Valentine Day Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

On which part of the IT environment does DevSecOps focus?

A.

application development

B.

wireless network

C.

data center

D.

perimeter network

Full Access
Question # 5

Which ASA deployment mode can provide separation of management on a shared appliance?

A.

DMZ multiple zone mode

B.

transparent firewall mode

C.

multiple context mode

D.

routed mode

Full Access
Question # 6

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A.

TLSv1.2

B.

TLSv1.1

C.

BJTLSv1

D.

DTLSv1

Full Access
Question # 7

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.

However, the connection is failing. Which action should be taken to accomplish this goal?

A.

Disable telnet using the no ip telnet command.

B.

Enable the SSH server using the ip ssh server command.

C.

Configure the port using the ip ssh port 22 command.

D.

Generate the RSA key using the crypto key generate rsa command.

Full Access
Question # 8

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A.

multiple context mode

B.

user deployment of Layer 3 networks

C.

IPv6

D.

clustering

Full Access
Question # 9

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and

Response?

A.

EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

B.

EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

C.

EPP focuses on network security, and EDR focuses on device security.

D.

EDR focuses on network security, and EPP focuses on device security.

Full Access
Question # 10

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Full Access
Question # 11

Which IPS engine detects ARP spoofing?

A.

Atomic ARP Engine

B.

Service Generic Engine

C.

ARP Inspection Engine

D.

AIC Engine

Full Access
Question # 12

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

A.

Enable IP Layer enforcement.

B.

Activate the Advanced Malware Protection license

C.

Activate SSL decryption.

D.

Enable Intelligent Proxy.

Full Access
Question # 13

What is a characteristic of Dynamic ARP Inspection?

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP

snooping binding database.

B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are

untrusted

C.

DAI associates a trust state with each switch.

D.

DAI intercepts all ARP requests and responses on trusted ports only.

Full Access
Question # 14

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

Full Access
Question # 15

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

A.

transparent mode

B.

routed mode

C.

inline mode

D.

active mode

E.

passive monitor-only mode

Full Access
Question # 16

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

A.

cloud web services

B.

network AMP

C.

private cloud

D.

public cloud

Full Access
Question # 17

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A.

Multiple NetFlow collectors are supported

B.

Advanced NetFlow v9 templates and legacy v5 formatting are supported

C.

Secure NetFlow connections are optimized for Cisco Prime Infrastructure

D.

Flow-create events are delayed

Full Access
Question # 18

What is managed by Cisco Security Manager?

A.

access point

B.

WSA

C.

ASA

D.

ESA

Full Access
Question # 19

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Full Access
Question # 20

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

A.

Use MAB with profiling

B.

Use MAB with posture assessment.

C.

Use 802.1X with posture assessment.

D.

Use 802.1X with profiling.

Full Access
Question # 21

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A.

file access from a different user

B.

interesting file access

C.

user login suspicious behavior

D.

privilege escalation

Full Access
Question # 22

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network

is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

A.

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

B.

The file is queued for upload when connectivity is restored.

C.

The file upload is abandoned.

D.

The ESA immediately makes another attempt to upload the file.

Full Access
Question # 23

Refer to the exhibit.

What will happen when the Python script is executed?

A.

The hostname will be translated to an IP address and printed.

B.

The hostname will be printed for the client in the client ID field.

C.

The script will pull all computer hostnames and print them.

D.

The script will translate the IP address to FODN and print it

Full Access
Question # 24

What is provided by the Secure Hash Algorithm in a VPN?

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Full Access
Question # 25

In an IaaS cloud services model, which security function is the provider responsible for managing?

A.

Internet proxy

B.

firewalling virtual machines

C.

CASB

D.

hypervisor OS hardening

Full Access
Question # 26

Which component of Cisco umbrella architecture increases reliability of the service?

A.

Anycast IP

B.

AMP Threat grid

C.

Cisco Talos

D.

BGP route reflector

Full Access
Question # 27

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

A.

The policy was created to send a message to quarantine instead of drop

B.

The file has a reputation score that is above the threshold

C.

The file has a reputation score that is below the threshold

D.

The policy was created to disable file analysis

Full Access
Question # 28

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast

packets have been flooding the network. What must be configured, based on a predefined threshold, to

address this issue?

A.

Bridge Protocol Data Unit guard

B.

embedded event monitoring

C.

storm control

D.

access control lists

Full Access
Question # 29

What is a benefit of performing device compliance?

