March Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Cisco > CCNP Security > 350-701

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR) Question and Answers

Question # 4

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

A.

Nexus

B.

Stealthwatch

C.

Firepower

D.

Tetration

Full Access
Question # 5

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention

System? (Choose two)

A.

packet decoder

B.

SIP

C.

modbus

D.

inline normalization

E.

SSL

Full Access
Question # 6

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch

was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate

the risk of this ransom ware infection? (Choose two)

A.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing

access on the network.

B.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing

access on the network.

C.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met

before allowing access on the network.

D.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate

throughout the network.

E.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Full Access
Question # 7

Which command enables 802.1X globally on a Cisco switch?

A.

dot1x system-auth-control

B.

dot1x pae authenticator

C.

authentication port-control aut

D.

aaa new-model

Full Access
Question # 8

In which cloud services model is the tenant responsible for virtual machine OS patching?

A.

IaaS

B.

UCaaS

C.

PaaS

D.

SaaS

Full Access
Question # 9

Which VPN technology can support a multivendor environment and secure traffic between sites?

A.

SSL VPN

B.

GET VPN

C.

FlexVPN

D.

DMVPN

Full Access
Question # 10

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Full Access
Question # 11

Refer to the exhibit.

What does the API do when connected to a Cisco security appliance?

A.

get the process and PID information from the computers in the network

B.

create an SNMP pull mechanism for managing AMP

C.

gather network telemetry information from AMP for endpoints

D.

gather the network interface information about the computers AMP sees

Full Access
Question # 12

What is a characteristic of a bridge group in ASA Firewall transparent mode?

A.

It includes multiple interfaces and access rules between interfaces are customizable

B.

It is a Layer 3 segment and includes one port and customizable access rules

C.

It allows ARP traffic with a single access rule

D.

It has an IP address on its BVI interface and is used for management traffic

Full Access
Question # 13

Which two capabilities does TAXII support? (Choose two)

A.

Exchange

B.

Pull messaging

C.

Binding

D.

Correlation

E.

Mitigating

Full Access
Question # 14

Which two mechanisms are used to control phishing attacks? (Choose two)

A.

Enable browser alerts for fraudulent websites.

B.

Define security group memberships.

C.

Revoke expired CRL of the websites.

D.

Use antispyware software.

E.

Implement email filtering techniques.

Full Access
Question # 15

Refer to the exhibit.

Which command was used to display this output?

A.

show dot1x all

B.

show dot1x

C.

show dot1x all summary

D.

show dot1x interface gi1/0/12

Full Access
Question # 16

Which action controls the amount of URI text that is stored in Cisco WSA logs files?

A.

Configure the datasecurityconfig command

B.

Configure the advancedproxyconfig command with the HTTPS subcommand

C.

Configure a small log-entry size.

D.

Configure a maximum packet size.

Full Access
Question # 17

Which two key and block sizes are valid for AES? (Choose two)

A.

64-bit block size, 112-bit key length

B.

64-bit block size, 168-bit key length

C.

128-bit block size, 192-bit key length

D.

128-bit block size, 256-bit key length

E.

192-bit block size, 256-bit key length

Full Access
Question # 18

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A.

It decrypts HTTPS application traffic for unauthenticated users.

B.

It alerts users when the WSA decrypts their traffic.

C.

It decrypts HTTPS application traffic for authenticated users.

D.

It provides enhanced HTTPS application detection for AsyncOS.

Full Access
Question # 19

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

Full Access
Question # 20

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

A.

Spero analysis

B.

dynamic analysis

C.

sandbox analysis

D.

malware analysis

Full Access
Question # 21

What is the primary benefit of deploying an ESA in hybrid mode?

A.

You can fine-tune its settings to provide the optimum balance between security and performance for your environment

B.

It provides the lowest total cost of ownership by reducing the need for physical appliances

C.

It provides maximum protection and control of outbound messages

D.

It provides email security while supporting the transition to the cloud

Full Access
Question # 22

How does Cisco Umbrella archive logs to an enterprise owned storage?

A.

by using the Application Programming Interface to fetch the logs

B.

by sending logs via syslog to an on-premises or cloud-based syslog server

C.

by the system administrator downloading the logs from the Cisco Umbrella web portal

D.

by being configured to send logs to a self-managed AWS S3 bucket

Full Access
Question # 23

Which two descriptions of AES encryption are true? (Choose two)

A.

AES is less secure than 3DES.

B.

AES is more secure than 3DES.

C.

AES can use a 168-bit key for encryption.

D.

AES can use a 256-bit key for encryption.

E.

AES encrypts and decrypts a key three times in sequence.

