What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other
interoperable security platforms?
What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)
Which function is performed by certificate authorities but is a limitation of registration authorities?
Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices The default management port conflicts with other communications on the network and must be changed What must be done to ensure that all devices can communicate together?
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key
establishment?
Which Cisco security solution secures public, private, hybrid, and community clouds?
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
Which technology enables integration between Cisco ISE and other platforms to gather and share
network and vulnerability data and SIEM and location information?
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed
devices?
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
Which benefit does endpoint security provide the overall security posture of an organization?
How does Cisco Stealthwatch Cloud provide security for cloud environments?
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which
probe must be enabled for this type of profiling to work?
An MDM provides which two advantages to an organization with regards to device management? (Choose two)
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from
Cisco and other vendors to share data and interoperate with each other?
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize
applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion
Prevention System?
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
Which threat involves software being used to gain unauthorized access to a computer system?
Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the
endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.
However, the connection is failing. Which action should be taken to accomplish this goal?
Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
Which two behavioral patterns characterize a ping of death attack? (Choose two)
When Cisco and other industry organizations publish and inform users of known security findings and
vulnerabilities, which name is used?
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social
engineering attacks? (Choose two)
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to
use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an
organization? (Choose two)
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a
recipient address. Which list contains the allowed recipient addresses?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention
System? (Choose two)
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)
Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)
A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?
An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?
A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.
They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?
How does a WCCP-configured router identify if the Cisco WSA is functional?
Refer to the exhibit. When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block. What is the result of the configuration?
Email security has become a high priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the Cisco ESA Which action will the system perform to disable any links in messages that match the filter?
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)
Which technology is used to improve web traffic performance by proxy caching?
Refer to the exhibit.
A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,
which allows the SOC to proactively automate responses to those threats?
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention
System?
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services
Engine? (Choose two)
Refer to the exhibit.
An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the
deployment?
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
Which SNMPv3 configuration must be used to support the strongest security possible?
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch
was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate
the risk of this ransom ware infection? (Choose two)
A malicious user gained network access by spoofing printer connections that were authorized using MAB on
four different switch ports at the same time. What two catalyst switch security features will prevent further
violations? (Choose two)
Which service allows a user export application usage and performance statistics with Cisco Application Visibility
and control?
Which posture assessment requirement provides options to the client for remediation and requires the
remediation within a certain timeframe?
Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?
Which feature is leveraged by advanced antimalware capabilities to be an effective endpomt protection platform?
Which solution supports high availability in routed or transparent mode as well as in northbound and
southbound deployments?
What are two recommended approaches to stop DNS tunneling for data exfiltration and command and control call backs? (Choose two.)
Refer to the exhibit. What is the result of using this authentication protocol in the configuration?
Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?
Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?
An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?
A company has 5000 Windows users on its campus. Which two precautions should IT take to prevent WannaCry ransomware from spreading to all clients? (Choose two.)
What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?
What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?
In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)
An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?
Refer to the exhibit.
How does Cisco Umbrella manage traffic that is directed toward risky domains?
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion
events that are flagged as possible active breaches?
What are two functions of TAXII in threat intelligence sharing? (Choose two.)
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?
An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?
A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)
Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.)
An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?
Refer to the exhibit.
What are two indications of the Cisco Firepower Services Module configuration?
(Choose two.)
An engineer integrates Cisco FMC and Cisco ISE using pxGrid Which role is assigned for Cisco FMC?
What are two advantages of using Cisco Any connect over DMVPN? (Choose two)
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)
Drag and drop the solutions from the left onto the solution's benefits on the right.
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain
aware of the ongoing and most prevalent threats?
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to
prevent the session during the initial TCP communication?
A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to
network resources?
Which attack type attempts to shut down a machine or network so that users are not able to access it?
Refer to the exhibit.
Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.
How does the switch behave in this situation?
Refer to the exhibit.
An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.
The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
An organization has two systems in their DMZ that have an unencrypted link between them for communication.
The organization does not have a defined password policy and uses several default accounts on the systems.
The application used on those systems also have not gone through stringent code reviews. Which vulnerability
would help an attacker brute force their way into the systems?
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?
An administrator is trying to determine which applications are being used in the network but does not want the
network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
Which type of protection encrypts RSA keys when they are exported and imported?
When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN
configuration as opposed to DMVPN?
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
Which risk is created when using an Internet browser to access cloud-based service?
In an IaaS cloud services model, which security function is the provider responsible for managing?
Which type of algorithm provides the highest level of protection against brute-force attacks?
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?
(Choose two)
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
What is the purpose of the certificate signing request when adding a new certificate for a server?
What is a prerequisite when integrating a Cisco ISE server and an AD domain?
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast
packets have been flooding the network. What must be configured, based on a predefined threshold, to
address this issue?
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?
A user has a device in the network that is receiving too many connection requests from multiple machines.
Which type of attack is the device undergoing?
Which type of dashboard does Cisco DNA Center provide for complete control of the network?
Which Cisco platform ensures that machines that connect to organizational networks have the recommended
antivirus definitions and patches to help prevent an organizational malware outbreak?
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)
What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?
In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint
Protection Platform?
Refer to the exhibit.
What will happen when the Python script is executed?
Refer to the exhibit.
When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine
certificates. Which configuration item must be modified to allow this?
An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?
Refer to the exhibit.
An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is
complaining that an IP address is not being obtained. Which command should be configured on the switch
interface in order to provide the user with network connectivity?
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
What is the difference between Cross-site Scripting and SQL Injection, attacks?
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
Which type of API is being used when a controller within a software-defined network architecture dynamically
makes configuration changes on switches within the network?