Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Cisco > CCNP Security > 350-701

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR) Question and Answers

Question # 4

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?

A.

Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address

B.

Use the tenant control features to identify each subnet being used and track the connections within the

Cisco Umbrella dashboard

C.

Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard

D.

Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

Full Access
Question # 5

What are two workloaded security models? (Choose two)

A.

SaaS

B.

IaaS

C.

on-premises

D.

off-premises

E.

PaaS

Full Access
Question # 6

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat

Statistics?

A.

cluster

B.

transparent

C.

routed

D.

multiple context

Full Access
Question # 7

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A.

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Full Access
Question # 8

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

A.

need to be reestablished with stateful failover and preserved with stateless failover

B.

preserved with stateful failover and need to be reestablished with stateless failover

C.

preserved with both stateful and stateless failover

D.

need to be reestablished with both stateful and stateless failover

Full Access
Question # 9

Drag and drop the common security threats from the left onto the definitions on the right.

Full Access
Question # 10

In an IaaS cloud services model, which security function is the provider responsible for managing?

A.

Internet proxy

B.

firewalling virtual machines

C.

CASB

D.

hypervisor OS hardening

Full Access
Question # 11

Which feature does the laaS model provide?

A.

granular control of data

B.

dedicated, restricted workstations

C.

automatic updates and patching of software

D.

software-defined network segmentation

Full Access
Question # 12

Which two actions does the Cisco identity Services Engine posture module provide that ensures endpoint security?(Choose two.)

A.

The latest antivirus updates are applied before access is allowed.

B.

Assignments to endpoint groups are made dynamically, based on endpoint attributes.

C.

Patch management remediation is performed.

D.

A centralized management solution is deployed.

E.

Endpoint supplicant configuration is deployed.

Full Access
Question # 13

What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Full Access
Question # 14

What are two functions of TAXII in threat intelligence sharing? (Choose two.)

A.

determines the "what" of threat intelligence

B.

Supports STIX information

C.

allows users to describe threat motivations and abilities

D.

exchanges trusted anomaly intelligence information

E.

determines how threat intelligence information is relayed

Full Access
Question # 15

What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)

A.

It is defined as a Transparent proxy deployment.

B.

In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.

C.

The PAC file, which references the proxy, is deployed to the client web browser.

D.

It is defined as an Explicit proxy deployment.

E.

It is defined as a Bridge proxy deployment.

Full Access
Question # 16

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

A.

Implement pre-filter policies for the CIP preprocessor

B.

Enable traffic analysis in the Cisco FTD

C.

Configure intrusion rules for the DNP3 preprocessor

D.

Modify the access control policy to trust the industrial traffic

Full Access
Question # 17

Which posture assessment requirement provides options to the client for remediation and requires the

remediation within a certain timeframe?

A.

Audit

B.

Mandatory

C.

Optional

D.

Visibility

Full Access
Question # 18

What is the difference between Cross-site Scripting and SQL Injection, attacks?

A.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social

engineering attack.

C.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a

database is manipulated.

D.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Full Access
Question # 19

What is a benefit of conducting device compliance checks?

A.

It indicates what type of operating system is connecting to the network.

B.

It validates if anti-virus software is installed.

C.

It scans endpoints to determine if malicious activity is taking place.

D.

It detects email phishing attacks.

Full Access
Question # 20

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

A.

Use outbreak filters from SenderBase

B.

Enable a message tracking service

C.

Configure a recipient access table

D.

Deploy the Cisco ESA in the DMZ

E.

Scan quarantined emails using AntiVirus signatures

Full Access
Question # 21

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Full Access
Question # 22

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A.

user input validation in a web page or web application

B.

Linux and Windows operating systems

C.

database

D.

web page images

Full Access
Question # 23

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

A.

It can handle explicit HTTP requests.

B.

It requires a PAC file for the client web browser.

C.

It requires a proxy for the client web browser.

D.

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

E.

Layer 4 switches can automatically redirect traffic destined to port 80.

Full Access
Question # 24

What is the function of Cisco Cloudlock for data security?

