Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: myex65

Home > Cisco > CCNP Security > 350-701

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Question and Answers

Question # 4

An organization recently installed a Cisco Secure Web Appliance and would like to take advantage of the AVC engine to allow the organization to create a policy to control application-specific activity. After enabling the AVC engine, what must be done to implement this?

A.

Use an access policy group to configure application control settings.

B.

Use security services to configure the traffic monitor.

C.

Use URL categorization to prevent the application traffic.

D.

Use web security reporting to validate engine functionality.

Full Access
Question # 5

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

A.

need to be reestablished with stateful failover and preserved with stateless failover

B.

preserved with stateful failover and need to be reestablished with stateless failover

C.

preserved with both stateful and stateless failover

D.

need to be reestablished with both stateful and stateless failover

Full Access
Question # 6

Which feature is used to restrict communication between interfaces on a Cisco ASA?

A.

VLAN subinterfaces

B.

Traffic zones

C.

Security levels

D.

VxLAN interfaces

Full Access
Question # 7

Which security solution is used for posture assessment of the endpoints in a BYOD solution?

A.

Cisco FTD

B.

Cisco ASA

C.

Cisco Umbrella

D.

Cisco ISE

Full Access
Question # 8

Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

A.

IP and Domain Reputation Center

B.

File Reputation Center

C.

IP Slock List Center

D.

AMP Reputation Center

Full Access
Question # 9

Which information is required when adding a device to Firepower Management Center?

A.

username and password

B.

encryption method

C.

device serial number

D.

registration key

Full Access
Question # 10

What are two functionalities of SDN Northbound APIs? (Choose two.)

A.

Northbound APIs provide a programmable interface for applications to dynamically configure the network.

B.

Northbound APIs form the interface between the SDN controller and business applications.

C.

OpenFlow is a standardized northbound API protocol.

D.

Northbound APIs use the NETCONF protocol to communicate with applications.

E.

Northbound APIs form the interface between the SDN controller and the network switches or routers.

Full Access
Question # 11

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch

was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate

the risk of this ransom ware infection? (Choose two)

A.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowingaccess on the network.

B.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowingaccess on the network.

C.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is metbefore allowing access on the network.

D.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicatethroughout the network.

E.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Full Access
Question # 12

An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?

A.

Provision the email appliance

B.

Deploy an encryption appliance.

C.

Map sender !P addresses to a host interface.

D.

Enable flagged message handling

Full Access
Question # 13

Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

A.

PaaS

B.

XaaS

C.

IaaS

D.

SaaS

Full Access
Question # 14

Which Cisco AMP file disposition valid?

A.

pristine

B.

malware

C.

dirty

D.

non malicious

Full Access
Question # 15

Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the

network?

A.

Posture

B.

Profiling

C.

pxGrid

D.

MAB

Full Access
Question # 16

What is a language format designed to exchange threat intelligence that can be transported over the TAXII

protocol?

A.

STIX

B.

XMPP

C.

pxGrid

D.

SMTP

Full Access
Question # 17

What is a characteristic of an EDR solution and not of an EPP solution?

A.

stops all ransomware attacks

B.

retrospective analysis

C.

decrypts SSL traffic for better visibility

D.

performs signature-based detection

Full Access
Question # 18

An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal?

A.

CDO event viewer

B.

SWC service

C.

Cisco analytics

D.

SDC VM

Full Access
Question # 19

Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.

Full Access
Question # 20

Which technology reduces data loss by identifying sensitive information stored in public computing

environments?

A.

Cisco SDA

B.

Cisco Firepower

C.

Cisco HyperFlex

D.

Cisco Cloudlock

Full Access
Question # 21

Which function is performed by certificate authorities but is a limitation of registration authorities?

A.

accepts enrollment requests

B.

certificate re-enrollment

C.

verifying user identity

D.

CRL publishing

Full Access
Question # 22

Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A.

GET VPN

B.

IPsec DVTI

C.

DMVPN

D.

FlexVPN

Full Access
Question # 23

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

A.

WSAv performance

B.

AVC performance

C.

OTCP performance

D.

RTP performance

Full Access
Question # 24

What are two workloaded security models? (Choose two)

A.

SaaS

B.

IaaS

C.

on-premises

D.

off-premises

E.

PaaS

Full Access
Question # 25

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

A.

Hybrid

B.

Community

C.

Private

D.

Public

Full Access
Question # 26

Why is it important to implement MFA inside of an organization?

A.

To prevent man-the-middle attacks from being successful.

B.

To prevent DoS attacks from being successful.

C.

To prevent brute force attacks from being successful.

D.

To prevent phishing attacks from being successful.

Full Access
Question # 27

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

A.

AMP

B.

AnyConnect

C.

DynDNS

D.

Talos

Full Access
Question # 28

Refer to the exhibit.

What will happen when the Python script is executed?

A.

The hostname will be translated to an IP address and printed.

B.

The hostname will be printed for the client in the client ID field.

C.

The script will pull all computer hostnames and print them.

D.

The script will translate the IP address to FODN and print it

Full Access
Question # 29

Which type of encryption uses a public key and private key?

A.

Asymmetric

B.

Symmetric

C.

Linear

D.