A.

Verification of the latest OS patches

B.

Device classification and authorization

C.

Providing multi-factor authentication

D.

Providing attribute-driven policies

Full Access
Question # 30

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

A.

1

B.

3

C.

5

D.

10

Full Access
Question # 31

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Full Access
Question # 32

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A.

consumption

B.

sharing

C.

analysis

D.

authoring

Full Access
Question # 33

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and

operate as a cloud-native CASB. Which solution must be used for this implementation?

A.

Cisco Cloudlock

B.

Cisco Cloud Email Security

C.

Cisco Firepower Next-Generation Firewall

D.

Cisco Umbrella

Full Access
Question # 34

Drag and drop the descriptions from the left onto the encryption algorithms on the right.

Full Access
Question # 35

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

A.

weak passwords

B.

lack of input validation

C.

missing encryption

D.

lack of file permission

Full Access
Question # 36

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

A.

Adaptive Network Control Policy List

B.

Context Visibility

C.

Accounting Reports

D.

RADIUS Live Logs

Full Access
Question # 37

Refer to the exhibit.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

A.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.

The access control policy is not allowing VPN traffic in.

C.

Site-to-site VPN peers are using different encryption algorithms.

D.

Site-to-site VPN preshared keys are mismatched.

Full Access
Question # 38

What are two functions of secret key cryptography? (Choose two)

A.

key selection without integer factorization

B.

utilization of different keys for encryption and decryption

C.

utilization of large prime number iterations

D.

provides the capability to only know the key on one side

E.

utilization of less memory

Full Access
Question # 39

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

A.

Use outbreak filters from SenderBase

B.

Enable a message tracking service

C.

Configure a recipient access table

D.

Deploy the Cisco ESA in the DMZ

E.

Scan quarantined emails using AntiVirus signatures

Full Access
Question # 40

Refer to the exhibit.

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Full Access
Question # 41

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of the

product, whereas with a cloud-based solution, the provider is responsible for it.

Full Access
Question # 42

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A.

service management

B.

centralized management

C.

application management

D.

distributed management

Full Access
Question # 43

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Full Access
Question # 44

Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A.

configure manager add DONTRESOLVE kregistration key>

B.

configure manager add 16

C.

configure manager add DONTRESOLVE FTD123

D.

configure manager add

Full Access
Question # 45

What is a difference between DMVPN and sVTI?

A.

DMVPN supports tunnel encryption, whereas sVTI does not.

B.

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.

DMVPN provides interoperability with other vendors, whereas sVTI does not.

Full Access
Question # 46

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 47

Why is it important to implement MFA inside of an organization?

A.

To prevent man-the-middle attacks from being successful.

B.

To prevent DoS attacks from being successful.

C.

To prevent brute force attacks from being successful.

D.

To prevent phishing attacks from being successful.

Full Access
Question # 48

With which components does a southbound API within a software-defined network architecture communicate?

A.

controllers within the network

B.

applications

C.

appliances

D.

devices such as routers and switches

Full Access
Question # 49

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

A.

PSIRT

B.

Talos

C.

CSIRT

D.

DEVNET

Full Access
Question # 50

Drag and drop the common security threats from the left onto the definitions on the right.

Full Access
Question # 51

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Full Access
Question # 52

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

A.

Encrypted Traffic Analytics

B.

Threat Intelligence Director

C.

Cognitive Threat Analytics

D.

Cisco Talos Intelligence

Full Access
Question # 53

Drag and drop the descriptions from the left onto the correct protocol versions on the right.

Full Access
Question # 54

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,

data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity

platform. What should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco Cloud Email Security

C.

Cisco NGFW

D.

Cisco Cloudlock

Full Access
Question # 55

What is the role of an endpoint in protecting a user from a phishing attack?

A.

Use Cisco Stealthwatch and Cisco ISE Integration.

B.

Utilize 802.1X network security to ensure unauthorized access to resources.

C.

Use machine learning models to help identify anomalies and determine expected sending behavior.

D.

Ensure that antivirus and anti malware software is up to date

Full Access
Question # 56

What is a function of 3DES in reference to cryptography?

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Full Access
Question # 57

What is an attribute of the DevSecOps process?

A.

mandated security controls and check lists

B.

security scanning and theoretical vulnerabilities

C.

development security

D.

isolated security team

Full Access
Question # 58

What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

A.