Full Access
Question # 24

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

A.

Configure the trackingconfig command to enable message tracking.

B.

Generate a system report.

C.

Review the log files.

D.

Perform a trace.

Full Access
Question # 25

Refer to the exhibit.

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

A.

authentication open

B.

dotlx reauthentication

C.

cisp enable

D.

dot1x pae authenticator

Full Access
Question # 26

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the

deployment?

A.

NGFW

B.

AMP

C.

WSA

D.

ESA

Full Access
Question # 27

What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

A.

show authorization status

B.

show authen sess int gi0/1

C.

show connection status gi0/1

D.

show ver gi0/1

Full Access
Question # 28

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize

applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

A.

Cisco Security Intelligence

B.

Cisco Application Visibility and Control

C.

Cisco Model Driven Telemetry

D.

Cisco DNA Center

Full Access
Question # 29

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and

Response?

A.

EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

B.

EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

C.

EPP focuses on network security, and EDR focuses on device security.

D.

EDR focuses on network security, and EPP focuses on device security.

Full Access
Question # 30

In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)

A.

It prevents use of compromised accounts and social engineering.

B.

It prevents all zero-day attacks coming from the Internet.

C.

It automatically removes malicious emails from users' inbox.

D.

It prevents trojan horse malware using sensors.

E.

It secures all passwords that are shared in video conferences.

Full Access
Question # 31

Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the

network?

A.

Posture

B.

Profiling

C.

pxGrid

D.

MAB

Full Access
Question # 32

Which feature requires that network telemetry be enabled?

A.

per-interface stats

B.

SNMP trap notification

C.

Layer 2 device discovery

D.

central syslog system

Full Access
Question # 33

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion

events that are flagged as possible active breaches?

A.

retrospective detection

B.

indication of compromise

C.

file trajectory

D.

elastic search

Full Access
Question # 34

What is the purpose of CA in a PKI?

A.

To issue and revoke digital certificates

B.

To validate the authenticity of a digital certificate

C.

To create the private key for a digital certificate

D.

To certify the ownership of a public key by the named subject

Full Access
Question # 35

Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?

A.

api/v1/fie/config

B.

api/v1/onboarding/pnp-device/import

C.

api/v1/onboarding/pnp-device

D.

api/v1/onboarding/workflow

Full Access
Question # 36

A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish

this goal?

A.

3

B.

5

C.

10

D.

1

Full Access
Question # 37

Drag and drop the exploits from the left onto the type of security vulnerability on the right.

Full Access
Question # 38

Refer to the exhibit.

What is the function of the Python script code snippet for the Cisco ASA REST API?

A.

adds a global rule into policies

B.

changes the hostname of the Cisco ASA

C.

deletes a global rule from policies

D.

obtains the saved configuration of the Cisco ASA firewall

Full Access
Question # 39

Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.

Full Access
Question # 40

Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other

interoperable security platforms?

A.

IEEE

B.

IETF

C.

NIST

D.

ANSI

Full Access
Question # 41

Which two devices support WCCP for traffic redirection? (Choose two.)

A.

Cisco Secure Web Appliance

B.

Cisco IOS

C.

proxy server

D.

Cisco ASA

E.

Cisco IPS

Full Access
Question # 42

Which two Cisco ISE components must be configured for BYOD? (Choose two.)

A.

local WebAuth

B.

central WebAuth

C.

null WebAuth

D.

guest

E.

dual

Full Access
Question # 43

Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two.)

A.

It must include the current date.

B.

It must reside in the trusted store of the WSA.

C.

It must reside in the trusted store of the endpoint.

D.

It must have been signed by an internal CA.

E.

it must contain a SAN.

Full Access
Question # 44

Which Cisco Umbrella package supports selective proxy for Inspection of traffic from risky domains?

A.

SIG Advantage

B.

DNS Security Essentials

C.

SIG Essentials

D.

DNS Security Advantage

Full Access
Question # 45

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)

A.

blocks malicious websites and adds them to a block list

B.

does a real-time user web browsing behavior analysis

C.

provides a defense for on-premises email deployments

D.

uses a static algorithm to determine malicious

E.

determines if the email messages are malicious

Full Access
Question # 46

In which scenario is endpoint-based security the solution?

A.

inspecting encrypted traffic

B.

device profiling and authorization

C.

performing signature-based application control

D.

inspecting a password-protected archive

Full Access
Question # 47

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

A.

OpenC2

B.

OpenlOC

C.

CybOX

D.

STIX

Full Access
Question # 48

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users.

A.

Upload the organization root CA to the Umbrella admin portal

B.

