Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Cisco 350-701 Dumps

Page: 1 / 47
Total 630 questions

Implementing and Operating Cisco Security Core Technologies (SCOR) Questions and Answers

Question 1

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

Options:

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Question 2

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and

operate as a cloud-native CASB. Which solution must be used for this implementation?

Options:

A.

Cisco Cloudlock

B.

Cisco Cloud Email Security

C.

Cisco Firepower Next-Generation Firewall

D.

Cisco Umbrella

Question 3

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

Options:

A.

Use security services to configure the traffic monitor, .

B.

Use URL categorization to prevent the application traffic.

C.

Use an access policy group to configure application control settings.

D.

Use web security reporting to validate engine functionality

Question 4

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

Options:

A.

a Network Discovery policy to receive data from the host

B.

a Threat Intelligence policy to download the data from the host

C.

a File Analysis policy to send file data into Cisco Firepower

D.

a Network Analysis policy to receive NetFlow data from the host

Question 5

In an IaaS cloud services model, which security function is the provider responsible for managing?

Options:

A.

Internet proxy

B.

firewalling virtual machines

C.

CASB

D.

hypervisor OS hardening

Question 6

Drag and drop the VPN functions from the left onto the description on the right.

Options:

Question 7

Which attack type attempts to shut down a machine or network so that users are not able to access it?

Options:

A.

smurf

B.

bluesnarfing

C.

MAC spoofing

D.

IP spoofing

Question 8

Refer to the exhibit.

What will happen when the Python script is executed?

Options:

A.

The hostname will be translated to an IP address and printed.

B.

The hostname will be printed for the client in the client ID field.

C.

The script will pull all computer hostnames and print them.

D.

The script will translate the IP address to FODN and print it

Question 9

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

Options:

A.

IKEv1

B.

AH

C.

ESP

D.

IKEv2

Question 10

Which risk is created when using an Internet browser to access cloud-based service?

Options:

A.

misconfiguration of infrastructure, which allows unauthorized access

B.

intermittent connection to the cloud connectors

C.

vulnerabilities within protocol

D.

insecure implementation of API

Question 11

What is the role of an endpoint in protecting a user from a phishing attack?

Options:

A.

Use Cisco Stealthwatch and Cisco ISE Integration.

B.

Utilize 802.1X network security to ensure unauthorized access to resources.

C.

Use machine learning models to help identify anomalies and determine expected sending behavior.

D.

Ensure that antivirus and anti malware software is up to date

Question 12

What is the purpose of the certificate signing request when adding a new certificate for a server?

Options:

A.

It is the password for the certificate that is needed to install it with.

B.

It provides the server information so a certificate can be created and signed

C.

It provides the certificate client information so the server can authenticate against it when installing

D.

It is the certificate that will be loaded onto the server

Question 13

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

Options:

A.

file access from a different user

B.

interesting file access

C.

user login suspicious behavior

D.

privilege escalation

Question 14

An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

Options:

A.

Set a trusted interface for the DHCP server

B.

Set the DHCP snooping bit to 1

C.

Add entries in the DHCP snooping database

D.

Enable ARP inspection for the required VLAN

Question 15

Refer to the exhibit.

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is

complaining that an IP address is not being obtained. Which command should be configured on the switch

interface in order to provide the user with network connectivity?

Options:

A.

ip dhcp snooping verify mac-address

B.

ip dhcp snooping limit 41

C.

ip dhcp snooping vlan 41

D.

ip dhcp snooping trust

Question 16

What is a capability of Cisco ASA Netflow?

Options:

A.

It filters NSEL events based on traffic

B.

It generates NSEL events even if the MPF is not configured

C.

It logs all event types only to the same collector

D.

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

Question 17

Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Options:

Question 18

Drag and drop the common security threats from the left onto the definitions on the right.

Options:

Question 19

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with

other cloud solutions via an API. Which solution should be used to accomplish this goal?

Options:

A.

SIEM

B.

CASB

C.

Adaptive MFA

D.

Cisco Cloudlock

Question 20

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

Options:

A.

PSIRT

B.

Talos

C.

CSIRT

D.

DEVNET

Question 21

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Options:

A.

Encrypted Traffic Analytics

B.

Threat Intelligence Director

C.

Cognitive Threat Analytics

D.

Cisco Talos Intelligence

Question 22

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

Options:

A.

Hybrid

B.

Community

C.

Private

D.

Public

Question 23

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

Options:

A.

to prevent theft of the endpoints

B.

because defense-in-depth stops at the network

C.

to expose the endpoint to more threats

D.

because human error or insider threats will still exist

Question 24

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

Options:

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Question 25

Drag and drop the capabilities from the left onto the correct technologies on the right.