Nonlinear

Full Access
Question # 30

Which type of API is being used when a controller within a software-defined network architecture dynamically

makes configuration changes on switches within the network?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 31

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A.

It decrypts HTTPS application traffic for unauthenticated users.

B.

It alerts users when the WSA decrypts their traffic.

C.

It decrypts HTTPS application traffic for authenticated users.

D.

It provides enhanced HTTPS application detection for AsyncOS.

Full Access
Question # 32

Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right.

Full Access
Question # 33

Which ESA implementation method segregates inbound and outbound email?

A.

one listener on a single physical Interface

B.

pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address

C.

pair of logical IPv4 listeners and a pair Of IPv6 listeners on two physically separate interfaces

D.

one listener on one logical IPv4 address on a single logical interface

Full Access
Question # 34

Which policy does a Cisco Secure Web Appliance use to block or monitor URL requests based on the reputation score?

A.

Encryption

B.

Enforcement Security

C.

Cisco Data Security

D.

Outbound Malware Scanning

Full Access
Question # 35

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

A.

biometric factor

B.

time factor

C.

confidentiality factor

D.

knowledge factor

E.

encryption factor

Full Access
Question # 36

In which scenario is endpoint-based security the solution?

A.

inspecting encrypted traffic

B.

device profiling and authorization

C.

performing signature-based application control

D.

inspecting a password-protected archive

Full Access
Question # 37

A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?

A.

Implement synchronized system clock on TACACS server that matches the network device.

B.

Install a compatible operating system version on the TACACS server.

C.

Configure the TACACS key on the server to match with the network device.

D.

Apply an access control list on TACACS server to allow communication with the network device.

Full Access
Question # 38

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A.

It delivers visibility and threat detection.

B.

It prevents exfiltration of sensitive data.

C.

It assigns Internet-based DNS protection for clients and servers.

D.

It facilitates secure connectivity between public and private networks.

Full Access
Question # 39

Which two devices support WCCP for traffic redirection? (Choose two.)

A.

Cisco Secure Web Appliance

B.

Cisco IOS

C.

proxy server

D.

Cisco ASA

E.

Cisco IPS

Full Access
Question # 40

Which Cisco security solution integrates with cloud applications like Dropbox and Office 365 while protecting data from being exfiltrated?

A.

Cisco Tajos

B.

Cisco Steaithwatch Cloud

C.

Cisco Cloudlock

D.

Cisco Umbrella Investigate

Full Access
Question # 41

What is a feature of NetFlow Secure Event Logging?

A.

It exports only records that indicate significant events in a flow.

B.

It filters NSEL events based on the traffic and event type through RSVP.

C.

It delivers data records to NSEL collectors through NetFlow over TCP only.

D.

It supports v5 and v8 templates.

Full Access
Question # 42

Which Cisco platform ensures that machines that connect to organizational networks have the recommended

antivirus definitions and patches to help prevent an organizational malware outbreak?

A.

Cisco WiSM

B.

Cisco ESA

C.

Cisco ISE

D.

Cisco Prime Infrastructure

Full Access
Question # 43

A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)

A.

using Cisco Umbrella

B.

using Cisco ESA

C.

using Cisco FTD

D.

using an inline IPS/IDS in the network

E.

using Cisco ISE

Full Access
Question # 44

An engineer needs to detect and quarantine a file named abc424400664 zip based on the MD5 signature of the file using the Outbreak Control list feature within Cisco Advanced Malware Protection (AMP) for Endpoints The configured detection method must work on files of unknown disposition Which Outbreak Control list must be configured to provide this?

A.

Blocked Application

B.

Simple Custom Detection

C.

Advanced Custom Detection

D.

Android Custom Detection

Full Access
Question # 45

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from

Cisco and other vendors to share data and interoperate with each other?

A.

Advanced Malware Protection

B.

Platform Exchange Grid

C.

Multifactor Platform Integration

D.

Firepower Threat Defense

Full Access
Question # 46

Which solution stops unauthorized access to the system if a user's password is compromised?

A.

VPN

B.

MFA

C.

AMP

D.

SSL

Full Access
Question # 47

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the

configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

A.

The engineer is attempting to upload a hash created using MD5 instead of SHA-256

B.

The file being uploaded is incompatible with simple detections and must use advanced detections

C.

The hash being uploaded is part of a set in an incorrect format

D.

The engineer is attempting to upload a file instead of a hash

Full Access
Question # 48

What is a benefit of using Cisco FMC over Cisco ASDM?

A.

Cisco FMC uses Java while Cisco ASDM uses HTML5.

B.

Cisco FMC provides centralized management while Cisco ASDM does not.

C.

Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

D.

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

Full Access
Question # 49

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the

ASA be added on the Cisco UC Manager platform?

A.

Certificate Trust List

B.

Endpoint Trust List

C.

Enterprise Proxy Service

D.

Secured Collaboration Proxy

Full Access
Question # 50

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

A.

accounting

B.

assurance

C.

automation

D.

authentication

E.

encryption

Full Access
Question # 51

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Full Access
Question # 52

Which Cisco Firewall solution requires zone definition?

A.

CBAC

B.

Cisco AMP

C.

ZBFW

D.

Cisco ASA

Full Access
Question # 53

What is the concept of Cl/CD pipelining?

