Independence Day Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

A.

Southbound APIs are used to define how SDN controllers integrate with applications.

B.

Southbound interfaces utilize device configurations such as VLANs and IP addresses.

C.

Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.

D.

Southbound APIs utilize CLI, SNMP, and RESTCONF.

E.

Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

Full Access
Question # 5

What is an advantage of the Cisco Umbrella roaming client?

A.

the ability to see all traffic without requiring TLS decryption

B.

visibility into IP-based threats by tunneling suspicious IP connections

C.

the ability to dynamically categorize traffic to previously uncategorized sites

D.

visibility into traffic that is destined to sites within the office environment

Full Access
Question # 6

Which Cisco WSA feature supports access control using URL categories?

A.

transparent user identification

B.

SOCKS proxy services

C.

web usage controls

D.

user session restrictions

Full Access
Question # 7

Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?

A.

supports VMware vMotion on VMware ESXi

B.

requires an additional license

C.

performs transparent redirection

D.

supports SSL decryption

Full Access
Question # 8

Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other

interoperable security platforms?

A.

IEEE

B.

IETF

C.

NIST

D.

ANSI

Full Access
Question # 9

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Full Access
Question # 10

Which function is performed by certificate authorities but is a limitation of registration authorities?

A.

accepts enrollment requests

B.

certificate re-enrollment

C.

verifying user identity

D.

CRL publishing

Full Access
Question # 11

Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?

A.

filters

B.

group key

C.

company key

D.

connector

Full Access
Question # 12

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices The default management port conflicts with other communications on the network and must be changed What must be done to ensure that all devices can communicate together?

A.

Set the sftunnel to go through the Cisco FTD

B.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

C.

Set the sftunnel port to 8305.

D.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

Full Access
Question # 13

When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key

establishment?

A.

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

B.

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

C.

DH is a symmetric key establishment algorithm intended to output asymmetric keys

D.

DH is an asymmetric key establishment algorithm intended to output symmetric keys

Full Access
Question # 14

Which ESA implementation method segregates inbound and outbound email?

A.

one listener on a single physical Interface

B.

pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address

C.

pair of logical IPv4 listeners and a pair Of IPv6 listeners on two physically separate interfaces

D.

one listener on one logical IPv4 address on a single logical interface

Full Access
Question # 15

Which Cisco security solution secures public, private, hybrid, and community clouds?

A.

Cisco ISE

B.

Cisco ASAv

C.

Cisco Cloudlock

D.

Cisco pxGrid

Full Access
Question # 16

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A.

Cisco NGFW

B.

Cisco AnyConnect

C.

Cisco AMP for Endpoints

D.

Cisco Duo

Full Access
Question # 17

Which technology enables integration between Cisco ISE and other platforms to gather and share

network and vulnerability data and SIEM and location information?

A.

pxGrid

B.

NetFlow

C.

SNMP

D.

Cisco Talos

Full Access
Question # 18

Which two parameters are used for device compliance checks? (Choose two.)

A.

endpoint protection software version

B.

Windows registry values

C.

DHCP snooping checks

D.

DNS integrity checks

E.

device operating system version

Full Access
Question # 19

How is data sent out to the attacker during a DNS tunneling attack?

A.

as part of the UDP/53 packet payload

B.

as part of the domain name

C.

as part of the TCP/53 packet header

D.

as part of the DNS response packet

Full Access
Question # 20

What is a difference between FlexVPN and DMVPN?

A.

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B.

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

C.

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

D.

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

Full Access
Question # 21

Which IPS engine detects ARP spoofing?

A.

Atomic ARP Engine

B.

Service Generic Engine

C.

ARP Inspection Engine

D.

AIC Engine

Full Access
Question # 22

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

A.

data exfiltration

B.

command and control communication

C.

intelligent proxy

D.

snort

E.

URL categorization

Full Access
Question # 23

What is the function of the Context Directory Agent?

A.

maintains users’ group memberships

B.

relays user authentication requests from Web Security Appliance to Active Directory

C.

reads the Active Directory logs to map IP addresses to usernames

D.

accepts user authentication requests on behalf of Web Security Appliance for user identification

Full Access
Question # 24

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed

devices?

A.

health policy

B.

system policy

C.

correlation policy

D.

access control policy

E.

health awareness policy

Full Access
Question # 25

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A.

RBAC

B.

ETHOS detection engine

C.

SPERO detection engine

D.

TETRA detection engine

Full Access
Question # 26

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

A.

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B.

Cisco FTDv with one management interface and two traffic interfaces configured

C.

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D.

Cisco FTDv with two management interfaces and one traffic interface configured

E.

Cisco FTDv configured in routed mode and IPv6 configured

Full Access
Question # 27

What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

A.

It tracks flow-create, flow-teardown, and flow-denied events.

B.

