Valid Cisco 350-701 SCOR Exam Questions

Cisco 350-701 SCOR exam questions are valid for you to study this Cisco CCNP Security 350-701 SCOR exam. Cisco 350-701 SCOR exam tests your knowledge of implementing and operating core security technologies including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility and enforcements. Study the free updated and valid Cisco CCNP Security 350-701 SCOR exam questions below.

Page 1 of 66

 Loading...

1. What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Place the Cisco ISE server and the AD server in the same subnet

Configure a common administrator account

Configure a common DNS server

Synchronize the clocks of the Cisco ISE server and the AD server

 Loading...

2. An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

Use security services to configure the traffic monitor, .

Use URL categorization to prevent the application traffic.

Use an access policy group to configure application control settings.

Use web security reporting to validate engine functionality

 Loading...

3. Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

BYOD on boarding

Simple Certificate Enrollment Protocol

Client provisioning

MAC authentication bypass

 Loading...

4. Refer to the exhibit.





What will happen when this Python script is run?

The compromised computers and malware trajectories will be received from Cisco AMP

The list of computers and their current vulnerabilities will be received from Cisco AMP

The compromised computers and what compromised them will be received from Cisco AMP

The list of computers, policies, and connector statuses will be received from Cisco AMP

 Loading...

5. An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance .

Which product should be used to meet these requirements?

Cisco Umbrella

Cisco AMP

Cisco Stealthwatch

Cisco Tetration

 Loading...

6. Which factor must be considered when choosing the on-premise solution over the cloud-based one?

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

 Loading...

7. Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

consumption

sharing

analysis

authoring

 Loading...

8. An organization has a Cisco Stealthwatch Cloud deployment in their environment.

Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

 Loading...

9. What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

Ethos Engine to perform fuzzy fingerprinting

Tetra Engine to detect malware when me endpoint is connected to the cloud

Clam AV Engine to perform email scanning

Spero Engine with machine learning to perform dynamic analysis

 Loading...

10. What are two characteristics of Cisco DNA Center APIs? (Choose two)

Postman is required to utilize Cisco DNA Center API calls.

They do not support Python scripts.

They are Cisco proprietary.

They quickly provision new devices.

They view the overall health of the network

Page 2 of 66

 Loading...

11. What is a benefit of conducting device compliance checks?

It indicates what type of operating system is connecting to the network.

It validates if anti-virus software is installed.

It scans endpoints to determine if malicious activity is taking place.

It detects email phishing attacks.

 Loading...

12. In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

It allows multiple security products to share information and work together to enhance security posture in the network.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

It integrates with third-party products to provide better visibility throughout the network.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

 Loading...

13. What is the benefit of installing Cisco AMP for Endpoints on a network?

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints network connections.

It enables behavioral analysis to be used for the endpoints.

It protects endpoint systems through application control and real-time scanning

 Loading...

14. An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped .

How would this be accomplished?

Set a trusted interface for the DHCP server

Set the DHCP snooping bit to 1

Add entries in the DHCP snooping database

Enable ARP inspection for the required VLAN

 Loading...

15. Refer to the exhibit.





What will happen when the Python script is executed?

The hostname will be translated to an IP address and printed.

The hostname will be printed for the client in the client ID field.

The script will pull all computer hostnames and print them.

The script will translate the IP address to FODN and print it

 Loading...

16. Refer to the exhibit.





When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates .

Which configuration item must be modified to allow this?

Group Policy

Method

SAML Server

DHCP Servers

 Loading...

17. An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity platform .

What should be used to meet these requirements?

Cisco Umbrella

Cisco Cloud Email Security

Cisco NGFW

Cisco Cloudlock

 Loading...

18. An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API .

Which solution should be used to accomplish this goal?

SIEM

CASB

Adaptive MFA

Cisco Cloudlock

 Loading...

19. Why is it important to implement MFA inside of an organization?

To prevent man-the-middle attacks from being successful.

To prevent DoS attacks from being successful.

To prevent brute force attacks from being successful.

To prevent phishing attacks from being successful.

 Loading...

20. A network administrator is configuring SNMPv3 on a new router. The users have already been created; however, an additional configuration is needed to facilitate access to the SNMP views .

What must the administrator do to accomplish this?

map SNMPv3 users to SNMP views

set the password to be used for SNMPv3 authentication

define the encryption algorithm to be used by SNMPv3

specify the UDP port used by SNMP

Page 3 of 66

 Loading...

21. An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms .

Which software should be used to accomplish this goal?

Cisco Defense Orchestrator

Cisco Secureworks

Cisco DNA Center

Cisco Configuration Professional

 Loading...

22. What is a function of 3DES in reference to cryptography?

It hashes files.

It creates one-time use passwords.

It encrypts traffic.

It generates private keys.

 Loading...

23. Which risk is created when using an Internet browser to access cloud-based service?

misconfiguration of infrastructure, which allows unauthorized access

intermittent connection to the cloud connectors

vulnerabilities within protocol

insecure implementation of API

 Loading...

24. An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation .

Which actions must be performed in order to provide this capability?

deliver and send copies to other recipients

quarantine and send a DLP violation notification

quarantine and alter the subject header with a DLP violation

deliver and add disclaimer text

 Loading...

25. Refer to the exhibit.





An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD is not behind a NAT device .

Which command is needed to enable this on the Cisco FTD?

configure manager add DONTRESOLVE kregistration key>

configure manager add <FMC IP address> <registration key> 16

configure manager add DONTRESOLVE <registration key> FTD123

configure manager add <FMC IP address> <registration key>

 Loading...

26. A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface .

How does the switch behave in this situation?

It forwards the packet after validation by using the MAC Binding Table.

It drops the packet after validation by using the IP & MAC Binding Table.

It forwards the packet without validation.

It drops the packet without validation.

 Loading...

27. What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot

 Loading...

28. What is a benefit of performing device compliance?

Verification of the latest OS patches

Device classification and authorization

Providing multi-factor authentication

Providing attribute-driven policies

 Loading...

29. Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

Hybrid

Community

Private

Public

 Loading...

30. Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

IKEv1

AH

ESP

IKEv2

Page 4 of 66

 Loading...

31. An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and operate as a cloud-native CASB .

Which solution must be used for this implementation?

Cisco Cloudlock

Cisco Cloud Email Security

Cisco Firepower Next-Generation Firewall

Cisco Umbrella

 Loading...

32. What are two Trojan malware attacks? (Choose two)

Frontdoor

Rootkit

Smurf

Backdoor

Sync

 Loading...

33. What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

To protect the endpoint against malicious file transfers

To ensure that assets are secure from malicious links on and off the corporate network

To establish secure VPN connectivity to the corporate network

To enforce posture compliance and mandatory software

 Loading...

34. What is a capability of Cisco ASA Netflow?

It filters NSEL events based on traffic

It generates NSEL events even if the MPF is not configured

It logs all event types only to the same collector

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

 Loading...

35. Which component of Cisco umbrella architecture increases reliability of the service?

Anycast IP

AMP Threat grid

Cisco Talos

BGP route reflector

 Loading...

36. What is the benefit of integrating Cisco ISE with a MDM solution?

It provides compliance checks for access to the network

It provides the ability to update other applications on the mobile device

It provides the ability to add applications to the mobile device through Cisco ISE

It provides network device administration access

 Loading...

37. An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices .

What should be done to ensure that all subdomains of domain.com are blocked?

Configure the *.com address in the block list

Configure the *.domain.com address in the block list

Configure the www.domain.com address in the block list

Configure the domain.com address in the block list

 Loading...

38. An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network .

Which solution meets these requirements?

Cisco Umbrella Cloud

Cisco Stealthwatch Cloud PNM

Cisco Stealthwatch Cloud PCM

Cisco Umbrella On-Premises

 Loading...

39. An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs .

Which solution meets the needs of the organization?

Cisco FMC

CSM

Cisco FDM

CDO

 Loading...

40. An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default .

Which technology must be used to implement these requirements?

Virtual routing and forwarding

Microsegmentation

Access control policy

Virtual LAN

Page 5 of 66

 Loading...

41. A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy .

What should be done in order to support this?

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

Make the priority for the new policy 5 and the primary policy 1

Change the encryption to AES* to support all AES algorithms in the primary policy

Make the priority for the primary policy 10 and the new policy 1

 Loading...

42. Which type of encryption uses a public key and private key?

Asymmetric

Symmetric

Linear

Nonlinear

 Loading...

43. What are two features of NetFlow flow monitoring? (Choose two)

Can track ingress and egress information

Include the flow record and the flow importer

Copies all ingress flow information to an interface

Does not required packet sampling on interfaces

Can be used to track multicast, MPLS, or bridged traffic

 Loading...

44. A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode .

Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

Transport mode

Forward file

PAC file

Bridge mode

 Loading...

45. Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

IP and Domain Reputation Center

File Reputation Center

IP Slock List Center

AMP Reputation Center

 Loading...

46. An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence .

Which protocol accomplishes this goal?

AES-192

IKEv1

AES-256

ESP

 Loading...

47. An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24 .

Which command on the hub will allow the administrator to accomplish this?

crypto ca identity 172.19.20.24

crypto isakmp key Cisco0123456789 172.19.20.24

crypto enrollment peer address 172.19.20.24

crypto isakmp identity address 172.19.20.24

 Loading...

48. What is a difference between an XSS attack and an SQL injection attack?

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them

XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them

 Loading...

49. An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems .

What must be done to meet these requirements?

Implement pre-filter policies for the CIP preprocessor

Enable traffic analysis in the Cisco FTD

Configure intrusion rules for the DNP3 preprocessor

Modify the access control policy to trust the industrial traffic

 Loading...

50. Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?

Audit

Mandatory

Optional

Visibility

Page 6 of 66

 Loading...

51. Which attribute has the ability to change during the RADIUS CoA?

NTP

Authorization

Accessibility

Membership

 Loading...

52. With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment?

Prevalence

File analysis

Detections

Vulnerable software

Threat root cause

 Loading...

53. A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise .

What must be done in order to ensure that the created is functioning as it should?

Create an IP block list for the website from which the file was downloaded

Block the application that the file was using to open

Upload the hash for the file into the policy

Send the file to Cisco Threat Grid for dynamic analysis

 Loading...

54. A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment. They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth .

Which solution would be best for this and why?

DMVPN because it supports IKEv2 and FlexVPN does not

FlexVPN because it supports IKEv2 and DMVPN does not

FlexVPN because it uses multiple SAs and DMVPN does not

DMVPN because it uses multiple SAs and FlexVPN does not

 Loading...

55. How does Cisco Workload Optimization Manager help mitigate application performance issues?

It deploys an AWS Lambda system

It automates resource resizing

It optimizes a flow path

It sets up a workload forensic score

 Loading...

56. An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address .

What must be done to resolve this issue?

Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address

Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard

Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard

Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

 Loading...

57. What is a difference between a DoS attack and a DDoS attack?

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

 Loading...

58. Which two capabilities of Integration APIs are utilized with Cisco DNA center? (Choose two)

Automatically deploy new virtual routers

Upgrade software on switches and routers

Application monitors for power utilization of devices and IoT sensors

Connect to Information Technology Service Management Platforms

Create new SSIDs on a wireless LAN controller

 Loading...

59. Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?

Integration

Intent

Event

Multivendor

 Loading...

60. What is the purpose of CA in a PKI?

To issue and revoke digital certificates

To validate the authenticity of a digital certificate

To create the private key for a digital certificate

To certify the ownership of a public key by the named subject

Page 7 of 66

 Loading...

61. Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

Orchestration

CI/CD pipeline

Container

Security

 Loading...

62. Which parameter is required when configuring a Netflow exporter on a Cisco Router?

DSCP value

Source interface

Exporter name

Exporter description

 Loading...

63. Which category includes DoS Attacks?

Virus attacks

Trojan attacks

Flood attacks

Phishing attacks

 Loading...

64. What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

It provides spoke-to-spoke communications without traversing the hub

It allows different routing protocols to work over the tunnel

It allows customization of access policies based on user identity

It allows multiple sites to connect to the data center

It enables VPN access for individual users from their machines

 Loading...

65. When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key establishment?

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

DH is a symmetric key establishment algorithm intended to output asymmetric keys

DH is on asymmetric key establishment algorithm intended to output symmetric keys

 Loading...

66. Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

Malware installation

Command-and-control communication

Network footprinting

Data exfiltration

 Loading...

67. What is a difference between GETVPN and IPsec?

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

GETVPN provides key management and security association management

GETVPN is based on IKEv2 and does not support IKEv1

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

 Loading...

68. What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

Telemetry uses a pull mehod, which makes it more reliable than SNMP

Telemetry uses push and pull, which makes it more scalable than SNMP

Telemetry uses push and pull which makes it more secure than SNMP

Telemetry uses a push method which makes it faster than SNMP

 Loading...

69. An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy .

Which solution should be used to meet this requirement?

Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not

Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not

Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

 Loading...

70. An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users .

What must be done on the Cisco WSA to support these requirements?

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

Page 8 of 66

 Loading...

71. An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not .

What should the administrator do to address this issue?

Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE

Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect

Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE

Configure the device sensor feature within the switch to send the appropriate protocol information

 Loading...

