Security Flashcards by Blue HEAD

A. The ESA immediately makes another attempt to upload the file.

B. The file upload is abandoned.

C. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

D. The file is queued for upload when connectivity is restored

B. The file upload is abandoned.

How well did you know this?

Not at all

Perfectly

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

A. PaaS

B. XaaS

C. IaaS

D. SaaS

A. PaaS

How well did you know this?

Not at all

Perfectly

Why would a user choose an on-premises ESA versus the CES solution?

A. Sensitive data must remain onsite.

B. Demand is unpredictable.

C. The server team wants to outsource this service.

D. ESA is deployed inline.

A. Sensitive data must remain onsite.

How well did you know this?

Not at all

Perfectly

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)

A. Sophos engine

B. white list

C. RAT

D. outbreak filters

E. DLP

A. Sophos engine
D. outbreak filters

How well did you know this?

Not at all

Perfectly

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)

A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

B. The Cisco WSA is configured in a web browser only if it is running in transparent mode.

C. The Cisco WSA responds with its own IP address only if it is running in transparent mode.

D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E. When the Cisco WSA is running in transparent mode, it uses the WSAג€™s own IP address as the HTTP request destination.

A. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

How well did you know this?

Not at all

Perfectly

A. Modify web proxy settings.

B. Modify outbound malware scanning policies.

C. Modify identification profiles.

D. Modify an access policy.

A. Modify web proxy settings.

How well did you know this?

Not at all

Perfectly

What is a characteristic of Firepower NGIPS inline deployment mode?

A. ASA with Firepower module cannot be deployed

B. It cannot take actions such as blocking traffic

C. It is out-of-band from traffic

D. It must have inline interface pairs configured

How well did you know this?

Not at all

Perfectly

A. Configure Directory Harvest Attack Prevention

B. Bypass LDAP access queries in the recipient access table.

C. Use Bounce Verification.

D. Configure incoming content filters.

Configure Directory Harvest Attack Prevention

How well did you know this?

Not at all

Perfectly

In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.)

A. use Web Cache Communication Protocol

B. configure AD Group Policies to push proxy settings

C. configure the proxy IP address in the web-browser settings

D. configure policy-based routing on the network infrastructure

E. reference a Proxy Auto-Config file

A. use Web Cache Communication Protocol

D. configure policy-based routing on the network infrastructure

How well did you know this?

Not at all

Perfectly

What is the function of the Context Directory Agent?

A. reads the AD logs to map IP addresses to usernames

B. relays user authentication requests from Cisco WSA to AD

C. maintains users group memberships

D. accepts user authentication requests on behalf of Cisco WSA for user identification

A. reads the AD logs to map IP addresses to usernames

How well did you know this?

Not at all

Perfectly

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the Chat and Instant Messaging category. Which reputation score should be selected to accomplish this goal?

A. 5

B. 10

C. 3

D. 1

How well did you know this?

Not at all

Perfectly

A. The policy was created to send a message to quarantine instead of drop.

B. The file has a reputation score that is below the threshold.

C. The file has a reputation score that is above the threshold.

D. The policy was created to disable file analysis.

How well did you know this?

Not at all

Perfectly

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

A. SYN flood

B. slowloris

C. phishing

D. pharming

A. SYN flood

How well did you know this?

Not at all

Perfectly

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

A. Threat Intelligence Director

B. Encrypted Traffic Analytics.

C. Cognitive Threat Analytics.

D. Cisco Talos Intelligence

A. Threat Intelligence Director

How well did you know this?

Not at all

Perfectly

A. deliver and add disclaimer text

B. quarantine and send a DLP violation notification

C. quarantine and alter the subject header with a DLP violation

D. deliver and send copies to other recipient

B. quarantine and send a DLP violation notification

How well did you know this?

Not at all

Perfectly

A. Deploy the Cisco ESA in the DMZ.

B. Use outbreak filters from SenderBase.

C. Configure a recipient access table.

D. Enable a message tracking service.

E. Scan quarantined emails using AntiVirus signatures.

B. Use outbreak filters from SenderBase.

E. Scan quarantined emails using AntiVirus signatures.

How well did you know this?

Not at all

Perfectly

A. Use destination block lists.

B. Configure application block lists.

C. Configure the intelligent proxy.

D. Set content settings to High.

C. Configure the intelligent proxy.

How well did you know this?

Not at all

Perfectly

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

A. SQL injection

B. phishing

C. buffer overflow

D. DoS

B. phishing

How well did you know this?

Not at all

Perfectly

A. Use security services to configure the traffic monitor.

B. Use URL categorization to prevent application traffic.

C. Use an access policy group to configure application control settings.

D. Use web security reporting to validate engine functionality.

C. Use an access policy group to configure application control settings.

How well did you know this?

Not at all

Perfectly

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN controller and the network elements

B. management console and the SDN controller

C. management console and the cloud

D. SDN controller and the cloud

A) SDN controller and the network elements

How well did you know this?

Not at all

Perfectly

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)

A. put

B. options

C. get

D. push

E. connect

A. put
C. get

How well did you know this?

Not at all

Perfectly

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud

B. management console and the SDN controller

C. management console and the cloud

D. SDN controller and the management solution

D) SDN controller and the management solution

How well did you know this?

Not at all

Perfectly

What is a feature of the open platform capabilities of Cisco DNA Center?

A. application adapters

B. domain integration

C. intent-based APIs

D. automation adapters

C) intent-based APIs

The Cisco DNA Center open platform for intent-based networking provides 360-degree extensibility across multiple components, including:

● Intent-based APIs

● Process adapters

● Domain adapters

● SDKs

How well did you know this?

Not at all

Perfectly

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?

A. create an SNMP pull mechanism for managing AMP

B. gather network telemetry information from AMP for endpoints

C. get the process and PID information from the computers in the network

D. gather the network interface information about the computers AMP sees

import requests
client_id=adflkjlkjad
ap_key=alkjdljlf;a3dadfaf
url=’https://api.amp.cisco.com/v1/computers’
response=requests.get(url, auth=(client_id, api_key))
response_json=response.json()
for computer in response_json[‘data’]
network_addresses=computer[‘network_addresses’]
mac = network_interface.get(‘mac’)
ip = network_interface.get(‘ip’)
ipv6 = network_interface.get(‘ipv6’)
print(mac, ip, ipv6)

D. Gather the network interface information about the computers AMP sees

How well did you know this?

Not at all

Perfectly

Which form of attack is launched using botnets? A. TCP flood B. DDOS C. DOS D. virus

B. DDOS

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities? A. user input validation in a web page or web application B. Linux and Windows operating systems C. database D. web page images

A. user input validation in a web page or web application

What is the difference between deceptive phishing and spear phishing? A. Deceptive phishing is an attack aimed at a specific user in the organization who holds a C-level role. B. A spear-phishing campaign is aimed at a specific person versus a group of people. C. Spear phishing is when the attack is aimed at the C-level executives of an organization. D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

B. A spear-phishing campaign is aimed at a specific person versus a group of people Verified correct

Which two behavioral patterns characterize a ping of death attack? (Choose two.) A. The attack is fragmented into groups of 16 octets before transmission B. The attack is fragmented into groups of 8 octets before transmission C. Short synchronized bursts of traffic are used to disrupt TCP connections D. Malformed packets are used to crash systems E. Publicly accessible DNS servers are typically used to execute the attack

B) The attack is fragmented into groups of 8 octets before transmission D) Malformed packets are used to crash systems

Which two mechanisms are used to control phishing attacks? (Choose two.) A. Enable browser alerts for fraudulent websites. B. Define security group memberships. C. Revoke expired CRL of the websites. D. Use antispyware software. E. Implement email filtering techniques.