It provides stateless IP flow tracking that exports all records of a specific flow.

C.

It tracks the flow continuously and provides updates every 10 seconds.

D.

Its events match all traffic classes in parallel.

Full Access
Question # 28

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A.

user input validation in a web page or web application

B.

Linux and Windows operating systems

C.

database

D.

web page images

Full Access
Question # 29

Under which two circumstances is a CoA issued? (Choose two)

A.

A new authentication rule was added to the policy on the Policy Service node.

B.

An endpoint is deleted on the Identity Service Engine server.

C.

A new Identity Source Sequence is created and referenced in the authentication policy.

D.

An endpoint is profiled for the first time.

E.

A new Identity Service Engine server is added to the deployment with the Administration persona

Full Access
Question # 30

Which benefit does endpoint security provide the overall security posture of an organization?

A.

It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B.

It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C.

It allows the organization to detect and respond to threats at the edge of the network.

D.

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Full Access
Question # 31

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A.

It delivers visibility and threat detection.

B.

It prevents exfiltration of sensitive data.

C.

It assigns Internet-based DNS protection for clients and servers.

D.

It facilitates secure connectivity between public and private networks.

Full Access
Question # 32

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which

probe must be enabled for this type of profiling to work?

A.

NetFlow

B.

NMAP

C.

SNMP

D.

DHCP

Full Access
Question # 33

An MDM provides which two advantages to an organization with regards to device management? (Choose two)

A.

asset inventory management

B.

allowed application management

C.

Active Directory group policy management

D.

network device management

E.

critical device management

Full Access
Question # 34

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from

Cisco and other vendors to share data and interoperate with each other?

A.

Advanced Malware Protection

B.

Platform Exchange Grid

C.

Multifactor Platform Integration

D.

Firepower Threat Defense

Full Access
Question # 35

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)

A.

Enable NetFlow Version 9.

B.

Create an ACL to allow UDP traffic on port 9996.

C.

Apply NetFlow Exporter to the outside interface in the inbound direction.

D.

Create a class map to match interesting traffic.

E.

Define a NetFlow collector by using the flow-export command

Full Access
Question # 36

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize

applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

A.

Cisco Security Intelligence

B.

Cisco Application Visibility and Control

C.

Cisco Model Driven Telemetry

D.

Cisco DNA Center

Full Access
Question # 37

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion

Prevention System?

A.

control

B.

malware

C.

URL filtering

D.

protect

Full Access
Question # 38

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

A.

File Analysis

B.

SafeSearch

C.

SSL Decryption

D.

Destination Lists

Full Access
Question # 39

Which threat involves software being used to gain unauthorized access to a computer system?

A.

virus

B.

NTP amplification

C.

ping of death

D.

HTTP flood

Full Access
Question # 40

What are two rootkit types? (Choose two)

A.

registry

B.

virtual

C.

bootloader

D.

user mode

E.

buffer mode

Full Access
Question # 41

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

A.

It allows the endpoint to authenticate with 802.1x or MAB.

B.

It verifies that the endpoint has the latest Microsoft security patches installed.

C.

It adds endpoints to identity groups dynamically.

D.

It allows CoA to be applied if the endpoint status is compliant.

Full Access
Question # 42

What is a characteristic of Firepower NGIPS inline deployment mode?

A.

ASA with Firepower module cannot be deployed.

B.

It cannot take actions such as blocking traffic.

C.

It is out-of-band from traffic.

D.

It must have inline interface pairs configured.

Full Access
Question # 43

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the

endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

A.

Port Bounce

B.

CoA Terminate

C.

CoA Reauth

D.

CoA Session Query

Full Access
Question # 44

Which two descriptions of AES encryption are true? (Choose two)

A.

AES is less secure than 3DES.

B.

AES is more secure than 3DES.

C.

AES can use a 168-bit key for encryption.

D.

AES can use a 256-bit key for encryption.

E.

AES encrypts and decrypts a key three times in sequence.

Full Access
Question # 45

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.

However, the connection is failing. Which action should be taken to accomplish this goal?

A.

Disable telnet using the no ip telnet command.

B.

Enable the SSH server using the ip ssh server command.

C.

Configure the port using the ip ssh port 22 command.

D.

Generate the RSA key using the crypto key generate rsa command.

Full Access
Question # 46

Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?

A.

configure system add

B.

configure manager add host

C.

configure manager delete

D.

configure manager add

Full Access
Question # 47

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Full Access
Question # 48

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

A.

aaa server radius dynamic-author

B.

aaa new-model

C.

auth-type all

D.

ip device-tracking

Full Access
Question # 49

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

A.

NetFlow

B.

desktop client

C.

ASDM

D.

API

Full Access
Question # 50

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A.

IP Blacklist Center

B.

File Reputation Center

C.

AMP Reputation Center

D.