A.

data loss prevention

B.

controls malicious cloud apps

C.

detects anomalies

D.

user and entity behavior analytics

Full Access
Question # 25

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from

Cisco and other vendors to share data and interoperate with each other?

A.

Advanced Malware Protection

B.

Platform Exchange Grid

C.

Multifactor Platform Integration

D.

Firepower Threat Defense

Full Access
Question # 26

What is a difference between FlexVPN and DMVPN?

A.

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B.

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

C.

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

D.

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

Full Access
Question # 27

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

Full Access
Question # 28

Refer to the exhibit.

Which command was used to display this output?

A.

show dot1x all

B.

show dot1x

C.

show dot1x all summary

D.

show dot1x interface gi1/0/12

Full Access
Question # 29

Which type of attack is social engineering?

A.

trojan

B.

phishing

C.

malware

D.

MITM

Full Access
Question # 30

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Full Access
Question # 31

Which two fields are defined in the NetFlow flow? (Choose two)

A.

type of service byte

B.

class of service bits

C.

Layer 4 protocol type

D.

destination port

E.

output logical interface

Full Access
Question # 32

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

A.

Change isakmp to ikev2 in the command on hostA.

B.

Enter the command with a different password on hostB.

C.

Enter the same command on hostB.

D.

Change the password on hostA to the default password.

Full Access
Question # 33

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA

command must be used?

A.

flow-export destination inside 1.1.1.1 2055

B.

ip flow monitor input

C.

ip flow-export destination 1.1.1.1 2055

D.

flow exporter

Full Access
Question # 34

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A.

It decrypts HTTPS application traffic for unauthenticated users.

B.

It alerts users when the WSA decrypts their traffic.

C.

It decrypts HTTPS application traffic for authenticated users.

D.

It provides enhanced HTTPS application detection for AsyncOS.

Full Access
Question # 35

Which deployment model is the most secure when considering risks to cloud adoption?

A.

Public Cloud

B.

Hybrid Cloud

C.

Community Cloud

D.

Private Cloud

Full Access
Question # 36

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

A.

cloud web services

B.

network AMP

C.

private cloud

D.

public cloud

Full Access
Question # 37

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

A.

authentication server: Cisco Identity Service Engine

B.

supplicant: Cisco AnyConnect ISE Posture module

C.

authenticator: Cisco Catalyst switch

D.

authenticator: Cisco Identity Services Engine

E.

authentication server: Cisco Prime Infrastructure

Full Access
Question # 38

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A.

TLSv1.2

B.

TLSv1.1

C.

BJTLSv1

D.

DTLSv1

Full Access
Question # 39

Which two capabilities does TAXII support? (Choose two)

A.

Exchange

B.

Pull messaging

C.

Binding

D.

Correlation

E.

Mitigating

Full Access
Question # 40

Which threat involves software being used to gain unauthorized access to a computer system?

A.

virus

B.

NTP amplification

C.

ping of death

D.

HTTP flood

Full Access
Question # 41

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch

was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate

the risk of this ransom ware infection? (Choose two)

A.

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing

access on the network.

B.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing

access on the network.

C.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met

before allowing access on the network.

D.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate

throughout the network.

E.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Full Access
Question # 42

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)

A.

Enable NetFlow Version 9.

B.

Create an ACL to allow UDP traffic on port 9996.

C.

Apply NetFlow Exporter to the outside interface in the inbound direction.

D.

Create a class map to match interesting traffic.

E.

Define a NetFlow collector by using the flow-export command

Full Access
Question # 43

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?

(Choose two)

A.

Outgoing traffic is allowed so users can communicate with outside organizations.

B.

Malware infects the messenger application on the user endpoint to send company data.

C.

Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

D.

An exposed API for the messaging platform is used to send large amounts of data.

E.

Messenger applications cannot be segmented with standard network controls

Full Access
Question # 44

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also

provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A.

url

B.

terminal

C.

profile

D.

selfsigned

Full Access
Question # 45

Which form of attack is launched using botnets?

A.

EIDDOS

B.

virus

C.