Options:

Question 26

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

Options:

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of the

product, whereas with a cloud-based solution, the provider is responsible for it.

Question 27

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Options:

Question 28

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites

but other sites are not accessible due to an error. Why is the error occurring?

Options:

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Client computers do not have an SSL certificate deployed from an internal CA server.

D.

Intelligent proxy and SSL decryption is disabled in the policy

Question 29

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

Options:

A.

Multiple routers or VRFs are required.

B.

Traffic is distributed statically by default.

C.

Floating static routes are required.

D.

HSRP is used for faliover.

Question 30

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

Options:

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Question 31

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

Options:

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Question 32

What are two Trojan malware attacks? (Choose two)

Options:

A.

Frontdoor

B.

Rootkit

C.

Smurf

D.

Backdoor

E.

Sync

Question 33

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network

is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

Options:

A.

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

B.

The file is queued for upload when connectivity is restored.

C.

The file upload is abandoned.

D.

The ESA immediately makes another attempt to upload the file.

Question 34

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

Options:

A.

Adaptive Network Control Policy List

B.

Context Visibility

C.

Accounting Reports

D.

RADIUS Live Logs

Question 35

What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

Options:

A.

Public managed

B.

Service Provider managed

C.

Enterprise managed

D.

User managed

E.

Hybrid managed

Question 36

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

Options:

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Question 37

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Options:

Question 38

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

Options:

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Question 39

What is a function of 3DES in reference to cryptography?

Options:

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Question 40

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

Options:

A.

service management

B.

centralized management

C.

application management

D.

distributed management

Question 41

What is provided by the Secure Hash Algorithm in a VPN?

Options:

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Question 42

What is the benefit of installing Cisco AMP for Endpoints on a network?

Options:

A.

It provides operating system patches on the endpoints for security.

B.

It provides flow-based visibility for the endpoints network connections.

C.

It enables behavioral analysis to be used for the endpoints.

D.

It protects endpoint systems through application control and real-time scanning

Question 43

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

Options:

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Question 44

Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

Options:

Question 45

Which Cisco platform ensures that machines that connect to organizational networks have the recommended

antivirus definitions and patches to help prevent an organizational malware outbreak?

Options:

A.

Cisco WiSM

B.

Cisco ESA

C.

Cisco ISE

D.

Cisco Prime Infrastructure

Question 46

Which type of protection encrypts RSA keys when they are exported and imported?

Options:

A.

file

B.

passphrase

C.

NGE

D.

nonexportable

Question 47

What are two DDoS attack categories? (Choose two)

Options:

A.

sequential

B.

protocol

C.

database

D.

volume-based

E.

screen-based

Question 48

What is the function of SDN southbound API protocols?

Options:

A.

to allow for the dynamic configuration of control plane applications

B.

to enable the controller to make changes

C.

to enable the controller to use REST

D.

to allow for the static configuration of control plane applications

Question 49

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally

manage cloud policies across these platforms. Which software should be used to accomplish this goal?

Options:

A.

Cisco Defense Orchestrator

B.

Cisco Secureworks

C.

Cisco DNA Center

D.

Cisco Configuration Professional

Question 50

What is an attribute of the DevSecOps process?

Options:

A.

mandated security controls and check lists

B.

security scanning and theoretical vulnerabilities

C.

development security

D.

isolated security team

Question 51

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

Options:

A.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

B.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

C.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

D.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E.

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

Question 52

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

Options:

A.

need to be reestablished with stateful failover and preserved with stateless failover

B.

preserved with stateful failover and need to be reestablished with stateless failover

C.

preserved with both stateful and stateless failover

D.

need to be reestablished with both stateful and stateless failover

Question 53

Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

Options:

A.

configure manager add DONTRESOLVE kregistration key>

B.

configure manager add 16

C.

configure manager add DONTRESOLVE FTD123

D.

configure manager add

Question 54

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

Options:

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Question 55

Which type of algorithm provides the highest level of protection against brute-force attacks?

Options:

A.

PFS

B.

HMAC

C.

MD5

D.

SHA

Question 56

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?

Options:

A.

ntp peer 1.1.1.1 key 1

B.

ntp server 1.1.1.1 key 1

C.

ntp server 1.1.1.2 key 1

D.

ntp peer 1.1.1.2 key 1

Question 57

What is a benefit of performing device compliance?

Options:

A.

Verification of the latest OS patches

B.

Device classification and authorization

C.

Providing multi-factor authentication

D.

Providing attribute-driven policies

Question 58

Which two cryptographic algorithms are used with IPsec? (Choose two)

Options:

A.

AES-BAC

B.

AES-ABC

C.

HMAC-SHA1/SHA2

D.