IP and Domain Reputation Center

Full Access
Question # 51

Which two behavioral patterns characterize a ping of death attack? (Choose two)

A.

The attack is fragmented into groups of 16 octets before transmission.

B.

The attack is fragmented into groups of 8 octets before transmission.

C.

Short synchronized bursts of traffic are used to disrupt TCP connections.

D.

Malformed packets are used to crash systems.

E.

Publicly accessible DNS servers are typically used to execute the attack.

Full Access
Question # 52

When Cisco and other industry organizations publish and inform users of known security findings and

vulnerabilities, which name is used?

A.

Common Security Exploits

B.

Common Vulnerabilities and Exposures

C.

Common Exploits and Vulnerabilities

D.

Common Vulnerabilities, Exploits and Threats

Full Access
Question # 53

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social

engineering attacks? (Choose two)

A.

Patch for cross-site scripting.

B.

Perform backups to the private cloud.

C.

Protect against input validation and character escapes in the endpoint.

D.

Install a spam and virus email filter.

E.

Protect systems with an up-to-date antimalware program

Full Access
Question # 54

Which action controls the amount of URI text that is stored in Cisco WSA logs files?

A.

Configure the datasecurityconfig command

B.

Configure the advancedproxyconfig command with the HTTPS subcommand

C.

Configure a small log-entry size.

D.

Configure a maximum packet size.

Full Access
Question # 55

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

A.

Windows service

B.

computer identity

C.

user identity

D.

Windows firewall

E.

default browser

Full Access
Question # 56

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

A.

biometric factor

B.

time factor

C.

confidentiality factor

D.

knowledge factor

E.

encryption factor

Full Access
Question # 57

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

A.

transparent

B.

redirection

C.

forward

D.

proxy gateway

Full Access
Question # 58

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Full Access
Question # 59

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

A.

Port

B.

Rule

C.

Source

D.

Application

E.

Protocol

Full Access
Question # 60

What is the function of Cisco Cloudlock for data security?

A.

data loss prevention

B.

controls malicious cloud apps

C.

detects anomalies

D.

user and entity behavior analytics

Full Access
Question # 61

What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an

organization? (Choose two)

A.

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

B.

single sign-on access to on-premises and cloud applications

C.

integration with 802.1x security using native Microsoft Windows supplicant

D.

secure access to on-premises and cloud applications

E.

identification and correction of application vulnerabilities before allowing access to resources

Full Access
Question # 62

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a

recipient address. Which list contains the allowed recipient addresses?

A.

SAT

B.

BAT

C.

HAT

D.

RAT

Full Access
Question # 63

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention

System? (Choose two)

A.

packet decoder

B.

SIP

C.

modbus

D.

inline normalization

E.

SSL

Full Access
Question # 64

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)

A.

Create an LDAP authentication realm and disable transparent user identification.

B.

Create NTLM or Kerberos authentication realm and enable transparent user identification.

C.

Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

D.

The eDirectory client must be installed on each client workstation.

E.

Deploy a separate eDirectory server; the dent IP address is recorded in this server.

Full Access
Question # 65

Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)

A.

Cisco Cloud Director

B.

Cisco Prime Infrastructure

C.

PowerOn Auto Provisioning

D.

Seed IP

E.

CDP AutoDiscovery

Full Access
Question # 66

A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?

A.

The hosts must run Cisco AsyncOS 10.0 or greater.

B.

The hosts must run different versions of Cisco AsyncOS.

C.

The hosts must have access to the same defined network.

D.

The hosts must use a different datastore than the virtual appliance.

Full Access
Question # 67

An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?

A.

EAPOL

B.

SSH

C.

RADIUS

D.

TACACS+

Full Access
Question # 68

A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.

They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?

A.

DMVPN because it supports IKEv2 and FlexVPN does not

B.

FlexVPN because it supports IKEv2 and DMVPN does not

C.

FlexVPN because it uses multiple SAs and DMVPN does not

D.

DMVPN because it uses multiple SAs and FlexVPN does not

Full Access
Question # 69

How does a WCCP-configured router identify if the Cisco WSA is functional?

A.

If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router.

B.

If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer

transmitted to the WSA.

C.

The WSA sends a Here-l-Am message every 10 seconds, and the router acknowledges with an ISee-You message.

D.

The router sends a Here-l-Am message every 10 seconds, and the WSA acknowledges with an ISee-You message.

Full Access
Question # 70

Refer to the exhibit. What does this Python script accomplish?

A.

It allows authentication with TLSv1 SSL protocol

B.

It authenticates to a Cisco ISE with an SSH connection.

C.

lt authenticates to a Cisco ISE server using the username of ersad

D.

It lists the LDAP users from the external identity store configured on Cisco ISE

Full Access
Question # 71

Refer to the exhibit. When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block. What is the result of the configuration?