A.

The project is split into several phases where one phase cannot start before the previous phase finishes successfully.

B.

The project code is centrally maintained and each code change should trigger an automated build and test sequence

C.

The project is split into time-limited cycles and focuses on pair programming for continuous code review

D.

Each project phase is independent from other phases to maintain adaptiveness and continual improvement

Full Access
Question # 54

Which statement describes a serverless application?

A.

The application delivery controller in front of the server farm designates on which server the application runs each time.

B.

The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

C.

The application is installed on network equipment and not on physical servers.

D.

The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

Full Access
Question # 55

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256

cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

A.

snmp-server host inside 10.255.254.1 version 3 andy

B.

snmp-server host inside 10.255.254.1 version 3 myv3

C.

snmp-server host inside 10.255.254.1 snmpv3 andy

D.

snmp-server host inside 10.255.254.1 snmpv3 myv3

Full Access
Question # 56

What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

A.

It defines what data is going to be encrypted via the VPN

B.

lt configures the pre-shared authentication key

C.

It prevents all IP addresses from connecting to the VPN server.

D.

It configures the local address for the VPN server.

Full Access
Question # 57

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)

A.

Create an LDAP authentication realm and disable transparent user identification.

B.

Create NTLM or Kerberos authentication realm and enable transparent user identification.

C.

Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

D.

The eDirectory client must be installed on each client workstation.

E.

Deploy a separate eDirectory server; the dent IP address is recorded in this server.

Full Access
Question # 58

How is a cross-site scripting attack executed?

A.

Force a currently authenticated end user to execute unwanted actions on a web app

B.

Execute malicious client-side scripts injected to a client via a web app

C.

Inject a database query via the input data from the client to a web app

D.

Intercept communications between a client and a web server

Full Access
Question # 59

DoS attacks are categorized as what?

A.

phishing attacks

B.

flood attacks

C.

virus attacks

D.

trojan attacks

Full Access
Question # 60

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

A.

Cisco AMP for Endpoints

B.

Cisco AnyConnect

C.

Cisco Umbrella

D.

Cisco Duo

Full Access
Question # 61

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Full Access
Question # 62

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Full Access
Question # 63

Which two preventive measures are used to control cross-site scripting? (Choose two)

A.

Enable client-side scripts on a per-domain basis.

B.

Incorporate contextual output encoding/escaping.

C.

Disable cookie inspection in the HTML inspection engine.

D.

Run untrusted HTML input through an HTML sanitization engine.

E.

Same Site cookie attribute should not be used.

Full Access
Question # 64

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?

A.

denial -of-service

B.

cross-site request forgery

C.

man-in-the-middle

D.

SQL injection

Full Access
Question # 65

Which two parameters are used to prevent a data breach in the cloud? (Choose two.)

A.

DLP solutions

B.

strong user authentication

C.

encryption

D.

complex cloud-based web proxies

E.

antispoofing programs

Full Access
Question # 66

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

A.

Use security services to configure the traffic monitor, .

B.

Use URL categorization to prevent the application traffic.

C.

Use an access policy group to configure application control settings.

D.

Use web security reporting to validate engine functionality

Full Access
Question # 67

What is the function of SDN southbound API protocols?

A.

to allow for the dynamic configuration of control plane applications

B.

to enable the controller to make changes

C.

to enable the controller to use REST

D.

to allow for the static configuration of control plane applications

Full Access
Question # 68

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A.

DHCP snooping has not been enabled on all VLANs.

B.

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

C.

Dynamic ARP Inspection has not been enabled on all VLANs

D.

The no ip arp inspection trust command is applied on all user host interfaces

Full Access
Question # 69

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention

System?

A.

Correlation

B.

Intrusion

C.

Access Control

D.

Network Discovery

Full Access
Question # 70

An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing file named abc424952615.exe without quarantining that file What type of Outbreak Control list must the SHA.-256 hash value for the file be added to in order to accomplish this?

A.

Advanced Custom Detection

B.

Blocked Application

C.

Isolation

D.

Simple Custom Detection

Full Access
Question # 71

Drag and drop the common security threats from the left onto the definitions on the right.

Full Access
Question # 72

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.

Full Access
Question # 73

Which portion of the network do EPP solutions solely focus on and EDR solutions do not?

A.

server farm

B.

perimeter

C.

core

D.

East-West gateways

Full Access
Question # 74

A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.

They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?

A.

DMVPN because it supports IKEv2 and FlexVPN does not

B.

FlexVPN because it supports IKEv2 and DMVPN does not

C.

FlexVPN because it uses multiple SAs and DMVPN does not

D.

DMVPN because it uses multiple SAs and FlexVPN does not

Full Access
Question # 75

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A.

Smurf

B.

distributed denial of service

C.

cross-site scripting

D.

rootkit exploit

Full Access
Question # 76

An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?

A.

Configure Cisco Secure Workload to detect anomalies and vulnerabilities.

B.

Use Cisco ISE to provide application visibility and restrict access to them.

C.

Implement Cisco Umbrella lo control the access each application is granted.

D.

Modify the Cisco Duo configuration to restrict access between applications.

Full Access
Question # 77

Which two activities can be done using Cisco DNA Center? (Choose two)

A.

