TEST EXAM

Which policy represents a shared set of features or parameters thatdefine the aspects of a manageddevice that are likely to be similar to other managed devices in a deployment?. access control policy. group policy. device management policy. platform service policy.

How is Cisco Umbrella configured to log security events?. per network in the DEployments section. in the Secuirty Settings section. per policy. in the Reporting settings.

How does Cisco Umbrella archive logs to an enterpise-owned storage?. by being configured to send logs to a self-managed AWS S3 bucket. by using the Application Programming Interface to fetch the logs. by sending logs via syslog to an on-premises or cloud*based syslog server. by the system administrator downloading the logs from the Cisco Umbrella web portal.

How does Cisco Stealthwatch Cloud provides secuirty for cloud environments?. It assigns Intent-based DNS protection for client and servers. It prevents exfiltration of sensitive data. It delivers visibility and threat detection. It facilitates secure connectivity between public and private networks.

Which feature is configured for managed devices in the device platform settings on the Firepower Management Center?. time synchronization. network address translations. intrusion policy. quality of service.

Which two capabilities does TAXI support? (Choose two). exchange. pull messaging. binding. correlation. mitigating.

Refer to the exhibit. What is a result of the configuration?. All TCP traffic is redirected. Traffic from the inside and DMZ networks is redirected. Traffic from the DMZ network is redirected. Traffic from the inside network is redirected.

Refer to the exhibit. What does the number 15 represent in this configuraion?. Number of possible failed attempts until the SNMPv3 user is locked out. Interval in seconds between SNMPv3 authentication attempts. Access list that identifies the SNMP devices that can access the router. Privilege level for an authorized user to this router.

Which two features are used to configure Cisco ESA with multilayer approach to fight viruses and malware? (Choose two). DLP. outbreak filters. white list. RAT. Sophos engine.

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being reuted through the Cisco Umbrella network. Which action tests the routing?. Add the public IP address that the client computers are behind to a Core identity. Browse to http://welcome.umbrella.com/ to validate that the new identity is working. Enable the Intelligent Proxy to validate that traffic is being routed correctly. Ensure that the client computers are pointing to the on-premises DNS servers.

Which functions of an SDN architecture require southbound APIs to enable communication?. management console and the SDNcontroller. SDN controller and the network elements. management console and the cloud. SDN controller and the cloud.

In which cloud services model is the tenant responsible for virtual machine OS patching?. IaaS. SaaS. UCaass. PaaS.

On which part of the IT environment does DevSecOps focus?. data center. perimeter network. wireless network. application development.

Which two endpoint measures are used to minimize the chances of falling victim to pishing and social engineering attacks? (Choose two). Protect against input validation and character escapes in the endpoint. Patch for cross site scripting. Perform backups to the private cloud. Install a spam and virus email filter. Protect systems with an up-to-date antimalware program.

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?. intrusion. correlation. network discovery. access control.

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?. Application Control. Filre Analysis. Security Category Blocking. Content Category Blocking.

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlaying cloud infrastructure?. IaaS. PaaS. SaaS. XaaS.

Which technology reduces data loss by identifying sensitive information stored in public computing environments?. Cisco Firepower. Cisco HyperFlex. Cisco SDA. Cisco Cloudlock.

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?. Enable IP Layer enforcement. Enable Intelligent Proxy. Activate SSL decryption. Activate the Advanced Malware Protection License.

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other thrid-party management tools, and prioritize application traffic?. Cisco Model Driven Telemetry. Cisco DNA Center. Cisco Security Intelligence. Cisco Application Visibility and Control.

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two). URL categorization. command and control communication. data exfiltration. intelligent proxy. snort.

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?. management console and the cloud. SDN controller and the cloud. management console and the SDN controller. SDN controller and the management solution.

Which two services must remain as on premises equipment when a hybrid email solution is deployed? (Choose two). Encryption. antivirus. DLP. DDoS. antispam.

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?. web page images. Linux and Windows operating systems. database. user input validation in a web page or web application.

Refer to the exhibit. Which command was used to generate this output and to show which ports are autehnticating with dot1x or mab?. show authentication method. show authentication registrations. show authentication sessions. show dot1x all.

Which are two list types within AMP for Endpoints Outbreak Control? (Choose two). blocked port. simple custom detections. allowed applications. command and control. URL.

