An organization recently installed a Cisco Secure Web Appliance and would like to take advantage of the AVC engine to allow the organization to create a policy to control application-specific activity. After enabling the AVC engine, what must be done to implement this?
A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?
Which feature is used to restrict communication between interfaces on a Cisco ASA?
Which security solution is used for posture assessment of the endpoints in a BYOD solution?
Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?
Which information is required when adding a device to Firepower Management Center?
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch
was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate
the risk of this ransom ware infection? (Choose two)
An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the
network?
What is a language format designed to exchange threat intelligence that can be transported over the TAXII
protocol?
An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal?
Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.
Which technology reduces data loss by identifying sensitive information stored in public computing
environments?
Which function is performed by certificate authorities but is a limitation of registration authorities?
Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
Which metric is used by the monitoring agent to collect and output packet loss and jitter information?
Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
Refer to the exhibit.
What will happen when the Python script is executed?
Which type of API is being used when a controller within a software-defined network architecture dynamically
makes configuration changes on switches within the network?
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right.
Which policy does a Cisco Secure Web Appliance use to block or monitor URL requests based on the reputation score?
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?
How does Cisco Stealthwatch Cloud provide security for cloud environments?
Which Cisco security solution integrates with cloud applications like Dropbox and Office 365 while protecting data from being exfiltrated?
Which Cisco platform ensures that machines that connect to organizational networks have the recommended
antivirus definitions and patches to help prevent an organizational malware outbreak?
A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)
An engineer needs to detect and quarantine a file named abc424400664 zip based on the MD5 signature of the file using the Outbreak Control list feature within Cisco Advanced Malware Protection (AMP) for Endpoints The configured detection method must work on files of unknown disposition Which Outbreak Control list must be configured to provide this?
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from
Cisco and other vendors to share data and interoperate with each other?
Which solution stops unauthorized access to the system if a user's password is compromised?
An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the
configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the
ASA be added on the Cisco UC Manager platform?
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly
identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256
cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?
What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)
Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
Which two preventive measures are used to control cross-site scripting? (Choose two)
A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?
Which two parameters are used to prevent a data breach in the cloud? (Choose two.)
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention
System?
An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing file named abc424952615.exe without quarantining that file What type of Outbreak Control list must the SHA.-256 hash value for the file be added to in order to accomplish this?
Drag and drop the common security threats from the left onto the definitions on the right.
Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.
Which portion of the network do EPP solutions solely focus on and EDR solutions do not?
A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.
They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)
What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?
Which baseline form of telemetry is recommended for network infrastructure devices?
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?
What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest
access, and the same guest portal is used as the BYOD portal?
Refer to the exhibit. What is the result of using this authentication protocol in the configuration?
v
Refer to the exhibit When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZjnside zone once the configuration is deployed?
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?
An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?
An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,
data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity
platform. What should be used to meet these requirements?
Refer to the exhibit.
An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)
Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A network engineer is configuring NetFlow top talkers on a Cisco router Drag and drop the steps in the process from the left into the sequence on the right
Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other
interoperable security platforms?
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
Drag and drop the solutions from the left onto the solution's benefits on the right.
Which deployment model is the most secure when considering risks to cloud adoption?
An engineer must deploy a Cisco Secure Web Appliance. Antimalware scanning must use the Outbreak Heuristics antimalware category on files identified as malware before performing any other processes. What must be configured on the Secure Web Appliance to meet the requirements?
Which type of DNS abuse exchanges data between two computers even when there is no direct connection?
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain
aware of the ongoing and most prevalent threats?
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)
Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
A mall provides security services to customers with a shared appliance. The mall wants separation of
management on the shared appliance. Which ASA deployment mode meets these needs?
An engineer is implementing NAC for LAN users on a segmented network. The engineer confirms that the device of each user is supported and the Cisco switch configuration is correct.
Which configuration should be made next to ensure there are no authentication issues?
What is a prerequisite when integrating a Cisco ISE server and an AD domain?
An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?
Which VPN technology supports a multivendor environment and secure traffic between sites?
While using Cisco Secure Firewall's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)
What is a benefit of using Cisco AVC (Application Visibility and Control) for application control?
A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https://
In which cloud services model is the tenant responsible for virtual machine OS patching?
An organization wants to provide visibility and to identify active threats in its network using a VM. The
organization wants to extract metadata from network packet flow while ensuring that payloads are not retained
or transferred outside the network. Which solution meets these requirements?
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data
within a network perimeter?
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN
and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco
security appliance meets these requirements?
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.
An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?
A customer has various external HTTP resources available including Intranet Extranet and Internet, with a
proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured
to select when to connect direct or when to use the proxy?
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
Which risk is created when using an Internet browser to access cloud-based service?
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?
What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physical Secure Email Gateway?
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
Which action configures the IEEE 802.1X Flexible Authentication feature lo support Layer 3 authentication mechanisms?
What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)
With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your
environment?
What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?
A security administrator is designing an email protection solution for an onsite email server and must meet these requirements:
Remove malware from email before it reaches corporate premises
Drop emails with risky links automatically
Block access to newly infected sites with real-time URL analysis
Which solution must be used?
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
When wired 802.1X authentication is implemented, which two components are required? (Choose two)
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?
(Choose two)
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?
What is a characteristic of a bridge group in ASA Firewall transparent mode?
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast
packets have been flooding the network. What must be configured, based on a predefined threshold, to
address this issue?
Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations?
Why should organizations migrate to a multifactor authentication strategy?
What are two functions of TAXII in threat intelligence sharing? (Choose two.)
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key
establishment?
A network administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants lo limit the strain on firewall resources. Which method must the administrator use to send these logs to Cisco Security Analytics and Logging?
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion
events that are flagged as possible active breaches?
Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?
Drag and drop the threats from the left onto examples of that threat on the right
What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed
devices?
Refer to the exhibit.
When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine
certificates. Which configuration item must be modified to allow this?
An organization wants to secure data in a cloud environment. Its security model requires that all users be
authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?
A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
Refer to the exhibit.
Which statement about the authentication protocol used in the configuration is true?
Which technology provides a combination of endpoint protection endpoint detection, and response?
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline
posture node?
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to
use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing
authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?
What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)
When NetFlow is applied to an interface, which component creates the flow monitor cache that is used
to collect traffic based on the key and nonkey fields in the configured record?
Refer to the exhibit.
What is the result of this Python script of the Cisco DNA Center API?
An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements.
What else must be done to accomplish this task?
Which term describes when the Cisco Secure Firewall downloads threat intelligence updates from Cisco Tables?
Refer to the exhibit.
What will occur when this device tries to connect to the port?
An engineer needs to configure an access control policy rule to always send traffic for inspection without
using the default action. Which action should be configured for this rule?
What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)
Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments?
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
Which type of protection encrypts RSA keys when they are exported and imported?
What are two list types within AMP for Endpoints Outbreak Control? (Choose two)
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a
recipient address. Which list contains the allowed recipient addresses?
What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?
A network administrator is configuring SNMPv3 on a new router. The users have already been created;
however, an additional configuration is needed to facilitate access to the SNMP views. What must the
administrator do to accomplish this?
An administrator is trying to determine which applications are being used in the network but does not want the
network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?
A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?
A user has a device in the network that is receiving too many connection requests from multiple machines.
Which type of attack is the device undergoing?
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
Which two parameters are used for device compliance checks? (Choose two.)
What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)