Triple AMC-CBC

E.

AES-CBC

Question 59

What is a key difference between Cisco Firepower and Cisco ASA?

Options:

A.

Cisco ASA provides access control while Cisco Firepower does not.

B.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

C.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Question 60

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the

command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

Options:

A.

The key server that is managing the keys for the connection will be at 1.2.3.4

B.

The remote connection will only be allowed from 1.2.3.4

C.

The address that will be used as the crypto validation authority

D.

All IP addresses other than 1.2.3.4 will be allowed

Question 61

Refer to the exhibit.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

Options:

A.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.

The access control policy is not allowing VPN traffic in.

C.

Site-to-site VPN peers are using different encryption algorithms.

D.

Site-to-site VPN preshared keys are mismatched.

Question 62

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen

on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose

two)

Options:

A.

permit

B.

trust

C.

reset

D.

allow

E.

monitor

Question 63

How does DNS Tunneling exfiltrate data?

Options:

A.

An attacker registers a domain that a client connects to based on DNS records and sends malware through

that connection.

B.

An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C.

An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to

poison the resolutions.

D.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious

domain.

Question 64

Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication?

Options:

A.

single-sign on

B.

RADIUS/LDAP authentication

C.

Kerberos security solution

D.

multifactor authentication

Question 65

Which Cisco WSA feature supports access control using URL categories?

Options:

A.

transparent user identification

B.

SOCKS proxy services

C.

web usage controls

D.

user session restrictions

Question 66

What is the benefit of integrating Cisco ISE with a MDM solution?

Options:

A.

It provides compliance checks for access to the network

B.

It provides the ability to update other applications on the mobile device

C.

It provides the ability to add applications to the mobile device through Cisco ISE

D.

It provides network device administration access

Question 67

An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?

Options:

A.

Configure Cisco Secure Workload to detect anomalies and vulnerabilities.

B.

Use Cisco ISE to provide application visibility and restrict access to them.

C.

Implement Cisco Umbrella lo control the access each application is granted.

D.

Modify the Cisco Duo configuration to restrict access between applications.

Question 68

An organization wants to improve its cybersecurity processes and to add intelligence to its data The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?

Options:

A.

Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use

B.

Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies.

C.

Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases

D.

Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides.

Question 69

Which feature must be configured before implementing NetFlow on a router?

Options:

A.

SNMPv3

B.

syslog

C.

VRF

D.

IP routing

Question 70

Which two parameters are used to prevent a data breach in the cloud? (Choose two.)

Options:

A.

DLP solutions

B.

strong user authentication

C.

encryption

D.

complex cloud-based web proxies

E.

antispoofing programs

Question 71

A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?

Options:

A.

file prevalence

B.

file discovery

C.

file conviction

D.

file manager

Question 72

Which threat intelligence standard contains malware hashes?

Options:

A.

advanced persistent threat

B.

open command and control

C.

structured threat information expression

D.

trusted automated exchange of indicator information

Question 73

What are two functionalities of SDN Northbound APIs? (Choose two.)

Options:

A.

Northbound APIs provide a programmable interface for applications to dynamically configure the network.

B.

Northbound APIs form the interface between the SDN controller and business applications.

C.

OpenFlow is a standardized northbound API protocol.

D.

Northbound APIs use the NETCONF protocol to communicate with applications.

E.

Northbound APIs form the interface between the SDN controller and the network switches or routers.

Question 74

What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

Options:

A.

It defines what data is going to be encrypted via the VPN

B.

lt configures the pre-shared authentication key

C.

It prevents all IP addresses from connecting to the VPN server.

D.

It configures the local address for the VPN server.

Question 75

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

Options:

A.

Configure the *.com address in the block list.

B.

Configure the *.domain.com address in the block list

C.

Configure the *.domain.com address in the block list

D.

Configure the domain.com address in the block list

Question 76

Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?

Options:

A.

Cisco ISE

B.

Cisco NAC

C.

Cisco TACACS+

D.

Cisco WSA

Question 77

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization's inside network 192.168.1.0/24. Which IOS command must oe used to create the access control list?

Options:

A.

B.

C.

D.

Question 78

Which two components do southbound APIs use to communicate with downstream devices? (Choose two.)

Options:

A.

services running over the network

B.

OpenFlow

C.

external application APIs

D.

applications running over the network

E.

OpFlex

Question 79

An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE Which action accomplishes this task?

Options:

A.

Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot get an IP address

B.

Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE

C.

Modify the DHCP relay and point the IP address to Cisco ISE.

D.

Configure DHCP snooping on the switch VLANs and trust the necessary interfaces

Question 80

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

Options:

A.

Southbound APIs are used to define how SDN controllers integrate with applications.

B.

