.)
A. 64-bit block size, 112-bit key length
B. 64-bit block size, 168-bit key length
C. 128-bit block size, 192-bit key length
D. 128-bit block size, 256-bit key length
E. 192-bit block size, 256-bit key length
C. 128-bit block size, 192-bit key length
D. 128-bit block size, 256-bit key length
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Which two descriptions of AES encryption are true? (Choose two.)
A. AES is less secure than 3DES.
B. AES is more secure than 3DES.
C. AES can use a 168-bit key for encryption.
D. AES can use a 256-bit key for encryption.
E. AES encrypts and decrypts a key three times in sequence.
B. AES is more secure than 3DES
D. AES can use a 256-bit key for encryption.
What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?
A. STIX
B. XMPP
C. pxGrid
D. SMTP
A. STIX
DRAG DROP -
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
Select and Place:
IKEv1 -
IKEv2 -
Standard includes NAT-T
Uses 6 Packets in main mode to establish phase 1
Uses four packets to establish phase 1 and phase 2
uses three packets in aggressive mode to establish phase 1
uses EAP for authenticating remote access clients
IKEv1
Uses 6 Packets in main mode to establish phase 1
uses three packets in aggressive mode to establish phase 1
IKEv2
Standard includes NAT-T
Uses four packets to establish phase 1 and phase 2
uses EAP for authenticating remote access clients
Which VPN technology can support a multivendor environment and secure traffic between sites?
A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN
C. FlexVPN ???
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
A. DMVPN
B. FlexVPN
C. IPsec DVTI
D. GET VPN
D. GET VPN
What is the commonality between DMVPN and FlexVPN technologies?
A. FlexVPN and DMVPN use the new key management protocol, IKEv2
B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
C. IOS routers run the same NHRP code for DMVPN and FlexVPN
D. FlexVPN and DMVPN use the same hashing algorithm
C. IOS routers run the same NHRP code for DMVPN and FlexVPN
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
A. DTLSv1
B. TLSv1
C. TLSv1.1
D. TLSv1.2
A. DTLSv1
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?
A. Talos
B. PSIRT
C. SCIRT
D. DEVNET
A. Talos
When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?
A. Common Vulnerabilities, Exploits and Threats
B. Common Vulnerabilities and Exposures
C. Common Exploits and Vulnerabilities
D. Common Security Exploits
B. Common Vulnerabilities and Exposures
Which two features of Cisco DNA Center are used in a Software-Defined Network solution? (Choose two.)
A. accounting
B. assurance
C. automation
D. authentication
E. encryption
B. Assurance
C. Automation
What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?
A. ASDM
B. NetFlow
C. API
D. desktop client
C. API
What is a function of 3DES in reference to cryptography?
A. It encrypts traffic.
B. It creates one-time-use passwords.
C. It hashes files.
D. It generates private keys.
A. It encrypts traffic.
Which two activities can be done using Cisco DNA Center? (Choose two.)
A. DHCP
B. design
C. accounting
D. DNS
E. provision
B. Design
E. Provision
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A. terminal
B. selfsigned
C. url
D. profile
Chat GPT says - C. URL ???
Cards say - D. Profile ???
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
A. southbound API
B. westbound API
C. eastbound API
D. northbound API
D. northbound API
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?
A. sniffing the packets between the two hosts
B. sending continuous pings
C. overflowing the buffers memory
D. inserting malicious commands into the database
D. inserting malicious commands into the database
What is the function of SDN southbound API protocols?
A. to allow for the static configuration of control plane applications
B. to enable the controller to use REST
C. to enable the controller to make changes
D. to allow for the dynamic configuration of control plane applications
C. to enable the controller to make changes
DRAG DROP -
Drag and drop the threats from the left onto examples of that threat on the right.
Select and Place:
DoS/DDoS
Insecure APIs
Data Breach
Compromised Credentials
A stolen customer database that contained social security numbers and was published online
A phishing site appearing to be legitimate login page captures user login information
An application attack using botnets from multiple remote locations that flood a web appliccation causing a degraded performance or a complete outage
A malicious user gained access to an organization’s database from a cloud-based application programming interface that lacked strong authentication controls.
DoS/DDoS: An application attack using botnets from multiple remote locations that flood a web application, causing degraded performance or a complete outage.
Insecure APIs: A malicious user gaining access to an organization’s database from a cloud-based application programming interface that lacks strong authentication controls.
Compromised Credentials: A phishing site appearing to be a legitimate login page captures user login information.
Data Breach: A stolen customer database that contained social security numbers and was published online.
What is the difference between Cross-site Scripting and SQL Injection attacks?
A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
B. Cross-site Scripting is an attack where code is executed from the server-side, whereas SQL Injection is an attack where code is executed from the client-side.
C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
B. Cross-site Scripting is an attack where code is executed from the server-side, whereas SQL Injection is an attack where code is executed from the client-side.