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

B.

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

C.

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

D.

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot

Full Access
Question # 59

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Full Access
Question # 60

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for

violations. The organization wants a copy of the message to be delivered with a message added to flag it as a

DLP violation. Which actions must be performed in order to provide this capability?

A.

deliver and send copies to other recipients

B.

quarantine and send a DLP violation notification

C.

quarantine and alter the subject header with a DLP violation

D.

deliver and add disclaimer text

Full Access
Question # 61

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Full Access
Question # 62

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Full Access
Question # 63

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?

A.

ntp peer 1.1.1.1 key 1

B.

ntp server 1.1.1.1 key 1

C.

ntp server 1.1.1.2 key 1

D.

ntp peer 1.1.1.2 key 1

Full Access
Question # 64

What features does Cisco FTDv provide over ASAv?

A.

Cisco FTDv runs on VMWare while ASAv does not

B.

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C.

Cisco FTDv runs on AWS while ASAv does not

D.

Cisco FTDv supports URL filtering while ASAv does not

Full Access
Question # 65

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco AMP

C.

Cisco Stealthwatch

D.

Cisco Tetration

Full Access
Question # 66

A network administrator is configuring SNMPv3 on a new router. The users have already been created;

however, an additional configuration is needed to facilitate access to the SNMP views. What must the

administrator do to accomplish this?

A.

map SNMPv3 users to SNMP views

B.

set the password to be used for SNMPv3 authentication

C.

define the encryption algorithm to be used by SNMPv3

D.

specify the UDP port used by SNMP

Full Access
Question # 67

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A.

Configure the Cisco WSA to modify policies based on the traffic seen

B.

Configure the Cisco ESA to receive real-time updates from Talos

C.

Configure the Cisco WSA to receive real-time updates from Talos

D.

Configure the Cisco ESA to modify policies based on the traffic seen

Full Access
Question # 68

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the

organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which

mechanism should the engineer configure to accomplish this goal?

A.

mirror port

B.

Flow

C.

NetFlow

D.

VPC flow logs

Full Access
Question # 69

Drag and drop the threats from the left onto examples of that threat on the right

Full Access
Question # 70

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the

command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

A.

The key server that is managing the keys for the connection will be at 1.2.3.4

B.

The remote connection will only be allowed from 1.2.3.4

C.

The address that will be used as the crypto validation authority

D.

All IP addresses other than 1.2.3.4 will be allowed

Full Access
Question # 71

Which algorithm provides asymmetric encryption?

A.

RC4

B.

AES

C.

RSA

D.

3DES

Full Access
Question # 72

What are two Trojan malware attacks? (Choose two)

A.

Frontdoor

B.

Rootkit

C.

Smurf

D.

Backdoor

E.

Sync

Full Access
Question # 73

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A.

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Full Access
Question # 74

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with

other cloud solutions via an API. Which solution should be used to accomplish this goal?

A.

SIEM

B.

CASB

C.

Adaptive MFA

D.

Cisco Cloudlock

Full Access
Question # 75

What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

A.

Public managed

B.

Service Provider managed

C.

Enterprise managed

D.

User managed

E.

Hybrid managed

Full Access
Question # 76

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A.

Cisco Cloudlock

B.

Cisco Umbrella

C.

Cisco AMP

D.

Cisco App Dynamics

Full Access
Question # 77

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

A.

Hybrid

B.

Community

C.

Private

D.

Public

Full Access
Question # 78

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites

but other sites are not accessible due to an error. Why is the error occurring?

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Client computers do not have an SSL certificate deployed from an internal CA server.

D.

Intelligent proxy and SSL decryption is disabled in the policy

Full Access
Question # 79

Which Dos attack uses fragmented packets to crash a target machine?

A.

smurf

B.

MITM

C.

teardrop

D.

LAND

Full Access
Question # 80

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

A.

AMP

B.

AnyConnect

C.

DynDNS

D.

Talos

Full Access
Question # 81

What is a commonality between DMVPN and FlexVPN technologies?

A.

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

B.

FlexVPN and DMVPN use the new key management protocol

C.

FlexVPN and DMVPN use the same hashing algorithms

D.

IOS routers run the same NHRP code for DMVPN and FlexVPN

Full Access
Question # 82

Refer to the exhibit.

What does the number 15 represent in this configuration?