A. Enable browser alerts for fraudulent websites. E. Implement email filtering techniques.

Which attack is commonly associated with C and C++ programming languages? A. Cross-site scripting B. Water holing C. DDoS D. Buffer overflow

D. Buffer overflow https://en.wikipedia.org/wiki/Buffer_overflow

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.) A. Check integer, float, or Boolean string parameters to ensure accurate values. B. Use prepared statements and parameterized queries. C. Secure the connection between the web and the app tier. D. Write SQL code instead of using object-relational mapping libraries. E. Block SQL code execution in the web application database login.

A. Check integer, float, or Boolean string parameters to ensure accurate values. B. Use prepared statements and parameterized queries. https://en.wikipedia.org/wiki/SQL_injection

Which two kinds of attacks are prevented by multifactor authentication? (Choose two.) A. phishing B. brute force C. man-in-the-middle D. DDOS E. teardrop

A. phishing B. brute force https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-mfa-password-security-infographic.pdf MFA protects against phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

What are two rootkit types? (Choose two.) A. registry B. buffer mode C. user mode D. bootloader E. virtual

C. user mode D. bootloader

How is DNS tunneling used to exfiltrate data out of a corporate network? A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

B) It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, PO28X977W, .

Which type of attack is social engineering? A. trojan B. MITM C. phishing D. malware

C. phishing

What are two DDoS attack categories? (Choose two.) A. protocol B. source-based C. database D. sequential E. volume-based

A. protocol E. volume-based Protocol Attacks: Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more Volume Based: Includes UDP floods, ICMP floods, and other spoofed-packet floods. … . … Application Layer Attacks.

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other? A. man-in-the-middle B. LDAP injection C. insecure API D. cross-site scripting

A. man-in-the-middle

How does Cisco Advanced Phishing Protection protect users? A. It utilizes sensors that send messages securely. B. It uses machine learning and real-time behavior analytics. C. It validates the sender by using DKIM. D. It determines which identities are perceived by the sender.

B. It uses machine learning and real-time behavior analytics. Verified Cisco Advanced Phishing Protection provides Business Email Compromise (BEC) and phishing detection capabilities. It detects identity deception-based threats by performing reputation checks on sender addresses by using advanced machine learning techniques and added intelligence. This intelligence continuously adapts to drive a real-time understanding of senders and provides enhanced protection.

How does DNS Tunneling exfiltrate data? A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. B. An attacker opens a reverse DNS shell to get into the clients system and installs malware on it. C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain. D. An attacker uses a non-standard DNS port to gain access to the organizations DNS servers in order to poison the resolutions.

A) An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. DNS tunneling exploits the DNS protocol to tunnel malware and other data through a client-server model. The attacker registers a domain, such as badsite.com. The domain’s name server points to the attacker’s server, where a tunneling malware program is installed.

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the systems applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text? A. unencrypted links for traffic B. weak passwords for authentication C. improper file security D. software bugs on applications

A. unencrypted links for traffic

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing? A. SYN flood B. slowloris C. phishing D. pharming

A. SYN flood

Which two preventive measures are used to control cross-site scripting? (Choose two.) A. Enable client-side scripts on a per-domain basis. B. Incorporate contextual output encoding/escaping. C. Disable cookie inspection in the HTML inspection engine. D. Run untrusted HTML input through an HTML sanitization engine. E. SameSite cookie attribute should not be used.

B. Incorporate contextual output encoding/escaping. D. Run untrusted HTML input through an HTML sanitization engine.

Which threat involves software being used to gain unauthorized access to a computer system? A. ping of death B. HTTP flood C. NTP amplification D. virus

D. virus

Which two capabilities does TAXII support? (Choose two.) A. exchange B. pull messaging C. binding D. correlation E. mitigating

A. exchange B. pull messaging Verified correct

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.) A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically. B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device. C. The IPsec configuration that is set up on the active device must be duplicated on the standby device. D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically. E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device. E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.html#:~:text=Stateful%20failover%20for%20IPsec%20requires,accelerator%20or%20identical%20encryption%20accelerators. Restrictions for Stateful Failover for IPsec When configuring redundancy for a VPN, the following restrictions apply: Both the active and standby devices must run the identical version of the Cisco IOS software, and both the active and standby devices must be connected via a hub or switch.

Which algorithm provides encryption and authentication for data plane communication? A. AES-GCM B. SHA-96 C. AES-256 D. SHA-384

A. AES-GCM https://en.wikipedia.org/wiki/Galois/Counter_Mode In the Cisco SD-WAN network for unicast traffic, data plane encryption is done by AES-256-GCM, a symmetric-key algorithm that uses the same key to encrypt outgoing packets and to decrypt incoming packets. Each router periodically generates an AES key for its data path (specifically, one key per TLOC) and transmits this key to the vSmart controller in OMP route packets, which are similar to IP route updates. These packets contain information that the vSmart controller uses to determine the network topology, including the router’s TLOC (a tuple of the system IP address and traffic color) and AES key. The vSmart controller then places these OMP route packets into reachability advertisements that it sends to the other routers in the network. In this way, the AES keys for all the routers are distributed across the network. Even though the key exchange is symmetric, the routers use it in an asymmetric fashion. The result is a simple and scalable key exchange process that uses the Cisco vSmart Controller. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge/security-book/security-overview.html#id_112385

DRAG DROP - Drag and drop the capabilities from the left onto the correct technologies on the right. Select and Place: Next-Gen IPS Advanced Malware Protection Application Control and URL Filtering WSA Detection, Blocking, Tracking, Anaylysis, and Remediation to protect against targeted persistent malware attacks Superior Threat Prevention and mitigation for known and unknown threats Application layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs Combined integrated solution of strong defense and web protection, visibility and controlling solutions

Next Gen IPS - Superior Threat Prevention and mitigation for known and unknown threats AMP - Detection, Blocking, Tracking, Anaylysis, and Remediation to protect against targeted persistent malware attacks Application Control and URL Filtering - Application layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs WSA - Combined integrated solution of strong defense and web protection, visibility and controlling solutions

Which two key and block sizes are valid for AES? (Choose two.) A. 64-bit block size, 112-bit key length B. 64-bit block size, 168-bit key length C. 128-bit block size, 192-bit key length D. 128-bit block size, 256-bit key length E. 192-bit block size, 256-bit key length

C. 128-bit block size, 192-bit key length D. 128-bit block size, 256-bit key length https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Which two descriptions of AES encryption are true? (Choose two.) A. AES is less secure than 3DES. B. AES is more secure than 3DES. C. AES can use a 168-bit key for encryption. D. AES can use a 256-bit key for encryption. E. AES encrypts and decrypts a key three times in sequence.