72. A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis .

What must be done to meet this requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

 Loading...

73. An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed .

What must be done to ensure that all devices can communicate together?

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

Set the tunnel to go through the Cisco FTD

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

Set the tunnel port to 8305

 Loading...

74. Which service allows a user export application usage and performance statistics with Cisco Application Visibility and control?

SNORT

NetFlow

SNMP

802.1X

 Loading...

75. An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero .

What is the issue?

The engineer is attempting to upload a hash created using MD5 instead of SHA-256

The file being uploaded is incompatible with simple detections and must use advanced detections

The hash being uploaded is part of a set in an incorrect format

The engineer is attempting to upload a file instead of a hash

 Loading...

76. In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

Smurf

distributed denial of service

cross-site scripting

rootkit exploit

 Loading...

77. Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

user input validation in a web page or web application

Linux and Windows operating systems

database

web page images

 Loading...

78. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

Check integer, float, or Boolean string parameters to ensure accurate values.

Use prepared statements and parameterized queries.

Secure the connection between the web and the app tier.

Write SQL code instead of using object-relational mapping libraries.

Block SQL code execution in the web application database login.

 Loading...

79. Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

Patch for cross-site scripting.

Perform backups to the private cloud.

Protect against input validation and character escapes in the endpoint.

Install a spam and virus email filter.

Protect systems with an up-to-date antimalware program.

 Loading...

80. Which two mechanisms are used to control phishing attacks? (Choose two)

Enable browser alerts for fraudulent websites.

Define security group memberships.

Revoke expired CRL of the websites.

Use antispyware software.

Implement email filtering techniques.

Page 9 of 66

 Loading...

81. Which two behavioral patterns characterize a ping of death attack? (Choose two)

The attack is fragmented into groups of 16 octets before transmission.

The attack is fragmented into groups of 8 octets before transmission.

Short synchronized bursts of traffic are used to disrupt TCP connections.

Malformed packets are used to crash systems.

Publicly accessible DNS servers are typically used to execute the attack.

 Loading...

82. Which two preventive measures are used to control cross-site scripting? (Choose two)

Enable client-side scripts on a per-domain basis.

Incorporate contextual output encoding/escaping.

Disable cookie inspection in the HTML inspection engine.

Run untrusted HTML input through an HTML sanitization engine.

Same Site cookie attribute should not be used.

 Loading...

83. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

 Loading...

84. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

 Loading...

85. What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

STIX

XMPP

pxGrid

SMTP

 Loading...

86. Which two capabilities does TAXII support? (Choose two)

Exchange

Pull messaging

Binding

Correlation

Mitigating

 Loading...

87. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)

exploits

ARP spoofing

denial-of-service attacks

malware

eavesdropping

 Loading...

88. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

url

terminal

profile

selfsigned

 Loading...

89. What are two rootkit types? (Choose two)

registry

virtual

bootloader

user mode

buffer mode

 Loading...

90. Which form of attack is launched using botnets?

EIDDOS

virus

DDOS

TCP flood

Page 10 of 66

 Loading...

91. Which threat involves software being used to gain unauthorized access to a computer system?

virus

NTP amplification

ping of death

HTTP flood

 Loading...

92. Which type of attack is social engineering?

trojan

phishing

malware

MITM

 Loading...

93. Which two key and block sizes are valid for AES? (Choose two)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

 Loading...

94. Which two descriptions of AES encryption are true? (Choose two)

AES is less secure than 3DE

AES is more secure than 3DE

AES can use a 168-bit key for encryption.

AES can use a 256-bit key for encryption.

AES encrypts and decrypts a key three times in sequence.

 Loading...

95. Which algorithm provides encryption and authentication for data plane communication?

AES-GCM

SHA-96

AES-256

SHA-384

 Loading...

96. Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

3DES

RSA

DES

AES

 Loading...

97. What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

 Loading...

98. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

DMVPN

FlexVPN

IPsec DVTI

GET VPN

 Loading...

99. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

 Loading...

100. Which VPN technology can support a multivendor environment and secure traffic between sites?

SSL VPN

GET VPN

FlexVPN

DMVPN

Page 11 of 66

 Loading...

101. A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB .

What action is needed to authenticate the VPN?

Change isakmp to ikev2 in the command on host

Enter the command with a different password on host

Enter the same command on host

Change the password on hostA to the default password.

 Loading...

102. Refer to the exhibit.





A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status .

What is the problem according to this command output?

hashing algorithm mismatch

encryption algorithm mismatch

authentication key mismatch

interesting traffic was not applied

 Loading...

103. What is a difference between FlexVPN and DMVPN?

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

 Loading...

104. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

TLSv1.2

TLSv1.1

BJTLSv1

DTLSv1

 Loading...

105. What is a commonality between DMVPN and FlexVPN technologies?

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

FlexVPN and DMVPN use the new key management protocol

FlexVPN and DMVPN use the same hashing algorithms

IOS routers run the same NHRP code for DMVPN and FlexVPN

 Loading...

106. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

SDN controller and the cloud

management console and the SDN controller

management console and the cloud

SDN controller and the management solution

 Loading...

107. Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

accounting

assurance

automation

authentication

encryption

 Loading...

108. Which functions of an SDN architecture require southbound APIs to enable communication?

SDN controller and the network elements

management console and the SDN controller

management console and the cloud

SDN controller and the cloud

 Loading...

109. Which API is used for Content Security?

NX-OS API

IOS XR API

OpenVuln API

AsyncOS API

 Loading...

110. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

put

options

get

push

connect

Page 12 of 66

 Loading...

111. Refer to the exhibit.





What is the result of this Python script of the Cisco DNA Center API?

adds authentication to a switch

adds a switch to Cisco DNA Center

receives information about a switch

 Loading...

112. Refer to the exhibit.





What does the API do when connected to a Cisco security appliance?

get the process and PID information from the computers in the network

create an SNMP pull mechanism for managing AMP

gather network telemetry information from AMP for endpoints

gather the network interface information about the computers AMP sees

 Loading...

113. Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

Security Intelligence

Impact Flags

Health Monitoring

URL Filtering

 Loading...

114. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

 Loading...

115. Which option is the main function of Cisco Firepower impact flags?

They alert administrators when critical events occur.

They highlight known and suspected malicious IP addresses in reports.

They correlate data about intrusions and vulnerability.

They identify data that the ASA sends to the Firepower module.

 Loading...

116. On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

health policy

system policy

correlation policy

access control policy

health awareness policy

 Loading...

117. Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?

control

malware

URL filtering

protect

 Loading...

118. Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

Port

Rule

Source

Application

Protocol

 Loading...

119. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

quality of service

time synchronization

network address translations

intrusion policy

 Loading...

120. Which information is required when adding a device to Firepower Management Center?

username and password

encryption method

device serial number

registration key

Page 13 of 66

 Loading...

121. Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

transparent mode

routed mode

inline mode

active mode

passive monitor-only mode

 Loading...

122. The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic.

Where must the ASA be added on the Cisco UC Manager platform?

Certificate Trust List

Endpoint Trust List

Enterprise Proxy Service

Secured Collaboration Proxy

 Loading...

123. Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

A sysopt command can be used to enable NSEL on a specific interface.

NSEL can be used without a collector configured.

A flow-export event type must be defined under a policy.

 Loading...

124. Which feature is supported when deploying Cisco ASAv within AWS public cloud?

multiple context mode

user deployment of Layer 3 networks

IPv6

clustering

 Loading...

125. Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

It allows traffic if it does not meet the profile.

It defines a traffic baseline for traffic anomaly deduction.

It inspects hosts that meet the profile with more intrusion rules.

It blocks traffic if it does not meet the profile.

 Loading...

126. Which statement about IOS zone-based firewalls is true?

An unassigned interface can communicate with assigned interfaces

Only one interface can be assigned to a zone.

An interface can be assigned to multiple zones.

An interface can be assigned only to one zone.

 Loading...

127. What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

It tracks flow-create, flow-teardown, and flow-denied events.

It provides stateless IP flow tracking that exports all records of a specific flow.

It tracks the flow continuously and provides updates every 10 seconds.

Its events match all traffic classes in parallel.

 Loading...

128. Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?

configure system add <host><key>

configure manager <key> add host

configure manager delete

configure manager add <host><key>

 Loading...

129. Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

Correlation

Intrusion

Access Control

Network Discovery

 Loading...

130. Which ASA deployment mode can provide separation of management on a shared appliance?

DMZ multiple zone mode

transparent firewall mode

multiple context mode

routed mode

Page 14 of 66

 Loading...

131. What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Place the Cisco ISE server and the AD server in the same subnet

Configure a common administrator account

Configure a common DNS server

Synchronize the clocks of the Cisco ISE server and the AD server

 Loading...

132. An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

Use security services to configure the traffic monitor, .

Use URL categorization to prevent the application traffic.

Use an access policy group to configure application control settings.

Use web security reporting to validate engine functionality

 Loading...

133. Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

BYOD on boarding

Simple Certificate Enrollment Protocol

Client provisioning

MAC authentication bypass

 Loading...

134. Refer to the exhibit.





What will happen when this Python script is run?

The compromised computers and malware trajectories will be received from Cisco AMP

The list of computers and their current vulnerabilities will be received from Cisco AMP

The compromised computers and what compromised them will be received from Cisco AMP

The list of computers, policies, and connector statuses will be received from Cisco AMP

 Loading...

135. An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance .

Which product should be used to meet these requirements?

Cisco Umbrella

Cisco AMP

Cisco Stealthwatch

Cisco Tetration

 Loading...

136. Which factor must be considered when choosing the on-premise solution over the cloud-based one?

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

 Loading...

137. Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

consumption

sharing

analysis

authoring

 Loading...

138. An organization has a Cisco Stealthwatch Cloud deployment in their environment.

Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

 Loading...

139. What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

Ethos Engine to perform fuzzy fingerprinting

Tetra Engine to detect malware when me endpoint is connected to the cloud

Clam AV Engine to perform email scanning

Spero Engine with machine learning to perform dynamic analysis

 Loading...

140. What are two characteristics of Cisco DNA Center APIs? (Choose two)

Postman is required to utilize Cisco DNA Center API calls.

They do not support Python scripts.

They are Cisco proprietary.

They quickly provision new devices.

They view the overall health of the network

Page 15 of 66

 Loading...

141. What is a benefit of conducting device compliance checks?

It indicates what type of operating system is connecting to the network.

It validates if anti-virus software is installed.

It scans endpoints to determine if malicious activity is taking place.

It detects email phishing attacks.

 Loading...

142. In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

It allows multiple security products to share information and work together to enhance security posture in the network.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

It integrates with third-party products to provide better visibility throughout the network.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

 Loading...

143. What is the benefit of installing Cisco AMP for Endpoints on a network?

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints network connections.

It enables behavioral analysis to be used for the endpoints.

It protects endpoint systems through application control and real-time scanning

 Loading...

144. An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped .

How would this be accomplished?

Set a trusted interface for the DHCP server

Set the DHCP snooping bit to 1

Add entries in the DHCP snooping database

Enable ARP inspection for the required VLAN

 Loading...

145. Refer to the exhibit.





What will happen when the Python script is executed?

The hostname will be translated to an IP address and printed.

The hostname will be printed for the client in the client ID field.

The script will pull all computer hostnames and print them.

The script will translate the IP address to FODN and print it

 Loading...

146. Refer to the exhibit.





When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates .

Which configuration item must be modified to allow this?

Group Policy

Method

SAML Server

DHCP Servers

 Loading...

147. An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity platform .

What should be used to meet these requirements?

Cisco Umbrella

Cisco Cloud Email Security

Cisco NGFW

Cisco Cloudlock

 Loading...

148. An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API .

Which solution should be used to accomplish this goal?

SIEM

CASB

Adaptive MFA

Cisco Cloudlock

 Loading...

149. Why is it important to implement MFA inside of an organization?

To prevent man-the-middle attacks from being successful.

To prevent DoS attacks from being successful.

To prevent brute force attacks from being successful.

To prevent phishing attacks from being successful.

 Loading...

150. A network administrator is configuring SNMPv3 on a new router. The users have already been created; however, an additional configuration is needed to facilitate access to the SNMP views .

What must the administrator do to accomplish this?

map SNMPv3 users to SNMP views

set the password to be used for SNMPv3 authentication

define the encryption algorithm to be used by SNMPv3

specify the UDP port used by SNMP

Page 16 of 66

 Loading...

151. An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms .

Which software should be used to accomplish this goal?

Cisco Defense Orchestrator

Cisco Secureworks

Cisco DNA Center

Cisco Configuration Professional

 Loading...

152. What is a function of 3DES in reference to cryptography?

It hashes files.

It creates one-time use passwords.

It encrypts traffic.

It generates private keys.

 Loading...

153. Which risk is created when using an Internet browser to access cloud-based service?

misconfiguration of infrastructure, which allows unauthorized access

intermittent connection to the cloud connectors

vulnerabilities within protocol

insecure implementation of API

 Loading...

154. An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation .

Which actions must be performed in order to provide this capability?

deliver and send copies to other recipients

quarantine and send a DLP violation notification

quarantine and alter the subject header with a DLP violation

deliver and add disclaimer text

 Loading...