Modify the user's browser settings to suppress errors from Umbrella.

C.

Restrict access to only websites with trusted third-party signed certificates.

D.

Import the Umbrella root CA into the trusted root store on the user's device.

Full Access
Question # 49

Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?

Full Access
Question # 50

What is the benefit of integrating Cisco ISE with a MDM solution?

A.

It provides compliance checks for access to the network

B.

It provides the ability to update other applications on the mobile device

C.

It provides the ability to add applications to the mobile device through Cisco ISE

D.

It provides network device administration access

Full Access
Question # 51

An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?

A.

MDA on the router

B.

PBR on Cisco WSA

C.

WCCP on switch

D.

DNS resolution on Cisco WSA

Full Access
Question # 52

What is the concept of Cl/CD pipelining?

A.

The project is split into several phases where one phase cannot start before the previous phase finishes successfully.

B.

The project code is centrally maintained and each code change should trigger an automated build and test sequence

C.

The project is split into time-limited cycles and focuses on pair programming for continuous code review

D.

Each project phase is independent from other phases to maintain adaptiveness and continual improvement

Full Access
Question # 53

Refer to the exhibit.

An engineer must configure a Cisco switch to perform PPP authentication via a TACACS server located at IP address 10.1.1.10. Authentication must fall back to the local database using the username LocalUser and password C1Sc0451069341l if the TACACS server is unreachable.

Drag and drop the commands from the left onto the corresponding configuration steps on the right.

Full Access
Question # 54

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?

A.

reset

B.

buffer

C.

pass

D.

drop

Full Access
Question # 55

What are two functions of IKEv1 but not IKEv2? (Choose two)

A.

NAT-T is supported in IKEv1 but rot in IKEv2.

B.

With IKEv1, when using aggressive mode, the initiator and responder identities are passed cleartext

C.

With IKEv1, mode negotiates faster than main mode

D.

IKEv1 uses EAP authentication

E.

IKEv1 conversations are initiated by the IKE_SA_INIT message

Full Access
Question # 56

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization's inside network 192.168.1.0/24. Which IOS command must oe used to create the access control list?

A.

B.

C.

D.

Full Access
Question # 57

What is the difference between a vulnerability and an exploit?

A.

A vulnerability is a hypothetical event for an attacker to exploit

B.

A vulnerability is a weakness that can be exploited by an attacker

C.

An exploit is a weakness that can cause a vulnerability in the network

D.

An exploit is a hypothetical event that causes a vulnerability in the network

Full Access
Question # 58

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?

A.

The changes are applied immediately it the destination list is part or a policy.

B.

The destination list must be removed from the policy before changes are made to It.

C.

The changes are applied only after the configuration is saved in Cisco Umbrella.

D.

The user role of Block Page Bypass or higher is needed to perform these changes.

Full Access
Question # 59

What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?

A.

The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.

B.

The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity

C.

AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.

D.

AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

Full Access
Question # 60

A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?

A.

Create an IP block list for the website from which the file was downloaded

B.

Block the application that the file was using to open

C.

Upload the hash for the file into the policy

D.

Send the file to Cisco Threat Grid for dynamic analysis

Full Access
Question # 61

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?

A.

File Analysis

B.

IP Reputation Filtering

C.

Intelligent Multi-Scan

D.

Anti-Virus Filtering

Full Access
Question # 62

A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256

cisc0xxxxxxxxx command and needs to send SNMP information to a host at 10.255.255.1. Which

command achieves this goal?

A.

snmp-server host inside 10.255.255.1 version 3 myv7

B.

snmp-server host inside 10.255.255.1 snmpv3 myv7

C.

snmp-server host inside 10.255.255.1 version 3 asmith

D.

snmp-server host inside 10.255.255.1 snmpv3 asmith

Full Access
Question # 63

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

A.

Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.

B.

Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.

C.

Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.

D.

Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

Full Access
Question # 64

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this

requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

A.

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

B.

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

D.

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

Full Access
Question # 65

Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?

A.

Configure an advanced custom detection list.

B.

Configure an IP Block & Allow custom detection list

C.

Configure an application custom detection list

D.

Configure a simple custom detection list

Full Access
Question # 66

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A.

Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not

B.

Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C.

URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA

D.

Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA

Full Access
Question # 67

Which API method and required attribute are used to add a device into Cisco DNA Center with the native API?

A.

GET and serialNumber

B.

userSudiSerlalNos and deviceInfo

C.

POST and name

D.

lastSyncTime and pid

Full Access
Question # 68

Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

A.

deployment

B.

consumption

C.

authoring

D.

sharing

Full Access
Question # 69

What does Cisco ISE use to collect endpoint attributes that are used in profiling?