DHCP

B.

Design

C.

Accounting

D.

DNS

E.

Provision

Full Access
Question # 78

Which type of attack is MFA an effective deterrent for?

A.

ping of death

B.

phishing

C.

teardrop

D.

syn flood

Full Access
Question # 79

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

A.

SDP

B.

LDAP

C.

subordinate CA

D.

SCP

E.

HTTP

Full Access
Question # 80

Which two capabilities does TAXII support? (Choose two)

A.

Exchange

B.

Pull messaging

C.

Binding

D.

Correlation

E.

Mitigating

Full Access
Question # 81

What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?

A.

public collection of threat intelligence feeds

B.

threat intelligence sharing organization

C.

language used to represent security information

D.

service used to exchange security information

Full Access
Question # 82

Which baseline form of telemetry is recommended for network infrastructure devices?

A.

SDNS

B.

NetFlow

C.

passive taps

D.

SNMP

Full Access
Question # 83

Refer to the exhibit. What is the result of the Python script?

A.

It uses the POST HTTP method to obtain a username and password to be used for authentication.

B.

It uses the POST HTTP method to obtain a token to be used for authentication.

C.

It uses the GET HTTP method to obtain a token to be used for authentication.

D.

It uses the GET HTTP method to obtain a username and password to be used for authentication

Full Access
Question # 84

An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?

A.

Authorize Dropbox within the Platform settings in the Cisco Cloudlock portal.

B.

Add Dropbox to the Cisco Cloudlock Authentication and API section in the Cisco Cloudlock portal.

C.

Send an API request to Cisco Cloudlock from Dropbox admin portal.

D.

Add Cisco Cloudlock to the Dropbox admin portal.

Full Access
Question # 85

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

A.

Nexus

B.

Stealthwatch

C.

Firepower

D.

Tetration

Full Access
Question # 86

Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?

A.

W32/AutoRun worm

B.

HeartBleed SSL Bug

C.

Spectre Worm

D.

Eternal Blue Windows

Full Access
Question # 87

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest

access, and the same guest portal is used as the BYOD portal?

A.

single-SSID BYOD

B.

multichannel GUI

C.

dual-SSID BYOD

D.

streamlined access

Full Access
Question # 88

Refer to the exhibit. What is the result of using this authentication protocol in the configuration?

A.

The authentication request contains only a username.

B.

The authentication request contains only a password.

C.

There are separate authentication and authorization request packets.

D.

The authentication and authorization requests are grouped in a single packet.

Full Access
Question # 89

What is the benefit of integrating Cisco ISE with a MDM solution?

A.

It provides compliance checks for access to the network

B.

It provides the ability to update other applications on the mobile device

C.

It provides the ability to add applications to the mobile device through Cisco ISE

D.

It provides network device administration access

Full Access
Question # 90

v

Refer to the exhibit When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZjnside zone once the configuration is deployed?

A.

All traffic from any zone to the DMZ_inside zone will be permitted with no further inspection

B.

No traffic will be allowed through to the DMZ_inside zone regardless of if it's trusted or not

C.

All traffic from any zone will be allowed to the DMZ_inside zone only after inspection

D.

No traffic will be allowed through to the DMZ_inside zone unless it's already trusted

Full Access
Question # 91

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A.

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Full Access
Question # 92

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?

A.

Restrict access to only websites with trusted third-party signed certificates.

B.

Modify the user’s browser settings to suppress errors from Cisco Umbrella.

C.

Upload the organization root CA to Cisco Umbrella.

D.

Install the Cisco Umbrella root CA onto the user’s device.

Full Access
Question # 93

Which type of attack is social engineering?

A.

trojan

B.

phishing

C.

malware

D.

MITM

Full Access
Question # 94

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

A.

Only requests that originate from a configured NAS IP are accepted by a RADIUS server

B.

The RADIUS authentication key is transmitted only from the defined RADIUS source interface

C.

RADIUS requests are generated only by a router if a RADIUS source interface is defined.

D.

Encrypted RADIUS authentication requires the RADIUS source interface be defined

Full Access
Question # 95

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,

data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity

platform. What should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco Cloud Email Security

C.

Cisco NGFW

D.

Cisco Cloudlock

Full Access
Question # 96

Refer to the exhibit.

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

A.

authentication open

B.

dotlx reauthentication

C.

cisp enable

D.

dot1x pae authenticator

Full Access
Question # 97

What is a benefit of conducting device compliance checks?

A.

It indicates what type of operating system is connecting to the network.

B.

It validates if anti-virus software is installed.

C.

It scans endpoints to determine if malicious activity is taking place.

D.

It detects email phishing attacks.

Full Access
Question # 98

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Full Access
Question # 99

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?

A.

AFL

B.

Fuzzing Framework

C.

Radamsa

D.

OWASP

Full Access
Question # 100

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

A.

Modify an access policy

B.

Modify identification profiles

C.

Modify outbound malware scanning policies

D.

Modify web proxy settings

Full Access
Question # 101

A network engineer is configuring NetFlow top talkers on a Cisco router Drag and drop the steps in the process from the left into the sequence on the right

Full Access
Question # 102

Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other

interoperable security platforms?

A.

IEEE

B.

IETF

C.