B. AES is more secure than 3DES D. AES can use a 256-bit key for encryption.

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol? A. STIX B. XMPP C. pxGrid D. SMTP

A. STIX

DRAG DROP - Drag and drop the descriptions from the left onto the correct protocol versions on the right. Select and Place: IKEv1 - IKEv2 - Standard includes NAT-T Uses 6 Packets in main mode to establish phase 1 Uses four packets to establish phase 1 and phase 2 uses three packets in aggressive mode to establish phase 1 uses EAP for authenticating remote access clients

IKEv1 Uses 6 Packets in main mode to establish phase 1 uses three packets in aggressive mode to establish phase 1 IKEv2 Standard includes NAT-T Uses four packets to establish phase 1 and phase 2 uses EAP for authenticating remote access clients

Which VPN technology can support a multivendor environment and secure traffic between sites? A. SSL VPN B. GET VPN C. FlexVPN D. DMVPN

C. FlexVPN ???

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity? A. DMVPN B. FlexVPN C. IPsec DVTI D. GET VPN

D. GET VPN

What is the commonality between DMVPN and FlexVPN technologies? A. FlexVPN and DMVPN use the new key management protocol, IKEv2 B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes C. IOS routers run the same NHRP code for DMVPN and FlexVPN D. FlexVPN and DMVPN use the same hashing algorithm

C. IOS routers run the same NHRP code for DMVPN and FlexVPN

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN? A. DTLSv1 B. TLSv1 C. TLSv1.1 D. TLSv1.2

A. DTLSv1

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats? A. Talos B. PSIRT C. SCIRT D. DEVNET

A. Talos

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used? A. Common Vulnerabilities, Exploits and Threats B. Common Vulnerabilities and Exposures C. Common Exploits and Vulnerabilities D. Common Security Exploits

B. Common Vulnerabilities and Exposures

Which two features of Cisco DNA Center are used in a Software-Defined Network solution? (Choose two.) A. accounting B. assurance C. automation D. authentication E. encryption

B. Assurance C. Automation

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI? A. ASDM B. NetFlow C. API D. desktop client

C. API

What is a function of 3DES in reference to cryptography? A. It encrypts traffic. B. It creates one-time-use passwords. C. It hashes files. D. It generates private keys.

A. It encrypts traffic.

Which two activities can be done using Cisco DNA Center? (Choose two.) A. DHCP B. design C. accounting D. DNS E. provision

B. Design E. Provision

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server? A. terminal B. selfsigned C. url D. profile

Chat GPT says - C. URL ??? Cards say - D. Profile ???

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? A. southbound API B. westbound API C. eastbound API D. northbound API

D. northbound API

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2? A. sniffing the packets between the two hosts B. sending continuous pings C. overflowing the buffers memory D. inserting malicious commands into the database

D. inserting malicious commands into the database

What is the function of SDN southbound API protocols? A. to allow for the static configuration of control plane applications B. to enable the controller to use REST C. to enable the controller to make changes D. to allow for the dynamic configuration of control plane applications

C. to enable the controller to make changes

DRAG DROP - Drag and drop the threats from the left onto examples of that threat on the right. Select and Place: DoS/DDoS Insecure APIs Data Breach Compromised Credentials A stolen customer database that contained social security numbers and was published online A phishing site appearing to be legitimate login page captures user login information An application attack using botnets from multiple remote locations that flood a web appliccation causing a degraded performance or a complete outage A malicious user gained access to an organization's database from a cloud-based application programming interface that lacked strong authentication controls.

DoS/DDoS: An application attack using botnets from multiple remote locations that flood a web application, causing degraded performance or a complete outage. Insecure APIs: A malicious user gaining access to an organization's database from a cloud-based application programming interface that lacks strong authentication controls. Compromised Credentials: A phishing site appearing to be a legitimate login page captures user login information. Data Breach: A stolen customer database that contained social security numbers and was published online.

What is the difference between Cross-site Scripting and SQL Injection attacks? A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated. B. Cross-site Scripting is an attack where code is executed from the server-side, whereas SQL Injection is an attack where code is executed from the client-side. C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack. D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B. Cross-site Scripting is an attack where code is executed from the server-side, whereas SQL Injection is an attack where code is executed from the client-side.

Drag and drop the common security threats from the left onto the definitions on the right. Phishing: botnet: spam: worm: a software progam that copies itself from one computer to another unwanted messages in an email inbox group of computers connected to the internet that have been compromised by a hacker fraudulent attempts by cyber criminals to obtain private information

Phishing: fraudulent attempts by cyber criminals to obtain private information botnet: group of computers connected to the internet that have been compromised by a hacker spam: unwanted messages in an email inbox worm: a software progam that copies itself from one computer to another

Which type of dashboard does Cisco DNA Center provide for complete control of the network? A. distributed management B. service management C. application management D. centralized management

D. centralized management

A. The list of computers, policies, and connector statuses will be received from Cisco AMP. B. The list of computers and their current vulnerabilities will be received from Cisco AMP. C. The compromised computers and malware trajectories will be received from Cisco AMP. D. The compromised computers and what compromised them will be received from Cisco AMP.

A. The list of computers, policies, and connector statuses will be received from Cisco AMP. See Notepad

With which components does a southbound API within a software-defined network architecture communicate? A. applications B. controllers within the network C. appliances D. devices such as routers and switches

D. devices such as routers and switches

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources? A. BYOD onboarding B. MAC authentication bypass C. client provisioning D. Simple Certificate Enrollment Protocol

D. Simple Certificate Enrollment Protocol

What are two characteristics of Cisco DNA Center APIs? (Choose two.) A. They are Cisco proprietary. B. They do not support Python scripts. C. They view the overall health of the network. D. They quickly provision new devices. E. Postman is required to utilize Cisco DNA Center API calls.

C. They view the overall health of the network. D. They quickly provision new devices.

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true? A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled. B. A sysopt command can be used to enable NSEL on a specific interface. C. NSEL can be used without a collector configured. D. A flow-export event type must be defined under a policy.

D. A flow-export event type must be defined under a policy.???

Which feature requires a network discovery policy on the Cisco Firepower NGIPS? A. security intelligence B. impact flags C. health monitoring D. URL filtering

B. impact flags https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/introduction_to_network_discovery_and_identity.html?bookSearch=true

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System? A. correlation B. intrusion C. access control D. network discovery

D. network discovery

What is a characteristic of traffic storm control behavior? A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. B. Traffic storm control cannot determine if the packet is unicast or broadcast. C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true? A. The authentication request contains only a password B. The authentication request contains only a username C. The authentication and authorization requests are grouped in a single packet. D. There is separate authentication and authorization request packets. aaa new-model radius-server host 10.0.0.12 key secret12

C. The authentication and authorization requests are grouped in a single packet.

Refer to the exhibit. What does the number 15 represent in this configuration? A. privilege level for an authorized user to this router B. access-list that identifies the SNMP devices that can access the router C. interval in seconds between SNMPv3 authentication attempts D. number of possible failed attempts until the SNMPv3 user is locked out snmp-server group SNMP v3 auth access 15

A. privilege level for an authorized user to this router

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command? A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

Which command enables 802.1X globally on a Cisco switch? A. dot1x system-auth-control B. dot1x pae authenticator C. authentication port-control auto D. aaa new-model

A. dot1x system-auth-control Verified To globally enable 802.1x authentication on the switch, use the dot1x system-auth-control command in Global Configuration mode. https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5635-configure-global-802-1x-properties-on-a-switch-through-the-c.html

What is a characteristic of Dynamic ARP Inspection? A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database. B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted. C. DAI associates a trust state with each switch. D. DAI intercepts all ARP requests and responses on trusted ports only.