A.

probes

B.

posture assessment

C.

Cisco AnyConnect Secure Mobility Client

D.

Cisco pxGrid

Full Access
Question # 70

Which Cisco WSA feature supports access control using URL categories?

A.

transparent user identification

B.

SOCKS proxy services

C.

web usage controls

D.

user session restrictions

Full Access
Question # 71

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Full Access
Question # 72

A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.

They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?

A.

DMVPN because it supports IKEv2 and FlexVPN does not

B.

FlexVPN because it supports IKEv2 and DMVPN does not

C.

FlexVPN because it uses multiple SAs and DMVPN does not

D.

DMVPN because it uses multiple SAs and FlexVPN does not

Full Access
Question # 73

Which algorithm is an NGE hash function?

A.

HMAC

B.

SHA-1

C.

MD5

D.

SISHA-2

Full Access
Question # 74

Which solution should be leveraged for secure access of a CI/CD pipeline?

A.

Duo Network Gateway

B.

remote access client

C.

SSL WebVPN

D.

Cisco FTD network gateway

Full Access
Question # 75

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1 1 11 using the flow record Stea!thwatch406397954 command Which additional command is required to complete the flow record?

A.

transport udp 2055

B.

match ipv4 ttl

C.

cache timeout active 60

D.

destination 1.1.1.1

Full Access
Question # 76

What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?

A.

blocks traffic from URL categories that are known to contain malicious content

B.

decrypts SSL traffic to monitor for malicious content

C.

monitors suspicious traffic across all the TCP/UDP ports

D.

prevents data exfiltration by searching all the network traffic for specified sensitive information

Full Access
Question # 77

Which Cisco network security device supports contextual awareness?

A.

Firepower

B.

CISCO ASA

C.

Cisco IOS

D.

ISE

Full Access
Question # 78

How does Cisco AMP for Endpoints provide next-generation protection?

A.

It encrypts data on user endpoints to protect against ransomware.

B.

It leverages an endpoint protection platform and endpoint detection and response.

C.

It utilizes Cisco pxGrid, which allows Cisco AMP to pull threat feeds from threat intelligence centers.

D.

It integrates with Cisco FTD devices.

Full Access
Question # 79

Which two parameters are used for device compliance checks? (Choose two.)

A.

endpoint protection software version

B.

Windows registry values

C.

DHCP snooping checks

D.

DNS integrity checks

E.

device operating system version

Full Access
Question # 80

Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?

A.

CoA-NCL

B.

CoA-NAK

C.

СоА-МАВ

D.

CoA-ACK

Full Access
Question # 81

DoS attacks are categorized as what?

A.

phishing attacks

B.

flood attacks

C.

virus attacks

D.

trojan attacks

Full Access
Question # 82

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

A.

Telemetry uses a pull mehod, which makes it more reliable than SNMP

B.

Telemetry uses push and pull, which makes it more scalable than SNMP

C.

Telemetry uses push and pull which makes it more secure than SNMP

D.

Telemetry uses a push method which makes it faster than SNMP

Full Access
Question # 83

Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.

Full Access
Question # 84

Refer to the exhibit. What does this Python script accomplish?

A.

It allows authentication with TLSv1 SSL protocol

B.

It authenticates to a Cisco ISE with an SSH connection.

C.

lt authenticates to a Cisco ISE server using the username of ersad

D.

It lists the LDAP users from the external identity store configured on Cisco ISE

Full Access
Question # 85

An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Clsc427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?

A.

ntp server 192.168.1.110 primary key 1

B.

ntp peer 192.168.1.110 prefer key 1

C.

ntp server 192.168.1.110 key 1 prefer

D.

ntp peer 192.168.1.110 key 1 primary

Full Access
Question # 86

Which system performs compliance checks and remote wiping?

A.

MDM

B.

ISE

C.

AMP

D.

OTP

Full Access
Question # 87

When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?

A.

guest

B.

limited Internet

C.

blocked

D.

full Internet

Full Access
Question # 88

A small organization needs to reduce the VPN bandwidth load on their headend Cisco ASA in order to

ensure that bandwidth is available for VPN users needing access to corporate resources on the10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the

network?

A.

Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only.

B.

Configure VPN load balancing to distribute traffic for the 10.0.0.0/24 network,

C.

Configure VPN load balancing to send non-corporate traffic straight to the internet.

D.

Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network.

Full Access
Question # 89

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A.

Cisco NGFW

B.

Cisco AnyConnect

C.

Cisco AMP for Endpoints

D.

Cisco Duo

Full Access
Question # 90

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

A.