NIST

D.

ANSI

Full Access
Question # 103

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A.

TLSv1.2

B.

TLSv1.1

C.

BJTLSv1

D.

DTLSv1

Full Access
Question # 104

Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?

A.

imports requests

B.

HTTP authorization

C.

HTTP authentication

D.

plays dent ID

Full Access
Question # 105

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A.

Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not

B.

Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C.

URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA

D.

Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA

Full Access
Question # 106

What is a benefit of an endpoint patch management strategy?

A.

Patches are deployed without a testing phase.

B.

Fewer staff is needed to manage the endpoints.

C.

Endpoints are resistant to vulnerabilities.

D.

Ensures adherence to regulatory and compliance standards.

Full Access
Question # 107

Drag and drop the solutions from the left onto the solution's benefits on the right.

Full Access
Question # 108

Which deployment model is the most secure when considering risks to cloud adoption?

A.

Public Cloud

B.

Hybrid Cloud

C.

Community Cloud

D.

Private Cloud

Full Access
Question # 109

An engineer must deploy a Cisco Secure Web Appliance. Antimalware scanning must use the Outbreak Heuristics antimalware category on files identified as malware before performing any other processes. What must be configured on the Secure Web Appliance to meet the requirements?

A.

Sophos scanning engine

B.

Webroot scanning engine

C.

McAfee scanning engine

D.

Adaptive Scanning

Full Access
Question # 110

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

A.

Malware installation

B.

Command-and-control communication

C.

Network footprinting

D.

Data exfiltration

Full Access
Question # 111

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

A.

PSIRT

B.

Talos

C.

CSIRT

D.

DEVNET

Full Access
Question # 112

What is the purpose of a NetFlow version 9 template record?

A.

It specifies the data format of NetFlow processes.

B.

It provides a standardized set of information about an IP flow.

C.

lt defines the format of data records.

D.

It serves as a unique identification number to distinguish individual data records

Full Access
Question # 113

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; theIPsec configuration is copied automatically

B.

The active and standby devices can run different versions of the Cisco IOS software but must be the sametype of device.

C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

D.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;the IKE configuration is copied automatically.

E.

The active and standby devices must run the same version of the Cisco IOS software and must be thesame type of device

Full Access
Question # 114

Which two key and block sizes are valid for AES? (Choose two)

A.

64-bit block size, 112-bit key length

B.

64-bit block size, 168-bit key length

C.

128-bit block size, 192-bit key length

D.

128-bit block size, 256-bit key length

E.

192-bit block size, 256-bit key length

Full Access
Question # 115

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

A.

Cisco Endpoint Security Analytics

B.

Cisco AMP for Endpoints

C.

Endpoint Compliance Scanner

D.

Security Posture Assessment Service

Full Access
Question # 116

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Full Access
Question # 117

A mall provides security services to customers with a shared appliance. The mall wants separation of

management on the shared appliance. Which ASA deployment mode meets these needs?

A.

routed mode

B.

transparent mode

C.

multiple context mode

D.

multiple zone mode

Full Access
Question # 118

An engineer is implementing NAC for LAN users on a segmented network. The engineer confirms that the device of each user is supported and the Cisco switch configuration is correct.

Which configuration should be made next to ensure there are no authentication issues?

A.

Disable the host firewall.

B.

Enable TACACS+ on the switch.

C.

Open TCP port 49.

D.

Permit UDP port 1812.

Full Access
Question # 119

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

A.

Place the Cisco ISE server and the AD server in the same subnet

B.

Configure a common administrator account

C.

Configure a common DNS server

D.

Synchronize the clocks of the Cisco ISE server and the AD server

Full Access
Question # 120

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?

A.

Cisco Stealthwatch Cloud

B.

Cisco Umbrella

C.

NetFlow collectors

D.

Cisco Cloudlock

Full Access
Question # 121

Which VPN technology supports a multivendor environment and secure traffic between sites?

A.

FlexVPN

B.

DMVPN

C.

SSL VPN

D.

GET VPN

Full Access
Question # 122

While using Cisco Secure Firewall's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)

A.

URLs

B.

MAC addresses

C.

Port numbers

D.

IP addresses

E.

Protocol IDs

Full Access
Question # 123

What is a benefit of using Cisco AVC (Application Visibility and Control) for application control?

A.

management of application sessions

B.

retrospective application analysis

C.

zero-trust approach

D.

dynamic application scanning

Full Access
Question # 124

A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:// /capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

A.

Disable the proxy setting on the browser

B.

Disable the HTTPS server and use HTTP instead

C.

Use the Cisco FTD IP address as the proxy server setting on the browser

D.

Enable the HTTPS server for the device platform policy

Full Access
Question # 125

In which cloud services model is the tenant responsible for virtual machine OS patching?

A.

IaaS

B.

UCaaS

C.

PaaS

D.

SaaS

Full Access
Question # 126

An organization wants to provide visibility and to identify active threats in its network using a VM. The

organization wants to extract metadata from network packet flow while ensuring that payloads are not retained

or transferred outside the network. Which solution meets these requirements?

A.

Cisco Umbrella Cloud

B.

Cisco Stealthwatch Cloud PNM

C.

Cisco Stealthwatch Cloud PCM

D.