A.

privilege level for an authorized user to this router

B.

access list that identifies the SNMP devices that can access the router

C.

interval in seconds between SNMPv3 authentication attempts

D.

number of possible failed attempts until the SNMPv3 user is locked out

Full Access
Question # 83

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A.

SDN controller and the cloud

B.

management console and the SDN controller

C.

management console and the cloud

D.

SDN controller and the management solution

Full Access
Question # 84

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

A.

Configure the trackingconfig command to enable message tracking.

B.

Generate a system report.

C.

Review the log files.

D.

Perform a trace.

Full Access
Question # 85

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

A.

It allows the administrator to quarantine malicious files so that the application can function, just not

maliciously.

B.

It discovers and controls cloud apps that are connected to a company’s corporate environment.

C.

It deletes any application that does not belong in the network.

D.

It sends the application information to an administrator to act on.

Full Access
Question # 86

What must be used to share data between multiple security products?

A.

Cisco Rapid Threat Containment

B.

Cisco Platform Exchange Grid

C.

Cisco Advanced Malware Protection

D.

Cisco Stealthwatch Cloud

Full Access
Question # 87

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A.

RBAC

B.

ETHOS detection engine

C.

SPERO detection engine

D.

TETRA detection engine

Full Access
Question # 88

Which two kinds of attacks are prevented by multifactor authentication? (Choose two)

A.

phishing

B.

brute force

C.

man-in-the-middle

D.

DDOS

E.

teardrop

Full Access
Question # 89

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention

System?

A.

Correlation

B.

Intrusion

C.

Access Control

D.

Network Discovery

Full Access
Question # 90

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A.

application settings

B.

content categories

C.

security settings

D.

destination lists

Full Access
Question # 91

How does Cisco Umbrella archive logs to an enterprise owned storage?

A.

by using the Application Programming Interface to fetch the logs

B.

by sending logs via syslog to an on-premises or cloud-based syslog server

C.

by the system administrator downloading the logs from the Cisco Umbrella web portal

D.

by being configured to send logs to a self-managed AWS S3 bucket

Full Access
Question # 92

Which compliance status is shown when a configured posture policy requirement is not met?

A.

compliant

B.

unknown

C.

authorized

D.

noncompliant

Full Access
Question # 93

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention

System?

A.

Security Intelligence

B.

Impact Flags

C.

Health Monitoring

D.

URL Filtering

Full Access
Question # 94

Refer to the exhibit.

Which command was used to generate this output and to show which ports are

authenticating with dot1x or mab?

A.

show authentication registrations

B.

show authentication method

C.

show dot1x all

D.

show authentication sessions

Full Access
Question # 95

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services

Engine? (Choose two)

A.

RADIUS

B.

TACACS+

C.

DHCP

D.

sFlow

E.

SMTP

Full Access
Question # 96

What is the function of Cisco Cloudlock for data security?

A.

data loss prevention

B.

controls malicious cloud apps

C.

detects anomalies

D.

user and entity behavior analytics

Full Access
Question # 97

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256

cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

A.

snmp-server host inside 10.255.254.1 version 3 andy

B.

snmp-server host inside 10.255.254.1 version 3 myv3

C.

snmp-server host inside 10.255.254.1 snmpv3 andy

D.

snmp-server host inside 10.255.254.1 snmpv3 myv3

Full Access
Question # 98

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

A.

Time-based one-time passwords

B.

Data loss prevention

C.

Heuristic-based filtering

D.

Geolocation-based filtering

E.

NetFlow

Full Access
Question # 99

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

A.

interpacket variation

B.

software package variation

C.

flow insight variation

D.

process details variation

Full Access
Question # 100

Which two fields are defined in the NetFlow flow? (Choose two)

A.

type of service byte

B.

class of service bits

C.

Layer 4 protocol type

D.

destination port

E.

output logical interface

Full Access
Question # 101

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

A.

Change isakmp to ikev2 in the command on hostA.

B.

Enter the command with a different password on hostB.

C.

Enter the same command on hostB.

D.

Change the password on hostA to the default password.

Full Access
Question # 102

Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

A.

put

B.

options

C.

get

D.

push

E.

connect

Full Access
Question # 103

An MDM provides which two advantages to an organization with regards to device management? (Choose two)

A.

asset inventory management

B.

allowed application management

C.