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention Systems? (Choose two). packet decoder. Modbus. SIP. inline normalization. SSL.

Which benefit does endpoint security provide to the overall security posture of an organization?. It streamlines the incident response process to automatically perform digital forensics on the endpoint. It allows the organization to detect and respond to threats at the edge of the network. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two). central web auth. local web auth. TACACS+. single sign-on. multiple factor auth.

Which technology is used to improve web traffic performance by proxy caching?. FireSIGHT. Firepower. WSA. ASA.

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?. Talos. AnyConnect. DynDNS. AMP.

What are the two most commonly used authentication factors in multifactor authentication? (Choose two). encryption factor. biometric factor. confidentiality factor. time factor. knowledge factor.

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?. NGFW. WSA. AMP. ESA.

An engineer is configuring AMP for endpoints and wants to block certain files from excuting. Which outbreak control method is used to accomplish this task?. application blocking list. advanced custom detections. simple detections. device flow correlation.

What is a difference between FlexVPN and DMVPN?. DMVPN uses only IKEv1. FlexVPN uses only IKEv2. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv1.

A network engineer is configuring DMVPN and entered the crypto isakmp key ciscoXXXXXXX address 0.0.0.0 command on host A. The tunnel is not being established to the host B. What action is needed to authenticate the VPN?. Enter the same command on the host B. Enter the command with a different password on host B. Change the password on host A to the deault password. Change isakmp to ikev2 in the command on host A.

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?. Plarform Exchange Grid. Firepower Threat Defense. Advanced Malware Protection. Multifactor Platform Integration.

What is a characteristic of Firepower NGIPS inline deployment mode?. It cannot take actions such as blocking traffic. ASA with Firepower module cannot be deployed. It must have inline interface pairs configured. It is out-of-band from traffic.

Which Cisco security solution protects remote users against phishing attacks when they are not connected to VPN?. Cisco Stealthwatch. NGIPS. Cisco Umbrella. Cisco Firepower.

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?. DTLSv1. TLSv1. TLSv1.1. TLSv1.2.

Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?. dot1x pae authenticator. dot1x reauthentication. authentication open. cisp enable.

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?. ip flow monitor <name> input. ip flow-export destination 1.1.1.1 2055. flow exporter <name>. flow-export destination inside 1.1.1.1 2055.

Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?. interesting traffic was not applied. authentication key mismatch. hashing algorithm mismatch. encryption algorithm mismatch.

Refer to the exhibit. What is the result of this Python script of the Cisco DNA Center API?. adds authentication to a switch. adds switch to Cisco DNA Center. receives information about a switch. deletes a switch from Cisco DNA Center.

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two). denial-of-service attacks. ARP spoofing. eavesdropping. malware. exploits.

How is DNS tunneling used to exfiltrate data out of a corporate network?. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network. It computes DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks. It encodes the payload with random characters that are broken into short stings and the DNS server rebuilds the exfiltrated data. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?. It verifies that the endpoint has the latest Microsoft security patches installed. It allows CoA to be applied if the endpoint status is compliant. It allows the endpoint to authenticate with 802.1X or MAB. It adds endpoints to identity groups dynamically.

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces and there is no err-disabled interface. What is causing this problem?. The no ip arp inspection trust command is applied on all user host interfaces. Dynamic ARP Inspection has not been enabled on all VLANs. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users. DHCP snooping has not been enabled on all VLANs.

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?. multiple zone mode. transparent mode. routed mode. multiple context mode.

What must be used to share data between multiple security products?. Cisco Stealthwatch Cloud. Cisco Advanced Malware Protection. Cisco Rapid Threat Containment. Cisco Platform Exchange Grid.

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides and option to specify HTTP/TFTP commands to perform file retrieval from the server?. selfsigned. url. terminal. profile.

What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two). secure access to on-premises and cloud applications. integration with 802.1x security using native Microsoft Windows supplicant. identification and correction of application vulnerabilities before allowing access to resources. single sign-on access to on-premises and cloud applications. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications.

Which type of attack is social engineering?. Trojan. Phishing. malware. MITM.

Which form of attach is launched using botnets?. DoS. DDoS. TCP flood. virus.

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?. It deletes any application that does not belong in the network. It sends the application information to an administrator to act on. It allows the administrator to quarantine malicious files so that the application can funtion, just not maliciously. It discovers and controls cloud apps that are connected to a company's corporate environment.