Cisco Umbrella On-Premises

Full Access
Question # 127

Why should organizations migrate to an MFA strategy for authentication?

A.

Single methods of authentication can be compromised more easily than MFA.

B.

Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.

C.

MFA methods of authentication are never compromised.

D.

MFA does not require any piece of evidence for an authentication mechanism.

Full Access
Question # 128

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

A.

cloud web services

B.

network AMP

C.

private cloud

D.

public cloud

Full Access
Question # 129

Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?

A.

supports VMware vMotion on VMware ESXi

B.

requires an additional license

C.

performs transparent redirection

D.

supports SSL decryption

Full Access
Question # 130

A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN

and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco

security appliance meets these requirements?

A.

Cisco Cloud Orchestrator

B.

Cisco ASAV

C.

Cisco WSAV

D.

Cisco Stealthwatch Cloud

Full Access
Question # 131

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 132

Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.

Full Access
Question # 133

How is DNS tunneling used to exfiltrate data out of a corporate network?

A.

It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

B.

It encodes the payload with random characters that are broken into short strings and the DNS serverrebuilds the exfiltrated data.

C.

It redirects DNS requests to a malicious server used to steal user credentials, which allows further damageand theft on the network.

D.

It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Full Access
Question # 134

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?

A.

Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address

B.

Use the tenant control features to identify each subnet being used and track the connections within theCisco Umbrella dashboard

C.

Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard

D.

Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

Full Access
Question # 135

A customer has various external HTTP resources available including Intranet Extranet and Internet, with a

proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured

to select when to connect direct or when to use the proxy?

A.

Transport mode

B.

Forward file

C.

PAC file

D.

Bridge mode

Full Access
Question # 136

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A.

Cisco Advanced Malware Protection

B.

Cisco Stealthwatch

C.

Cisco Identity Services Engine

D.

Cisco AnyConnect

Full Access
Question # 137

Which risk is created when using an Internet browser to access cloud-based service?

A.

misconfiguration of infrastructure, which allows unauthorized access

B.

intermittent connection to the cloud connectors

C.

vulnerabilities within protocol

D.

insecure implementation of API

Full Access
Question # 138

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Intelligent proxy and SSL decryption is disabled in the policy.

D.

Client computers do not have an SSL certificate deployed from an internal CA server.

Full Access
Question # 139

What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physical Secure Email Gateway?

A.

simplifies the distribution of software updates

B.

provides faster performance

C.

provides an automated setup process

D.

enables the allocation of additional resources

Full Access
Question # 140

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Full Access
Question # 141

What is a function of 3DES in reference to cryptography?

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Full Access
Question # 142

Which action configures the IEEE 802.1X Flexible Authentication feature lo support Layer 3 authentication mechanisms?

A.

Identity the devices using this feature and create a policy that allows them to pass Layer 2 authentication.

B.

Configure WebAuth so the hosts are redirected to a web page for authentication.

C.

Modify the Dot1x configuration on the VPN server lo send Layer 3 authentications to an external authentication database

D.

Add MAB into the switch to allow redirection to a Layer 3 device for authentication.

Full Access
Question # 143

What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)

A.

It is defined as a Transparent proxy deployment.

B.

In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.

C.

The PAC file, which references the proxy, is deployed to the client web browser.

D.

It is defined as an Explicit proxy deployment.

E.

It is defined as a Bridge proxy deployment.

Full Access
Question # 144

Which attribute has the ability to change during the RADIUS CoA?

A.

NTP

B.

Authorization

C.

Accessibility

D.

Membership

Full Access
Question # 145

With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your

environment?

A.

Prevalence

B.

File analysis

C.

Detections

D.

Vulnerable software

E.

Threat root cause

Full Access
Question # 146

What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?

A.

lf four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt.

B.

After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL

C.

After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL1

D.

If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds.

Full Access
Question # 147

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A.

user input validation in a web page or web application

B.

Linux and Windows operating systems

C.

database

D.

web page images

Full Access
Question # 148

An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?

A.

EAPOL

B.

SSH

C.

RADIUS

D.

TACACS+

Full Access
Question # 149

A security administrator is designing an email protection solution for an onsite email server and must meet these requirements:

Remove malware from email before it reaches corporate premises

Drop emails with risky links automatically

Block access to newly infected sites with real-time URL analysis

Which solution must be used?

A.

Cisco Secure Email Cloud

B.

Cisco Security for Office 365

C.

Cisco Stealthwatch Cloud

D.

Cisco Secure Email and Web Manager Cloud

Full Access
Question # 150

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A.

Cisco NGFW

B.

Cisco AnyConnect

C.

Cisco AMP for Endpoints

D.

Cisco Duo

Full Access
Question # 151

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

A.

authentication server: Cisco Identity Service Engine

B.

supplicant: Cisco AnyConnect ISE Posture module

C.

authenticator: Cisco Catalyst switch

D.

authenticator: Cisco Identity Services Engine

E.

authentication server: Cisco Prime Infrastructure

Full Access
Question # 152

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?

(Choose two)

A.

Sophos engine

B.

white list

C.

RAT

D.

outbreak filters

E.

DLP

Full Access
Question # 153

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A.

Configure the Cisco WSA to modify policies based on the traffic seen

B.