155. Refer to the exhibit.





An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD is not behind a NAT device .

Which command is needed to enable this on the Cisco FTD?

configure manager add DONTRESOLVE kregistration key>

configure manager add <FMC IP address> <registration key> 16

configure manager add DONTRESOLVE <registration key> FTD123

configure manager add <FMC IP address> <registration key>

 Loading...

156. A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface .

How does the switch behave in this situation?

It forwards the packet after validation by using the MAC Binding Table.

It drops the packet after validation by using the IP & MAC Binding Table.

It forwards the packet without validation.

It drops the packet without validation.

 Loading...

157. What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot

 Loading...

158. What is a benefit of performing device compliance?

Verification of the latest OS patches

Device classification and authorization

Providing multi-factor authentication

Providing attribute-driven policies

 Loading...

159. Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

Hybrid

Community

Private

Public

 Loading...

160. Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

IKEv1

AH

ESP

IKEv2

Page 17 of 66

 Loading...

161. An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and operate as a cloud-native CASB .

Which solution must be used for this implementation?

Cisco Cloudlock

Cisco Cloud Email Security

Cisco Firepower Next-Generation Firewall

Cisco Umbrella

 Loading...

162. What are two Trojan malware attacks? (Choose two)

Frontdoor

Rootkit

Smurf

Backdoor

Sync

 Loading...

163. What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

To protect the endpoint against malicious file transfers

To ensure that assets are secure from malicious links on and off the corporate network

To establish secure VPN connectivity to the corporate network

To enforce posture compliance and mandatory software

 Loading...

164. What is a capability of Cisco ASA Netflow?

It filters NSEL events based on traffic

It generates NSEL events even if the MPF is not configured

It logs all event types only to the same collector

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

 Loading...

165. Which component of Cisco umbrella architecture increases reliability of the service?

Anycast IP

AMP Threat grid

Cisco Talos

BGP route reflector

 Loading...

166. What is the benefit of integrating Cisco ISE with a MDM solution?

It provides compliance checks for access to the network

It provides the ability to update other applications on the mobile device

It provides the ability to add applications to the mobile device through Cisco ISE

It provides network device administration access

 Loading...

167. An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices .

What should be done to ensure that all subdomains of domain.com are blocked?

Configure the *.com address in the block list

Configure the *.domain.com address in the block list

Configure the www.domain.com address in the block list

Configure the domain.com address in the block list

 Loading...

168. An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network .

Which solution meets these requirements?

Cisco Umbrella Cloud

Cisco Stealthwatch Cloud PNM

Cisco Stealthwatch Cloud PCM

Cisco Umbrella On-Premises

 Loading...

169. An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs .

Which solution meets the needs of the organization?

Cisco FMC

CSM

Cisco FDM

CDO

 Loading...

170. An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default .

Which technology must be used to implement these requirements?

Virtual routing and forwarding

Microsegmentation

Access control policy

Virtual LAN

Page 18 of 66

 Loading...

171. A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy .

What should be done in order to support this?

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

Make the priority for the new policy 5 and the primary policy 1

Change the encryption to AES* to support all AES algorithms in the primary policy

Make the priority for the primary policy 10 and the new policy 1

 Loading...

172. Which type of encryption uses a public key and private key?

Asymmetric

Symmetric

Linear

Nonlinear

 Loading...

173. What are two features of NetFlow flow monitoring? (Choose two)

Can track ingress and egress information

Include the flow record and the flow importer

Copies all ingress flow information to an interface

Does not required packet sampling on interfaces

Can be used to track multicast, MPLS, or bridged traffic

 Loading...

174. A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode .

Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

Transport mode

Forward file

PAC file

Bridge mode

 Loading...

175. Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

IP and Domain Reputation Center

File Reputation Center

IP Slock List Center

AMP Reputation Center

 Loading...

176. An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence .

Which protocol accomplishes this goal?

AES-192

IKEv1

AES-256

ESP

 Loading...

177. An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24 .

Which command on the hub will allow the administrator to accomplish this?

crypto ca identity 172.19.20.24

crypto isakmp key Cisco0123456789 172.19.20.24

crypto enrollment peer address 172.19.20.24

crypto isakmp identity address 172.19.20.24

 Loading...

178. What is a difference between an XSS attack and an SQL injection attack?

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them

XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them

 Loading...

179. An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems .

What must be done to meet these requirements?

Implement pre-filter policies for the CIP preprocessor

Enable traffic analysis in the Cisco FTD

Configure intrusion rules for the DNP3 preprocessor

Modify the access control policy to trust the industrial traffic

 Loading...

180. Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?

Audit

Mandatory

Optional

Visibility

Page 19 of 66

 Loading...

181. Which attribute has the ability to change during the RADIUS CoA?

NTP

Authorization

Accessibility

Membership

 Loading...

182. With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment?

Prevalence

File analysis

Detections

Vulnerable software

Threat root cause

 Loading...

183. A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise .

What must be done in order to ensure that the created is functioning as it should?

Create an IP block list for the website from which the file was downloaded

Block the application that the file was using to open

Upload the hash for the file into the policy

Send the file to Cisco Threat Grid for dynamic analysis

 Loading...

184. A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment. They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth .

Which solution would be best for this and why?

DMVPN because it supports IKEv2 and FlexVPN does not

FlexVPN because it supports IKEv2 and DMVPN does not

FlexVPN because it uses multiple SAs and DMVPN does not

DMVPN because it uses multiple SAs and FlexVPN does not

 Loading...

185. How does Cisco Workload Optimization Manager help mitigate application performance issues?

It deploys an AWS Lambda system

It automates resource resizing

It optimizes a flow path

It sets up a workload forensic score

 Loading...

186. An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address .

What must be done to resolve this issue?

Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address

Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard

Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard

Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

 Loading...

187. What is a difference between a DoS attack and a DDoS attack?

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

 Loading...

188. Which two capabilities of Integration APIs are utilized with Cisco DNA center? (Choose two)

Automatically deploy new virtual routers

Upgrade software on switches and routers

Application monitors for power utilization of devices and IoT sensors

Connect to Information Technology Service Management Platforms

Create new SSIDs on a wireless LAN controller

 Loading...

189. Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?

Integration

Intent

Event

Multivendor

 Loading...

190. What is the purpose of CA in a PKI?

To issue and revoke digital certificates

To validate the authenticity of a digital certificate

To create the private key for a digital certificate

To certify the ownership of a public key by the named subject

Page 20 of 66

 Loading...

191. Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

Orchestration

CI/CD pipeline

Container

Security

 Loading...

192. Which parameter is required when configuring a Netflow exporter on a Cisco Router?

DSCP value

Source interface

Exporter name

Exporter description

 Loading...

193. Which category includes DoS Attacks?

Virus attacks

Trojan attacks

Flood attacks

Phishing attacks

 Loading...

194. What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

It provides spoke-to-spoke communications without traversing the hub

It allows different routing protocols to work over the tunnel

It allows customization of access policies based on user identity

It allows multiple sites to connect to the data center

It enables VPN access for individual users from their machines

 Loading...

195. When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key establishment?

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

DH is a symmetric key establishment algorithm intended to output asymmetric keys

DH is on asymmetric key establishment algorithm intended to output symmetric keys

 Loading...

196. Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

Malware installation

Command-and-control communication

Network footprinting

Data exfiltration

 Loading...

197. What is a difference between GETVPN and IPsec?

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

GETVPN provides key management and security association management

GETVPN is based on IKEv2 and does not support IKEv1

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

 Loading...

198. What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

Telemetry uses a pull mehod, which makes it more reliable than SNMP

Telemetry uses push and pull, which makes it more scalable than SNMP

Telemetry uses push and pull which makes it more secure than SNMP

Telemetry uses a push method which makes it faster than SNMP

 Loading...

199. An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy .

Which solution should be used to meet this requirement?

Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not

Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not

Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

 Loading...

200. An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users .

What must be done on the Cisco WSA to support these requirements?

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

Page 21 of 66

 Loading...

201. An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not .

What should the administrator do to address this issue?

Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE

Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect

Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE

Configure the device sensor feature within the switch to send the appropriate protocol information

 Loading...

202. A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis .

What must be done to meet this requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

 Loading...

203. An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed .

What must be done to ensure that all devices can communicate together?

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

Set the tunnel to go through the Cisco FTD

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

Set the tunnel port to 8305

 Loading...

204. Which service allows a user export application usage and performance statistics with Cisco Application Visibility and control?

SNORT

NetFlow

SNMP

802.1X

 Loading...

205. An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero .

What is the issue?

The engineer is attempting to upload a hash created using MD5 instead of SHA-256

The file being uploaded is incompatible with simple detections and must use advanced detections

The hash being uploaded is part of a set in an incorrect format

The engineer is attempting to upload a file instead of a hash

 Loading...

206. In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

Smurf

distributed denial of service

cross-site scripting

rootkit exploit

 Loading...

207. Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

user input validation in a web page or web application

Linux and Windows operating systems

database

web page images

 Loading...

208. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

Check integer, float, or Boolean string parameters to ensure accurate values.

Use prepared statements and parameterized queries.

Secure the connection between the web and the app tier.

Write SQL code instead of using object-relational mapping libraries.

Block SQL code execution in the web application database login.

 Loading...

209. Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

Patch for cross-site scripting.

Perform backups to the private cloud.

Protect against input validation and character escapes in the endpoint.

Install a spam and virus email filter.

Protect systems with an up-to-date antimalware program.

 Loading...

210. Which two mechanisms are used to control phishing attacks? (Choose two)

Enable browser alerts for fraudulent websites.

Define security group memberships.

Revoke expired CRL of the websites.

Use antispyware software.

Implement email filtering techniques.

Page 22 of 66

 Loading...

211. Which two behavioral patterns characterize a ping of death attack? (Choose two)

The attack is fragmented into groups of 16 octets before transmission.

The attack is fragmented into groups of 8 octets before transmission.

Short synchronized bursts of traffic are used to disrupt TCP connections.

Malformed packets are used to crash systems.

Publicly accessible DNS servers are typically used to execute the attack.

 Loading...

212. Which two preventive measures are used to control cross-site scripting? (Choose two)

Enable client-side scripts on a per-domain basis.

Incorporate contextual output encoding/escaping.

Disable cookie inspection in the HTML inspection engine.

Run untrusted HTML input through an HTML sanitization engine.

Same Site cookie attribute should not be used.

 Loading...

213. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

 Loading...

214. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

 Loading...

215. What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

STIX

XMPP

pxGrid

SMTP

 Loading...

216. Which two capabilities does TAXII support? (Choose two)

Exchange

Pull messaging

Binding

Correlation

Mitigating

 Loading...

217. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)

exploits

ARP spoofing

denial-of-service attacks

malware

eavesdropping

 Loading...

218. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

url

terminal

profile

selfsigned

 Loading...

219. What are two rootkit types? (Choose two)

registry

virtual

bootloader

user mode

buffer mode

 Loading...

220. Which form of attack is launched using botnets?

EIDDOS

virus

DDOS

TCP flood

Page 23 of 66

 Loading...

221. Which threat involves software being used to gain unauthorized access to a computer system?

virus

NTP amplification

ping of death

HTTP flood

 Loading...

222. Which type of attack is social engineering?

trojan

phishing

malware

MITM

 Loading...

223. Which two key and block sizes are valid for AES? (Choose two)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

 Loading...

224. Which two descriptions of AES encryption are true? (Choose two)

AES is less secure than 3DE

AES is more secure than 3DE

AES can use a 168-bit key for encryption.

AES can use a 256-bit key for encryption.

AES encrypts and decrypts a key three times in sequence.

 Loading...

225. Which algorithm provides encryption and authentication for data plane communication?

AES-GCM

SHA-96

AES-256

SHA-384

 Loading...

226. Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

3DES

RSA

DES

AES

 Loading...

227. What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

 Loading...

228. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

DMVPN

FlexVPN

IPsec DVTI

GET VPN

 Loading...

229. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

 Loading...

230. Which VPN technology can support a multivendor environment and secure traffic between sites?

SSL VPN

GET VPN

FlexVPN

DMVPN

Page 24 of 66

 Loading...

231. A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB .

What action is needed to authenticate the VPN?

Change isakmp to ikev2 in the command on host

Enter the command with a different password on host

Enter the same command on host

Change the password on hostA to the default password.

 Loading...

232. Refer to the exhibit.





A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status .

What is the problem according to this command output?

hashing algorithm mismatch

encryption algorithm mismatch

authentication key mismatch

interesting traffic was not applied

 Loading...

233. What is a difference between FlexVPN and DMVPN?

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

 Loading...

234. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

TLSv1.2

TLSv1.1

BJTLSv1

DTLSv1

 Loading...

235. What is a commonality between DMVPN and FlexVPN technologies?

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

FlexVPN and DMVPN use the new key management protocol

FlexVPN and DMVPN use the same hashing algorithms

IOS routers run the same NHRP code for DMVPN and FlexVPN

 Loading...

236. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

SDN controller and the cloud

management console and the SDN controller

management console and the cloud

SDN controller and the management solution

 Loading...

237. Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

accounting

assurance

automation

authentication

encryption

 Loading...