Configure the *.com address in the block list.

B.

Configure the *.domain.com address in the block list

C.

Configure the *.domain.com address in the block list

D.

Configure the domain.com address in the block list

Full Access
Question # 91

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?

A.

Integration

B.

Intent

C.

Event

D.

Multivendor

Full Access
Question # 92

What provides total management for mobile and PC including managing inventory and device tracking, remote view, and live troubleshooting using the included native remote desktop support?

A.

mobile device management

B.

mobile content management

C.

mobile application management

D.

mobile access management

Full Access
Question # 93

What is a characteristic of Dynamic ARP Inspection?

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP

snooping binding database.

B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are

untrusted

C.

DAI associates a trust state with each switch.

D.

DAI intercepts all ARP requests and responses on trusted ports only.

Full Access
Question # 94

Which technology must be used to implement secure VPN connectivity among company branches over a

private IP cloud with any-to-any scalable connectivity?

A.

DMVPN

B.

FlexVPN

C.

IPsec DVTI

D.

GET VPN

Full Access
Question # 95

Which technology is used to improve web traffic performance by proxy caching?

A.

WSA

B.

Firepower

C.

FireSIGHT

D.

ASA

Full Access
Question # 96

Which benefit does endpoint security provide the overall security posture of an organization?

A.

It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B.

It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C.

It allows the organization to detect and respond to threats at the edge of the network.

D.

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Full Access
Question # 97

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

A.

Windows service

B.

computer identity

C.

user identity

D.

Windows firewall

E.

default browser

Full Access
Question # 98

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A.

Group Policy

B.

Access Control Policy

C.

Device Management Policy

D.

Platform Service Policy

Full Access
Question # 99

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

A.

sniffing the packets between the two hosts

B.

sending continuous pings

C.

overflowing the buffer’s memory

D.

inserting malicious commands into the database

Full Access
Question # 100

Why would a user choose an on-premises ESA versus the CES solution?

A.

Sensitive data must remain onsite.

B.

Demand is unpredictable.

C.

The server team wants to outsource this service.

D.

ESA is deployed inline.

Full Access
Question # 101

What is the primary role of the Cisco Email Security Appliance?

A.

Mail Submission Agent

B.

Mail Transfer Agent

C.

Mail Delivery Agent

D.

Mail User Agent

Full Access
Question # 102

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A.

SDN controller and the cloud

B.

management console and the SDN controller

C.

management console and the cloud

D.

SDN controller and the management solution

Full Access
Question # 103

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current

encryption technology?

A.

3DES

B.

RSA

C.

DES

D.

AES

Full Access
Question # 104

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion

Prevention System?

A.

control

B.

malware

C.

URL filtering

D.

protect

Full Access
Question # 105

Which functions of an SDN architecture require southbound APIs to enable communication?

A.

SDN controller and the network elements

B.

management console and the SDN controller

C.

management console and the cloud

D.

SDN controller and the cloud

Full Access
Question # 106

How is Cisco Umbrella configured to log only security events?

A.

per policy

B.

in the Reporting settings

C.

in the Security Settings section

D.

per network in the Deployments section

Full Access
Question # 107

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?

(Choose two)

A.

configure Active Directory Group Policies to push proxy settings

B.

configure policy-based routing on the network infrastructure

C.

reference a Proxy Auto Config file

D.

configure the proxy IP address in the web-browser settings

E.

use Web Cache Communication Protocol

Full Access
Question # 108

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A.

It delivers visibility and threat detection.

B.

It prevents exfiltration of sensitive data.

C.

It assigns Internet-based DNS protection for clients and servers.

D.

It facilitates secure connectivity between public and private networks.

Full Access
Question # 109

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention

System?

A.

Correlation

B.

Intrusion

C.

Access Control

D.

Network Discovery

Full Access
Question # 110

What is the difference between deceptive phishing and spear phishing?

A.

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.

A spear phishing campaign is aimed at a specific person versus a group of people.

C.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Full Access
Question # 111

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak

control method is used to accomplish this task?

A.

device flow correlation

B.

simple detections

C.

application blocking list

D.

advanced custom detections

Full Access
Question # 112

Which algorithm provides encryption and authentication for data plane communication?

A.

AES-GCM

B.

SHA-96

C.

AES-256

D.

SHA-384

Full Access
Question # 113

Under which two circumstances is a CoA issued? (Choose two)

A.

A new authentication rule was added to the policy on the Policy Service node.

B.

An endpoint is deleted on the Identity Service Engine server.

C.

A new Identity Source Sequence is created and referenced in the authentication policy.

D.

An endpoint is profiled for the first time.