A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database. Verified

Which statement about IOS zone-based firewalls is true? A. An unassigned interface can communicate with assigned interfaces B. Only one interface can be assigned to a zone. C. An interface can be assigned to multiple zones. D. An interface can be assigned only to one zone.

D. An interface can be assigned only to one zone.

When wired 802.1X authentication is implemented, which two components are required? (Choose two.) A. authentication server: Cisco Identity Service Engine B. supplicant: Cisco AnyConnect ISE Posture module C. authenticator: Cisco Catalyst switch D. authenticator: Cisco Identity Services Engine E. authentication server: Cisco Prime Infrastructure

A. authentication server: Cisco Identity Service Engine C. authenticator: Cisco Catalyst switch https://www.lookingpoint.com/blog/ise-series-802.1x

Which SNMPv3 configuration must be used to support the strongest security possible? A. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy B. asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy C. asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy D. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D. asa-host (config) # SNMP-server group myv3 v3 priv asa-host (config) #SNMP-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host (config) #SNMP-server host inside 10.255.254.1 version 3 andy

Under which two circumstances is a CoA issued? (Choose two.) A. A new authentication rule was added to the policy on the Policy Service node. B. An endpoint is deleted on the Identity Service Engine server. C. A new Identity Source Sequence is created and referenced in the authentication policy. D. An endpoint is profiled for the first time. E. A new Identity Service Engine server is added to the deployment with the Administration persona.

B. An endpoint is deleted on the Identity Service Engine server. D. An endpoint is profiled for the first time.

Which ASA deployment mode can provide separation of management on a shared appliance? A. DMZ multiple zone mode B. transparent firewall mode C. multiple context mode D. routed mode

C. multiple context mode

What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging? A. It tracks flow-create, flow-teardown, and flow-denied events. B. It provides stateless IP flow tracking that exports all records of a specific flow. C. It tracks the flow continuously and provides updates every 10 seconds. D. Its events match all traffic classes in parallel.

A. It tracks flow-create, flow-teardown, and flow-denied events

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0383320506 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal? A. snmp-server host inside 10.255.254.1 snmpv3 andy B. snmp-server host inside 10.255.254.1 version 3 myv3 C. snmp-server host inside 10.255.254.1 snmpv3 myv3 D. snmp-server host inside 10.255.254.1 version 3 andy

D. SNMP-server host inside 10.255.254.1 version 3 andy https://www.cisco.com/c/en/us/td/docs/security/asa/snmp/snmpv3_tools/snmpv3_1.html

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used? A. flow exporter B. ip flow-export destination 1.1.1.1 2055 C. flow-export destination inside 1.1.1.1 2055 D. ip flow monitor input

C. flow-export destination inside 1.1.1.1 2055 https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/guide/asa_netflow.html

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0383320506 address 0.0.0.0 command on host A. The tunnel is not being established to host B. What action is needed to authenticate the VPN? A. Change the password on host A to the default password B. Enter the command with a different password on host B C. Enter the same command on host B D. Change isakmp to ikev2 in the command on host A

C. Enter the same command on host B

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.) A. Define a NetFlow collector by using the flow-export command B. Create a class map to match interesting traffic C. Create an ACL to allow UDP traffic on port 9996 D. Enable NetFlow Version 9 E. Apply NetFlow Exporter to the outside interface in the inbound direction

A. Define a NetFlow collector by using the flow-export command B. Create a class map to match interesting traffic

Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration? A. set the IP address of an interface B. add subinterfaces C. complete no configurations D. complete all configurations Router (config) # username admin5 privilege 5 Router (config) # privilege interface level 5 shutdown Router (config) # privilege interface level 5 ip Router (config) # privilege interface level 5 description

C. complete no configurations

How many interfaces per bridge group does an ASA bridge group deployment support? A. up to 16 B. up to 2 C. up to 4 D. up to 8

C. up to 4

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the Interface status of all interfaces, and there is no err-disabled interface. What is causing this problem? A. DHCP snooping has not been enabled on all VLANs B. Dynamic ARP inspection has not been enabled on all VLANs C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users D. The no ip arp inspection trust command is applied on all user host interfaces

A. DHCP snooping has not been enabled on all VLANs

An engineer needs behavioral analysis to detect malicious activity on the hosts and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal? A. sFlow B. NetFlow C. mirror port D. VPC flow logs

D. VPC flow logs

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal? A. Generate the RSA key using the crypto key generate rsa command. B. Configure the port using the ip ssh port 22 command. C. Enable the SSH server using the ip ssh server command. D. Disable telnet using the no ip telnet command.

A. Generate the RSA key using the crypto key generate rsa command

Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity? A. ip dhcp snooping limit 41 B. ip dhcp snooping verify mac-address C. ip dhcp snooping trust D. ip dhcp snooping vlan 41

C. ip dhcp snooping trust

Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue? A. Site-to-site VPN preshared keys are mismatched. B. Site-to-site VPN peers are using different encryption algorithms. C. No split-tunnel policy is defined on the Firepower Threat Defense appliance. D. The access control policy is not allowing VPN traffic in. Showing 0 encaps 17 decaps

D. The access control policy is not allowing VPN traffic in.

Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output? A. interesting traffic was not applied B. encryption algorithm mismatch C. authentication key mismatch D. hashing algorithm mismatch showing retransmitting phase 1 MM_KEY_EXCH

C. authentication key mismatch

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment? A. group policy B. access control policy C. device management policy D. platform settings policy

D. platform settings policy

D. platform service policy

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform? A. Certificate Trust List B. Endpoint Trust List C. Enterprise Proxy Service D. Secured Collaboration Proxy

A. Certificate Trust LIst???

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.) A. SIP B. inline normalization C. SSL D. packet decoder E. modbus

A. SIP C. SSL Verified

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center? A. quality of service B. time synchronization C. network address translations D. intrusion policy

B. time synchronization

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats? A. Cisco Umbrella B. External Threat Feeds C. Cisco Threat Grid D. Cisco Stealthwatch

B. External Threat Feeds

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device? A. aaa server radius dynamic-author B. auth-type all C. aaa new-model D. ip device-tracking

C. aaa new-model

What is a characteristic of Firepower NGIPS inline deployment mode? A. ASA with Firepower module cannot be deployed B. It cannot take actions such as blocking traffic C. It is out-of-band from traffic D. It must have inline interface pairs configured

D. It must have inline interface pairs configured

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs? A. routed mode B. multiple zone mode C. multiple context mode D. transparent mode

C. multiple context mode

What is managed by Cisco Security Manager? A. Cisco WLC B. Cisco ESA C. Cisco WSA D. Cisco ASA

D. Cisco ASA

An organization is trying to improve its Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal? A. Cisco Firepower B. Cisco Umbrella C. Cisco ISE D. Cisco AMP

B. Cisco Umbrella

An engineer notices traffic interruptions on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue? A. Storm Control B. embedded event monitoring C. access control lists D. Bridge Protocol Data Unit guard

A. Storm Control

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs? A. Multiple NetFlow collectors are supported. B. Advanced NetFlow v9 templates and legacy v5 formatting are supported. C. Secure NetFlow connectors are optimized for Cisco Prime Infrastructure D. Flow-create events are delayed.

Multiple NetFlow collectors are supported.