238. Which functions of an SDN architecture require southbound APIs to enable communication?

SDN controller and the network elements

management console and the SDN controller

management console and the cloud

SDN controller and the cloud

 Loading...

239. Which API is used for Content Security?

NX-OS API

IOS XR API

OpenVuln API

AsyncOS API

 Loading...

240. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

put

options

get

push

connect

Page 25 of 66

 Loading...

241. Refer to the exhibit.





What is the result of this Python script of the Cisco DNA Center API?

adds authentication to a switch

adds a switch to Cisco DNA Center

receives information about a switch

 Loading...

242. Refer to the exhibit.





What does the API do when connected to a Cisco security appliance?

get the process and PID information from the computers in the network

create an SNMP pull mechanism for managing AMP

gather network telemetry information from AMP for endpoints

gather the network interface information about the computers AMP sees

 Loading...

243. Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

Security Intelligence

Impact Flags

Health Monitoring

URL Filtering

 Loading...

244. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

 Loading...

245. Which option is the main function of Cisco Firepower impact flags?

They alert administrators when critical events occur.

They highlight known and suspected malicious IP addresses in reports.

They correlate data about intrusions and vulnerability.

They identify data that the ASA sends to the Firepower module.

 Loading...

246. On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

health policy

system policy

correlation policy

access control policy

health awareness policy

 Loading...

247. Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?

control

malware

URL filtering

protect

 Loading...

248. Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

Port

Rule

Source

Application

Protocol

 Loading...

249. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

quality of service

time synchronization

network address translations

intrusion policy

 Loading...

250. Which information is required when adding a device to Firepower Management Center?

username and password

encryption method

device serial number

registration key

Page 26 of 66

 Loading...

251. Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

transparent mode

routed mode

inline mode

active mode

passive monitor-only mode

 Loading...

252. The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic.

Where must the ASA be added on the Cisco UC Manager platform?

Certificate Trust List

Endpoint Trust List

Enterprise Proxy Service

Secured Collaboration Proxy

 Loading...

253. Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

A sysopt command can be used to enable NSEL on a specific interface.

NSEL can be used without a collector configured.

A flow-export event type must be defined under a policy.

 Loading...

254. Which feature is supported when deploying Cisco ASAv within AWS public cloud?

multiple context mode

user deployment of Layer 3 networks

IPv6

clustering

 Loading...

255. Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

It allows traffic if it does not meet the profile.

It defines a traffic baseline for traffic anomaly deduction.

It inspects hosts that meet the profile with more intrusion rules.

It blocks traffic if it does not meet the profile.

 Loading...

256. Which statement about IOS zone-based firewalls is true?

An unassigned interface can communicate with assigned interfaces

Only one interface can be assigned to a zone.

An interface can be assigned to multiple zones.

An interface can be assigned only to one zone.

 Loading...

257. What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

It tracks flow-create, flow-teardown, and flow-denied events.

It provides stateless IP flow tracking that exports all records of a specific flow.

It tracks the flow continuously and provides updates every 10 seconds.

Its events match all traffic classes in parallel.

 Loading...

258. Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?

configure system add <host><key>

configure manager <key> add host

configure manager delete

configure manager add <host><key>

 Loading...

259. Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

Correlation

Intrusion

Access Control

Network Discovery

 Loading...

260. Which ASA deployment mode can provide separation of management on a shared appliance?

DMZ multiple zone mode

transparent firewall mode

multiple context mode

routed mode

Page 27 of 66

 Loading...

261. An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to sites but other sites are not accessible due to an error.

Why is the error occurring?

Client computers do not have an SSL certificate deployed from an internal CA server.

Intelligent proxy and SSL decryption is disabled tn policy.

IP-Layer Enforcement is not configured

Client computers do not have the Cisco Umbrella Root CA certificate installed.

 Loading...

262. What are the two types Of managed Intercloud Fabric deployment models? (Choose two)

Service Provider managed

Public managed

Hybrid managed

Enterprise managed

User managed

 Loading...

263. Which Cisco security solution protects remote users against phishing attacks when they are not

connected to the VPN?

Cisco Firepower

Cisco Umbrella

Cisco Stealthwatch

Cisco Firepower NGIPS

 Loading...

264. An engineer is configuring 802. 1 X authentication on Cisco switches in the network and is using COA as a mechanism.

Which port on the firewall must be opened to allow the COA traffic to traverse the network?

TCP 6514

UDP 1700

TCP 49

UDP 1812

 Loading...

265. How is DNS tunneling used to exflltrate data out of a corporate network?

It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network

It computes DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

It encodes the payload with random characters that are broken into short stings and the DNS server rebuilds the exflltrated data.

It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

 Loading...

266. An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA Which Cisco ASA command must be used?

ip flow-export destination 1. 1. 1. 1 2055

flow-export destination inside 1. 1. 1. 1 2055

ip flow monitor <name> input

flow exporter <name>

 Loading...

267. An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network.

Which product should be used to accomplish this goal?

Cisco Firepower

Cisco Umbrella

Cisco ISE

Cisco AMP

 Loading...

268. Refer to the exhibit.





When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates.

Which configuration item must be modified to allow this?

SAML Server

Method

Group Policy

AAA Server Group

 Loading...

269. Refer to the exhibit.





What will happen when this Python script is run?

The compromised computers and malware trajectories will be received from Cisco AMP

The list of computers and their current vulnerabilities will be received from Cisco AMP

The compromised computers and what compromised them will be received from Cisco AMP

The list of computers, policies, and connector statuses will be received from Cisco AMP

 Loading...

270. network administrator needs to find out what assets currently exist on the network. Third party systems need to be able to feed host data into Cisco Firepower.

What must be configured to accomplish this?

a Network Discovery policy to receive data from the host

a Threat Intelligence policy to download the data from the host

a File Analysis policy to send file data into Cisco Firepower

a Network Analysis policy to receive NetFlow data from the host

Page 28 of 66

 Loading...

271. What is the role of an endpoint in protecting a user from a phishing attack?

Ensure that antivirus and antimalware software is up-to-date.

Use Cisco Stealth watch and CISCO ISE Integration.

Utilize 802. 1X network security to ensure unauthorized access to resources.

Use machine learning models to help identify anomalies and determine expected sending behavior.

 Loading...

272. Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco talos?

consumption

analysis

sharing

authoring

 Loading...

273. A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server. and the new device does not have a supplicant available.

What must be done in order to securely connect this device to the network?

use 802. 1X with posture assessment

use MAB with profiling.

use MAB with posture assessment

Use 802. 1X with profiling.

 Loading...

274. An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower.

Which feature should be used to accomplish this?

NetFlow

Access Control

Network Discovery

Packet Tracer

 Loading...

275. An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance.

Which product should be used to meet these requirements?

Cisco AMP

CISCO Stealthwatch

Cisco Umbrella

Cisco Tetration

 Loading...

276. With which components does a southbound API within a software-ciefined network architecture communicate?

appliances

controners within the network

applications

devices such as routers and switches

 Loading...

277. What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Configure a common administrator account.

Configure a common DNS server.

Place the Cisco ISE server and the AD server in the same subnet.

Synchronize the clocks of the Cisco ISE server and the AD server.

 Loading...

278. An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users. data, and applications. There is a requirement to use the Cisco cloud-native CASB and Cloud cybersecurity platform.

What should be used to meet these requirements?

Cisco Umbrella

CISCO Cloud Email Security

Cisco Cloudlock

Cisco NGFW

 Loading...

279. What are two characteristics of Cisco DNA Center APIs? (Choose two)

They do not support Python scripts.

They view the overall health of the network.

They are Cisco proprietary.

Postman is required to utilize Cisco DNA Center API Calls.

They quickly provision new devices

 Loading...

280. When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router. an administrator needs to input the command crypto isakmp key cisco address 0. 0. 0. 0 . The administrator is not sure what the IP address in this command is used for.

What would be the effect of changing the IP address from 0. 0. 0. 0 to 1. 2. 3. 4?

The key server that is managing the keys for the connection will be at 1. 2. 3. 4.

The remote connection wrll only be allowed from 1. 2. 3. 4

The address that will be used as the crypto validation authority.

All IP addresses other than 1. 2. 3. 4 will be allowed

Page 29 of 66

 Loading...

281. Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

interesting file access

privilege escalation

file access from a different user

user login suspicious behavior

 Loading...

282. A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.

How does the switch behave in this situation?

It forwards the packet without validation.

It forwards the packet after validation by using the MAC Binding Table.

It drops the packet after validation by using the IP & MAC Binding Table.

It drops the packet Without validation.

 Loading...

283. What must be integrated with Cisco Threat Intelligence Director to provide information about security threats.

Which allows the SOC to proactively automate responses to those threats?

Cisco Threat Grid

External Threat Feeds

CISCO Umbrella

Cisco Stealthwatch

 Loading...

284. Drag and drop the common security threats from left onto the definitions on the right.

 Loading...

285. Drag and drop the descriptions from the left onto the correct protocol versions on the right.

 Loading...

286. Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

 Loading...

287. Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web.

 Loading...

288. Drag and drop the threats from the left onto examples of that threat on the right.

 Loading...

289. Drag and drop the NetFlow export format from the left onto the descriptions on the right.

 Loading...

290. Drag and drop the solutions from the left onto the solution’s benefits on the right.

Page 30 of 66

 Loading...

291. What is the difference between Cross-site Scripting and SQL Injection, attacks?

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

 Loading...

292. Art administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower.

Which feature should be used to accomplish this?

NetFlow

Packel Tracer

Network Discovery

Access Control

 Loading...

293. Refer to the exhibit.





Which command was used to display this output?

show dotlx all summary

show dotlx interface gil/O/12

show dotlx all

show dotl1x

 Loading...

294. What is managed by Cisco Security Manager?

Cisco ASA

Cisco WLC

Cisco WSA

Cisco ESA

 Loading...

295. Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained.

Which command should be configured on the switch interface in order to provide the user with network connectivity?

ip dhcp snooping trust

ip dhcp snooping verify mac-address

ip dhcp snooping vlan 41

ip dhcp snooping limit 41

 Loading...

296. Which feature is supported when deploying Cisco ASAv within the AWS public cloud?

multiple context mode

user deployment of Layer3 networks

clustering

lPv6

 Loading...

297. Which protocol provides the strongest throughput performance when using Cisco Anyconnect VPN?

TLSv1,1

TLSv1. 2

TLSv1

DTLSv1

 Loading...

298. An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

overflowing the buffer's memory

sending continuous pings

inserting malicious commands into the database

 Loading...

299. What are two DDoS attack categories? (Choose two)

sequential

protocol

database

volume-based

scree-based

 Loading...

300. When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

Common Vulnerabilities and Exposures

Common Exploits and Vulnerabilities

Common Security Exploits

Common Vulnerabilities, Exploits and Threats

Page 31 of 66

 Loading...

301. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It uses machine learning and real-time behavior analytics.

It utilizes sensors that send messages securely.

 Loading...

302. An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device.

Which mechanism should the engineer configure to accomplish this goal?

mirror port

NetFlow

Flow

VPC flow logs

 Loading...

303. Refer to the exhibit.





A network administrator configures command authorization for the admin5 user What is the admin5 user able to do on HQ_Router after this configuration?

complete no configurations

add subinterfaces

complete all configurations

set the IP address of an interface

 Loading...

304. What provides visibility and awareness into what is currently occurring on the network?

CMX

WMI

Prime Infrastructure

Telemetry

 Loading...

305. An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network.

Which action tests the routing?

Ensure that the client computers are pointing to the on-premises DNS servers.

Enable the Intelligent Proxy to validate that traffic is being routed correctly.

Add the public IP address that the client computers are behind to a Core Identity

Browse to http://welcome.umbrella.com/ to validate that the new identity is working

 Loading...

306. Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)

Patch for cross-site scripting

Perform backups to the private cloud.

Protect against input validation and character escapes in the endpoint.

Install a spam and virus email filter

Protect systems with an up-to-date antimalware program

 Loading...

307. Which API is used for Content Security?

NX-OS API

IOS XR API

OpenVuln API

AsyncOS API

 Loading...

308. What is a characteristic of Dynamic ARP Inspection?

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.

DAI associates a trust state with each switch.

DAI intercepts all ARP requests and responses on trusted ports only

 Loading...

309. Using Cisco Firepower's Security Intelligence policies, upon which two criteria is Firepower

block based?

(Choose two.)

protocol IDs

URLs

IP addresses

port numbers

MAC addresses

 Loading...

310. Which type of attack is social engineering?

trojan

MITM

phishing

malware

Page 32 of 66

 Loading...

311. For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

computer identity

Windows service

user identity

Windows firewall

default browser

 Loading...

312. What is a benefit of using Cisco FMC over Cisco ASDM?

Cisco FMC uses Java while Cisco ASDM uses HTML5.

Cisco FMC provides centralized management while Cisco ASDM does not.

Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

 Loading...

313. Which two preventive measures are used to control cross-site scripting? (Choose two.)

Enable client-side scripts on a per-domain basis

Incorporate contextual output encoding/escaping

Disable cookie inspection in the HTML inspection engine

Run untrusted HTML input through an HTML sanitization engine

SameSite cookie attribute should not be used

 Loading...

314. Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

SNMP

SMTP

syslog

model-driven telemetry

 Loading...

315. Drag and drop the capabilities from the left onto the correct technologies on the right.

 Loading...

316. Which information is required when adding a device to Firepower Management Center?

Username and password

Encryption method

Device serial number

Registration key

 Loading...

317. Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

It adds endpoints to identity groups dynamically.

It verifies that the endpoint has the latest Microsoft security patches installed.

It allows the endpoint to authenticate with 802.1xor MA

It allows CoA to be applied if the endpoint status is compliant.

 Loading...

318. What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

 Loading...

319. Which compliance status is shown when a configured posture policy requirement is not

met?

unknown

authorized

compliant

noncompliant

 Loading...

320. What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

It allows the administrator to quarantine malicious files so that the application can function, just not maliciously

It discovers and controls cloud apps that are connected to a company's corporate environment

It deletes any application that does not belong in the network

It sends the application information to an administrator to act on

Page 33 of 66

 Loading...

321. What are two DDoS attack categories? (Choose two.)

sequential

protocol

database

volume-based

scree-based

 Loading...

322. A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1.

Which command achieves this goal?

snmp-server host inside 10.255.254.1 snmpv3 myv3

snmp-server host inside 10.255.254.1 snmpv3 andy

snmp-server host inside 10.255.254.1 version 3 myv3

snmp-server host inside 10.255.254.1 version 3 andy

 Loading...

323. Which type of protection encrypts RSA keys when they are exported and imported?

file

passphrase

NGE

nonexportable

 Loading...

324. A cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict.

What is causing this issue?

The policy was created to send a message to quarantine instead of drop

The file has a reputation score that is above the threshold

The file has a reputation score that is below the threshold

The policy was created to disable file analysis

 Loading...

325. An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower.

Which feature should be used to accomplish this?

Netflow

Packet Tracer

Network Discovery

access control

 Loading...

326. Which attack is preventable by Cisco ESA but not by the Cisco WSA?

Buffer overflow

DoS

SQL Injection

Phishing

 Loading...

327. A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad servers must be prevented.

Which two actiob must be taken in order to meet these requirements? (Choose Two)

Use outbreak filters from senderBase

Enable a message tracking services

Configure a recipient access table

Deploy the Cisco ESA in the DMZ

Scan quarantined email using AntiVirus signature

 Loading...

328. Which type of dashboard does Cisco DNA Center provide for complete control of the network?

Service management

centralized management

application management D distributed management

 Loading...

329. In an IaaS cloud services model, which security function is the provider responsible for managing?

Internet proxy

Firewall virtual machine

CASB

Hypervisor OS hardening

 Loading...

330. A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC and server, and the new device does not have a supplicant available.

What must be done in order to security connect this device in the network?

Use MAB with profiling

Use MAB with posture assessment

Use 802.1x with posture assessment

Use 802.1X with profiling

Page 34 of 66

 Loading...

331. An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisco392368270. The server 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2. however is unable to do so.

Which command is required to enable the client to accept the server’s authentication key?

ntp peer 1.1.1.1 key 1

ntp server 1.1.1.1 key 1

ntp server 1.1.1.2 key 1

ntp peer 1.1.1.2 key 1

 Loading...

332. What is the role of an endpoint in protecting a user from a phishing attack?

Use Cisco Stealth watch and Cisco ISE integration

Utilize 802.1X network security to ensure unauthorized access to resources

Use machine learning models to help identify anomalies and determine expected sending behavior

Ensure that antivirus and antimalware software is up-to-date

 Loading...

333. Drag and drop the NetFlow export formats from the left onto the descriptions on the right?

 Loading...

334. An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic.

Which action will accomplish this task?

Set content setting to high

Configure the intelligent proxy

Use destination block lists

Configure application block lists

 Loading...

335. With which components does a southbound API within a software-defined network architecture communicate?

Controllers within the network

Application

Appliance

Devices such as routers and switches

 Loading...

336. A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower.

What must be configured to accomplish this?

A network discovery policy to receive data from the host

Threat Intelligent policy to download the data from the host

A file analysis policy to send file data into Cisco Firepower

A network Analysis policy to receive NetFlow data from the host

 Loading...

337. When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command cry to isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP address in this command is used for.

What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

The key server that is mapping to keys for the connection will be at 1.2.3.4

The remote connection will only be allowed from 1.2.3.4

The address that will be used as the crypto validation authority

All IP addresses other than 1.2.3.4 will be allowed.

 Loading...

338. Which suspicious pattern enables the cisco Tetration platform to learn the normal behavior of users?

file access from a different user

interesting file access

User login suspicious behavior

Privilege escalation

 Loading...

339. Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into services?

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval

Use EEM to have the ports return to service automatically in less than 300 senconds

Enter the shutdown and no shutdown commands on the interfaces

Enable the snmp-server enable traps command and wait 300 senconds

Enable that interfaces are configured with the error-disable detection and recovery features

 Loading...

340. What is the difference between Cross-site Scripting and SQL Injection attack?

Cross-site Scripting is an attack where code is injected into a database, whereas SQL injection is an attack where code is injected into the browser

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL injection is when a database is m anipulated

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side

Page 35 of 66

 Loading...

341. A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network.

Where should the administrator begin troubleshooting to verify the authentication details?

Adaptive Network control policy list

Context visibility

Accounting Reports

RADIUS live logs

 Loading...

342. What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Place the Cisco ISE server and the AD server in the same subnet

Configure a common administrator account

configure a common DNS server

Synchronization the clocks of the Cisco ISE server and the AD server

 Loading...

343. An organization recently installed a Cisco WSA and would like to take advantage of the A

VC engine to allow the organization to create a policy to control application specific activity.

After enabling the AVC engine, what must be done to implement this?

User security services to configure the traffic monitor

Use URL categories to prevent the application traffic

Use an access policy group to configure application control setting

Use web security reporting to validate engine functionality

 Loading...

344. Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

BYOD on boarding

Simple Certification Enrollment Protocol

Client provisioning

MAC authentication bypass

 Loading...

345. Refer to the exhibit:





What will happen when this Python script is run?

The compromised computers and malware trajectories will be received from Cisco AMP

The list of computers and their current vulnerabilities will be received from AMP

The compromised computers and what compromised them will be received from Cisco AMP

The list of computers, policies and connector statuses will be received from Cisco AMP

 Loading...

346. An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance.

Which product should be used to meet these requirements?

Cisco Umbrella

Cisco AMP

Cisco Stealthwatch

Cisco Tetration

 Loading...

347. Which factor must be considered when choosing the on-premise solution over the cloud-based one?

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

With a cloud-based solution, the provider is responsible for installation, but the customer is responsible for the maintenance of the product

With an on-promise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product

With an on-premise solution, the customer is responsible for the installation and maintenance of product, whereas with cloud-based solution, the provider is responsible for it

 Loading...

348. Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

Consumption

Sharing

analysis

authoring

 Loading...

349. An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but togs are not being received from the on-premise network.

What action will resolve this issue?

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

 Loading...

350. What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

Ethos Engine to perform fuzzy fingerprinting

Tetra Engine to detect malware when the endpoint is connected to the cloud

ClamAV Engine to perform email scanning

Spero Engine with machine learning to perform dynamic analysis

Page 36 of 66

 Loading...

351. What are two characteristics of Cisco DNA Center APIs? {Choose two.)

Postman is required to utilize Cisco DNA Center API calls.

They do not support Python scripts.

They are Cisco proprietary.

They quickly provision new devices.

They view the overall health of the network,

 Loading...

352. What is a benefit of conducting device compliance checks?

It indicates what type of operating system is connecting to the network.

It validates if anti-virus software is installed

It scans endpoints to determine if malicious activity is taking place.

It detects email phishing attacks.

 Loading...

353. In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.)

It allows multiple security products to share information and work together to enhance security posture in the network.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

It integrates with third-party products to provide better visibility throughout the network,

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (Passive ID)

 Loading...

354. An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped.

How would this be accomplished?

Set a trusted interface for the DHCP server

Set the DHCP snooping bit to 1.

Add entries in the DHCP snooping database.

Enable ARP inspection for the required VLA

 Loading...

355. Refer to the exhibit





What will happen when the Python script is executed?

The hostname will be translated to an fP address and printed.

The hostname will be printed for the client in the client ID field.

The script will pull all computer hostnames and print them.

The script will translate the IP address to FODN and print it

 Loading...

356. Refer to the exhibit





When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates.

Which configuration item must be modified to allow this?

Group Policy

Method

SMAL Server

DHCP Servers

 Loading...

357. An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CA3B and cloud cybersecurity platform.

What should be used to meet these requirements?

Cisco Umbrella

Cisco Cloud Email Security

Cisco NGFW

Cisco Cloudlock

 Loading...

358. An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API.

Which solution should be used to accomplish this goal?

SIEM

CASB

Adaptive MFA

Cisco Cloudlock

 Loading...

359. Which feature requires a network discovery policy on the Cisco Firepower NGIPS?

security intelligence

URL filtering

impact flags

health monitoring

 Loading...

360. An engineer needs a cloud solution that with monitor traffic, create incidents based cn events, and integrate with other cloud solutions via an API.

Which solution should be used to accomplish this goal?

SIEM

CASB

AdaptiveMFA

Cisco Cloudlock

Page 37 of 66

 Loading...

361. Why is it important to implement MFA inside of an organization?

To prevent man-the-middle attacks from being successful.

To prevent DoS attacks from being successful.

To prevent brute force attacks from being successful.

To prevent phishing attacks from being successful.

 Loading...

362. Drag and drop:

The solutions from the left onto the solution's benefits on the right.

 Loading...

363. A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views.

What must the administrator do to accomplish this?

map SNMPv3users to SNMP views

set the password to be used for SNMPv3 authentication

define the encryption algorithm to be used by SNMPv3

specify the UDP port used by SNMP

 Loading...

364. An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms.

Which software should be used to accomplish this goal?

Cisco Defense Orchestrator

Cisco SecureWorks

Cisco DNA Center

Cisco Configuration Professional

 Loading...

365. Which two key and block sizes are valid for AES? (Choose two.)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

 Loading...

366. Refer to the exhibit.





Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

show authentication registrations

show authentication method

show dot1x all

show authentication sessions

 Loading...

367. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

transparent

redirection

forward

proxy gateway

 Loading...

368. Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

Platform Exchange Grid

Advanced Malware Protection

Multifactor Platform Integration

Firepower Threat Defense

 Loading...

369. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

url

profile

terminal

selfsigned

 Loading...

370. What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)

blocked ports

simple custom detections

command and control

allowed applications

URL

Page 38 of 66

 Loading...

371. An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network.

What must be configured, based on a predefined threshold, to address this issue?

Bridge Protocol Data Unit guard

embedded event monitoring

access control lists

Storm Control

 Loading...

372. What is the purpose of the certificate signing request when adding a new certificate for a server?

It is the password for the certificate that is needed to install it with.

It provides the server information so a certificate can be created and signed

It is the certificate that will be loaded onto the server

It provides the certificate client information so the server can authenticate against it when installing

 Loading...

373. In which cloud services model is the tenant responsible for virtual machine OS patching?

IaaS

UCaaS

PaaS

SaaS

 Loading...

374. What is the benefit of installing Cisco AMP for Endpoints on a network?

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints' network connections.

It protects endpoint systems through application control and real-time scanning.

It enables behavioral analysis to be used for the endpoints.

 Loading...

375. Which feature is supported when deploying Cisco ASAv within AWS public cloud?

multiple context mode

user deployment of Layer 3 networks

IPv6

clustering

 Loading...

376. What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

STIX

XMPP

pxGrid

SMTP

 Loading...

377. Which Dos attack uses fragmented packets to crash a target machine?

teardrop

MITM

smurf

LAND

 Loading...

378. Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose Two)

westbound AP

southbound API

northbound API

eastbound API

 Loading...

379. Which two cryptographic algorithms are used with IPsec? {Choose two.)

AES-BAC

AES-ABC

HMAC-SHA1/SHA2

Triple AMC-CBC

AES-CBC

 Loading...

380. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

Page 39 of 66

 Loading...

381. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

 Loading...

382. A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment.

Which tool should be used to accomplish this goal?

Security Manager

Cloudlock

Web Security Appliance

Cisco ISE

 Loading...

383. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

 Loading...

384. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)

eavesdropping

denial-of-service attacks

ARP spoofing

malware

exploits

 Loading...

385. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

 Loading...

386. What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)

TACACS+

central web auth

single sign-on

multiple factor auth

local web auth

 Loading...

387. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

 Loading...

388. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications.

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

weak passwords for authentication

improper file security

software bugs on applications

unencrypted links for traffic

 Loading...

389. What must be used to share data between multiple security products?

Cisco Stealthwatch Cloud

Cisco Advanced Malware Protection

Cisco Platform Exchange Grid

Cisco Rapid Threat Containment

 Loading...

390. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It uses machine learning and real-time behavior analytics.

It utilizes sensors that send messages securely.

Page 40 of 66

 Loading...

391. Drag and drop the descriptions from the left onto the correct protocol versions on the right.

 Loading...