Drag and drop the common security threats from the left onto the definitions on the right.
Phishing:
botnet:
spam:
worm:
a software progam that copies itself from one computer to another
unwanted messages in an email inbox
group of computers connected to the internet that have been compromised by a hacker
fraudulent attempts by cyber criminals to obtain private information
Phishing: fraudulent attempts by cyber criminals to obtain private information
botnet: group of computers connected to the internet that have been compromised by a hacker
spam: unwanted messages in an email inbox
worm: a software progam that copies itself from one computer to another
Which type of dashboard does Cisco DNA Center provide for complete control of the network?
A. distributed management
B. service management
C. application management
D. centralized management
D. centralized management
A. The list of computers, policies, and connector statuses will be received from Cisco AMP.
B. The list of computers and their current vulnerabilities will be received from Cisco AMP.
C. The compromised computers and malware trajectories will be received from Cisco AMP.
D. The compromised computers and what compromised them will be received from Cisco AMP.
A. The list of computers, policies, and connector statuses will be received from Cisco AMP.
See Notepad
With which components does a southbound API within a software-defined network architecture communicate?
A. applications
B. controllers within the network
C. appliances
D. devices such as routers and switches
D. devices such as routers and switches
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?
A. BYOD onboarding
B. MAC authentication bypass
C. client provisioning
D. Simple Certificate Enrollment Protocol
D. Simple Certificate Enrollment Protocol
What are two characteristics of Cisco DNA Center APIs? (Choose two.)
A. They are Cisco proprietary.
B. They do not support Python scripts.
C. They view the overall health of the network.
D. They quickly provision new devices.
E. Postman is required to utilize Cisco DNA Center API calls.
C. They view the overall health of the network.
D. They quickly provision new devices.
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
B. A sysopt command can be used to enable NSEL on a specific interface.
C. NSEL can be used without a collector configured.
D. A flow-export event type must be defined under a policy.
D. A flow-export event type must be defined under a policy.???
Which feature requires a network discovery policy on the Cisco Firepower NGIPS?
A. security intelligence
B. impact flags
C. health monitoring
D. URL filtering
B. impact flags
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/introduction_to_network_discovery_and_identity.html?bookSearch=true
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?
A. correlation
B. intrusion
C. access control
D. network discovery
D. network discovery
What is a characteristic of traffic storm control behavior?
A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
B. Traffic storm control cannot determine if the packet is unicast or broadcast.
C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.
A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?
A. The authentication request contains only a password
B. The authentication request contains only a username
C. The authentication and authorization requests are grouped in a single packet.
D. There is separate authentication and authorization request packets.
aaa new-model
radius-server host 10.0.0.12 key secret12
C. The authentication and authorization requests are grouped in a single packet.
Refer to the exhibit. What does the number 15 represent in this configuration?
A. privilege level for an authorized user to this router
B. access-list that identifies the SNMP devices that can access the router
C. interval in seconds between SNMPv3 authentication attempts
D. number of possible failed attempts until the SNMPv3 user is locked out
snmp-server group SNMP v3 auth access 15
A. privilege level for an authorized user to this router
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
Which command enables 802.1X globally on a Cisco switch?
A. dot1x system-auth-control
B. dot1x pae authenticator
C. authentication port-control auto
D. aaa new-model
A. dot1x system-auth-control
Verified
To globally enable 802.1x authentication on the switch, use the dot1x system-auth-control command in Global Configuration mode.
https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5635-configure-global-802-1x-properties-on-a-switch-through-the-c.html
What is a characteristic of Dynamic ARP Inspection?
A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.
C. DAI associates a trust state with each switch.
D. DAI intercepts all ARP requests and responses on trusted ports only.
A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
Verified
Which statement about IOS zone-based firewalls is true?
A. An unassigned interface can communicate with assigned interfaces
B. Only one interface can be assigned to a zone.
C. An interface can be assigned to multiple zones.
D. An interface can be assigned only to one zone.
D. An interface can be assigned only to one zone.
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)
A. authentication server: Cisco Identity Service Engine
B. supplicant: Cisco AnyConnect ISE Posture module
C. authenticator: Cisco Catalyst switch
D. authenticator: Cisco Identity Services Engine
E. authentication server: Cisco Prime Infrastructure
A. authentication server: Cisco Identity Service Engine
C. authenticator: Cisco Catalyst switch
https://www.lookingpoint.com/blog/ise-series-802.1x
Which SNMPv3 configuration must be used to support the strongest security possible?
A. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
B. asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
C. asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
D. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
D.
asa-host
(config) # SNMP-server group myv3 v3 priv asa-host
(config) #SNMP-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host
(config) #SNMP-server host inside 10.255.254.1 version 3 andy
Under which two circumstances is a CoA issued? (Choose two.)
A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is deleted on the Identity Service Engine server.