Southbound interfaces utilize device configurations such as VLANs and IP addresses.

C.

Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.

D.

Southbound APIs utilize CLI, SNMP, and RESTCONF.

E.

Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

Question 81

What are two benefits of using an MDM solution? (Choose two.)

Options:

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Question 82

Which parameter is required when configuring a Netflow exporter on a Cisco Router?

Options:

A.

DSCP value

B.

Source interface

C.

Exporter name

D.

Exporter description

Question 83

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?

Options:

A.

CNAME

B.

MX

C.

SPF

D.

DKIM

Question 84

Refer to the exhibit.

A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced What is the cause of this issue?

Options:

A.

The key was configured in plain text.

B.

NTP authentication is not enabled.

C.

The hashing algorithm that was used was MD5. which is unsupported.

D.

The router was not rebooted after the NTP configuration updated.

Question 85

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

Options:

A.

Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.

B.

Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE

C.

Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

D.

Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE

Question 86

Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two.)

Options:

A.

Assignments to endpoint groups are made dynamically, based on endpoint attributes.

B.

Endpoint supplicant configuration is deployed.

C.

A centralized management solution is deployed.

D.

Patch management remediation is performed.

E.

The latest antivirus updates are applied before access is allowed.

Question 87

What are two security benefits of an MDM deployment? (Choose two.)

Options:

A.

robust security policy enforcement

B.

privacy control checks

C.

on-device content management

D.

distributed software upgrade

E.

distributed dashboard

Question 88

What is a description of microsegmentation?

Options:

A.

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate

B.

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery

C.

Environments implement private VLAN segmentation to group servers with similar applications.

D.

Environments deploy centrally managed host-based firewall rules on each server or container

Question 89

What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?

Options:

A.

blocks traffic from URL categories that are known to contain malicious content

B.

decrypts SSL traffic to monitor for malicious content

C.

monitors suspicious traffic across all the TCP/UDP ports

D.

prevents data exfiltration by searching all the network traffic for specified sensitive information

Question 90

Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two.)

Options:

A.

flow-export event-type

B.

policy-map

C.

access-list

D.

flow-export template timeout-rate 15

E.

access-group

Question 91

What are two things to consider when using PAC files with the Cisco WSA? (Choose two.)

Options:

A.

If the WSA host port is changed, the default port redirects web traffic to the correct port automatically.

B.

PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.

C.

The WSA hosts PAC files on port 9001 by default.

D.

The WSA hosts PAC files on port 6001 by default.

E.

By default, they direct traffic through a proxy when the PC and the host are on the same subnet.

Question 92

Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other

interoperable security platforms?

Options:

A.

IEEE

B.

IETF

C.

NIST

D.

ANSI

Question 93

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

Options:

A.

Implement pre-filter policies for the CIP preprocessor

B.

Enable traffic analysis in the Cisco FTD

C.

Configure intrusion rules for the DNP3 preprocessor

D.

Modify the access control policy to trust the industrial traffic

Question 94

Refer to the exhibit. All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and all servers must communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?

Options:

A.

Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports.

B.

Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, Gigabit Ethernet0/3 and GigabitEthernet0/4 as isolated ports C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port and GigabitEthernet0/3 and GrgabitEthernet0/4 as community ports

C.

Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GrgabitEthernet0/4 as isolated ports.

Question 95

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest

access, and the same guest portal is used as the BYOD portal?

Options:

A.

single-SSID BYOD

B.

multichannel GUI

C.

dual-SSID BYOD

D.

streamlined access

Question 96

Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?

Options:

A.

inter-EPG isolation

B.

inter-VLAN security

C.

intra-EPG isolation

D.

placement in separate EPGs

Question 97

What are two functions of TAXII in threat intelligence sharing? (Choose two.)

Options:

A.

determines the "what" of threat intelligence

B.

Supports STIX information

C.

allows users to describe threat motivations and abilities

D.

exchanges trusted anomaly intelligence information

E.

determines how threat intelligence information is relayed

Question 98

Why is it important to patch endpoints consistently?

Options:

A.

Patching reduces the attack surface of the infrastructure.

B.

Patching helps to mitigate vulnerabilities.

C.

Patching is required per the vendor contract.

D.

Patching allows for creating a honeypot.

Question 99

Which command is used to log all events to a destination colector 209.165.201.107?

Options:

A.

CiscoASA(config-pmap-c)#flow-export event-type flow-update destination 209.165.201.10

B.

CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.

C.

CiscoASA(config-pmap-c)#flow-export event-type all destination 209.165.201.10

D.

CiscoASA(config-cmap)#flow-export event-type flow-update destination 209.165.201.10

Question 100

Drag and drop the deployment models from the left onto the explanations on the right.