Configure the Cisco ESA to receive real-time updates from Talos

C.

Configure the Cisco WSA to receive real-time updates from Talos

D.

Configure the Cisco ESA to modify policies based on the traffic seen

Full Access
Question # 154

What is a characteristic of a bridge group in ASA Firewall transparent mode?

A.

It includes multiple interfaces and access rules between interfaces are customizable

B.

It is a Layer 3 segment and includes one port and customizable access rules

C.

It allows ARP traffic with a single access rule

D.

It has an IP address on its BVI interface and is used for management traffic

Full Access
Question # 155

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast

packets have been flooding the network. What must be configured, based on a predefined threshold, to

address this issue?

A.

Bridge Protocol Data Unit guard

B.

embedded event monitoring

C.

storm control

D.

access control lists

Full Access
Question # 156

Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations?

A.

hybrid cloud

B.

private cloud

C.

community cloud

D.

public cloud

Full Access
Question # 157

Why should organizations migrate to a multifactor authentication strategy?

A.

Multifactor authentication methods of authentication are never compromised

B.

Biometrics authentication leads to the need for multifactor authentication due to its ability to be hacked easily

C.

Multifactor authentication does not require any piece of evidence for an authentication mechanism

D.

Single methods of authentication can be compromised more easily than multifactor authentication

Full Access
Question # 158

What are two functions of TAXII in threat intelligence sharing? (Choose two.)

A.

determines the "what" of threat intelligence

B.

Supports STIX information

C.

allows users to describe threat motivations and abilities

D.

exchanges trusted anomaly intelligence information

E.

determines how threat intelligence information is relayed

Full Access
Question # 159

When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key

establishment?

A.

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

B.

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

C.

DH is a symmetric key establishment algorithm intended to output asymmetric keys

D.

DH is an asymmetric key establishment algorithm intended to output symmetric keys

Full Access
Question # 160

A network administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants lo limit the strain on firewall resources. Which method must the administrator use to send these logs to Cisco Security Analytics and Logging?

A.

SFTP using the FMCCLI

B.

syslog using the Secure Event Connector

C.

direct connection using SNMP traps

D.

HTTP POST using the Security Analytics FMC plugin

Full Access
Question # 161

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion

events that are flagged as possible active breaches?

A.

retrospective detection

B.

indication of compromise

C.

file trajectory

D.

elastic search

Full Access
Question # 162

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

A.

IKEv1

B.

AH

C.

ESP

D.

IKEv2

Full Access
Question # 163

Drag and drop the threats from the left onto examples of that threat on the right

Full Access
Question # 164

What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?

A.

The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.

B.

The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity

C.

AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.

D.

AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

Full Access
Question # 165

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed

devices?

A.

health policy

B.

system policy

C.

correlation policy

D.

access control policy

E.

health awareness policy

Full Access
Question # 166

Refer to the exhibit.

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Full Access
Question # 167

How does Cisco Advanced Phishing Protection protect users?

A.

It validates the sender by using DKIM.

B.

It determines which identities are perceived by the sender

C.

It utilizes sensors that send messages securely.

D.

It uses machine learning and real-time behavior analytics.

Full Access
Question # 168

An organization wants to secure data in a cloud environment. Its security model requires that all users be

authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

A.

Virtual routing and forwarding

B.

Microsegmentation

C.

Access control policy

D.

Virtual LAN

Full Access
Question # 169

A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

A.

Transparent mode

B.

Forward file

C.

PAC file

D.

Bridge mode

Full Access
Question # 170

What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?

A.

blocks traffic from URL categories that are known to contain malicious content

B.

decrypts SSL traffic to monitor for malicious content

C.

monitors suspicious traffic across all the TCP/UDP ports

D.

prevents data exfiltration by searching all the network traffic for specified sensitive information

Full Access
Question # 171

What is the function of Cisco Cloudlock for data security?

A.

data loss prevention

B.

controls malicious cloud apps

C.

detects anomalies

D.

user and entity behavior analytics

Full Access
Question # 172

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A.

IP Blacklist Center

B.

File Reputation Center

C.

AMP Reputation Center

D.

IP and Domain Reputation Center

Full Access
Question # 173

What are two security benefits of an MDM deployment? (Choose two.)

A.

robust security policy enforcement

B.

privacy control checks

C.

on-device content management

D.

distributed software upgrade

E.

distributed dashboard

Full Access
Question # 174

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

A.

TCP 6514

B.

UDP 1700

C.

TCP 49

D.

UDP 1812

Full Access
Question # 175

What is a difference between GRE over IPsec and IPsec with crypto map?

A.

Multicast traffic is supported by IPsec with crypto map.

B.

GRE over IPsec supports non-IP protocols.

C.

GRE provides its own encryption mechanism.

D.

IPsec with crypto map oilers better scalability.

Full Access
Question # 176

What is a feature of container orchestration?

A.

ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane

B.

ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane

C.

ability to deploy Kubernetes clusters in air-gapped sites

D.

automated daily updates

Full Access
Question # 177

Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true?

A.

The authentication request contains only a password

B.

The authentication request contains only a username

C.

The authentication and authorization requests are grouped in a single packet

D.