E.

A new Identity Service Engine server is added to the deployment with the Administration persona

Full Access
Question # 114

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A.

IP Blacklist Center

B.

File Reputation Center

C.

AMP Reputation Center

D.

IP and Domain Reputation Center

Full Access
Question # 115

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

A.

NetFlow

B.

desktop client

C.

ASDM

D.

API

Full Access
Question # 116

What provides visibility and awareness into what is currently occurring on the network?

A.

CMX

B.

WMI

C.

Prime Infrastructure

D.

Telemetry

Full Access
Question # 117

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the

corporate network. The endpoints must have the corporate antivirus application installed and be running the

latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the

network?

A.

Cisco Identity Services Engine and AnyConnect Posture module

B.

Cisco Stealthwatch and Cisco Identity Services Engine integration

C.

Cisco ASA firewall with Dynamic Access Policies configured

D.

Cisco Identity Services Engine with PxGrid services enabled

Full Access
Question # 118

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Full Access
Question # 119

Refer to the exhibit.

Which command was used to generate this output and to show which ports are

authenticating with dot1x or mab?

A.

show authentication registrations

B.

show authentication method

C.

show dot1x all

D.

show authentication sessions

Full Access
Question # 120

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

A.

DDoS

B.

antispam

C.

antivirus

D.

encryption

E.

DLP

Full Access
Question # 121

What is a feature of the open platform capabilities of Cisco DNA Center?

A.

intent-based APIs

B.

automation adapters

C.

domain integration

D.

application adapters

Full Access
Question # 122

Which deployment model is the most secure when considering risks to cloud adoption?

A.

Public Cloud

B.

Hybrid Cloud

C.

Community Cloud

D.

Private Cloud

Full Access
Question # 123

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)

A.

Enable NetFlow Version 9.

B.

Create an ACL to allow UDP traffic on port 9996.

C.

Apply NetFlow Exporter to the outside interface in the inbound direction.

D.

Create a class map to match interesting traffic.

E.

Define a NetFlow collector by using the flow-export command

Full Access
Question # 124

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

A.

data exfiltration

B.

command and control communication

C.

intelligent proxy

D.

snort

E.

URL categorization

Full Access
Question # 125

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

A.

interpacket variation

B.

software package variation

C.

flow insight variation

D.

process details variation

Full Access
Question # 126

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

A.

accounting

B.

assurance

C.

automation

D.

authentication

E.

encryption

Full Access
Question # 127

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and

operate as a cloud-native CASB. Which solution must be used for this implementation?

A.

Cisco Cloudlock

B.

Cisco Cloud Email Security

C.

Cisco Firepower Next-Generation Firewall

D.

Cisco Umbrella

Full Access
Question # 128

With which components does a southbound API within a software-defined network architecture communicate?

A.

controllers within the network

B.

applications

C.

appliances

D.

devices such as routers and switches

Full Access
Question # 129

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Full Access
Question # 130

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

A.

Modify an access policy

B.

Modify identification profiles

C.

Modify outbound malware scanning policies

D.

Modify web proxy settings

Full Access
Question # 131

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

A.

weak passwords

B.

lack of input validation

C.

missing encryption

D.

lack of file permission

Full Access
Question # 132

What are two benefits of Flexible NetFlow records? (Choose two)

A.

They allow the user to configure flow information to perform customized traffic identification

B.

They provide attack prevention by dropping the traffic

C.

They provide accounting and billing enhancements

D.

They converge multiple accounting technologies into one accounting mechanism

E.

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

Full Access
Question # 133

What are two Trojan malware attacks? (Choose two)

A.

Frontdoor

B.

Rootkit

C.

Smurf

D.

Backdoor

E.

Sync

Full Access
Question # 134

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

A.

SDP

B.

LDAP

C.

subordinate CA

D.

SCP

E.

HTTP

Full Access
Question # 135

What are two functions of secret key cryptography? (Choose two)

A.

key selection without integer factorization

B.

utilization of different keys for encryption and decryption

C.

utilization of large prime number iterations

D.

provides the capability to only know the key on one side

E.

utilization of less memory

Full Access
Question # 136

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Full Access
Question # 137

Drag and drop the common security threats from the left onto the definitions on the right.

Full Access
Question # 138

What is a difference between DMVPN and sVTI?

A.

DMVPN supports tunnel encryption, whereas sVTI does not.

B.

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.

DMVPN provides interoperability with other vendors, whereas sVTI does not.

Full Access
Question # 139

Which type of protection encrypts RSA keys when they are exported and imported?

A.

file

B.

passphrase

C.