Active Directory group policy management

D.

network device management

E.

critical device management

Full Access
Question # 104

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

A.

DNS tunneling

B.

DNSCrypt

C.

DNS security

D.

DNSSEC

Full Access
Question # 105

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the

corporate network. The endpoints must have the corporate antivirus application installed and be running the

latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the

network?

A.

Cisco Identity Services Engine and AnyConnect Posture module

B.

Cisco Stealthwatch and Cisco Identity Services Engine integration

C.

Cisco ASA firewall with Dynamic Access Policies configured

D.

Cisco Identity Services Engine with PxGrid services enabled

Full Access
Question # 106

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a

recipient address. Which list contains the allowed recipient addresses?

A.

SAT

B.

BAT

C.

HAT

D.

RAT

Full Access
Question # 107

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

A.

hypervisor

B.

virtual machine

C.

network

D.

application

Full Access
Question # 108

What are two list types within AMP for Endpoints Outbreak Control? (Choose two)

A.

blocked ports

B.

simple custom detections

C.

command and control

D.

allowed applications

E.

URL

Full Access
Question # 109

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A.

DHCP snooping has not been enabled on all VLANs.

B.

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

C.

Dynamic ARP Inspection has not been enabled on all VLANs

D.

The no ip arp inspection trust command is applied on all user host interfaces

Full Access
Question # 110

How is DNS tunneling used to exfiltrate data out of a corporate network?

A.

It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

B.

It encodes the payload with random characters that are broken into short strings and the DNS server

rebuilds the exfiltrated data.

C.

It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage

and theft on the network.

D.

It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Full Access
Question # 111

What is a feature of the open platform capabilities of Cisco DNA Center?

A.

intent-based APIs

B.

automation adapters

C.

domain integration

D.

application adapters

Full Access
Question # 112

Which two mechanisms are used to control phishing attacks? (Choose two)

A.

Enable browser alerts for fraudulent websites.

B.

Define security group memberships.

C.

Revoke expired CRL of the websites.

D.

Use antispyware software.

E.

Implement email filtering techniques.

Full Access
Question # 113

What are two rootkit types? (Choose two)

A.

registry

B.

virtual

C.

bootloader

D.

user mode

E.

buffer mode

Full Access
Question # 114

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?

(Choose two)

A.

multiple factor auth

B.

local web auth

C.

single sign-on

D.

central web auth

E.

TACACS+

Full Access
Question # 115

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

A.

biometric factor

B.

time factor

C.

confidentiality factor

D.

knowledge factor

E.

encryption factor

Full Access
Question # 116

Which two activities can be done using Cisco DNA Center? (Choose two)

A.

DHCP

B.

Design

C.

Accounting

D.

DNS

E.

Provision

Full Access
Question # 117

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the

ASA be added on the Cisco UC Manager platform?

A.

Certificate Trust List

B.

Endpoint Trust List

C.

Enterprise Proxy Service

D.

Secured Collaboration Proxy

Full Access
Question # 118

What is the difference between deceptive phishing and spear phishing?

A.

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.

A spear phishing campaign is aimed at a specific person versus a group of people.

C.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Full Access
Question # 119

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

A.

It allows traffic if it does not meet the profile.

B.

It defines a traffic baseline for traffic anomaly deduction.

C.

It inspects hosts that meet the profile with more intrusion rules.

D.

It blocks traffic if it does not meet the profile.

Full Access
Question # 120

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

A.

It can handle explicit HTTP requests.

B.

It requires a PAC file for the client web browser.

C.

It requires a proxy for the client web browser.

D.

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

E.

Layer 4 switches can automatically redirect traffic destined to port 80.

Full Access
Question # 121

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

A.

Spero analysis

B.

dynamic analysis

C.

sandbox analysis

D.

malware analysis

Full Access
Question # 122

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the

endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

A.

Port Bounce

B.

CoA Terminate

C.

CoA Reauth

D.

CoA Session Query

Full Access
Question # 123

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Full Access
Question # 124

Which two risks is a company vulnerable to if it does not have a well-established patching solution for

endpoints? (Choose two)

A.

exploits

B.

ARP spoofing

C.

denial-of-service attacks

D.

malware

E.

eavesdropping

Full Access
Question # 125

Which option is the main function of Cisco Firepower impact flags?

A.

They alert administrators when critical events occur.

B.

They highlight known and suspected malicious IP addresses in reports.