392. What is the purpose of the My Devices Portal in a Cisco ISE environment?

to manage and deploy antivirus definitions and patches on systems owned by the end user

to register new laptops and mobile devices

to provision userless and agentless systems

to request a newly provisioned mobile device

 Loading...

393. Which two activities can be done using Cisco DNA Center? (Choose two.)

DHCP

design

accounting

DNS

provision

 Loading...

394. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

 Loading...

395. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

Put

Option

Get

Push

Connect

 Loading...

396. What is the function of the Context Directory Agent?

accepts user authentication requests on behalf of Web Security Appliance for user identification

relays user authentication requests from Web Security Appliance to Active Directory

maintains users' group memberships

reads the Active Directory logs to map IP addresses to usernames

 Loading...

397. Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

to prevent theft of the endpoints

because defense-in-depth stops at the network

to expose the endpoint to more threats

because human error or insider threats will still exist

 Loading...

398. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Encrypted Traffic Analytics

Threat Intelligence Director

Cognitive Threat Analytics

Cisco Talos Intelligence

 Loading...

399. Drag and drop the threats from the left onto examples of that threat on the right

 Loading...

400. What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Cisco Cloudlock

Cisco Umbrella

Cisco AMP

Cisco App Dynamics

Page 41 of 66

 Loading...

401. When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?

Multiple routers or VRFs are required.

Traffic is distributed statically by default.

Floating static routes are required.

HSRP is used for fallover.

 Loading...

402. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

TLSv1.2

BJTLSvl

TLSv1.1

DTLSv1

 Loading...

403. An engineer wants to automatically assign endpoints that have a specific OUl into a new endpoint group.

Which probe must be enabled for this type of profiling to work?

NetFlow

DHCP

SNMP

NMAP

 Loading...

404. Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.

 Loading...

405. A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability .

What is the connection status in both cases?

need to be reestablished with stateful failover and preserved with stateless failover

need to be reestablished with both stateful and stateless failover

preserved with both stateful and stateless failover

preserved with stateful failover and need to be reestablished with stateless failover

 Loading...

406. What is a key difference between Cisco Firepower and Cisco ASA?

Cisco ASA provides access control while Cisco Firepower does not.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

 Loading...

407. Which ASA deployment mode can provide separation of management on a shared appliance?

DMZ multiple zone mode

transparent firewall mode

multiple context mode

routed mode

 Loading...

408. What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

Enable IP Layer enforcement

Activate the Advanced Malware Protection license

Activate SSL decryption

Enable Intelligent Proxy

 Loading...

409. A network administrator is configuring a rule in an access control policy to block certain URLs and selects the "Chat and Instant Messaging" category .

Which reputation score should be selected to accomplish this goal?

1

10

5

3

 Loading...

410. In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

LDAP injection

cross-site scripting

man-in-the-middle

insecure API

Page 42 of 66

 Loading...

411. Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

 Loading...

412. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization

 Loading...

413. What is a characteristic of a bridge group in ASA Firewall transparent mode''

It allows ARP traffic with a single access rule.

It is a Layer 3 segment and includes one port and customizable access rules.

It includes multiple interfaces and access rules between interfaces are customizable

It has an IP address on its BVI interface and is used for management traffic.

 Loading...

414. An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients .

What must be done on the Cisco ESA to accomplish this goal?

Use Bounce Verification

Configure incoming content filters.

Bypass LDAP access queries in the recipient access table.

Configure Directory Harvest Attack Prevention

 Loading...

415. When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

authentication server: Cisco Identity Service Engine

supplicant: Cisco AnyConnect ISE Posture module

authenticator: Cisco Catalyst switch

authenticator: Cisco Identity Services Engine

authentication server: Cisco Prime Infrastructure

 Loading...

416. What is provided by the Secure Hash Algorithm in a VPN?

integrity

key exchange

encryption

authentication

 Loading...

417. A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance .

Which ASA deployment mode meets these needs?

multiple context mode

transparent mode

routed mode

multiple zone mode

 Loading...

418. An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network.

Which product should be used to accomplish this goal?

Cisco Firepower

Cisco Umbrella

ISE

AMP

 Loading...

419. How does Cisco Umbrella archive logs to an enterprise-owned storage?

by using the Application Programming Interface to fetch the logs

by sending logs via syslog to an on-premises or cloud-based syslog server

by the system administrator downloading the logs from the Cisco Umbrella web portal

by being configured to send logs to a self-managed AWS S3 bucket

 Loading...

420. Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

Cisco Firepower

Cisco Umbrella

Cisco Stealthwatch

NGIPS

Page 43 of 66

 Loading...

421. What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

CoA

external identity source

posture assessment

SNMP probe

 Loading...

422. A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication .

How will the Cisco ESA handle any files which need analysis?

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

The file is queued for upload when connectivity is restored.

The file upload is abandoned.

The ESA immediately makes another attempt to upload the file.

 Loading...

423. Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

Cisco Security Intelligence

Cisco Application Visibility and Control

Cisco Model Driven Telemetry

Cisco DNA Center

 Loading...

424. An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth .

Which product meets all of these requirements?

Cisco Prime Infrastructure

Cisco Identity Services Engine

Cisco Stealthwatch

Cisco AMP for Endpoints

 Loading...

425. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

DMVPN

FlexVPN

IPsec DVTI

GET VPN

 Loading...

426. Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

AMP

AnyConnect

DynDNS

Talos

 Loading...

427. Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

user input validation in a web page or web application

Linux and Windows operating systems

database

web page images

 Loading...

428. Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

 Loading...

429. Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

SIP

inline normalization

SSL

packet decoder

modbus

 Loading...

430. How is Cisco Umbrella configured to log only security events?

per policy

in the Reporting settings

in the Security Settings section

per network in the Deployments section

Page 44 of 66

 Loading...

431. Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

IP Blacklist Center

File Reputation Center

AMP Reputation Center

IP and Domain Reputation Center

 Loading...

432. Which threat involves software being used to gain unauthorized access to a computer system?

ping of death

NTP amplification

HTTP flood

virus

 Loading...

433. Which type of algorithm provides the highest level of protection against brute-force attacks?

PFS

HMAC

MD5

SHA

 Loading...

434. Refer to the exhibit.





What is the result of this Python script of the Cisco DNA Center API?

adds authentication to a switch

receives information about a switch

adds a switch to Cisco DNA Center

 Loading...

435. Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two).

Sophos engine

white list

RAT

outbreak filters

DLP

 Loading...

436. A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface .

What is causing this problem?

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

DHCP snooping has not been enabled on all VLANs.

The no ip arp inspection trust command is applied on all user host interfaces

Dynamic ARP Inspection has not been enabled on all VLANs

 Loading...

437. What are two rootkit types? (Choose two)

registry

bootloader

buffer mode

user mode

virtual

 Loading...

438. An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network .

Which action tests the routing?

Ensure that the client computers are pointing to the on-premises DNS servers.

Enable the Intelligent Proxy to validate that traffic is being routed correctly.

Add the public IP address that the client computers are behind to a Core Identity

Browse to http://welcome.umbrella.com/ to validate that the new identity is working

 Loading...

439. Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)

Patch for cross-site scripting

Perform backups to the private cloud.

Protect against input validation and character escapes in the endpoint.

Install a spam and virus email filter

Protect systems with an up-to-date antimalware program

 Loading...

440. Which API is used for Content Security?

NX-OS API

IOS XR API

OpenVuln API

AsyncOS API

Page 45 of 66

 Loading...

441. What is a characteristic of Dynamic ARP Inspection?

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.

DAI associates a trust state with each switch.

DAI intercepts all ARP requests and responses on trusted ports only

 Loading...

442. Using Cisco Firepower's Security Intelligence policies, upon which two criteria is Firepower

block based?

(Choose two.)

protocol IDs

URLs

IP addresses

port numbers

MAC addresses

 Loading...

443. Which type of attack is social engineering?

trojan

MITM

phishing

malware

 Loading...

444. For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

computer identity

Windows service

user identity

Windows firewall

default browser

 Loading...

445. What is a benefit of using Cisco FMC over Cisco ASDM?

Cisco FMC uses Java while Cisco ASDM uses HTML5.

Cisco FMC provides centralized management while Cisco ASDM does not.

Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

 Loading...

446. Which two preventive measures are used to control cross-site scripting? (Choose two.)

Enable client-side scripts on a per-domain basis

Incorporate contextual output encoding/escaping

Disable cookie inspection in the HTML inspection engine

Run untrusted HTML input through an HTML sanitization engine

SameSite cookie attribute should not be used

 Loading...

447. Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

SNMP

SMTP

syslog

model-driven telemetry

 Loading...

448. Drag and drop the capabilities from the left onto the correct technologies on the right.

 Loading...

449. Which information is required when adding a device to Firepower Management Center?

Username and password

Encryption method

Device serial number

Registration key

 Loading...

450. Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

It adds endpoints to identity groups dynamically.

It verifies that the endpoint has the latest Microsoft security patches installed.

It allows the endpoint to authenticate with 802.1xor MA

It allows CoA to be applied if the endpoint status is compliant.

Page 46 of 66

 Loading...

451. What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

 Loading...

452. Which compliance status is shown when a configured posture policy requirement is not

met?

unknown

authorized

compliant

noncompliant

 Loading...

453. What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

It allows the administrator to quarantine malicious files so that the application can function, just not maliciously

It discovers and controls cloud apps that are connected to a company's corporate environment

It deletes any application that does not belong in the network

It sends the application information to an administrator to act on

 Loading...

454. What are two DDoS attack categories? (Choose two.)

sequential

protocol

database

volume-based

scree-based

 Loading...

455. A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1 .

Which command achieves this goal?

snmp-server host inside 10.255.254.1 snmpv3 myv3

snmp-server host inside 10.255.254.1 snmpv3 andy

snmp-server host inside 10.255.254.1 version 3 myv3

snmp-server host inside 10.255.254.1 version 3 andy

 Loading...

456. Which type of protection encrypts RSA keys when they are exported and imported?

file

passphrase

NGE

nonexportable

 Loading...

457. Which two key and block sizes are valid for AES? (Choose two.)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

 Loading...

458. Refer to the exhibit.





Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

show authentication registrations

show authentication method

show dot1x all

show authentication sessions

 Loading...

459. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

transparent

redirection

forward

proxy gateway

 Loading...

460. Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

Platform Exchange Grid

Advanced Malware Protection

Multifactor Platform Integration

Firepower Threat Defense

Page 47 of 66

 Loading...

461. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

url

profile

terminal

selfsigned

 Loading...

462. What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)

blocked ports

simple custom detections

command and control

allowed applications

URL

 Loading...

463. An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network .

What must be configured, based on a predefined threshold, to address this issue?

Bridge Protocol Data Unit guard

embedded event monitoring

access control lists

Storm Control

 Loading...

464. What is the purpose of the certificate signing request when adding a new certificate for a server?

It is the password for the certificate that is needed to install it with.

It provides the server information so a certificate can be created and signed

It is the certificate that will be loaded onto the server

It provides the certificate client information so the server can authenticate against it when installing

 Loading...

465. In which cloud services model is the tenant responsible for virtual machine OS patching?

IaaS

UCaaS

PaaS

SaaS

 Loading...

466. What is the benefit of installing Cisco AMP for Endpoints on a network?

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints' network connections.

It protects endpoint systems through application control and real-time scanning.

It enables behavioral analysis to be used for the endpoints.

 Loading...

467. Which feature is supported when deploying Cisco ASAv within AWS public cloud?

multiple context mode

user deployment of Layer 3 networks

IPv6

clustering

 Loading...

468. What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

STIX

XMPP

pxGrid

SMTP

 Loading...

469. Which Dos attack uses fragmented packets to crash a target machine?

teardrop

MITM

smurf

LAND

 Loading...

470. Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose Two)

westbound AP

southbound API

northbound API

eastbound API

Page 48 of 66

 Loading...

471. Which two cryptographic algorithms are used with IPsec? {Choose two.)

AES-BAC

AES-ABC

HMAC-SHA1/SHA2

Triple AMC-CBC

AES-CBC

 Loading...

472. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

 Loading...

473. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

 Loading...

474. A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment.

Which tool should be used to accomplish this goal?

Security Manager

Cloudlock

Web Security Appliance

Cisco ISE

 Loading...

475. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE .

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

 Loading...

476. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)

eavesdropping

denial-of-service attacks

ARP spoofing

malware

exploits

 Loading...

477. What is the difference between deceptive phishing and spear phishing?

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

Spear phishing is when the attack is aimed at the C-level executives of an organization

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

 Loading...

478. What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)

TACACS+

central web auth

single sign-on

multiple factor auth

local web auth

 Loading...

479. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

 Loading...

480. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications .

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

weak passwords for authentication

improper file security

software bugs on applications

unencrypted links for traffic

Page 49 of 66

 Loading...

481. What must be used to share data between multiple security products?

Cisco Stealthwatch Cloud

Cisco Advanced Malware Protection

Cisco Platform Exchange Grid

Cisco Rapid Threat Containment

 Loading...

482. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It uses machine learning and real-time behavior analytics.

It utilizes sensors that send messages securely.

 Loading...

483. Drag and drop the descriptions from the left onto the correct protocol versions on the right.

 Loading...