NGE

D.

nonexportable

Full Access
Question # 140

Which algorithm provides asymmetric encryption?

A.

RC4

B.

AES

C.

RSA

D.

3DES

Full Access
Question # 141

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

A.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

B.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

C.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

D.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E.

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

Full Access
Question # 142

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A.

file access from a different user

B.

interesting file access

C.

user login suspicious behavior

D.

privilege escalation

Full Access
Question # 143

Drag and drop the capabilities from the left onto the correct technologies on the right.

Full Access
Question # 144

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.

How does the switch behave in this situation?

A.

It forwards the packet after validation by using the MAC Binding Table.

B.

It drops the packet after validation by using the IP & MAC Binding Table.

C.

It forwards the packet without validation.

D.

It drops the packet without validation.

Full Access
Question # 145

Refer to the exhibit.

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is

complaining that an IP address is not being obtained. Which command should be configured on the switch

interface in order to provide the user with network connectivity?

A.

ip dhcp snooping verify mac-address

B.

ip dhcp snooping limit 41

C.

ip dhcp snooping vlan 41

D.

ip dhcp snooping trust

Full Access
Question # 146

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A.

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Full Access
Question # 147

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

A.

PSIRT

B.

Talos

C.

CSIRT

D.

DEVNET

Full Access
Question # 148

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A.

LDAP injection

B.

man-in-the-middle

C.

cross-site scripting

D.

insecure API

Full Access
Question # 149

What is a function of 3DES in reference to cryptography?

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Full Access
Question # 150

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Full Access
Question # 151

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Full Access
Question # 152

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

A.

TCP 6514

B.

UDP 1700

C.

TCP 49

D.

UDP 1812

Full Access
Question # 153

Which type of algorithm provides the highest level of protection against brute-force attacks?

A.

PFS

B.

HMAC

C.

MD5

D.

SHA

Full Access
Question # 154

What is a capability of Cisco ASA Netflow?

A.

It filters NSEL events based on traffic

B.

It generates NSEL events even if the MPF is not configured

C.

It logs all event types only to the same collector

D.

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

Full Access
Question # 155

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Full Access
Question # 156

What is managed by Cisco Security Manager?

A.

access point

B.

WSA

C.

ASA

D.

ESA

Full Access
Question # 157

Which attack type attempts to shut down a machine or network so that users are not able to access it?

A.

smurf

B.

bluesnarfing

C.

MAC spoofing

D.

IP spoofing

Full Access
Question # 158

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

A.

buffer overflow

B.

DoS

C.

SQL injection

D.

phishing

Full Access
Question # 159

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

A.

a Network Discovery policy to receive data from the host

B.

a Threat Intelligence policy to download the data from the host

C.

a File Analysis policy to send file data into Cisco Firepower

D.

a Network Analysis policy to receive NetFlow data from the host

Full Access
Question # 160

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for

violations. The organization wants a copy of the message to be delivered with a message added to flag it as a

DLP violation. Which actions must be performed in order to provide this capability?

A.

deliver and send copies to other recipients

B.

quarantine and send a DLP violation notification

C.

quarantine and alter the subject header with a DLP violation

D.

deliver and add disclaimer text

Full Access
Question # 161

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

A.

The policy was created to send a message to quarantine instead of drop

B.

The file has a reputation score that is above the threshold

C.

The file has a reputation score that is below the threshold

D.

The policy was created to disable file analysis

Full Access
Question # 162

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Full Access
Question # 163

Which type of API is being used when a controller within a software-defined network architecture dynamically

makes configuration changes on switches within the network?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 164

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A.

Configure the Cisco WSA to modify policies based on the traffic seen

B.

Configure the Cisco ESA to receive real-time updates from Talos

C.

Configure the Cisco WSA to receive real-time updates from Talos

D.

Configure the Cisco ESA to modify policies based on the traffic seen

Full Access
Question # 165

What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

A.

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

B.

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

C.

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

D.

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot

Full Access
Question # 166

Which risk is created when using an Internet browser to access cloud-based service?

A.

misconfiguration of infrastructure, which allows unauthorized access

B.

intermittent connection to the cloud connectors

C.

vulnerabilities within protocol

D.

insecure implementation of API

Full Access
Question # 167

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally

manage cloud policies across these platforms. Which software should be used to accomplish this goal?

A.

Cisco Defense Orchestrator

B.

Cisco Secureworks

C.

Cisco DNA Center

D.

Cisco Configuration Professional

Full Access
Question # 168

Refer to the exhibit.

What will happen when the Python script is executed?

A.

The hostname will be translated to an IP address and printed.

B.

The hostname will be printed for the client in the client ID field.