C. A new Identity Source Sequence is created and referenced in the authentication policy.
D. An endpoint is profiled for the first time.
E. A new Identity Service Engine server is added to the deployment with the Administration persona.
B. An endpoint is deleted on the Identity Service Engine server.
D. An endpoint is profiled for the first time.
Which ASA deployment mode can provide separation of management on a shared appliance?
A. DMZ multiple zone mode
B. transparent firewall mode
C. multiple context mode
D. routed mode
C. multiple context mode
What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?
A. It tracks flow-create, flow-teardown, and flow-denied events.
B. It provides stateless IP flow tracking that exports all records of a specific flow.
C. It tracks the flow continuously and provides updates every 10 seconds.
D. Its events match all traffic classes in parallel.
A. It tracks flow-create, flow-teardown, and flow-denied events
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0383320506 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?
A. snmp-server host inside 10.255.254.1 snmpv3 andy
B. snmp-server host inside 10.255.254.1 version 3 myv3
C. snmp-server host inside 10.255.254.1 snmpv3 myv3
D. snmp-server host inside 10.255.254.1 version 3 andy
D. SNMP-server host inside 10.255.254.1 version 3 andy
https://www.cisco.com/c/en/us/td/docs/security/asa/snmp/snmpv3_tools/snmpv3_1.html
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
A. flow exporter
B. ip flow-export destination 1.1.1.1 2055
C. flow-export destination inside 1.1.1.1 2055
D. ip flow monitor input
C. flow-export destination inside 1.1.1.1 2055
https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/guide/asa_netflow.html
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0383320506 address 0.0.0.0 command on host A. The tunnel is not being established to host B. What action is needed to authenticate the VPN?
A. Change the password on host A to the default password
B. Enter the command with a different password on host B
C. Enter the same command on host B
D. Change isakmp to ikev2 in the command on host A
C. Enter the same command on host B
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)
A. Define a NetFlow collector by using the flow-export command
B. Create a class map to match interesting traffic
C. Create an ACL to allow UDP traffic on port 9996
D. Enable NetFlow Version 9
E. Apply NetFlow Exporter to the outside interface in the inbound direction
A. Define a NetFlow collector by using the flow-export command
B. Create a class map to match interesting traffic
Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?
A. set the IP address of an interface
B. add subinterfaces
C. complete no configurations
D. complete all configurations
Router (config) # username admin5 privilege 5
Router (config) # privilege interface level 5 shutdown
Router (config) # privilege interface level 5 ip
Router (config) # privilege interface level 5 description
C. complete no configurations
How many interfaces per bridge group does an ASA bridge group deployment support?
A. up to 16
B. up to 2
C. up to 4
D. up to 8
C. up to 4
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the Interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?
A. DHCP snooping has not been enabled on all VLANs
B. Dynamic ARP inspection has not been enabled on all VLANs
C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users
D. The no ip arp inspection trust command is applied on all user host interfaces
A. DHCP snooping has not been enabled on all VLANs
An engineer needs behavioral analysis to detect malicious activity on the hosts and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?
A. sFlow
B. NetFlow
C. mirror port
D. VPC flow logs
D. VPC flow logs
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?
A. Generate the RSA key using the crypto key generate rsa command.
B. Configure the port using the ip ssh port 22 command.
C. Enable the SSH server using the ip ssh server command.
D. Disable telnet using the no ip telnet command.
A. Generate the RSA key using the crypto key generate rsa command
Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?
A. ip dhcp snooping limit 41
B. ip dhcp snooping verify mac-address
C. ip dhcp snooping trust
D. ip dhcp snooping vlan 41
C. ip dhcp snooping trust
Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?
A. Site-to-site VPN preshared keys are mismatched.
B. Site-to-site VPN peers are using different encryption algorithms.
C. No split-tunnel policy is defined on the Firepower Threat Defense appliance.
D. The access control policy is not allowing VPN traffic in.
Showing 0 encaps 17 decaps
D. The access control policy is not allowing VPN traffic in.
Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?
A. interesting traffic was not applied
B. encryption algorithm mismatch
C. authentication key mismatch
D. hashing algorithm mismatch
showing retransmitting phase 1 MM_KEY_EXCH
C. authentication key mismatch
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
A. group policy
B. access control policy
C. device management policy
D. platform settings policy
D. platform settings policy
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
A. group policy
B. access control policy
C. device management policy
D. platform service policy
D. platform service policy
Refer to the exhibit. What is a result of the configuration?
A. Traffic from the DMZ network is redirected.
B. Traffic from the inside network is redirected.
C. All TCP traffic is redirected.
D. Traffic from the inside and DMZ networks is redirected.
D. Traffic from the inside and DMZ networks is redirected.
Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?
A. dot1x reauthentication
B. cisp enable
C. dot1x pae authenticator
D. authentication open
C. dot1x pae authenticator
Verified