What is a key difference between Cisco Firepower and Cisco ASA? A. Cisco Firepower provides identity-based access control while Cisco ASA does not. B. Cisco AS provides access control while Cisco Firepower does not. C. Cisco ASA provides SSL inspection while Cisco Firepower does not. D. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

DRAG DROP - Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right. Select and Place: Privilege escalation User login suspicous behavior Interesting file access File access from a different user

Privilege escalation: watches for movement in the process lineage tree User login suspicious behavior: watches user access failures and methods Interesting file access: armed to look at sensitive files File access from a different user: learns the normal behavior of users Tetration is now called Secure Workload

What is the benefit of using Cisco FMC over Cisco ASDM? A. Cisco FMC uses Java while Cisco ASDM uses HTML5. B. Cisco FMC provides centralized management while Cisco ASDM does not. C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not. D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices.

Cisco FMC provides centralized management while Cisco ASDM does not.

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products? A. Threat Intelligence Director B. Encrypted Traffic Analytics. C. Cognitive Threat Analytics. D. Cisco Talos Intelligence

A. Threat Intelligence Director

A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.) A. permit B. allow C. reset D. trust E. monitor

D. trust E. monitor

What is a characteristic of a bridge group in a Cisco ASA Firewall running in transparent mode? A. It has an IP address on its BVI interface and is used for management traffic. B. It allows ARP traffic with a single access rule. C. It includes multiple interfaces and access rules between interfaces are customizable. D. It is a Layer 3 segment and includes one port and customizable access rules.

D. It is a Layer 3 segment and includes one port and customizable access rules.

While using Cisco Firepowers Security Intelligence policies, which two criteria is blocking based upon? (Choose two.) A. IP addresses B. URLs C. port numbers D. protocol IDs E. MAC addresses

A. IP addresses B. URLs

What features does Cisco FTDv provide over Cisco ASAv? A. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not. B. Cisco FTDv runs on VMware while Cisco ASAv does not. C. Cisco FTDv runs on AWS while Cisco ASAv does not. D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases? A. need to be reestablished with stateful failover and preserved with stateless failover B. preserved with both stateful and stateless failover C. need to be reestablished with both stateful and stateless failover D. preserved with stateful failover and need to be reestablished with stateless failover

D. preserved with stateful failover and need to be reestablished with stateless failover

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos? A. authoring B. consumption C. sharing D. analysis

B. consumption

An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished? A. Set a trusted interface for the DHCP server. B. Set the DHCP snooping bit to 1. C. Enable ARP inspection for the required VLAN. D. Add entries in the DHCP snooping database.

A. Set a trusted interface for the DHCP server.

What is a prerequisite when integrating a Cisco ISE server and an AD domain? A. Configure a common administrator account. B. Place the Cisco ISE server and the AD server in the same subnet. C. Synchronize the clocks of the Cisco ISE server and the AD server. D. Configure a common DNS server.

C. Synchronize the clocks of the Cisco ISE server and the AD server.

When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4? A. The key server that is managing the keys for the connection will be at 1.2.3.4. B. The address that will be used as the crypto validation authority. C. All IP addresses other than 1.2.3.4 will be allowed. D. The remote connection will only be allowed from 1.2.3.4.

D. The remote connection will only be allowed from 1.2.3.4.

A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this? A. define the encryption algorithm to be used by SNMPv3 B. set the password to be used for SNMPv3 authentication C. map SNMPv3 users to SNMP views D. specify the UDP port used by SNMP

C. map SNMPv3 users to SNMP views

Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this? A. Method B. SAML Server C. AAA Server Group D. Group Policy The Example shows the config set AAA Server Group Local

A. Method

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this? A. Network Discovery B. Access Control C. Packet Tracer D. NetFlow

D. NetFlow

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392481137. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however is unable to do so. Which command is required to enable the client to accept the servers authentication key? A. ntp server 1.1.1.2 key 1 B. ntp peer 1.1.1.2 key 1 C. ntp server 1.1.1.1 key 1 D. ntp peer 1.1.1.1 key 1

C. ntp server 1.1.1.1 key 1

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.) A. Enable the snmp-server enable traps command and wait 300 seconds. B. Use EEM to have the ports return to service automatically in less than 300 seconds C. Ensure that interfaces are configured with the error-disable detection and recovery feature. D. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval. E. Enter the shutdown and no shutdown commands on the interfaces.

C. Ensure that interfaces are configured with the error-disable detection and recovery feature. E. Enter the shutdown and no shutdown commands on the interfaces.

Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD uses a registration key of Cisc392481137 and is not behind a NAT device. Which command is needed to enable this on the Cisco FTD A. configure manager add 16 B. configure manager add DONTRESOLVE FTD123 C. configure manager add D. configure manager add DONTRESOLVE In the exhibit: Unique NAT ID is set to 16

A. configure manager add 16

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this? A. a Network Analysis policy to receive NetFlow data from the host B. a File Analysis policy to send file data into Cisco Firepower C. a Network Discovery policy to receive data from the host D. a Threat Intelligence policy to download the data from the host

C. A Network Discovery policy to receive data from the host

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users? A. file access from a different user B. user login suspicious behavior C. privilege escalation D. interesting file access

A. file access from a different user

Which deployment model is the most secure when considering risks to cloud adoption? A. public cloud B. hybrid cloud C. community cloud D. private cloud

D. private cloud

What does the Cisco Cloudlock Firewall do to mitigate security concerns from an application perspective? A. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously. B. It discovers and controls cloud apps that are connected to a company’s corporate environment. C. It deletes any application that does not belong in the network. D. It sends the application information to an administrator to act on.

B. It discovers and controls cloud apps that are connected to a company’s corporate environment.

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries? A. DNS tunneling B. DNSCrypt C. DNS security D. DNSSEC

A. DNS tunneling

Which technology reduces data loss by identifying sensitive information stored in public computing environments? A. Cisco SDA B. Cisco Firepower C. Cisco HyperFlex D. Cisco Cloudlock

D. Cisco Cloudlock

In which cloud services model is the tenant responsible for virtual machine OS patching? A. IaaS B. UCaaS C. PaaS D. SaaS

A. IaaS

What is the function of Cisco Cloudlock for data security? A. data loss prevention B. controls malicious cloud apps C. detects anomalies D. user and entity behavior analytics

A. data loss prevention

Which feature is supported when deploying Cisco ASAv within AWS public cloud? A. multiple context mode B. user deployment of Layer 3 networks C. IPv6 D. clustering

B. user deployment of Layer 3 networks

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure? A. PaaS B. XaaS C. IaaS D. SaaS

A. PaaS

Which risk is created when using an Internet browser to access cloud-based service? A. misconfiguration of Infra, which allows unauthorized access B. intermittent connection to the cloud connectors C. vulnerabilities within protocol D. insecure implementation of API

C. vulnerabilities within protocol

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise? A. Cisco AppDynamics B. Cisco Cloudlock C. Cisco Umbrella D. Cisco AMP

B. Cisco Cloudlock

Which two aspects of the cloud PaaS model are managed by the customer? (Choose two.) A. middleware B. applications C. virtualization D. operating systems E. data

B. applications E. data

Which public cloud provider supports the Cisco Next-Generation Firewall Virtual? A. Google Cloud Platform B. Red Hat Enterprise Virtualization C. Amazon Web Services D. VMware ESXi

C. Amazon Web Services

What is an attribute of the DevSecOps process? A. security scanning and theoretical vulnerabilities B. development security C. isolated security team D. mandated security controls and check lists

B. development security

On which part of the IT environment does DevSecOps focus? A. application development B. wireless network C. data center D. perimeter network

A. application development

In a PaaS model, which layer is the tenant responsible for maintaining and patching? A. hypervisor B. virtual machine C. network D. application

D. application

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.) A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS B. Cisco FTDv with one management interface and two traffic interfaces configured C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on-premises D. Cisco FTDv with two management interfaces and one traffic interface configured E. Cisco FTDv configured in routed mode and IPv6 configured

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway? A. Enable IP Layer enforcement. B. Activate the Cisco AMP license. C. Activate SSL decryption. D. Enable Intelligent Proxy.