A.

Only URLs for botnets with reputation scores of 1-3 will be blocked.

B.

Only URLs for botnets with a reputation score of 3 will be blocked.

C.

Only URLs for botnets with reputation scores of 3-5 will be blocked.

D.

Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked.

Full Access
Question # 72

Email security has become a high priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the Cisco ESA Which action will the system perform to disable any links in messages that match the filter?

A.

Defang

B.

Quarantine

C.

FilterAction

D.

ScreenAction

Full Access
Question # 73

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

A.

Cisco Tetration

B.

Cisco ISE

C.

Cisco AMP for Network

D.

Cisco AnyConnect

Full Access
Question # 74

DoS attacks are categorized as what?

A.

phishing attacks

B.

flood attacks

C.

virus attacks

D.

trojan attacks

Full Access
Question # 75

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

A.

transparent mode

B.

routed mode

C.

inline mode

D.

active mode

E.

passive monitor-only mode

Full Access
Question # 76

What must be used to share data between multiple security products?

A.

Cisco Rapid Threat Containment

B.

Cisco Platform Exchange Grid

C.

Cisco Advanced Malware Protection

D.

Cisco Stealthwatch Cloud

Full Access
Question # 77

Which technology is used to improve web traffic performance by proxy caching?

A.

WSA

B.

Firepower

C.

FireSIGHT

D.

ASA

Full Access
Question # 78

Refer to the exhibit.

A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?

A.

hashing algorithm mismatch

B.

encryption algorithm mismatch

C.

authentication key mismatch

D.

interesting traffic was not applied

Full Access
Question # 79

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Full Access
Question # 80

How does Cisco Umbrella archive logs to an enterprise owned storage?

A.

by using the Application Programming Interface to fetch the logs

B.

by sending logs via syslog to an on-premises or cloud-based syslog server

C.

by the system administrator downloading the logs from the Cisco Umbrella web portal

D.

by being configured to send logs to a self-managed AWS S3 bucket

Full Access
Question # 81

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention

System?

A.

Security Intelligence

B.

Impact Flags

C.

Health Monitoring

D.

URL Filtering

Full Access
Question # 82

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

A.

Nexus

B.

Stealthwatch

C.

Firepower

D.

Tetration

Full Access
Question # 83

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services

Engine? (Choose two)

A.

RADIUS

B.

TACACS+

C.

DHCP

D.

sFlow

E.

SMTP

Full Access
Question # 84

Refer to the exhibit.

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

A.

authentication open

B.

dotlx reauthentication

C.

cisp enable

D.

dot1x pae authenticator

Full Access
Question # 85

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also

provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A.

url

B.

terminal

C.

profile

D.

selfsigned

Full Access
Question # 86

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

A.

It allows traffic if it does not meet the profile.

B.

It defines a traffic baseline for traffic anomaly deduction.

C.

It inspects hosts that meet the profile with more intrusion rules.

D.

It blocks traffic if it does not meet the profile.

Full Access
Question # 87

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the

deployment?

A.

NGFW

B.

AMP

C.

WSA

D.

ESA

Full Access
Question # 88

Refer to the exhibit.

What is a result of the configuration?

A.

Traffic from the DMZ network is redirected

B.

Traffic from the inside network is redirected

C.

All TCP traffic is redirected

D.

Traffic from the inside and DMZ networks is redirected

Full Access
Question # 89

Which two key and block sizes are valid for AES? (Choose two)

A.

64-bit block size, 112-bit key length

B.

64-bit block size, 168-bit key length

C.

128-bit block size, 192-bit key length

D.

128-bit block size, 256-bit key length

E.

192-bit block size, 256-bit key length

Full Access
Question # 90

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A.

Group Policy

B.

Access Control Policy

C.

Device Management Policy

D.

Platform Service Policy

Full Access
Question # 91

Which SNMPv3 configuration must be used to support the strongest security possible?

A.

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

B.

asa-host(config)#snmp-server group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

C.

asa-host(config)#snmpserver group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D.

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Full Access
Question # 92

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch

was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate

the risk of this ransom ware infection? (Choose two)

A.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing

access on the network.

B.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing

access on the network.

C.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met

before allowing access on the network.

D.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate

throughout the network.

E.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Full Access
Question # 93

A malicious user gained network access by spoofing printer connections that were authorized using MAB on

four different switch ports at the same time. What two catalyst switch security features will prevent further

violations? (Choose two)

A.

DHCP Snooping

B.

802.1AE MacSec

C.

Port security

D.

IP Device track

E.

Dynamic ARP inspection

F.

Private VLANs

Full Access
Question # 94

Which service allows a user export application usage and performance statistics with Cisco Application Visibility

and control?

A.

SNORT

B.

NetFlow

C.

SNMP

D.