C.

They correlate data about intrusions and vulnerability.

D.

They identify data that the ASA sends to the Firepower module.

Full Access
Question # 126

Which attack is commonly associated with C and C++ programming languages?

A.

cross-site scripting

B.

water holing

C.

DDoS

D.

buffer overflow

Full Access
Question # 127

Which two parameters are used to prevent a data breach in the cloud? (Choose two.)

A.

DLP solutions

B.

strong user authentication

C.

encryption

D.

complex cloud-based web proxies

E.

antispoofing programs

Full Access
Question # 128

Which IETF attribute is supported for the RADIUS CoA feature?

A.

24 State

B.

30 Calling-Station-ID

C.

42 Acct-Session-ID

D.

81 Message-Authenticator

Full Access
Question # 129

Which ESA implementation method segregates inbound and outbound email?

A.

one listener on a single physical Interface

B.

pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address

C.

pair of logical IPv4 listeners and a pair Of IPv6 listeners on two physically separate interfaces

D.

one listener on one logical IPv4 address on a single logical interface

Full Access
Question # 130

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

A.

Southbound APIs are used to define how SDN controllers integrate with applications.

B.

Southbound interfaces utilize device configurations such as VLANs and IP addresses.

C.

Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.

D.

Southbound APIs utilize CLI, SNMP, and RESTCONF.

E.

Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

Full Access
Question # 131

In which scenario is endpoint-based security the solution?

A.

inspecting encrypted traffic

B.

device profiling and authorization

C.

performing signature-based application control

D.

inspecting a password-protected archive

Full Access
Question # 132

Which baseline form of telemetry is recommended for network infrastructure devices?

A.

SDNS

B.

NetFlow

C.

passive taps

D.

SNMP

Full Access
Question # 133

A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256

cisc0xxxxxxxxx command and needs to send SNMP information to a host at 10.255.255.1. Which

command achieves this goal?

A.

snmp-server host inside 10.255.255.1 version 3 myv7

B.

snmp-server host inside 10.255.255.1 snmpv3 myv7

C.

snmp-server host inside 10.255.255.1 version 3 asmith

D.

snmp-server host inside 10.255.255.1 snmpv3 asmith

Full Access
Question # 134

Refer to the exhibit When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZjnside zone once the configuration is deployed?

A.

All traffic from any zone to the DMZ_inside zone will be permitted with no further inspection

B.

No traffic will be allowed through to the DMZ_inside zone regardless of if it's trusted or not

C.

All traffic from any zone will be allowed to the DMZ_inside zone only after inspection

D.

No traffic will be allowed through to the DMZ_inside zone unless it's already trusted

Full Access
Question # 135

Which technology provides a combination of endpoint protection endpoint detection, and response?

A.

Cisco AMP

B.

Cisco Talos

C.

Cisco Threat Grid

D.

Cisco Umbrella

Full Access
Question # 136

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?

A.

L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol.

B.

L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701.

C.

GRE over IPsec adds its own header, and L2TP does not.

D.

GRE over IPsec cannot be used as a standalone protocol, and L2TP can.

Full Access
Question # 137

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

A.

SDLC

B.

Docker

C.

Lambda

D.

Contiv

Full Access
Question # 138

With regard to RFC 5176 compliance, how many IETF attributes are supported by the RADIUS CoA feature?

A.

3

B.

5

C.

10

D.

12

Full Access
Question # 139

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A.

Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not

B.

Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C.

URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA

D.

Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA

Full Access
Question # 140

Which role is a default guest type in Cisco ISE?

A.

Monthly

B.

Yearly

C.

Contractor

D.

Full-Time

Full Access
Question # 141

Which parameter is required when configuring a Netflow exporter on a Cisco Router?

A.

DSCP value

B.

Source interface

C.

Exporter name

D.

Exporter description

Full Access
Question # 142

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A.

Cisco NGFW

B.

Cisco AnyConnect

C.

Cisco AMP for Endpoints

D.

Cisco Duo

Full Access
Question # 143

A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.

They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?

A.

DMVPN because it supports IKEv2 and FlexVPN does not

B.

FlexVPN because it supports IKEv2 and DMVPN does not

C.

FlexVPN because it uses multiple SAs and DMVPN does not

D.

DMVPN because it uses multiple SAs and FlexVPN does not

Full Access
Question # 144

What is an advantage of the Cisco Umbrella roaming client?