D. Enable Intelligent Proxy.

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal? A. Cisco ISE B. Web Security Appliance C. Security Manager D. Cloudlock

D. Cloudlock

What are the two types of managed Intercloud Fabric deployment models? (Choose two.) A. Service Provider managed B. User managed C. Public managed D. Hybrid managed E. Enterprise managed

A. Service Provider managed E. Enterprise managed Intercloud Fabric Deployment Models Cisco Intercloud Fabric addresses the cloud deployment requirements appropriate for two-hybrid cloud deployment models: Enterprise Managed and Service Provider Managed.

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal? A. CASB B. Cisco Cloudlock C. Adaptive MFA D. SIEM

B. Cisco Cloudlock

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal? A. Cisco Defense Orchestrator B. Cisco Configuration Professional C. Cisco Secureworks D. Cisco DNA Center

A. Cisco Defense Orchestrator

Which factor must be considered when choosing the on-premise solution over the cloud-based one? A. With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it. B. With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product. C. With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product. D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements? A. Cisco NGFW B. Cisco Cloudlock C. Cisco Cloud Email Security D. Cisco Umbrella

B. Cisco Cloudlock

In an IaaS cloud services model, which security function is the provider responsible for managing? A. firewalling virtual machines B. Internet proxy C. hypervisor OS hardening D. CASB

C. hypervisor OS hardening

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring? A. Client computers do not have an SSL certificate deployed from an internal CA server. B. Client computers do not have the Cisco Umbrella Root CA certificate installed. C. IP-Layer Enforcement is not configured. D. Intelligent proxy and SSL decryption is disabled in the policy.

B. Client computers do not have the Cisco Umbrella Root CA certificate installed.

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic? A. File Analysis B. SafeSearch C. SSL Decryption D. Destination Lists

C. SSL Decryption

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats? A. Application Control B. Security Category Blocking C. Content Category Blocking D. File Analysis

B. Security Category Blocking

How is Cisco Umbrella configured to log only security events? A. per policy B. in the Reporting settings C. in the Security Settings section D. per network in the Deployments section

A. per policy

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious? A. Cisco AMP B. Cisco AnyConnect C. Cisco Dynamic DNS D. Cisco Talos

D. Cisco Talos

Where are individual sites specified to be blacklisted in Cisco Umbrella? A. application settings B. content categories C. security settings D. destination lists

D. destination lists

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing? A. Ensure that the client computers are pointing to the on-premises DNS servers. B. Enable the Intelligent Proxy to validate that traffic is being routed correctly. C. Add the public IP address that the client computers are behind to a Core Identity. D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

How does Cisco Umbrella archive logs to an enterprise-owned storage? A. by using the Application Programming Interface to fetch the logs B. by sending logs via syslog to an on-premises or cloud-based syslog server C. by the system administrator downloading the logs from the Cisco Umbrella web portal D. by being configured to send logs to a self-managed AWS S3 bucket

D. by being configured to send logs to a self-managed AWS S3 bucket

Which API is used for Content Security? A. NX-OS API B. IOS XR API C. OpenVuln API D. AsyncOS API

D. AsyncOS API

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic? A. IP Blacklist Center B. File Reputation Center C. AMP Reputation Center D. IP and Domain Reputation Center

D. IP and Domain Reputation Center Verified

What is the primary role of the Cisco Email Security Appliance? A. Mail Submission Agent B. Mail Transfer Agent C. Mail Delivery Agent D. Mail User Agent

B. Mail Transfer Agent

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.) A. DDoS B. antispam C. antivirus D. encryption E. DLP Reveal Solution

C. antivirus E. DLP ???

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication? A. Configure the Cisco ESA to reset the TCP connection. B. Configure policies to stop and reject communication. C. Configure the Cisco ESA to drop the malicious emails. D. Configure policies to quarantine malicious emails.

B. Configure policies to stop and reject communication.

Refer to the exhibit. What is a result of the configuration? A. Traffic from the DMZ network is redirected. B. Traffic from the inside network is redirected. C. All TCP traffic is redirected. D. Traffic from the inside and DMZ networks is redirected.

D. Traffic from the inside and DMZ networks is redirected.

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this? A. Configure the Cisco WSA to modify policies based on the traffic seen. B. Configure the Cisco ESA to modify policies based on the traffic seen. C. Configure the Cisco WSA to receive real-time updates from Cisco Talos. D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.

D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.) A. The Cisco WSA responds with its own IP address only if it is running in explicit mode. B. The Cisco WSA is configured in a web browser only if it is running in transparent mode. C. The Cisco WSA responds with its own IP address only if it is running in transparent mode. D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode. E. When the Cisco WSA is running in transparent mode, it uses the WSAs own IP address as the HTTP request destination.

A. The Cisco WSA responds with its own IP address only if it is running in explicit mode. D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

Which technology is used to improve web traffic performance by proxy caching? A. WSA B. Firepower C. FireSIGHT D. ASA

A. WSA

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP? A. transparent B. redirection C. forward D. proxy gateway

A. transparent

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options? A. It decrypts HTTPS application traffic for unauthenticated users. B. It alerts users when the WSA decrypts their traffic. C. It decrypts HTTPS application traffic for authenticated users. D. It provides enhanced HTTPS application detection for AsyncOS.

D. It provides enhanced HTTPS application detection for AsyncOS.

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis? A. The ESA immediately makes another attempt to upload the file. B. The file upload is abandoned. C. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload. D. The file is queued for upload when connectivity is restored

B. The file upload is abandoned.

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses? A. SAT B. BAT C. HAT D. RAT

D. RAT

Why would a user choose an on-premises ESA versus the CES solution? A. Sensitive data must remain onsite. B. Demand is unpredictable. C. The server team wants to outsource this service. D. ESA is deployed inline.

A. Sensitive data must remain onsite.

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.) A. Sophos engine B. white list C. RAT D. outbreak filters E. DLP

A. Sophos engine D. outbreak filters

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future? A. Modify web proxy settings. B. Modify outbound malware scanning policies. C. Modify identification profiles. D. Modify an access policy.

A. Modify web proxy settings.

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal? A. Configure Directory Harvest Attack Prevention B. Bypass LDAP access queries in the recipient access table. C. Use Bounce Verification. D. Configure incoming content filters.

A. Configure Directory Harvest Attack Prevention

In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.) A. use Web Cache Communication Protocol B. configure AD Group Policies to push proxy settings C. configure the proxy IP address in the web-browser settings D. configure policy-based routing on the network infrastructure E. reference a Proxy Auto-Config file

A. use Web Cache Communication Protocol D. configure policy-based routing on the network infrastructure Verified

What is the function of the Context Directory Agent? A. reads the AD logs to map IP addresses to usernames B. relays user authentication requests from Cisco WSA to AD C. maintains users group memberships D. accepts user authentication requests on behalf of Cisco WSA for user identification

A. reads the AD logs to map IP addresses to usernames

D. 1 5 Trusted 4 Favorable 3 Neutral 2 Questionable 1 Untrusted

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue? A. The policy was created to send a message to quarantine instead of drop. B. The file has a reputation score that is below the threshold. C. The file has a reputation score that is above the threshold. D. The policy was created to disable file analysis.