802.1X

Full Access
Question # 95

Which posture assessment requirement provides options to the client for remediation and requires the

remediation within a certain timeframe?

A.

Audit

B.

Mandatory

C.

Optional

D.

Visibility

Full Access
Question # 96

What are two features of NetFlow flow monitoring? (Choose two)

A.

Can track ingress and egress information

B.

Include the flow record and the flow importer

C.

Copies all ingress flow information to an interface

D.

Does not required packet sampling on interfaces

E.

Can be used to track multicast, MPLS, or bridged traffic

Full Access
Question # 97

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?

A.

Cisco Defense Orchestrator

B.

Cisco Configuration Professional

C.

Cisco Secureworks

D.

Cisco DNAC

Full Access
Question # 98

Which feature is leveraged by advanced antimalware capabilities to be an effective endpomt protection platform?

A.

big data

B.

storm centers

C.

sandboxing

D.

blocklisting

Full Access
Question # 99

Which solution supports high availability in routed or transparent mode as well as in northbound and

southbound deployments?

A.

Cisco FTD with Cisco ASDM

B.

Cisco FTD with Cisco FMC

C.

Cisco Firepower NGFW physical appliance with Cisco. FMC

D.

Cisco Firepower NGFW Virtual appliance with Cisco FMC

Full Access
Question # 100

What is a benefit of using GET VPN over FlexVPN within a VPN deployment?

A.

GET VPN supports Remote Access VPNs

B.

GET VPN natively supports MPLS and private IP networks

C.

GET VPN uses multiple security associations for connections

D.

GET VPN interoperates with non-Cisco devices

Full Access
Question # 101

What is the purpose of a NetFlow version 9 template record?

A.

It specifies the data format of NetFlow processes.

B.

It provides a standardized set of information about an IP flow.

C.

lt defines the format of data records.

D.

It serves as a unique identification number to distinguish individual data records

Full Access
Question # 102

What are two recommended approaches to stop DNS tunneling for data exfiltration and command and control call backs? (Choose two.)

A.

Use intrusion prevention system.

B.

Block all TXT DNS records.

C.

Enforce security over port 53.

D.

Use next generation firewalls.

E.

Use Cisco Umbrella.

Full Access
Question # 103

Refer to the exhibit. What is the result of using this authentication protocol in the configuration?

A.

The authentication request contains only a username.

B.

The authentication request contains only a password.

C.

There are separate authentication and authorization request packets.

D.

The authentication and authorization requests are grouped in a single packet.

Full Access
Question # 104

Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

A.

VMware APIC

B.

VMwarevRealize

C.

VMware fusion

D.

VMware horizons

Full Access
Question # 105

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?

A.

AFL

B.

Fuzzing Framework

C.

Radamsa

D.

OWASP

Full Access
Question # 106

An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?

A.

Platform as a Service because the customer manages the operating system

B.

Infrastructure as a Service because the customer manages the operating system

C.

Platform as a Service because the service provider manages the operating system

D.

Infrastructure as a Service because the service provider manages the operating system

Full Access
Question # 107

A company has 5000 Windows users on its campus. Which two precautions should IT take to prevent WannaCry ransomware from spreading to all clients? (Choose two.)

A.

Segment different departments to different IP blocks and enable Dynamic ARp inspection on all VLANs

B.

Ensure that noncompliant endpoints are segmented off to contain any potential damage.

C.

Ensure that a user cannot enter the network of another department.

D.

Perform a posture check to allow only network access to (hose Windows devices that are already patched.

E.

Put all company users in the trusted segment of NGFW and put all servers to the DMZ segment of the Cisco NGFW. ni

Full Access
Question # 108

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

A.

Telemetry uses a pull mehod, which makes it more reliable than SNMP

B.

Telemetry uses push and pull, which makes it more scalable than SNMP

C.

Telemetry uses push and pull which makes it more secure than SNMP

D.

Telemetry uses a push method which makes it faster than SNMP

Full Access
Question # 109

What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?

A.

public collection of threat intelligence feeds

B.

threat intelligence sharing organization

C.

language used to represent security information

D.

service used to exchange security information

Full Access
Question # 110

In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)

A.

It prevents use of compromised accounts and social engineering.

B.

It prevents all zero-day attacks coming from the Internet.

C.

It automatically removes malicious emails from users' inbox.

D.

It prevents trojan horse malware using sensors.

E.

It secures all passwords that are shared in video conferences.

Full Access
Question # 111

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?

A.

L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol.

B.

L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701.

C.

GRE over IPsec adds its own header, and L2TP does not.

D.

GRE over IPsec cannot be used as a standalone protocol, and L2TP can.

Full Access
Question # 112

Refer to the exhibit.

How does Cisco Umbrella manage traffic that is directed toward risky domains?

A.

Traffic is proximed through the intelligent proxy.