484. What is the purpose of the My Devices Portal in a Cisco ISE environment?

to manage and deploy antivirus definitions and patches on systems owned by the end user

to register new laptops and mobile devices

to provision userless and agentless systems

to request a newly provisioned mobile device

 Loading...

485. Which two activities can be done using Cisco DNA Center? (Choose two.)

DHCP

design

accounting

DNS

provision

 Loading...

486. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

 Loading...

487. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

Put

Option

Get

Push

Connect

 Loading...

488. What is the function of the Context Directory Agent?

accepts user authentication requests on behalf of Web Security Appliance for user identification

relays user authentication requests from Web Security Appliance to Active Directory

maintains users' group memberships

reads the Active Directory logs to map IP addresses to usernames

 Loading...

489. Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

to prevent theft of the endpoints

because defense-in-depth stops at the network

to expose the endpoint to more threats

because human error or insider threats will still exist

 Loading...

490. What is the benefit of installing Cisco AMP for Endpoints on a network?

It provides operating system patches on the endpoints for security.

It provides flow-based visibility for the endpoints' network connections.

It protects endpoint systems through application control and real-time scanning.

It enables behavioral analysis to be used for the endpoints.

Page 50 of 66

 Loading...

491. Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

IP and Domain Reputation Center

File Reputation Center

IP Slock List Center

AMP Reputation Center

 Loading...

492. An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism.

Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

TCP 6514

UDP 1700

TCP 49

UDP 1812

 Loading...

493. What is the purpose of the certificate signing request when adding a new certificate for a server?

It is the password for the certificate that is needed to install it with.

It provides the server information so a certificate can be created and signed

It is the certificate that will be loaded onto the server

It provides the certificate client information so the server can authenticate against it when installing

 Loading...

494. What is the purpose of the My Devices Portal in a Cisco ISE environment?

to manage and deploy antivirus definitions and patches on systems owned by the end user

to register new laptops and mobile devices

to provision userless and agentless systems

to request a newly provisioned mobile device

 Loading...

495. An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

Configure the Cisco WSA to modify policies based on the traffic seen.

Configure the Cisco ESA to receive real-time updates from Talos

Configure the Cisco WSA to receive real-time updates from Talos.

Configure the Cisco ESA to modify policies based on the traffic seen.

 Loading...

496. What is an attribute of the DevSecOps process?

development security

isolated security team

mandated security controls and check lists

security scanning and theoretical vulnerabilities

 Loading...

497. A user has a device in the network that is receiving too many connection requests from multiple machines.

Which type of attack is the device undergoing?

SYN flood

slowloris

pharming

phishing

 Loading...

498. Refer to the exhibit.





An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained.

Which command should be configured on the switch interface in order to provide the user with network connectivity?

ip dhcp snooping verify mac-address

ip dhcp snooping limit 41

ip dhcp snooping vlan 41

ip dhcp snooping trust

 Loading...

499. A company is experiencing exfiltration of credit card numbers that are not being stored on-premise.

The company needs to be able to protect sensitive data throughout the full environment.

Which tool should be used to accomplish this goal?

Security Manager

Cloudlock

Web Security Appliance

Cisco ISE

 Loading...

500. Which algorithm provides asymmetric encryption?

RC4

RSA

AES

3DES

Page 51 of 66

 Loading...

501. For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs?

LDAP

SDP

subordinate CA

HTTP

SCP

 Loading...

502. When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

Common Vulnerabilities and Exposures

Common Exploits and Vulnerabilities

Common Security Exploits

Common Vulnerabilities, Exploits and Threats

 Loading...

503. What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Cisco Cloudlock

Cisco Umbrella

Cisco AMP

Cisco App Dynamics

 Loading...

504. Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

Cisco WiSM

Cisco ESA

Cisco ISE

Cisco Prime Infrastructure

 Loading...

505. A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network.

Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)

permit

trust

reset

allow

monitor

 Loading...

506. Which two fields are defined in the NetFlow flow? (Choose two.)

type of service byte

Layer 4 protocol type

class of service bits

output logical interface

destination port

 Loading...

507. An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error.

Why is the error occurring?

Client computers do not have the Cisco Umbrella Root CA certificate installed.

IP-Layer Enforcement is not configured.

Intelligent proxy and SSL decryption is disabled in the policy.

Client computers do not have an SSL certificate deployed from an internal CA server.

 Loading...

508. An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing.

Which action should be taken to accomplish this goal?

Configure the port using the ip ssh port 22 command.

Enable the SSH server using the ip ssh server command.

Disable telnet using the no ip telnet command.

Generate the RSA key using the crypto key generate rsa command.

 Loading...

509. How does DNS Tunneling exfiltrate data?

An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

An attacker opens a reverse DNS shell to get into the client's system and install malware on it.

An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

 Loading...

510. What is the function of SDN southbound API protocols?

to enable the controller to make changes

to allow for the dynamic configuration of control plane applications

to enable the controller to use REST

to allow for the static configuration of control plane applications

Page 52 of 66

 Loading...

511. What is a characteristic of a bridge group in ASA Firewall transparent mode?

It allows ARP traffic with a single access rule.

It is a Layer 3 segment and includes one port and customizable access rules.

It includes multiple interfaces and access rules between interfaces are customizable

It has an IP address on its BVI interface and is used for management traffic.

 Loading...

512. A network administrator is configuring a rule in an access control policy to block certain URLs and selects the "Chat and Instant Messaging" category.

Which reputation score should be selected to accomplish this goal?

1

10

5

3

 Loading...

513. Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

Google Cloud Platform

Red Hat Enterprise Visualization

VMware ESXi

Amazon Web Services

 Loading...

514. What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

ASDM

desktop client

API

NetFlow

 Loading...

515. What is a benefit of using Cisco FMC over Cisco ASDM?

Cisco FMC uses Java while Cisco ASDM uses HTML5.

Cisco FMC provides centralized management while Cisco ASDM does not.

Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

 Loading...

516. What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

Public managed

Service Provider managed

Enterprise managed

User managed

Hybrid managed

 Loading...

517. Which type of algorithm provides the highest level of protection against brute-force attacks?

PFS

HMAC

MD5

SHA

 Loading...

518. Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

virtualization

middleware

operating systems

applications

data

 Loading...

519. Which two cryptographic algorithms are used with IPsec? {Choose two.)

AES-BAC

AES-ABC

HMAC-SHA1/SHA2

Triple AMC-CBC

AES-CBC

 Loading...

520. What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

CoA

external identity source

posture assessment

SNMP probe

Page 53 of 66

 Loading...

521. How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKI

It determines which identities are perceived by the sender

It uses machine learning and real-time behavior analytics.

It utilizes sensors that send messages securely.

 Loading...

522. What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

 Loading...

523. Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

PSIRT

DEVNET

CSIRT

Talos

 Loading...

524. In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

LDAP injection

cross-site scripting

man-in-the-middle

insecure API

 Loading...

525. Refer to the exhibit.





Which type of authentication is in use?

LDAP authentication for Microsoft Outlook

POP3 authentication

SMTP relay server authentication

external user and relay mail authentication

 Loading...

526. What are two benefits of Flexible NetFlow records? (Choose two)

They provide attack prevention by dropping the traffic

They allow the user to configure flow information to perform customized traffic identification

They provide accounting and billing enhancements

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

They converge multiple accounting technologies into one accounting mechanism

 Loading...

527. After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence.

The information gained from the phishing attack was a result of users visiting known malicious websites.

What must be done in order to prevent this from happening in the future?

Modify an access policy

Modify identification profiles

Modify outbound malware scanning policies

Modify web proxy settings

 Loading...

528. An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients.

What must be done on the Cisco ESA to accomplish this goal?

Use Bounce Verification

Configure incoming content filters

Bypass LDAP access queries in the recipient access table

Configure Directory Harvest Attack Prevention

 Loading...

529. Drag and Drop Question

Drag and drop the descriptions from the left onto the encryption algorithms on the right.

 Loading...

530. Drag and Drop Question

Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Page 54 of 66

 Loading...

531. Drag and Drop Question

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

 Loading...

532. Drag and Drop Question

Drag and drop the threats from the left onto examples of that threat on the right

 Loading...

533. Drag and Drop Question

Drag and drop the VPN functions from the left onto the description on the right.

 Loading...

534. What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)

blocked ports

simple custom detections

command and control

allowed applications

URL

 Loading...

535. Which command enables 802.1X globally on a Cisco switch?

dot1x system-auth-control

dot1x pae authenticator

authentication port-control auto

aaa new-model

 Loading...

536. What is the function of Cisco Cloudlock for data security?

data loss prevention

controls malicious cloud apps

detects anomalies

user and entity behavior analytics

 Loading...

537. For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

computer identity

Windows service

user identity

Windows firewall

default browser

 Loading...

538. What is a characteristic of Dynamic ARP Inspection?

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.

DAI associates a trust state with each switch.

DAI intercepts all ARP requests and responses on trusted ports only.

 Loading...

539. Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

NGFW

AMP

WSA

ESA

 Loading...

540. Where are individual sites specified to be blacklisted in Cisco Umbrella?

application settings

content categories

security settings

destination lists

Page 55 of 66

 Loading...

541. Which statement about IOS zone-based firewalls is true?

An unassigned interface can communicate with assigned interfaces

Only one interface can be assigned to a zone.

An interface can be assigned to multiple zones.

An interface can be assigned only to one zone.

 Loading...

542. Which two activities can be done using Cisco DNA Center? (Choose two.)

DHCP

design

accounting

DNS

provision

 Loading...

543. Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

RSA SecureID

Internal Database

Active Directory

LDAP

 Loading...

544. Which VPN technology can support a multivendor environment and secure traffic between sites?

SSL VPN

GET VPN

FlexVPN

DMVPN

 Loading...

545. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

 Loading...

546. Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

Cisco Security Intelligence

Cisco Application Visibility and Control

Cisco Model Driven Telemetry

Cisco DNA Center

 Loading...

547. Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)

Patch for cross-site scripting.

Perform backups to the private cloud.

Protect against input validation and character escapes in the endpoint.

Install a spam and virus email filter.

Protect systems with an up-to-date antimalware program.

 Loading...

548. An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.

Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

 Loading...

549. Why would a user choose an on-premises ESA versus the CES solution?

Sensitive data must remain onsite.

Demand is unpredictable.

The server team wants to outsource this service.

ESA is deployed inline.

 Loading...

550. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

DMVPN

FlexVPN

IPsec DVTI

GET VPN

Page 56 of 66

 Loading...

551. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

PaaS

XaaS

IaaS

SaaS

 Loading...

552. What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

Enable IP Layer enforcement.

Activate the Advanced Malware Protection license

Activate SSL decryption.

Enable Intelligent Proxy.

 Loading...

553. Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)

Sophos engine

white list

RAT

outbreak filters

DLP

 Loading...

554. How is Cisco Umbrella configured to log only security events?

per policy

in the Reporting settings

in the Security Settings section

per network in the Deployments section

 Loading...

555. What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

EPP focuses on network security, and EDR focuses on device security.

EDR focuses on network security, and EPP focuses on device security.

 Loading...

556. On which part of the IT environment does DevSecOps focus?

application development

wireless network

data center

perimeter network

 Loading...

557. Which functions of an SDN architecture require southbound APIs to enable communication?

SDN controller and the network elements

management console and the SDN controller

management console and the cloud

SDN controller and the cloud

 Loading...

558. What is a characteristic of traffic storm control behavior?

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Traffic storm control cannot determine if the packet is unicast or broadcast.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

 Loading...

559. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

put

options

get

push

connect

 Loading...

560. In a PaaS model, which layer is the tenant responsible for maintaining and patching?

hypervisor

virtual machine

network

application

Page 57 of 66

 Loading...

561. An engineer is configuring AMP for endpoints and wants to block certain files from executing.

Which outbreak control method is used to accomplish this task?

device flow correlation

simple detections

application blocking list

advanced custom detections

 Loading...

562. Which ASA deployment mode can provide separation of management on a shared appliance?

DMZ multiple zone mode

transparent firewall mode

multiple context mode

routed mode

 Loading...

563. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

Cisco FTDv with two management interfaces and one traffic interface configured

Cisco FTDv configured in routed mode and IPv6 configured

 Loading...

564. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

 Loading...

565. What provides visibility and awareness into what is currently occurring on the network?

CMX

WMI

Prime Infrastructure

Telemetry

 Loading...

566. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

 Loading...

567. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

 Loading...

568. Refer to the exhibit.





Which command was used to display this output?

show dot1x all

show dot1x

show dot1x all summary

show dot1x interface gi1/0/12

 Loading...

569. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)

Check integer, float, or Boolean string parameters to ensure accurate values.

Use prepared statements and parameterized queries.

Secure the connection between the web and the app tier.

Write SQL code instead of using object-relational mapping libraries.

Block SQL code execution in the web application database login.

 Loading...

570. How does Cisco Stealthwatch Cloud provide security for cloud environments?

It delivers visibility and threat detection.

It prevents exfiltration of sensitive dat

It assigns Internet-based DNS protection for clients and servers.

It facilitates secure connectivity between public and private networks.

Page 58 of 66

 Loading...

571. Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

SIP

inline normalization

SSL

packet decoder

modbus

 Loading...

572. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

quality of service

time synchronization

network address translations

intrusion policy

 Loading...

573. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

SDN controller and the cloud

management console and the SDN controller

management console and the cloud

SDN controller and the management solution

 Loading...

574. Refer to the exhibit.





What is a result of the configuration?

Traffic from the DMZ network is redirected.

Traffic from the inside network is redirected.

All TCP traffic is redirected.

Traffic from the inside and DMZ networks is redirected.

 Loading...

575. Which information is required when adding a device to Firepower Management Center?

username and password

encryption method

device serial number

registration key

 Loading...

576. Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.)

DDoS

antispam

antivirus

encryption

DLP

 Loading...

577. What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

It tracks flow-create, flow-teardown, and flow-denied events.

It provides stateless IP flow tracking that exports all records of a specific flow.

It tracks the flow continuously and provides updates every 10 seconds.

Its events match all traffic classes in parallel.

 Loading...

578. Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

File Analysis

SafeSearch

SSL Decryption

Destination Lists

 Loading...

579. Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

DNS tunneling

DNSCrypt

DNS security

DNSSEC

 Loading...

580. Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Page 59 of 66

 Loading...

581. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

DMVPN

FlexVPN

IPsec DVTI

GET VPN

 Loading...

582. What is a characteristic of Dynamic ARP Inspection?

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database

In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.

DAI associates a trust state with each switch.

DAI intercepts all ARP requests and responses on trusted ports only

 Loading...

583. Which statement about IOS zone-based firewalls is true?

An unassigned interface can communicate with assigned interfaces

Only one interface can be assigned to a zone

An interface can be assigned to multiple zones

An interface can be assigned only to one zone

 Loading...

584. Which two key and block sizes are valid for AES? (Choose two.)

64-bit block size, 112-bit key length

64-bit block size, 168-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

192-bit block size, 256-bit key length

 Loading...

585. An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth.

Which product meets all of these requirements?

Cisco Prime Infrastructure

Cisco Identity Services Engine

Cisco Stealth watch

Cisco AMP for Endpoints

 Loading...

586. Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

To view bandwidth usage for NetFlow records, the QoS feature must be enabled

A sysopt command can be used to enable NSEL on a specific interface.

NSEL can be used without a collector configured

A flow-export event type must be defined under a policy.

 Loading...

587. Which two preventive measures are used to control cross-site scripting? (Choose two.)

Enable client-side scripts on a per-domain basis

Incorporate contextual output encoding/escaping

Disable cookie inspection in the HTML inspection engine

Run untrusted HTML input through an HTML sanitization engine

SameSite cookie attribute should not be used

 Loading...

588. Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

IP Blacklist Center

File Reputation Center

AMP Reputation Center

IP and Domain Reputation Center

 Loading...

589. Which command enables 802.1X globally on a Cisco switch?

dot1x system-auth-control

dot1x pae authenticator

authentication port-control auto

aaa new-model

 Loading...

590. Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)

phishing

brute force

man-in-the-middle

DDOS

tear drop

Page 60 of 66

 Loading...

591. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

transparent

redirection

forward

proxy gateway

 Loading...

592. Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)

RADIUS

TACACS+

DHCP

sFlow

SMTP

 Loading...

593. Which two activities can be done using Cisco DNA Center? (Choose two.)

DHCP

design

accounting

DNS

provision

 Loading...

594. Which ASA deployment mode can provide separation of management on a shared appliance?

DMZ multiple zone mode

transparent firewall mode

multiple context mode

routed mode

 Loading...

595. Which deployment model is the most secure when considering risks to cloud adoption?

public cloud

hybrid cloud

community cloud

private cloud

 Loading...

596. How is ICMP used an exfiltration technique?

by flooding the destination host with unreachable packets

by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

by overwhelming a targeted host with ICMP echo-request packets

 Loading...

597. An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

Cisco Identity Services Engine and AnyConnect Posture module

Cisco Stealthwatch and Cisco Identity Services Engine integration

Cisco ASA firewall with Dynamic Access Policies configured

Cisco Identity Services Engine with PxGrid services enabled

 Loading...

598. Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

File Analysis

SafeSearch

SSL Decryption

Destination Lists

 Loading...

599. Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

SNMP

SMTP

syslog

model-driven telemetry

 Loading...

600. Refer to the exhibit.





Which statement about the authentication protocol used in the configuration is true

The authentication request contains only a password

The authentication request contains only a username

The authentication and authorization requests are grouped in a single packet

There are separate authentication and authorization request packets

Page 61 of 66

 Loading...

601. What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?.

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

 Loading...

602. Which API is used for Content Security?

NX-OS API

IOS XR API

OpenVuln API

AsyncOS API

 Loading...

603. Which two behavioral patterns characterize a ping of death attack? (Choose two.)

The attack is fragmented into groups of 16 octets before transmission.

The attack is fragmented into groups of 8 octets before transmission

Short synchronized bursts of traffic are used to disrupt TCP connections.

Malformed packets are used to crash systems

Publicly accessible DNS servers are typically used to execute the attack

 Loading...

604. Which two descriptions of AES encryption are true? (Choose two.)

AES is less secure than 3DES

AES is more secure than 3DES

AES can use a 168-bit key for encryption.

AES can use a 256-bit key for encryption.

AES encrypts and decrypts a key three times in sequence

 Loading...

605. What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

It decrypts HTTPS application traffic for unauthenticated users

It alerts users when the WSA decrypts their traffic.

It decrypts HTTPS application traffic for authenticated users.

It provides enhanced HTTPS application detection for AsyncO

 Loading...

606. An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.

Which list contains the allowed recipient addresses?

SAT

BAT

HAT

RAT

 Loading...

607. An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.

Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion

 Loading...

608. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

Paas

Xaas

Iaas

Saas

 Loading...

609. Which algorithm provides encryption and authentication for data plane communication?

AES-GCM

SHA-96

AES-256

SHA-384

 Loading...

610. When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

authentication server: Cisco Identity Service Engine

supplicant: Cisco AnyConnect ISE Posture module

authenticator: Cisco Catalyst switch

authenticator: Cisco Identity Services Engine

authentication server: Cisco Prime Infrastructure

Page 62 of 66

 Loading...

611. Which two mechanisms are used to control phishing attacks? (Choose two.)

Enable browser alerts for fraudulent websites

Define security group memberships

Revoke expired CRL of the websites

Use antispyware software

Implement email filtering techniques

 Loading...

612. The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

Certificate Trust List

Endpoint Trust List

Enterprise Proxy Service

Secured Collaboration Proxy

 Loading...

613. In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

smurf

distributed denial of service

cross-site scripting

rootkit exploit

 Loading...

614. Which VPN technology can support a multivendor environment and secure traffic between sites?

SSL VPN

GET VPN

FlexVPN

DMVPN

 Loading...

615. In a PaaS model, which layer is the tenant responsible for maintaining and patching?

hypervisor

virtual machine

network

application

 Loading...

616. For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

computer identity

Windows service

user identity

Windows firewall

default browser

 Loading...

617. What is a characteristic of traffic storm control behavior?

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval

Traffic storm control cannot determine if the packet is unicast or broadcast

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

 Loading...

618. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

 Loading...

619. Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

security intelligence

impact flags

health monitoring

URL filtering

 Loading...

620. Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

AMP

AnyConnect

DynDNS

Talos

Page 63 of 66

 Loading...

621. What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

It tracks flow-create, flow-teardown, and flow-denied events

It provides stateless IP flow tracking that exports all records of a specific flow

It tracks the flow continuously and provides updates every 10 seconds.

Its events match all traffic classes in parallel.

 Loading...

622. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.

Which CoA type achieves this goal?

Port Bounce

CoA Terminate

CoA Reauth

CoA Session Query

 Loading...

623. Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)

accounting

assurance

automation

authentication

encryption

 Loading...

624. A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1.

Which command achieves this goal?

snmp-server host inside 10.255.254.1 snmpv3 myv3

snmp-server host inside 10.255.254.1 snmpv3 andy

snmp-server host inside 10.255.254.1 version 3 myv3

snmp-server host inside 10.255.254.1 version 3 andy

 Loading...

625. Refer to the exhibit.





A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface.

What is causing this problem?

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

DHCP snooping has not been enabled on all VLANs.

The no ip arp inspection trust command is applied on all user host interfaces

Dynamic ARP Inspection has not been enabled on all VLANs

 Loading...

626. Under which two circumstances is a CoA issued? (Choose two.)

A new authentication rule was added to the policy on the Policy Service node

An endpoint is deleted on the Identity Service Engine server

A new Identity Source Sequence is created and referenced in the authentication policy

An endpoint is profiled for the first time

A new Identity Service Engine server is added to the deployment with the Administration persona

 Loading...

627. An organization is receiving SPAM emails from a known malicious domain.

What must be configured in order to prevent the session during the initial TCP communication?

Configure the Cisco ESA to drop the malicious emails.

Configure policies to quarantine malicious emails.

Configure policies to stop and reject communication

Configure the Cisco ESA to reset the TCP connection.

 Loading...

628. What is a key difference between Cisco Firepower and Cisco ASA?

Cisco ASA provides access control while Cisco Firepower does not.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

 Loading...

629. Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

SIP

inline normalization

SSL

packet decoder

modbus

 Loading...

630. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

Page 64 of 66

 Loading...

631. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

TLSv1.2

BJTLSvl

TLSv1.1

DTLSv1

 Loading...

632. Using Cisco Firepower's Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two.)

protocol IDs

URLs

IP addresses

port numbers

MAC addresses

 Loading...

633. A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance.

Which ASA deployment mode meets these needs?

multiple context mode

transparent mode

routed mode

multiple zone mode

 Loading...

634. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications.

Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

weak passwords for authentication

improper file security

software bugs on applications

unencrypted links for traffic

 Loading...

635. Which two capabilities does TAXII support? (Choose two.)

exchange

pull messaging

binding

correlation

mitigating

 Loading...

636. A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication.

How will the Cisco ESA handle any files which need analysis?

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

The file is queued for upload when connectivity is restored.

The file upload is abandoned.

The ESA immediately makes another attempt to upload the file.

 Loading...

637. What is the primary role of the Cisco Email Security Appliance?

Mail Submission Agent

Mail Transfer Agent

Mail Delivery Agent

Mail User Agent

 Loading...

638. Refer to the exhibit.





Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance.

What is causing this issue?

Site-to-site VPN peers are using different encryption algorithms.

Site-to-site VPN preshared keys are mismatched.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

The access control policy is not allowing VPN traffic in.

 Loading...

639. What are two DDoS attack categories? (Choose two.)

sequential

protocol

database

volume-based

scree-based

 Loading...

640. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

Application Control

Security Category Blocking

Content Category Blocking

File Analysis

Page 65 of 66

 Loading...

641. What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

Multiple NetFlow collectors are supported.

Advanced NetFlow v9 templates and legacy v5 formatting are supported.

Flow-create events are delayed.

Secure NetFlow connections are optimized for Cisco Prime Infrastructure

 Loading...

642. Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

Cisco Firepower

Cisco Umbrella

Cisco Stealth watch

NGIPS

 Loading...

643. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Encrypted Traffic Analytics

Threat Intelligence Director

Cognitive Threat Analytics

Cisco Talos Intelligence

 Loading...

644. DRAG DROP

Drag and drop the descriptions from the left onto the encryption algorithms on the right.

 Loading...

645. DRAG DROP

Drag and drop the capabilities from the left onto the correct technologies on the right.

 Loading...

646. An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows.

What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

sending continuous pings

overflowing the buffer's memory

inserting malicious commands into the database

 Loading...

647. An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network.

Which product should be used to accomplish this goal?

Cisco Firepower

Cisco Umbrella

ISE

AMP

 Loading...

648. An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network.

What must be configured, based on a predefined threshold, to address this issue?

Bridge Protocol Data Unit guard

embedded event monitoring

access control lists

Storm Control

 Loading...

649. Refer to the exhibit.





A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status.

What is the problem according to this command output?

hashing algorithm mismatch

interesting traffic was not applied

authentication key mismatch

encryption algorithm mismatch

 Loading...

650. Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

Page 66 of 66

 Loading...

651. DRAG DROP

Drag and drop the descriptions from the left onto the correct protocol versions on the right.

 Loading...

652. In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?

when there is a need for traditional anti-malware detection

when there is no need to have the solution centrally managed

when there te no firewall on the network

when there is a need to have more advanced detection capabilities

 Loading...

653. Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

NGFW

AMP

WSA

ESA

 Loading...

654. What is provided by the Secure Hash Algorithm in a VPN?

integrity

key exchange

encryption

authentication

 Loading...

655. Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

westbound AP

southbound API

northbound API

eastbound API

 Loading...

656. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

Paas

Xaas

Iaas

Saas

 Loading...

657. Which functions of an SDN architecture require southbound APIs to enable communication?

SDN controller and the network elements

management console and the SDN controller

management console and the cloud

SDN controller and the cloud

 Loading...

658. Refer to the exhibit.





What does the number 15 represent in this configuration?

privilege level for an authorized user to this router

access list that identifies the SNMP devices that can access the router

interval in seconds between SNMPv3 authentication attempts

number of possible failed attempts until the SNMPv3 user is locked out

 Loading...