Options:

Question 101

Which standard is used to automate exchanging cyber threat information?

Options:

A.

TAXII

B.

MITRE

C.

IoC

D.

STIX

Question 102

Which system performs compliance checks and remote wiping?

Options:

A.

MDM

B.

ISE

C.

AMP

D.

OTP

Question 103

Which Cisco ISE feature helps to detect missing patches and helps with remediation?

Options:

A.

posture assessment

B.

profiling policy

C.

authentication policy

D.

enabling probes

Question 104

Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right.

Options:

Question 105

Drag and drop the concepts from the left onto the correct descriptions on the right

Options:

Question 106

What is a difference between an XSS attack and an SQL injection attack?

Options:

A.

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

B.

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

C.

SQL injection attacks are used to steal information from databases whereas XSS attacks are used to

redirect users to websites where attackers can steal data from them

D.

XSS attacks are used to steal information from databases whereas SQL injection attacks are used to

redirect users to websites where attackers can steal data from them

Question 107

What is the process of performing automated static and dynamic analysis of files against preloaded

behavioral indicators for threat analysis?

Options:

A.

deep visibility scan

B.

point-in-time checks

C.

advanced sandboxing

D.

advanced scanning

Question 108

Drag and drop the exploits from the left onto the type of security vulnerability on the right.

Options:

Question 109

Which algorithm is an NGE hash function?

Options:

A.

HMAC

B.

SHA-1

C.

MD5

D.

SISHA-2

Question 110

Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?

Options:

A.

inbound

B.

north-south

C.

east-west

D.

outbound

Question 111

What is the purpose of a NetFlow version 9 template record?

Options:

A.

It specifies the data format of NetFlow processes.

B.

It provides a standardized set of information about an IP flow.

C.

lt defines the format of data records.

D.

It serves as a unique identification number to distinguish individual data records

Question 112

How does a WCCP-configured router identify if the Cisco WSA is functional?

Options:

A.

If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router.

B.

If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer

transmitted to the WSA.

C.

The WSA sends a Here-l-Am message every 10 seconds, and the router acknowledges with an ISee-You message.

D.

The router sends a Here-l-Am message every 10 seconds, and the WSA acknowledges with an ISee-You message.

Question 113

An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?

Options:

A.

Change the IP address of the new Cisco ISE node to the same network as the others.

B.

Make the new Cisco ISE node a secondary PAN before registering it with the primary.

C.

Open port 8905 on the firewall between the Cisco ISE nodes

D.

Add the DNS entry for the new Cisco ISE node into the DNS server

Question 114

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization

needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of

172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

Options:

A.

crypto ca identity 172.19.20.24

B.

crypto isakmp key Cisco0123456789 172.19.20.24

C.

crypto enrollment peer address 172.19.20.24

D.

crypto isakmp identity address 172.19.20.24

Question 115

An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generate by the user Is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goat?

Options:

A.

NAT exemption

B.

encryption domain

C.

routing table

D.

group policy

Question 116

Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?

Options:

A.

CoA-NCL

B.

CoA-NAK

C.

СоА-МАВ

D.

CoA-ACK

Question 117

In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)

Options:

A.

It prevents use of compromised accounts and social engineering.

B.

It prevents all zero-day attacks coming from the Internet.

C.

It automatically removes malicious emails from users' inbox.

D.

It prevents trojan horse malware using sensors.

E.

It secures all passwords that are shared in video conferences.

Question 118

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively u: of the default policy elements. What else must be done to accomplish this task?

Options:

A.

Add the specified addresses to the identities list and create a block action.

B.

Create a destination list for addresses to be allowed or blocked.

C.

Use content categories to block or allow specific addresses.

D.

Modify the application settings to allow only applications to connect to required addresses.

Question 119

An engineer integrates Cisco FMC and Cisco ISE using pxGrid Which role is assigned for Cisco FMC?

Options:

A.

client

B.

server

C.

controller

D.

publisher

Question 120

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?

Options:

A.

Cisco Defense Orchestrator

B.

Cisco Configuration Professional

C.

Cisco Secureworks

D.

Cisco DNAC

Question 121

Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?

Question 122

Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?

Options:

A.

buffer overflow

B.

browser WGET

C.

SQL injection

D.

cross-site scripting

Question 123

What must be enabled to secure SaaS-based applications?

Options:

A.

modular policy framework

B.

two-factor authentication

C.

application security gateway

D.

end-to-end encryption

Question 124

An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Clsc427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?

Options:

A.

ntp server 192.168.1.110 primary key 1

B.

ntp peer 192.168.1.110 prefer key 1

C.

ntp server 192.168.1.110 key 1 prefer

D.

ntp peer 192.168.1.110 key 1 primary

Question 125

An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?