What is the difference between deceptive phishing and spear phishing?. Spear phishing is when the attack is aimed at the C-level executives of an organization. A spear phishing campaign is aimed at a specific person versus a group of people. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?. IP and Domain Reputation Center. File Reputation Center. IP Blacklist Center. AMP Reputation Center.

What is the function of Cisco Cloudlock for data security?. controls malicious cloud apps. data loss prevention. user and entity behavior analytics. detects anomalies.

Under which two circumstances is a CoA issued? (Choose two). A new authentication rule was added to the policy on the Policy Service node. A new identity Service Engine server is added to the deployment with the Administration persona. A new identity Source Sequence is created and referenced in the authentication policy. An endpoint is profiled for the first time. An endpoint is deleted on the Identity Service Engine server.

There are individual sites specified to be blacklisted in Cisco Umbrella?. content categories. destination lists. application settings. security settings.

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?. impact flags. health monitoring. URL filtering. security intelligence.

Which two request methods or REST API are valid on the Cisco ASA Platform? (Choose two). put. options. get. connect. push.

An MDM provides which two advantages to an organization with regards to device management? (Choose two). network device management. Active Directory group policy management. critical device management. asset inventory management. allowed application management.

What provides visibility and awareness into what is currently occurring on the network?. Prime Infrastructure. WMI. CMX. Telemetry.

What is the primary role of the Cisco Email Security Appliance?. Mail Delivery Agent. Mail User Agent. Mail Transfer Agent. Mail Submission Agent.

Why would a user choose an on-premises ESA versus the CES solution?. The server team wants to outsource this service. Demand is unpredictable. Sensitive data must remain onsite. ESA is deployed inline.

Which feature is supported when deploying Cisco ASAv within AWS public cloud?. IPv6. clustering. user deployment of Layer 3 networks. multiple context mode.

What is a characteristic of a traffic storm control behavior?. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. Traffic storm control cannot determine if the packet is unicast or broadcast. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Which information is required when adding a device to Firepower Management Center?. device serial number. encryption method. username and password. registration key.

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?. Firepower. Tetration. Nexus. Stealthwatch.

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?. RSA SecureID. Internal Database. LDAP. Active Directory.

Which attack is commonly associated with C and C++ programming languages?. cross site scripting. buffer overflow. DDoS. water holing.

Which deployment model is the most secure when considering risks to cloud adoption?. public cloud. community cloud. private cloud. hybrid cloud.

Refer to the exhibit. Which command was used to display this output?. show dot1x interface gi1/0/12. show dot1x. show dot1x all. show dot1x all summary.

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses. EPP focuses on network security, and EDR focuses on device security. EDR focuses on network security, and EPP focuses on device security.

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two). Cisco FTDv with two management interfaces and one traffic interface configured. Cisco FTDv configured in routed mode and IPv6 configured. Cisco FTDv with one management interface and two traffic interfaces configured. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS.

In PaaS model, which layer is the tenant reponsible for maintaining and patching?. network. application. virtual machine. hypervisor.

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two). Check integer, float, or Boolean string parameters to ensure accurate values. Block SQL code execution in the web application database login. Write SQL code instead of using object-relational mapping libraries. Use prepared statements and parameterized queries. Secure the connection between the web and the app tier.

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?. XMPP. SMTP. pxGrid. STIX.

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a receipient address. Which list contains the allowed recipient addresses?. RAT. HAT. BAT. SAT.

What must be integrated with Cisco Threat Intelligence Director to provide information abour security threats, which allows the SOC to proactively automate responses to those threats?. Cisco Threat Grid. External Threat Feeds. Cisco Umbrella. Cisco Stealthwatch.

Which two conditions are prerequisites for stateful failover for IPSec? (Choose two). Only the IPSec configuration that is set up on the active device must be duplicated on the standby device, the IKE configuration is copied automatically. Only the IKE configuration that is set up on the active device must be duplicated on the standby device, the IPSec configuration is copied automatically. The IPSec configuration that is set up on the active device must be duplicated on the standby device. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

What is the function of the Context Directory Agent?. maintains users' group memberships. reads the Active Directory logs to map IP addresses to usernames. accepts user authentication requests on behalf of Web Security Appliance for user identification. relays user authentication requests from Web Security Appliance to Active Directory.