B.

Traffic is managed by the security settings and blocked.

C.

Traffic is managed by the application settings, unhandled and allowed.

D.

Traffic is allowed but logged.

Full Access
Question # 113

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A.

Cisco Advanced Malware Protection

B.

Cisco Stealthwatch

C.

Cisco Identity Services Engine

D.

Cisco AnyConnect

Full Access
Question # 114

An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?

A.

single interface

B.

multi-context

C.

transparent

D.

two-interface

Full Access
Question # 115

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion

events that are flagged as possible active breaches?

A.

retrospective detection

B.

indication of compromise

C.

file trajectory

D.

elastic search

Full Access
Question # 116

What are two functions of TAXII in threat intelligence sharing? (Choose two.)

A.

determines the "what" of threat intelligence

B.

Supports STIX information

C.

allows users to describe threat motivations and abilities

D.

exchanges trusted anomaly intelligence information

E.

determines how threat intelligence information is relayed

Full Access
Question # 117

An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?

A.

MDA on the router

B.

PBR on Cisco WSA

C.

WCCP on switch

D.

DNS resolution on Cisco WSA

Full Access
Question # 118

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?

A.

Configure the default policy to redirect the requests to the correct policy

B.

Place the policy with the most-specific configuration last in the policy order

C.

Configure only the policy with the most recently changed timestamp

D.

Make the correct policy first in the policy order

Full Access
Question # 119

A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)

A.

using Cisco Umbrella

B.

using Cisco ESA

C.

using Cisco FTD

D.

using an inline IPS/IDS in the network

E.

using Cisco ISE

Full Access
Question # 120

Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.)

A.

TACACS+

B.

CHAP

C.

NTLMSSP

D.

RADIUS

E.

Kerberos

Full Access
Question # 121

What is the purpose of the Cisco Endpoint loC feature?

A.

It provides stealth threat prevention.

B.

lt is a signature-based engine.

C.

lt is an incident response tool

D.

It provides precompromise detection.

Full Access
Question # 122

An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?

A.

Configure Cisco Secure Workload to detect anomalies and vulnerabilities.

B.

Use Cisco ISE to provide application visibility and restrict access to them.

C.

Implement Cisco Umbrella lo control the access each application is granted.

D.

Modify the Cisco Duo configuration to restrict access between applications.

Full Access
Question # 123

Refer to the exhibit.

What are two indications of the Cisco Firepower Services Module configuration?

(Choose two.)

A.

The module is operating in IDS mode.

B.

Traffic is blocked if the module fails.

C.

The module fails to receive redirected traffic.

D.

The module is operating in IPS mode.

E.

Traffic continues to flow if the module fails.

Full Access
Question # 124

An engineer integrates Cisco FMC and Cisco ISE using pxGrid Which role is assigned for Cisco FMC?

A.

client

B.

server

C.

controller

D.

publisher

Full Access
Question # 125

What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

A.

It provides spoke-to-spoke communications without traversing the hub

B.

It allows different routing protocols to work over the tunnel

C.

It allows customization of access policies based on user identity

D.

It allows multiple sites to connect to the data center

E.

It enables VPN access for individual users from their machines

Full Access
Question # 126

What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?

A.

Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not.

B.

Cisco AMP for Endpoints prevents connections to malicious destinations, and C malware.

C.

Cisco AMP for Endpoints automatically researches indicators of compromise ..

D.

Cisco AMP for Endpoints prevents, detects, and responds to attacks before and against Internet threats.

Full Access
Question # 127

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Full Access
Question # 128

Drag and drop the solutions from the left onto the solution's benefits on the right.

Full Access
Question # 129

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

A.

PSIRT

B.

Talos

C.

CSIRT

D.

DEVNET

Full Access
Question # 130

What are two characteristics of Cisco DNA Center APIs? (Choose two)

A.

Postman is required to utilize Cisco DNA Center API calls.

B.

They do not support Python scripts.

C.

They are Cisco proprietary.

D.

They quickly provision new devices.

E.

They view the overall health of the network

Full Access
Question # 131

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Full Access
Question # 132

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to

prevent the session during the initial TCP communication?

A.

Configure the Cisco ESA to drop the malicious emails

B.

Configure policies to quarantine malicious emails

C.

Configure policies to stop and reject communication

D.

Configure the Cisco ESA to reset the TCP connection

Full Access
Question # 133

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

A.

a Network Discovery policy to receive data from the host

B.

a Threat Intelligence policy to download the data from the host

C.

a File Analysis policy to send file data into Cisco Firepower

D.

a Network Analysis policy to receive NetFlow data from the host

Full Access
Question # 134

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

A.

1

B.

3

C.

5

D.

10

Full Access
Question # 135

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Full Access
Question # 136

Which attack type attempts to shut down a machine or network so that users are not able to access it?