Options:

A.

MDA on the router

B.

PBR on Cisco WSA

C.

WCCP on switch

D.

DNS resolution on Cisco WSA

Question 126

A network administrator is modifying a remote access VPN on an FTD managed by an FMC. The administrator wants to offload traffic to certain trusted domains. The administrator wants this traffic to go out of the client's local internet and send other internet-bound traffic over the VPN Which feature must the administrator configure?

Options:

A.

dynamic split tunneling

B.

local LAN access

C.

dynamic access policies

D.

reverse route injection

Question 127

Which two risks is a company vulnerable to if it does not have a well-established patching solution for

endpoints? (Choose two)

Options:

A.

exploits

B.

ARP spoofing

C.

denial-of-service attacks

D.

malware

E.

eavesdropping

Question 128

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

Options:

A.

IP Blacklist Center

B.

File Reputation Center

C.

AMP Reputation Center

D.

IP and Domain Reputation Center

Question 129

What is a characteristic of Dynamic ARP Inspection?

Options:

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP

snooping binding database.

B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are

untrusted

C.

DAI associates a trust state with each switch.

D.

DAI intercepts all ARP requests and responses on trusted ports only.

Question 130

Which benefit does endpoint security provide the overall security posture of an organization?

Options:

A.

It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B.

It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C.

It allows the organization to detect and respond to threats at the edge of the network.

D.

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Question 131

A malicious user gained network access by spoofing printer connections that were authorized using MAB on

four different switch ports at the same time. What two catalyst switch security features will prevent further

violations? (Choose two)

Options:

A.

DHCP Snooping

B.

802.1AE MacSec

C.

Port security

D.

IP Device track

E.

Dynamic ARP inspection

F.

Private VLANs

Question 132

An MDM provides which two advantages to an organization with regards to device management? (Choose two)

Options:

A.

asset inventory management

B.

allowed application management

C.

Active Directory group policy management

D.

network device management

E.

critical device management

Question 133

Which two key and block sizes are valid for AES? (Choose two)

Options:

A.

64-bit block size, 112-bit key length

B.

64-bit block size, 168-bit key length

C.

128-bit block size, 192-bit key length

D.

128-bit block size, 256-bit key length

E.

192-bit block size, 256-bit key length

Question 134

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

Options:

A.

RSA SecureID

B.

Internal Database

C.

Active Directory

D.

LDAP

Question 135

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

Options:

A.

TLSv1.2

B.

TLSv1.1

C.

BJTLSv1

D.

DTLSv1

Question 136

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak

control method is used to accomplish this task?

Options:

A.

device flow correlation

B.

simple detections

C.

application blocking list

D.

advanced custom detections

Question 137

What is a commonality between DMVPN and FlexVPN technologies?

Options:

A.

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

B.

FlexVPN and DMVPN use the new key management protocol

C.

FlexVPN and DMVPN use the same hashing algorithms

D.

IOS routers run the same NHRP code for DMVPN and FlexVPN

Question 138

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

Options:

A.

user input validation in a web page or web application

B.

Linux and Windows operating systems

C.

database

D.

web page images

Question 139

A mall provides security services to customers with a shared appliance. The mall wants separation of

management on the shared appliance. Which ASA deployment mode meets these needs?

Options:

A.

routed mode

B.

transparent mode

C.

multiple context mode

D.

multiple zone mode

Question 140

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social

engineering attacks? (Choose two)

Options:

A.

Patch for cross-site scripting.

B.

Perform backups to the private cloud.

C.

Protect against input validation and character escapes in the endpoint.

D.

Install a spam and virus email filter.

E.

Protect systems with an up-to-date antimalware program

Question 141

What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an

organization? (Choose two)

Options:

A.

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

B.

single sign-on access to on-premises and cloud applications

C.

integration with 802.1x security using native Microsoft Windows supplicant

D.

secure access to on-premises and cloud applications

E.

identification and correction of application vulnerabilities before allowing access to resources

Question 142

Which two activities can be done using Cisco DNA Center? (Choose two)

Options:

A.

DHCP

B.

Design

C.

Accounting

D.

DNS

E.

Provision

Question 143

Refer to the exhibit.

Which command was used to display this output?

Options:

A.

show dot1x all

B.

show dot1x

C.

show dot1x all summary

D.

show dot1x interface gi1/0/12

Question 144

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

Options:

A.

authentication server: Cisco Identity Service Engine

B.

supplicant: Cisco AnyConnect ISE Posture module

C.

authenticator: Cisco Catalyst switch

D.

authenticator: Cisco Identity Services Engine

E.

authentication server: Cisco Prime Infrastructure

Question 145

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and

Response?