C.

The script will pull all computer hostnames and print them.

D.

The script will translate the IP address to FODN and print it

Full Access
Question # 169

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint

Protection Platform?

A.

when there is a need for traditional anti-malware detection

B.

when there is no need to have the solution centrally managed

C.

when there is no firewall on the network

D.

when there is a need to have more advanced detection capabilities

Full Access
Question # 170

Refer to the exhibit.

Which type of authentication is in use?

A.

LDAP authentication for Microsoft Outlook

B.

POP3 authentication

C.

SMTP relay server authentication

D.

external user and relay mail authentication

Full Access
Question # 171

Refer to the exhibit.

What will happen when this Python script is run?

A.

The compromised computers and malware trajectories will be received from Cisco AMP

B.

The list of computers and their current vulnerabilities will be received from Cisco AMP

C.

The compromised computers and what compromised them will be received from Cisco AMP

D.

The list of computers, policies, and connector statuses will be received from Cisco AMP

Full Access
Question # 172

What is the role of an endpoint in protecting a user from a phishing attack?

A.

Use Cisco Stealthwatch and Cisco ISE Integration.

B.

Utilize 802.1X network security to ensure unauthorized access to resources.

C.

Use machine learning models to help identify anomalies and determine expected sending behavior.

D.

Ensure that antivirus and anti malware software is up to date

Full Access
Question # 173

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 174

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

A.

Use security services to configure the traffic monitor, .

B.

Use URL categorization to prevent the application traffic.

C.

Use an access policy group to configure application control settings.

D.

Use web security reporting to validate engine functionality

Full Access
Question # 175

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of the

product, whereas with a cloud-based solution, the provider is responsible for it.

Full Access
Question # 176

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A.

Google Cloud Platform

B.

Red Hat Enterprise Visualization

C.

VMware ESXi

D.

Amazon Web Services

Full Access
Question # 177

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

A.

To protect the endpoint against malicious file transfers

B.

To ensure that assets are secure from malicious links on and off the corporate network

C.

To establish secure VPN connectivity to the corporate network

D.

To enforce posture compliance and mandatory software

Full Access
Question # 178

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network

is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

A.

AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

B.

The file is queued for upload when connectivity is restored.

C.

The file upload is abandoned.

D.

The ESA immediately makes another attempt to upload the file.

Full Access
Question # 179

An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

A.

Set a trusted interface for the DHCP server

B.

Set the DHCP snooping bit to 1

C.

Add entries in the DHCP snooping database

D.

Enable ARP inspection for the required VLAN

Full Access
Question # 180

What are two DDoS attack categories? (Choose two)

A.

sequential

B.

protocol

C.

database

D.

volume-based

E.

screen-based

Full Access
Question # 181

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen

on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose

two)

A.

permit

B.

trust

C.

reset

D.

allow

E.

monitor

Full Access
Question # 182

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

A.

Ethos Engine to perform fuzzy fingerprinting

B.

Tetra Engine to detect malware when me endpoint is connected to the cloud

C.

Clam AV Engine to perform email scanning

D.

Spero Engine with machine learning to perform dynamic analysis

Full Access
Question # 183

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with

other cloud solutions via an API. Which solution should be used to accomplish this goal?

A.

SIEM

B.

CASB

C.

Adaptive MFA

D.

Cisco Cloudlock

Full Access
Question # 184

What is the benefit of installing Cisco AMP for Endpoints on a network?

A.

It provides operating system patches on the endpoints for security.

B.

It provides flow-based visibility for the endpoints network connections.

C.

It enables behavioral analysis to be used for the endpoints.

D.

It protects endpoint systems through application control and real-time scanning

Full Access
Question # 185

What is an attribute of the DevSecOps process?

A.

mandated security controls and check lists

B.

security scanning and theoretical vulnerabilities

C.

development security

D.

isolated security team

Full Access
Question # 186

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the

command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

A.

The key server that is managing the keys for the connection will be at 1.2.3.4

B.

The remote connection will only be allowed from 1.2.3.4

C.

The address that will be used as the crypto validation authority

D.

All IP addresses other than 1.2.3.4 will be allowed

Full Access
Question # 187

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A.

Cisco Cloudlock

B.

Cisco Umbrella

C.

Cisco AMP

D.

Cisco App Dynamics

Full Access
Question # 188

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A.

service management

B.

centralized management

C.

application management

D.

distributed management

Full Access
Question # 189

Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A.

configure manager add DONTRESOLVE kregistration key>

B.

configure manager add 16

C.

configure manager add DONTRESOLVE FTD123

D.

configure manager add

Full Access