A.

smurf

B.

bluesnarfing

C.

MAC spoofing

D.

IP spoofing

Full Access
Question # 137

Refer to the exhibit.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

A.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.

The access control policy is not allowing VPN traffic in.

C.

Site-to-site VPN peers are using different encryption algorithms.

D.

Site-to-site VPN preshared keys are mismatched.

Full Access
Question # 138

What is provided by the Secure Hash Algorithm in a VPN?

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Full Access
Question # 139

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.

How does the switch behave in this situation?

A.

It forwards the packet after validation by using the MAC Binding Table.

B.

It drops the packet after validation by using the IP & MAC Binding Table.

C.

It forwards the packet without validation.

D.

It drops the packet without validation.

Full Access
Question # 140

Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A.

configure manager add DONTRESOLVE kregistration key>

B.

configure manager add 16

C.

configure manager add DONTRESOLVE FTD123

D.

configure manager add

Full Access
Question # 141

What is a capability of Cisco ASA Netflow?

A.

It filters NSEL events based on traffic

B.

It generates NSEL events even if the MPF is not configured

C.

It logs all event types only to the same collector

D.

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

Full Access
Question # 142

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Full Access
Question # 143

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

A.

weak passwords

B.

lack of input validation

C.

missing encryption

D.

lack of file permission

Full Access
Question # 144

What is a function of 3DES in reference to cryptography?

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Full Access
Question # 145

What is managed by Cisco Security Manager?

A.

access point

B.

WSA

C.

ASA

D.

ESA

Full Access
Question # 146

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

A.

Set content settings to High

B.

Configure the intelligent proxy.

C.

Use destination block lists.

D.

Configure application block lists.

Full Access
Question # 147

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Full Access
Question # 148

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

A.

Use security services to configure the traffic monitor, .

B.

Use URL categorization to prevent the application traffic.

C.

Use an access policy group to configure application control settings.

D.

Use web security reporting to validate engine functionality

Full Access
Question # 149

Which type of protection encrypts RSA keys when they are exported and imported?

A.

file

B.

passphrase

C.

NGE

D.

nonexportable

Full Access
Question # 150

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

A.

Multiple routers or VRFs are required.

B.

Traffic is distributed statically by default.

C.

Floating static routes are required.

D.

HSRP is used for faliover.

Full Access
Question # 151

Drag and drop the descriptions from the left onto the correct protocol versions on the right.

Full Access
Question # 152

Which risk is created when using an Internet browser to access cloud-based service?

A.

misconfiguration of infrastructure, which allows unauthorized access

B.

intermittent connection to the cloud connectors

C.

vulnerabilities within protocol

D.

insecure implementation of API

Full Access
Question # 153

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

A.

buffer overflow

B.

DoS

C.

SQL injection

D.

phishing

Full Access
Question # 154

In an IaaS cloud services model, which security function is the provider responsible for managing?

A.

Internet proxy

B.

firewalling virtual machines

C.

CASB

D.

hypervisor OS hardening

Full Access
Question # 155

Which type of algorithm provides the highest level of protection against brute-force attacks?

A.

PFS

B.

HMAC

C.

MD5

D.

SHA

Full Access
Question # 156

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Full Access
Question # 157

An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

A.

Set a trusted interface for the DHCP server

B.

Set the DHCP snooping bit to 1

C.

Add entries in the DHCP snooping database

D.

Enable ARP inspection for the required VLAN

Full Access
Question # 158

How does Cisco Advanced Phishing Protection protect users?

A.

It validates the sender by using DKIM.

B.

It determines which identities are perceived by the sender

C.

It utilizes sensors that send messages securely.

D.

It uses machine learning and real-time behavior analytics.

Full Access
Question # 159

What is the purpose of the certificate signing request when adding a new certificate for a server?

A.

It is the password for the certificate that is needed to install it with.

B.

It provides the server information so a certificate can be created and signed

C.

It provides the certificate client information so the server can authenticate against it when installing

D.

It is the certificate that will be loaded onto the server

Full Access
Question # 160

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

A.

Place the Cisco ISE server and the AD server in the same subnet

B.

Configure a common administrator account

C.

Configure a common DNS server

D.

Synchronize the clocks of the Cisco ISE server and the AD server

Full Access
Question # 161

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A.

Configure the Cisco WSA to modify policies based on the traffic seen

B.

Configure the Cisco ESA to receive real-time updates from Talos

C.

Configure the Cisco WSA to receive real-time updates from Talos

D.

Configure the Cisco ESA to modify policies based on the traffic seen

Full Access
Question # 162

What is a benefit of using Cisco FMC over Cisco ASDM?

A.

Cisco FMC uses Java while Cisco ASDM uses HTML5.

B.

Cisco FMC provides centralized management while Cisco ASDM does not.

C.

Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

D.

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

Full Access
Question # 163

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast

packets have been flooding the network. What must be configured, based on a predefined threshold, to

address this issue?

A.

Bridge Protocol Data Unit guard

B.

embedded event monitoring

C.

storm control

D.

access control lists

Full Access
Question # 164

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?

A.

ntp peer 1.1.1.1 key 1

B.

ntp server 1.1.1.1 key 1

C.

ntp server 1.1.1.2 key 1

D.

ntp peer 1.1.1.2 key 1

Full Access
Question # 165

A user has a device in the network that is receiving too many connection requests from multiple machines.

Which type of attack is the device undergoing?

A.

phishing

B.

slowloris

C.

pharming

D.

SYN flood

Full Access
Question # 166

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A.

service management

B.

centralized management

C.

application management

D.

distributed management

Full Access
Question # 167

Which Cisco platform ensures that machines that connect to organizational networks have the recommended

antivirus definitions and patches to help prevent an organizational malware outbreak?

A.

Cisco WiSM

B.

Cisco ESA

C.

Cisco ISE

D.

Cisco Prime Infrastructure

Full Access
Question # 168

Which two cryptographic algorithms are used with IPsec? (Choose two)

A.

AES-BAC

B.

AES-ABC

C.

HMAC-SHA1/SHA2

D.

Triple AMC-CBC

E.

AES-CBC

Full Access
Question # 169

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

A.

SDP

B.

LDAP

C.

subordinate CA

D.

SCP

E.

HTTP

Full Access
Question # 170

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A.

Cisco Cloudlock

B.

Cisco Umbrella

C.

Cisco AMP

D.

Cisco App Dynamics

Full Access
Question # 171

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A.

file access from a different user

B.

interesting file access

C.

user login suspicious behavior

D.

privilege escalation

Full Access
Question # 172

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint

Protection Platform?

A.

when there is a need for traditional anti-malware detection

B.

when there is no need to have the solution centrally managed

C.

when there is no firewall on the network

D.

when there is a need to have more advanced detection capabilities

Full Access
Question # 173

Refer to the exhibit.

What will happen when the Python script is executed?

A.

The hostname will be translated to an IP address and printed.

B.

The hostname will be printed for the client in the client ID field.

C.

The script will pull all computer hostnames and print them.

D.

The script will translate the IP address to FODN and print it

Full Access
Question # 174

What is the purpose of the My Devices Portal in a Cisco ISE environment?

A.

to register new laptops and mobile devices

B.

to request a newly provisioned mobile device

C.

to provision userless and agentless systems

D.

to manage and deploy antivirus definitions and patches on systems owned by the end user

Full Access
Question # 175

Refer to the exhibit.

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Full Access
Question # 176

What is a key difference between Cisco Firepower and Cisco ASA?

A.

Cisco ASA provides access control while Cisco Firepower does not.

B.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

C.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Full Access
Question # 177

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco AMP

C.

Cisco Stealthwatch

D.

Cisco Tetration

Full Access
Question # 178

Refer to the exhibit.

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is

complaining that an IP address is not being obtained. Which command should be configured on the switch

interface in order to provide the user with network connectivity?

A.

ip dhcp snooping verify mac-address

B.

ip dhcp snooping limit 41

C.

ip dhcp snooping vlan 41

D.

ip dhcp snooping trust

Full Access
Question # 179

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

A.

TCP 6514

B.

UDP 1700

C.

TCP 49

D.

UDP 1812

Full Access
Question # 180

What is the difference between Cross-site Scripting and SQL Injection, attacks?

A.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social

engineering attack.

C.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a

database is manipulated.

D.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Full Access
Question # 181

Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

Full Access
Question # 182

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 183

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

A.

Use outbreak filters from SenderBase

B.

Enable a message tracking service

C.

Configure a recipient access table

D.

Deploy the Cisco ESA in the DMZ

E.

Scan quarantined emails using AntiVirus signatures

Full Access
Question # 184

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

A.

Modify an access policy

B.

Modify identification profiles

C.

Modify outbound malware scanning policies

D.

Modify web proxy settings

Full Access
Question # 185

Which Dos attack uses fragmented packets to crash a target machine?

A.

smurf

B.

MITM

C.

teardrop

D.

LAND

Full Access
Question # 186

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A.

consumption

B.

sharing

C.

analysis

D.

authoring

Full Access
Question # 187

Refer to the exhibit.

Which type of authentication is in use?

A.

LDAP authentication for Microsoft Outlook

B.

POP3 authentication

C.

SMTP relay server authentication

D.

external user and relay mail authentication

Full Access
Question # 188

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

A.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

B.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

C.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

D.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E.

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

Full Access
Question # 189

Which type of API is being used when a controller within a software-defined network architecture dynamically

makes configuration changes on switches within the network?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access