A.

the ability to see all traffic without requiring TLS decryption

B.

visibility into IP-based threats by tunneling suspicious IP connections

C.

the ability to dynamically categorize traffic to previously uncategorized sites

D.

visibility into traffic that is destined to sites within the office environment

Full Access
Question # 145

Which Cisco network security device supports contextual awareness?

A.

Firepower

B.

CISCO ASA

C.

Cisco IOS

D.

ISE

Full Access
Question # 146

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?

A.

AAA attributes

B.

CoA request

C.

AV pair

D.

carrier-grade NAT

Full Access
Question # 147

Drag and drop the security solutions from the left onto the benefits they provide on the right.

Full Access
Question # 148

Which benefit does DMVPN provide over GETVPN?

A.

DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.

B.

DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.

C.

DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.

D.

DMVPN can be used over the public Internet, and GETVPN requires a private network.

Full Access
Question # 149

An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generate by the user Is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goat?

A.

NAT exemption

B.

encryption domain

C.

routing table

D.

group policy

Full Access
Question # 150

Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.

Full Access
Question # 151

Which two authentication protocols are supported by the Cisco WSA? (Choose two.)

A.

WCCP

B.

NTLM

C.

TLS

D.

SSL

E.

LDAP

Full Access
Question # 152

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization's inside network 192.168.1.0/24. Which IOS command must oe used to create the access control list?

A.

B.

C.

D.

Full Access
Question # 153

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization

needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of

172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

A.

crypto ca identity 172.19.20.24

B.

crypto isakmp key Cisco0123456789 172.19.20.24

C.

crypto enrollment peer address 172.19.20.24

D.

crypto isakmp identity address 172.19.20.24

Full Access
Question # 154

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Full Access
Question # 155

Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two.)

A.

Assignments to endpoint groups are made dynamically, based on endpoint attributes.

B.

Endpoint supplicant configuration is deployed.

C.

A centralized management solution is deployed.

D.

Patch management remediation is performed.

E.

The latest antivirus updates are applied before access is allowed.

Full Access
Question # 156

What is a difference between GETVPN and IPsec?

A.

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

B.

GETVPN provides key management and security association management

C.

GETVPN is based on IKEv2 and does not support IKEv1

D.

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

Full Access
Question # 157

DoS attacks are categorized as what?

A.

phishing attacks

B.

flood attacks

C.

virus attacks

D.

trojan attacks

Full Access
Question # 158

An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?

A.

Identity the network IPs and place them in a blocked list.

B.

Modify the advanced custom detection list to include these files.

C.

Create an application control blocked applications list.

D.

Add a list for simple custom detection.

Full Access
Question # 159

What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?

A.

The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.

B.

The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity

C.

AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.

D.

AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

Full Access
Question # 160

A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:// /capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

A.

Disable the proxy setting on the browser

B.

Disable the HTTPS server and use HTTP instead

C.

Use the Cisco FTD IP address as the proxy server setting on the browser

D.

Enable the HTTPS server for the device platform policy

Full Access
Question # 161

When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?

A.

It blocks the request.

B.

It applies the global policy.

C.

It applies the next identification profile policy.

D.

It applies the advanced policy.

Full Access
Question # 162

Which system performs compliance checks and remote wiping?

A.

MDM

B.

ISE

C.

AMP

D.

OTP

Full Access
Question # 163

What is a difference between a DoS attack and a DDoS attack?

A.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

B.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

C.

A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

D.

A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

Full Access
Question # 164

An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK

and sequence. Which protocol accomplishes this goal?

A.

AES-192

B.

IKEv1

C.

AES-256

D.

ESP

Full Access
Question # 165

An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?

A.

It is included m the license cost for the multi-org console of Cisco Umbrella

B.

It can grant third-party SIEM integrations write access to the S3 bucket

C.

No other applications except Cisco Umbrella can write to the S3 bucket

D.

Data can be stored offline for 30 days.

Full Access
Question # 166

What does endpoint isolation in Cisco AMP for Endpoints security protect from?

A.

an infection spreading across the network E

B.

a malware spreading across the user device

C.

an infection spreading across the LDAP or Active Directory domain from a user account

D.

a malware spreading across the LDAP or Active Directory domain from a user account

Full Access
Question # 167

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized

solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over

to Cisco FTDs. Which solution meets the needs of the organization?