Options:

A.

EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

B.

EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

C.

EPP focuses on network security, and EDR focuses on device security.

D.

EDR focuses on network security, and EPP focuses on device security.

Question 146

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

Options:

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Question 147

Which Cisco security solution protects remote users against phishing attacks when they are not connected to

the VPN?

Options:

A.

Cisco Stealthwatch

B.

Cisco Umbrella

C.

Cisco Firepower

D.

NGIPS

Question 148

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

Options:

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

Question 149

Which threat involves software being used to gain unauthorized access to a computer system?

Options:

A.

virus

B.

NTP amplification

C.

ping of death

D.

HTTP flood

Question 150

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

Options:

A.

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B.

Cisco FTDv with one management interface and two traffic interfaces configured

C.

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D.

Cisco FTDv with two management interfaces and one traffic interface configured

E.

Cisco FTDv configured in routed mode and IPv6 configured

Question 151

What is the function of Cisco Cloudlock for data security?

Options:

A.

data loss prevention

B.

controls malicious cloud apps

C.

detects anomalies

D.

user and entity behavior analytics

Question 152

Which option is the main function of Cisco Firepower impact flags?

Options:

A.

They alert administrators when critical events occur.

B.

They highlight known and suspected malicious IP addresses in reports.

C.

They correlate data about intrusions and vulnerability.

D.

They identify data that the ASA sends to the Firepower module.

Question 153

How many interfaces per bridge group does an ASA bridge group deployment support?

Options:

A.

up to 2

B.

up to 4

C.

up to 8

D.

up to 16

Question 154

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

Options:

A.

biometric factor

B.

time factor

C.

confidentiality factor

D.

knowledge factor

E.

encryption factor

Question 155

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

Options:

A.

Configure the trackingconfig command to enable message tracking.

B.

Generate a system report.

C.

Review the log files.

D.

Perform a trace.

Question 156

What are two rootkit types? (Choose two)

Options:

A.

registry

B.

virtual

C.

bootloader

D.

user mode

E.

buffer mode

Question 157

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services

Engine? (Choose two)

Options:

A.

RADIUS

B.

TACACS+

C.

DHCP

D.

sFlow

E.

SMTP

Question 158

What is a difference between FlexVPN and DMVPN?

Options:

A.

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B.

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

C.

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

D.

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

Question 159

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The

company needs to be able to protect sensitive data throughout the full environment. Which tool should be used

to accomplish this goal?

Options:

A.

Security Manager

B.

Cloudlock

C.

Web Security Appliance

D.

Cisco ISE

Question 160

What is the difference between deceptive phishing and spear phishing?

Options:

A.

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.

A spear phishing campaign is aimed at a specific person versus a group of people.

C.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Question 161

Which statement about IOS zone-based firewalls is true?

Options:

A.

An unassigned interface can communicate with assigned interfaces

B.

Only one interface can be assigned to a zone.

C.

An interface can be assigned to multiple zones.

D.

An interface can be assigned only to one zone.

Question 162

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

Options:

A.

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

B.

A sysopt command can be used to enable NSEL on a specific interface.

C.

NSEL can be used without a collector configured.

D.

A flow-export event type must be defined under a policy

Question 163

Which two preventive measures are used to control cross-site scripting? (Choose two)

Options:

A.

Enable client-side scripts on a per-domain basis.

B.

Incorporate contextual output encoding/escaping.

C.

Disable cookie inspection in the HTML inspection engine.

D.

Run untrusted HTML input through an HTML sanitization engine.

E.

Same Site cookie attribute should not be used.

Question 164

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

Options:

A.

It decrypts HTTPS application traffic for unauthenticated users.

B.

It alerts users when the WSA decrypts their traffic.

C.

It decrypts HTTPS application traffic for authenticated users.

D.

It provides enhanced HTTPS application detection for AsyncOS.

Question 165

Refer to the exhibit.

A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?

Options:

A.

hashing algorithm mismatch

B.

encryption algorithm mismatch

C.

authentication key mismatch

D.

interesting traffic was not applied

Question 166

Which feature is configured for managed devices in the device platform settings of the Firepower Management

Center?

Options:

A.

quality of service

B.

time synchronization

C.

network address translations

D.

intrusion policy

Question 167

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

Options:

A.

Port

B.

Rule

C.

Source

D.

Application

E.

Protocol

Question 168

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?

(Choose two)

Options:

A.

configure Active Directory Group Policies to push proxy settings

B.

configure policy-based routing on the network infrastructure

C.

reference a Proxy Auto Config file

D.

configure the proxy IP address in the web-browser settings

E.

use Web Cache Communication Protocol

Question 169

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which

probe must be enabled for this type of profiling to work?