DDOS

D.

TCP flood

Full Access
Question # 46

Refer to the exhibit.

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

A.

authentication open

B.

dotlx reauthentication

C.

cisp enable

D.

dot1x pae authenticator

Full Access
Question # 47

Refer to the exhibit.

What does the number 15 represent in this configuration?

A.

privilege level for an authorized user to this router

B.

access list that identifies the SNMP devices that can access the router

C.

interval in seconds between SNMPv3 authentication attempts

D.

number of possible failed attempts until the SNMPv3 user is locked out

Full Access
Question # 48

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Full Access
Question # 49

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Full Access
Question # 50

What is a capability of Cisco ASA Netflow?

A.

It filters NSEL events based on traffic

B.

It generates NSEL events even if the MPF is not configured

C.

It logs all event types only to the same collector

D.

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

Full Access
Question # 51

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A.

consumption

B.

sharing

C.

analysis

D.

authoring

Full Access
Question # 52

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

A.

PSIRT

B.

Talos

C.

CSIRT

D.

DEVNET

Full Access
Question # 53

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

A.

Ethos Engine to perform fuzzy fingerprinting

B.

Tetra Engine to detect malware when me endpoint is connected to the cloud

C.

Clam AV Engine to perform email scanning

D.

Spero Engine with machine learning to perform dynamic analysis

Full Access
Question # 54

Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Full Access
Question # 55

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco AMP

C.

Cisco Stealthwatch

D.

Cisco Tetration

Full Access
Question # 56

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Full Access
Question # 57

Drag and drop the capabilities from the left onto the correct technologies on the right.

Full Access
Question # 58

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

A.

weak passwords

B.

lack of input validation

C.

missing encryption

D.

lack of file permission

Full Access
Question # 59

A network administrator is configuring SNMPv3 on a new router. The users have already been created;

however, an additional configuration is needed to facilitate access to the SNMP views. What must the

administrator do to accomplish this?

A.

map SNMPv3 users to SNMP views

B.

set the password to be used for SNMPv3 authentication

C.

define the encryption algorithm to be used by SNMPv3

D.

specify the UDP port used by SNMP

Full Access
Question # 60

Drag and drop the solutions from the left onto the solution's benefits on the right.

Full Access
Question # 61

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the

command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

A.

The key server that is managing the keys for the connection will be at 1.2.3.4

B.

The remote connection will only be allowed from 1.2.3.4

C.

The address that will be used as the crypto validation authority

D.

All IP addresses other than 1.2.3.4 will be allowed

Full Access
Question # 62

Which Dos attack uses fragmented packets to crash a target machine?

A.

smurf

B.

MITM

C.

teardrop

D.

LAND

Full Access
Question # 63

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

A.

Multiple routers or VRFs are required.

B.

Traffic is distributed statically by default.

C.

Floating static routes are required.

D.

HSRP is used for faliover.

Full Access
Question # 64

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Full Access
Question # 65

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

A.

Set content settings to High

B.

Configure the intelligent proxy.

C.

Use destination block lists.

D.

Configure application block lists.

Full Access
Question # 66

What is a key difference between Cisco Firepower and Cisco ASA?

A.

Cisco ASA provides access control while Cisco Firepower does not.

B.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

C.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Full Access
Question # 67

What are two functions of secret key cryptography? (Choose two)

A.

key selection without integer factorization

B.

utilization of different keys for encryption and decryption

C.

utilization of large prime number iterations

D.

provides the capability to only know the key on one side

E.

utilization of less memory

Full Access
Question # 68

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for

violations. The organization wants a copy of the message to be delivered with a message added to flag it as a

DLP violation. Which actions must be performed in order to provide this capability?

A.

deliver and send copies to other recipients

B.

quarantine and send a DLP violation notification

C.

quarantine and alter the subject header with a DLP violation

D.

deliver and add disclaimer text

Full Access
Question # 69

A user has a device in the network that is receiving too many connection requests from multiple machines.

Which type of attack is the device undergoing?

A.

phishing

B.

slowloris

C.

pharming

D.