D. The policy was created to disable file analysis.

An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability? A. deliver and add disclaimer text B. quarantine and send a DLP violation notification C. quarantine and alter the subject header with a DLP violation D. deliver and send copies to other recipient

B. quarantine and send a DLP violation notification

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two.) A. Deploy the Cisco ESA in the DMZ. B. Use outbreak filters from SenderBase. C. Configure a recipient access table. D. Enable a message tracking service. E. Scan quarantined emails using AntiVirus signatures.

B. Use outbreak filters from SenderBase. E. Scan quarantined emails using AntiVirus signatures. Verified correct

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task? A. Use destination block lists. B. Configure application block lists. C. Configure the intelligent proxy. D. Set content settings to High.

C. Configure the intelligent proxy Verified

Which attack is preventable by Cisco ESA but not by the Cisco WSA? A. SQL injection B. phishing C. buffer overflow D. DoS

B. phishing

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application-specific activity. After enabling the AVC engine, what must be done to implement this? A. Use security services to configure the traffic monitor. B. Use URL categorization to prevent application traffic. C. Use an access policy group to configure application control settings. D. Use web security reporting to validate engine functionality.

C. Use an access policy group to configure application control settings.

Which benefit does endpoint security provide the overall security posture of an organization? A. It streamlines the incident response process to automatically perform digital forensics on the endpoint. B. It allows the organization to mitigate web-based attacks as long as the user is active in the domain. C. It allows the organization to detect and respond to threats at the edge of the network. D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.) A. blocked ports B. simple custom detections C. command and control D. allowed applications E. URL

B. simple custom detections D. allowed applications

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.) A. computer identity B. Windows service C. user identity D. Windows firewall E. default browser

B. Windows service D. Windows firewall Verified

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment? A. NGFW B. AMP C. WSA D. ESA

B. AMP

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.) A. Patch for cross-site scripting. B. Perform backups to the private cloud. C. Protect against input validation and character escapes in the endpoint. D. Install a spam and virus email filter. E. Protect systems with an up-to-date antimalware program.

D. Install a spam and virus email filter. E. Protect systems with an up-to-date antimalware program.

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.) A. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. B. Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network. C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response? A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses. B. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses. C. EPP focuses on network security, and EDR focuses on device security. D. EDR focuses on network security, and EPP focuses on device security.

A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task? A. device flow correlation B. simple detections C. application blocking list D. advanced custom detections

C. application blocking list

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal? A. Port Bounce B. CoA Terminate C. CoA Reauth D. CoA Session Query

C. CoA Reauth

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.) A. malware B. denial-of-service attacks C. ARP spoofing D. exploits E. eavesdropping

A. malware D. exploits

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE? A. It adds endpoints to identity groups dynamically B. It allows the endpoint to authenticate with 802.1x or MAB C. It allows CoA to be applied if the endpoint status is compliant D. It verifies that the endpoint has the latest Microsoft security patches installed

D. It verifies that the endpoint has the latest Microsoft security patches installed

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work? A. SNMP B. NMAP C. DHCP D. NetFlow

B. NMAP Verified

What is the benefit of installing Cisco AMP for Endpoints on a network? A. It enables behavioral analysis to be used for the endpoints B. It provides flow-based visibility for the endpoints network connections. C. It protects endpoint systems through application control and real-time scanning. D. It provides operating system patches on the endpoints for security.

C. It protects endpoint systems through application control and real-time scanning Verified

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them? A. because defense-in-depth stops at the network B. because human error or insider threats will still exist C. to prevent theft of the endpoints D. to expose the endpoint to more threats

B. because human error or insider threats will still exist

What must be configured in Cisco ISE to enforce re-authentication of an endpoint session when an endpoint is deleted from an identity group? A. SNMP probe B. CoA C. external identity source D. posture assessment

B. CoA Verified

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform? A. when there is a need to have more advanced detection capabilities B. when there is no firewall on the network C. when there is a need for traditional anti-malware detection D. when there is no need to have the solution centrally managed

A. when there is a need to have more advanced detection capabilities Verified

Which two probes are configured to gather attributes of connected endpoints using the Cisco Identity Services Engine? (Choose two.) A. RADIUS B. TACACS+ C. DHCP D. sFlow E. SMTP

A. RADIUS C. DHCP Verified

What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two.) A. single sign-on access to on-premises and cloud applications B. identification and correction of application vulnerabilities before allowing access to resources C. secure access to on-premises and cloud applications D. integration with 802.1x security using native Microsoft Windows supplicant E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

C. secure access to on-premises and cloud applications E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications Verified

What are the two most commonly used authentication factors in multifactor authentication? (Choose two.) A. biometric factor B. time factor C. confidentiality factor D. knowledge factor E. encryption factor

A. biometric factor D. knowledge factor Verified

An MDM provides which two advantages to an organization with regards to device management? (Choose two.) A. asset inventory management B. allowed application management C. AD group policy management D. network device management E. critical device management

A. asset inventory management B. allowed application management Verified

What is the purpose of the My Devices Portal in a Cisco ISE environment? A. to register new laptops and mobile devices B. to manage and deploy antivirus definitions and patches on systems owned by the end-user C. to provision userless and agentless systems D. to request a newly provisioned mobile device

A. to register new laptops and mobile devices Verified

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.) A. It integrates with third-party products to provide better visibility throughout the network. B. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint. C. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints. D. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID). E. It allows multiple security products to share information and work together to enhance security posture in the net

B. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint. D. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID). Verified

What does Cisco AMP for Endpoints use to help an organization detect different families of malware? A. Tetra Engine to detect malware when the endpoint is connected to the cloud B. ClamAV Engine to perform email scanning C. Spero Engine with machine learning to perform dynamic analysis D. Ethos Engine to perform fuzzy fingerprinting

D. Ethos Engine to perform fuzzy fingerprinting Verified Spero: A machine-learning-based technology that proactively identifies threats that were previously unknown. Uses active heuristics to gather execution attributes Needs good data in large sets to tune Built to identify new malware Ethos: A generic signature capability, again ostensibly similar to the generic detection capabilities that some vendors provide. Directed at families of malware Can have more false positives than 1-to-1 signatures

What is the benefit of conducting device compliance checks? A. It validates if anti-virus software is installed. B. It scans endpoints to determine if malicious activity is taking place. C. It indicates what type of operating system is connecting to the network. D. It detects email phishing attacks.

A. It validates if anti-virus software is installed Verified

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak? A. Cisco Prime Infrastructure B. Cisco ESA C. Cisco WiSM D. Cisco ISE

D. Cisco ISE

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details? A. Context Visibility B. Accounting Reports C. Adaptive Network Control Policy List D. RADIUS Live Logs

D. RADIUS Live Logs Verified

What is the role of an endpoint in protecting a user from a phishing attack? A. Ensure that antivirus and antimalware software is up-to-date. B. Use machine learning models to help identify anomalies and determine expected sending behavior. C. Use Cisco Stealthwatch and Cisco ISE Integration. D. Utilize 802.1X network security to ensure unauthorized access to resources.