Options:

A.

NetFlow

B.

NMAP

C.

SNMP

D.

DHCP

Question 170

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the

corporate network. The endpoints must have the corporate antivirus application installed and be running the

latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the

network?

Options:

A.

Cisco Identity Services Engine and AnyConnect Posture module

B.

Cisco Stealthwatch and Cisco Identity Services Engine integration

C.

Cisco ASA firewall with Dynamic Access Policies configured

D.

Cisco Identity Services Engine with PxGrid services enabled

Question 171

Refer to the exhibit.

What does the API do when connected to a Cisco security appliance?

Options:

A.

get the process and PID information from the computers in the network

B.

create an SNMP pull mechanism for managing AMP

C.

gather network telemetry information from AMP for endpoints

D.

gather the network interface information about the computers AMP sees

Question 172

How does Cisco Umbrella archive logs to an enterprise owned storage?

Options:

A.

by using the Application Programming Interface to fetch the logs

B.

by sending logs via syslog to an on-premises or cloud-based syslog server

C.

by the system administrator downloading the logs from the Cisco Umbrella web portal

D.

by being configured to send logs to a self-managed AWS S3 bucket

Question 173

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a

connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

Options:

A.

Cisco Firepower

B.

Cisco Umbrella

C.

ISE

D.

AMP

Question 174

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention

System?

Options:

A.

Security Intelligence

B.

Impact Flags

C.

Health Monitoring

D.

URL Filtering

Question 175

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

Options:

A.

Spero analysis

B.

dynamic analysis

C.

sandbox analysis

D.

malware analysis

Question 176

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

Options:

A.

It allows the endpoint to authenticate with 802.1x or MAB.

B.

It verifies that the endpoint has the latest Microsoft security patches installed.

C.

It adds endpoints to identity groups dynamically.

D.

It allows CoA to be applied if the endpoint status is compliant.

Question 177

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

Options:

A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the

IPsec configuration is copied automatically

B.

The active and standby devices can run different versions of the Cisco IOS software but must be the same

type of device.

C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

D.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;

the IKE configuration is copied automatically.

E.

The active and standby devices must run the same version of the Cisco IOS software and must be the

same type of device

Question 178

Why would a user choose an on-premises ESA versus the CES solution?

Options:

A.

Sensitive data must remain onsite.

B.

Demand is unpredictable.

C.

The server team wants to outsource this service.

D.

ESA is deployed inline.

Question 179

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

Options:

A.

transparent mode

B.

routed mode

C.

inline mode

D.

active mode

E.

passive monitor-only mode

Question 180

Which compliance status is shown when a configured posture policy requirement is not met?

Options:

A.

compliant

B.

unknown

C.

authorized

D.

noncompliant

Question 181

Under which two circumstances is a CoA issued? (Choose two)

Options:

A.

A new authentication rule was added to the policy on the Policy Service node.

B.

An endpoint is deleted on the Identity Service Engine server.

C.

A new Identity Source Sequence is created and referenced in the authentication policy.

D.

An endpoint is profiled for the first time.

E.

A new Identity Service Engine server is added to the deployment with the Administration persona

Question 182

What provides visibility and awareness into what is currently occurring on the network?

Options:

A.

CMX

B.

WMI

C.

Prime Infrastructure

D.

Telemetry

Question 183

What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

Options:

A.

show authorization status

B.

show authen sess int gi0/1

C.

show connection status gi0/1

D.

show ver gi0/1

Question 184

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256

cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

Options:

A.

snmp-server host inside 10.255.254.1 version 3 andy

B.

snmp-server host inside 10.255.254.1 version 3 myv3

C.

snmp-server host inside 10.255.254.1 snmpv3 andy

D.

snmp-server host inside 10.255.254.1 snmpv3 myv3

Question 185

What is a characteristic of Firepower NGIPS inline deployment mode?

Options:

A.

ASA with Firepower module cannot be deployed.

B.

It cannot take actions such as blocking traffic.

C.

It is out-of-band from traffic.

D.

It must have inline interface pairs configured.

Question 186

Which Cisco AMP file disposition valid?

Options:

A.

pristine

B.

malware

C.

dirty

D.

non malicious

Question 187

Which attack is commonly associated with C and C++ programming languages?

Options:

A.

cross-site scripting

B.

water holing

C.

DDoS

D.

buffer overflow

Question 188

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion

Prevention System?

Options:

A.

control

B.

malware

C.

URL filtering

D.

protect

Question 189

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

Options:

A.

Enable IP Layer enforcement.

B.

Activate the Advanced Malware Protection license

C.

Activate SSL decryption.

D.

Enable Intelligent Proxy.

Page: 1 / 47
Total 630 questions