Which threat involves software being used to gain unauthorized access to a computer system?. HTTP flood. ping of death. Virus. NTP amplification.

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 ciscoxxxxxxxx command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?. snmp-server host inside 10.255.254.1 snmpv3 myv3. snmp-server host inside 10.255.254.1version 3 myv3. snmp-server host inside 10.255.254.1 snmpv3 andy. snmp-server host inside 10.255.254.1 version 3 andy.

What are two rootkit types? (Choose two). bootloader. user mode. registry. buffer mode. virtual.

Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?. complete no configurations. set the IP address of an interface. complete all configurations. add subinterfaces.

Which compliance status is shown when a configured posture policy requirement is not met?. Authonzed. Noncompliant. Compliant. Unknown.

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two). Traffic is encrypted, which prevents visibility on firewalls and IPS systrems. Malware infects the messenger application on the user endpoint to send company data. Messenger applications cannot be segmented with standard network controls. An exposed API for the messaging platform is used to send large amounts of data. Outgoing traffic is allowed so users can communicate with outside organizations.

An engineer wants to automatically assign endpoints that have specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?. DHCP. NetFlow. SNMP. NMAP.

What is a commonality between DMVPN and FlexVPN technologies?. FlexVPN and DMVPN use the same hashing algorithms. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes. FlexVPN and DMVPN use the new key management protocol, IKEv2. IOS routers run the same NHRP code for DMVPN and FlexVPN.

In which two ways does a system administrator send web traffic transparently to the Web Security Applicance? (Choose two). configure policy-based routing on the network infrastructure. reference a Proxy Auto Config file. configure the proxy IP address in the web-browser settings. use Web Cache Communication Protocol. configure Active Directory Group Policies to push proxy settings.

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?. software package variation. flow insight variation. process details variation. interpacket variation.

How many interfaces per bridge group does an ASA bridge group deployment support?. up to 16. up to 8. up to 4. up to 2.

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two). Apply NetFlow Exporter to the outside interface in the inbound direction. Enable NetFlow Version 9. Define a Netflow collector by using the flow-export command. Create an ACL to allow UDP traffic on port 9996. Create a class map to match interesting traffic.

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?. aaa server radius dynamic-author. ip device-tracking. auth-type all. aaa new-model.

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?. get the process and PID information from the computers in the network. gather the network interface information about the computers AMP sees. create an SNMP pull mechanism for managing AMP. gather network telemetry information from AMP for endpoints.

What is a feature of the open platform capabilities of Cisco DNA Center?. intent-based APIs. automation adapters. domain integration. application adapters.

Which statement about the configuration of Cisco ASA Netflow v9 Secure Event Logging is true?. An eyespot command can be used to enable NSEL on a specific interface. NSEL can be used without a collector configured. To view bandwicth usage for Net-low records, the QoS must be enabled. A flow-export event type must be defined under a policy.

Which statement about IOS zone-based firewalls is true?. An interface can be assigned only to one zone. An interface can be assigned to multiple zones. An unassigned interface can communicate with assigned interfaces. Only one interface can be assigned to a zone.

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.). Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion. Set up a profiling policy in Cisco Identity Service Engine to check an endpoint patch level before allowing access on the network. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?. Port Bounce. CoA Terminate. CoA Session Query. CoA Reauth.

Which API is used for Contect Security?. IOS XR API. NX-OS API. AsyncOS API. Open Vuln API.

Drag and Drop the capabilities from the left onto the correct technologies on the right. Detection, blocking, tracking, analysis, and remediation to protect against targeted persistent malware attacks. superior threat prevention and mitigation for known and unknown threats. application-layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs. combined integrated solution of strong defense and web protection, visibility, and controlling solutions.

Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web. Install monitoring extension for AWS EC2. Restart the Machine Agent. Update config.yaml. Configure a Machine Agent or SIM Agent.

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right. PortScan Detection. Port Sweep. Decory PortScan. Distributed PortScan.

Drag and drop the descriptions from the left onto the correct protocol versions on the right. Standard includes NAT-T. Uses six packets in main mode to establish phase 1. Uses six packets to establish phase 1 and phase 2. Uses three packets in aggresive mode to establish phase 1. Uses EAP for autenticating remote access clients.