A. Ensure that antivirus and antimalware software is up-to-date Verified

Why is it important to implement MFA inside of an organization? A. To prevent brute force attacks from being successful. B. To prevent phishing attacks from being successful. C. To prevent DoS attacks from being successful. D. To prevent man-in-the-middle attacks from being successful.

A. To prevent brute force attacks from being successful Verified

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length? A. flow insight variation B. software package variation C. interpacket variation D. process details variation

C. interpacket variation Verified Flow information: This information contains information about endpoints, protocols, ports, when the flow started, how long the flow was active, etc. Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc. Context details: Context information is derived outside the packet header, including variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.

Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity? A. SNMP B. SMTP C. syslog D. model-driven telemetry

D. model-driven telemetry ?

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.) A. TACACS+ B. central web auth C. single sign-on D. multiple factor auth E. local web auth

B. central web auth E. local web auth

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work? A. RSA SecureID B. Internal Database C. Active Directory D. LDAP

C. Active Directory

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network? A. Cisco Identity Services Engine and AnyConnect Posture module B. Cisco Stealthwatch and Cisco Identity Services Engine integration C. Cisco ASA firewall with Dynamic Access Policies configured D. Cisco Identity Services Engine with PxGrid services enabled

A. Cisco Identity Services Engine and AnyConnect Posture module

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation? A. Nexus B. Stealthwatch C. Firepower D. Tetration

D. Tetration https://www.cisco.com/c/en/us/solutions/security/secure-data-center-solution/index.html#~products

An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements? A. Cisco Prime Infrastructure B. Cisco Identity Services Engine C. Cisco Stealthwatch D. Cisco AMP for Endpoints

B. Cisco Identity Services Engine

How does Cisco Stealthwatch Cloud provide security for cloud environments? A. It delivers visibility and threat detection. B. It prevents exfiltration of sensitive data. C. It assigns Internet-based DNS protection for clients and servers. D. It facilitates secure connectivity between public and private networks.

A. It delivers visibility and threat detection.

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN? A. Cisco Umbrella B. Cisco Firepower NGIPS C. Cisco Stealthwatch D. Cisco Firepower

A. Cisco Umbrella

What must be used to share data between multiple security products? A. Cisco Platform Exchange Grid B. Cisco Rapid Threat Containment C. Cisco Stealthwatch Cloud D. Cisco Advanced Malware Protection

A. Cisco Platform Exchange Grid

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.) A. Messenger applications cannot be segmented with standard network controls B. Malware infects the messenger application on the user endpoint to send company data C. Traffic is encrypted, which prevents visibility on firewalls and IPS systems D. An exposed API for the messaging platform is used to send large amounts of data E. Outgoing traffic is allowed so users can communicate with outside organizations

A. Messenger applications cannot be segmented with standard network controls E. Outgoing traffic is allowed so users can communicate with outside organizations Verified

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic? A. Cisco Security Intelligence B. Cisco Application Visibility and Control C. Cisco Model-Driven Telemetry D. Cisco DNA Center

B. Cisco Application Visibility and Control Verified

What provides visibility and awareness into what is currently occurring on the network? A. CMX B. WMI C. Cisco Prime Infrastructure D. Telemetry

D. Telemetry Verified

How is ICMP used as an exfiltration technique? A. by flooding the destination host with unreachable packets B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host D. by overwhelming a targeted host with ICMP echo-request packets

C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host Verfied

Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing? A. dot1x reauthentication B. cisp enable C. dot1x pae authenticator D. authentication open

C. dot1x pae authenticator Verified

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network? A. UDP 1700 B. TCP 6514 C. UDP 1812 D. TCP 49

A. UDP 1700 Verified RADIUS Change of Authorization (CoA) Send: UDP/1700 RADIUS Change of Authorization (CoA) Listen/Relay: UDP/1700, 3799

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.) A. data exfiltration B. command and control communication C. intelligent proxy D. snort E. URL categorization

A. data exfiltration B. command and control communication Verified

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other? A. Platform Exchange Grid B. Multifactor Platform Integration C. Firepower Threat Defense D. Advanced Malware Protection

A. Platform Exchange Grid Verified

Which compliance status is shown when a configured posture policy requirement is not met? A. authorized B. compliant C. unknown D. noncompliant

D. noncompliant Verified

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements? A. Cisco Stealthwatch B. Cisco Tetration C. Cisco AMP D. Cisco Umbrella

B. Cisco Tetration Verified

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue? A. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud. B. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud. C. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud. D. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud.

B. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud. Verified

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network? A. Use 802.1X with posture assessment. B. Use MAB with profiling. C. Use 802.1X with profiling. D. Use MAB with posture assessment.

B. Use MAB with profiling. Verified

Network traffic between servers (virtual servers or physical servers, containers, and so on). A. East-West B. North-South

A. East-West

Network traffic flowing in and outside the data center. A. East-West B. North-South

B. North-South

Communicate between the SDN controller and the switches and routers within the infrastructure. These APIs can be open or proprietary. A. Northbound API B. Southbound API

B. Southbound API

The link between the applications and the SDN controller. A. Northbound API B. Southbound API

A. Northbound API Northbound APIs (SDN northbound APIs) are typically RESTful APIs that are used to communicate between the SDN controller and the services and applications running over the network. Such northbound APIs can be used for the orchestration and automation of the network components to align with the needs of different applications via SDN network programmability. Cisco has the concept of intent-based networking. On different occasions, you may see northbound APIs referred to as “intent-based APIs.”

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility while making this invisible to the users. What must be done on the Cisco WSA to support these requirements? A. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA. B. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device. C. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device. D. Use the Layer 4 settings in the Cisco WSA to receive explicit forward requests from the network device.

B. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device. Verified

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked? A. Configure the domain.com address in the block list. B. Configure the *.domain.com address in the block list. C. Configure the *.com address in the block list. D. Configure the *domain.com address in the block list.

A. Configure the domain.com address in the block list. Verified

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement? A. Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not. B. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not. C. Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not. D. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not.

D. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not Verified

Which component of Cisco Umbrella architecture increases reliability of the service? A. BGP route reflector B. anycast IP C. AMP Threat Grid D. Cisco Talos

B. anycast IP Verified

A customer has various external HTTP resources available including Intranet, Extranet, and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect directly or when to use a proxy? A. Bridge mode B. Transparent mode C. PAC file D. Forward file

C. PAC file Verified

What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.) A. blocked ports B. simple custom detections C. command and control D. allowed applications E. URL

B. simple custom detections D. allowed applications Verified

Which posture assessment requirement provides options to the client for remediation within a certain timeframe? A. audit B. mandatory C. visibility D. optional

B. mandatory Verified

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but sees only the requests from its public IP addresses instead of each internal IP address. What must be done to resolve this issue? A. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard. B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard. C. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains. D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.

D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address. Verified

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor? A. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud. B. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud. C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. D. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud.

An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements? A. Cisco Umbrella Cloud B. Cisco Stealthwatch Cloud PNM C. Cisco Stealthwatch Cloud PCM D. Cisco Umbrella Om-Premises

B. Cisco Stealthwatch Cloud PNM Verified

Which type of DNS abuse exchanges data between two computers even when there is no direct connection? A. malware installation B. network footprinting C. command-and-control communication D. data exfiltration

D. data exfiltration