A.

Cisco FMC

B.

CSM

C.

Cisco FDM

D.

CDO

Full Access
Question # 168

Which two components do southbound APIs use to communicate with downstream devices? (Choose two.)

A.

services running over the network

B.

OpenFlow

C.

external application APIs

D.

applications running over the network

E.

OpFlex

Full Access
Question # 169

What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)

A.

It is defined as a Transparent proxy deployment.

B.

In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.

C.

The PAC file, which references the proxy, is deployed to the client web browser.

D.

It is defined as an Explicit proxy deployment.

E.

It is defined as a Bridge proxy deployment.

Full Access
Question # 170

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?

A.

Cisco Content Platform

B.

Cisco Container Controller

C.

Cisco Container Platform

D.

Cisco Cloud Platform

Full Access
Question # 171

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?

A.

AFL

B.

Fuzzing Framework

C.

Radamsa

D.

OWASP

Full Access
Question # 172

An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?

A.

Configure Cisco Secure Workload to detect anomalies and vulnerabilities.

B.

Use Cisco ISE to provide application visibility and restrict access to them.

C.

Implement Cisco Umbrella lo control the access each application is granted.

D.

Modify the Cisco Duo configuration to restrict access between applications.

Full Access
Question # 173

Which standard is used to automate exchanging cyber threat information?

A.

TAXII

B.

MITRE

C.

IoC

D.

STIX

Full Access
Question # 174

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics Which two actions must be taken to implement this requirement? (Choose two.)

A.

Configure Cisco ACI to ingest AWS information.

B.

Configure Cisco Thousand Eyes to ingest AWS information.

C.

Send syslog from AWS to Cisco Stealthwatch Cloud.

D.

Send VPC Flow Logs to Cisco Stealthwatch Cloud.

E.

Configure Cisco Stealthwatch Cloud to ingest AWS information

Full Access
Question # 175

Which type of encryption uses a public key and private key?

A.

Asymmetric

B.

Symmetric

C.

Linear

D.

Nonlinear

Full Access
Question # 176

Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?

A.

InfluxDB

B.

Splunk

C.

SNMP

D.

Grafana

Full Access
Question # 177

What are two benefits of using an MDM solution? (Choose two.)

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Full Access
Question # 178

What is the purpose of a NetFlow version 9 template record?

A.

It specifies the data format of NetFlow processes.

B.

It provides a standardized set of information about an IP flow.

C.

lt defines the format of data records.

D.

It serves as a unique identification number to distinguish individual data records

Full Access
Question # 179

A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access The Cisco ESA must also join a cluster machine using preshared keys What must be configured to meet these requirements?

A.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.

B.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI

C.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI.

D.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI

Full Access
Question # 180

What is a function of Cisco AMP for Endpoints?

A.

It detects DNS attacks

B.

It protects against web-based attacks

C.

It blocks email-based attacks

D.

It automates threat responses of an infected host

Full Access
Question # 181

Why should organizations migrate to an MFA strategy for authentication?

A.

Single methods of authentication can be compromised more easily than MFA.

B.

Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.

C.

MFA methods of authentication are never compromised.

D.

MFA does not require any piece of evidence for an authentication mechanism.

Full Access
Question # 182

Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?

A.

Link Aggregation

B.

Reverse ARP

C.

private VLANs

D.

Dynamic ARP Inspection

Full Access
Question # 183

Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A.

GET VPN

B.

IPsec DVTI

C.

DMVPN

D.

FlexVPN

Full Access
Question # 184

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

A.

WSAv performance

B.

AVC performance

C.

OTCP performance

D.

RTP performance

Full Access
Question # 185

Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?

A.

filters

B.

group key

C.

company key

D.

connector

Full Access
Question # 186

Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?

A.

CoA-NCL

B.

CoA-NAK

C.

СоА-МАВ

D.

CoA-ACK

Full Access
Question # 187

Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

A.

deployment

B.

consumption

C.

authoring

D.

sharing

Full Access
Question # 188

Drag and drop the posture assessment flow actions from the left into a sequence on the right.

Full Access
Question # 189

A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?

A.

Implement synchronized system clock on TACACS server that matches the network device.

B.

Install a compatible operating system version on the TACACS server.

C.

Configure the TACACS key on the server to match with the network device.

D.

Apply an access control list on TACACS server to allow communication with the network device.

Full Access