There are separate authentication and authorization request packets

Full Access
Question # 178

Which technology provides a combination of endpoint protection endpoint detection, and response?

A.

Cisco AMP

B.

Cisco Talos

C.

Cisco Threat Grid

D.

Cisco Umbrella

Full Access
Question # 179

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

Full Access
Question # 180

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Full Access
Question # 181

Which feature requires that network telemetry be enabled?

A.

per-interface stats

B.

SNMP trap notification

C.

Layer 2 device discovery

D.

central syslog system

Full Access
Question # 182

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

A.

Adaptive Network Control Policy List

B.

Context Visibility

C.

Accounting Reports

D.

RADIUS Live Logs

Full Access
Question # 183

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Full Access
Question # 184

When NetFlow is applied to an interface, which component creates the flow monitor cache that is used

to collect traffic based on the key and nonkey fields in the configured record?

A.

records

B.

flow exporter

C.

flow sampler

D.

flow monitor

Full Access
Question # 185

Refer to the exhibit.

What is the result of this Python script of the Cisco DNA Center API?

A.

adds authentication to a switch

B.

adds a switch to Cisco DNA Center

C.

receives information about a switch

D.

deletes a switch from Cisco DNA Center

Full Access
Question # 186

What are two DDoS attack categories? (Choose two)

A.

sequential

B.

protocol

C.

database

D.

volume-based

E.

screen-based

Full Access
Question # 187

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements.

What else must be done to accomplish this task?

A.

Modify the application settings to allow only applications to connect to required addresses.

B.

Create a destination list for addresses to be allowed or blocked.

C.

Add the specified addresses to the identities list and create a block action.

D.

Use content categories to block or allow specific addresses.

Full Access
Question # 188

Which term describes when the Cisco Secure Firewall downloads threat intelligence updates from Cisco Tables?

A.

analysis

B.

sharing

C.

authoring

D.

consumption

Full Access
Question # 189

Refer to the exhibit.

What will occur when this device tries to connect to the port?

A.

802.1X will not work, but MAB will start and allow the device on the network.

B.

802.1X will not work and the device will not be allowed network access

C.

802 1X will work and the device will be allowed on the network

D.

802 1X and MAB will both be used and ISE can use policy to determine the access level

Full Access
Question # 190

An engineer needs to configure an access control policy rule to always send traffic for inspection without

using the default action. Which action should be configured for this rule?

A.

monitor

B.

allow

C.

block

D.

trust

Full Access
Question # 191

What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Full Access
Question # 192

Which role is a default guest type in Cisco ISE?

A.

Monthly

B.

Yearly

C.

Contractor

D.

Full-Time

Full Access
Question # 193

Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments?

A.

Cisco Umbrella

B.

Cisco Stealthwatch Cloud

C.

Cisco Appdynamics

D.

Cisco CloudLock

Full Access
Question # 194

What is managed by Cisco Security Manager?

A.

access point

B.

WSA

C.

ASA

D.

ESA

Full Access
Question # 195

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A.

RBAC

B.

ETHOS detection engine

C.

SPERO detection engine

D.

TETRA detection engine

Full Access
Question # 196

Which type of protection encrypts RSA keys when they are exported and imported?

A.

file

B.

passphrase

C.

NGE

D.

nonexportable

Full Access
Question # 197

What are two list types within AMP for Endpoints Outbreak Control? (Choose two)

A.

blocked ports

B.

simple custom detections

C.

command and control

D.

allowed applications

E.

URL

Full Access
Question # 198

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a

recipient address. Which list contains the allowed recipient addresses?

A.

SAT

B.

BAT

C.

HAT

D.

RAT

Full Access
Question # 199

What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

A.

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

B.

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

C.

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

D.

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot

Full Access
Question # 200

A network administrator is configuring SNMPv3 on a new router. The users have already been created;

however, an additional configuration is needed to facilitate access to the SNMP views. What must the

administrator do to accomplish this?

A.

map SNMPv3 users to SNMP views

B.

set the password to be used for SNMPv3 authentication

C.

define the encryption algorithm to be used by SNMPv3

D.

specify the UDP port used by SNMP

Full Access
Question # 201

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Full Access
Question # 202

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

A.

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

B.

Make the priority for the new policy 5 and the primary policy 1

C.

Change the encryption to AES* to support all AES algorithms in the primary policy

D.

Make the priority for the primary policy 10 and the new policy 1

Full Access
Question # 203

A user has a device in the network that is receiving too many connection requests from multiple machines.

Which type of attack is the device undergoing?

A.

phishing

B.

slowloris

C.

pharming

D.

SYN flood

Full Access
Question # 204

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

A.

aaa server radius dynamic-author

B.

aaa new-model

C.

auth-type all

D.

ip device-tracking

Full Access
Question # 205

Which two parameters are used for device compliance checks? (Choose two.)

A.

endpoint protection software version

B.

Windows registry values

C.

DHCP snooping checks

D.

DNS integrity checks

E.

device operating system version

Full Access
Question # 206

What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)

A.

Allows developers to create code once and deploy to multiple clouds

B.

helps maintain source code for cloud deployments

C.

manages Docker containers

D.

manages Kubernetes clusters

E.

Creates complex tasks for managing code

Full Access