SYN flood

Full Access
Question # 70

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the

IPsec configuration is copied automatically

B.

The active and standby devices can run different versions of the Cisco IOS software but must be the same

type of device.

C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

D.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;

the IKE configuration is copied automatically.

E.

The active and standby devices must run the same version of the Cisco IOS software and must be the

same type of device

Full Access
Question # 71

Which two kinds of attacks are prevented by multifactor authentication? (Choose two)

A.

phishing

B.

brute force

C.

man-in-the-middle

D.

DDOS

E.

teardrop

Full Access
Question # 72

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A.

Group Policy

B.

Access Control Policy

C.

Device Management Policy

D.

Platform Service Policy

Full Access
Question # 73

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

A.

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

B.

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

C.

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

D.

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Full Access
Question # 74

An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?

A.

Provision the email appliance

B.

Deploy an encryption appliance.

C.

Map sender !P addresses to a host interface.

D.

Enable flagged message handling

Full Access
Question # 75

Refer to the exhibit.

Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access.

Most PCs and IP phones can connect and authenticate using their machine certificate credentials. However printer and video cameras cannot base d on the interface configuration provided, what must be to get these devices on to the network using Cisco ISE for authentication and authorization while maintaining security controls?

A.

Change the default policy in Cisco ISE to allow all devices not using machine authentication .

B.

Enable insecure protocols within Cisco ISE in the allowed protocols configuration.

C.

Configure authentication event fail retry 2 action authorize vlan 41 on the interface

D.

Add mab to the interface configuration.

Full Access
Question # 76

What is the benefit of integrating Cisco ISE with a MDM solution?

A.

It provides compliance checks for access to the network

B.

It provides the ability to update other applications on the mobile device

C.

It provides the ability to add applications to the mobile device through Cisco ISE

D.

It provides network device administration access

Full Access
Question # 77

What are two workload security models? (Choose two.)

A.

SaaS

B.

PaaS

C.

off-premises

D.

on-premises

E.

IaaS

Full Access
Question # 78

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?

A.

L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol.

B.

L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701.

C.

GRE over IPsec adds its own header, and L2TP does not.

D.

GRE over IPsec cannot be used as a standalone protocol, and L2TP can.

Full Access
Question # 79

With regard to RFC 5176 compliance, how many IETF attributes are supported by the RADIUS CoA feature?

A.

3

B.

5

C.

10

D.

12

Full Access
Question # 80

Which encryption algorithm provides highly secure VPN communications?

A.

3DES

B.

AES 256

C.

AES 128

D.

DES

Full Access
Question # 81

Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

A.

deployment

B.

consumption

C.

authoring

D.

sharing

Full Access
Question # 82

How does the Cisco WSA enforce bandwidth restrictions for web applications?

A.

It implements a policy route to redirect application traffic to a lower-bandwidth link.

B.

It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA.

C.

It sends commands to the uplink router to apply traffic policing to the application traffic.

D.

It simulates a slower link by introducing latency into application traffic.

Full Access
Question # 83

Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?

A.

Cisco Identity Services Engine (ISE)

B.

Cisco Enterprise Security Appliance (ESA)

C.

Cisco Web Security Appliance (WSA)

D.

Cisco Advanced Stealthwatch Appliance (ASA)

Full Access
Question # 84

Which Cisco security solution secures public, private, hybrid, and community clouds?

A.

Cisco ISE

B.

Cisco ASAv

C.

Cisco Cloudlock

D.

Cisco pxGrid

Full Access
Question # 85

Which API method and required attribute are used to add a device into Cisco DNA Center with the native API?

A.

GET and serialNumber

B.

userSudiSerlalNos and deviceInfo

C.

POST and name

D.

lastSyncTime and pid

Full Access
Question # 86

When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?

A.

guest

B.

limited Internet

C.

blocked

D.

full Internet

Full Access
Question # 87

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices The default management port conflicts with other communications on the network and must be changed What must be done to ensure that all devices can communicate together?

A.

Set the sftunnel to go through the Cisco FTD

B.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

C.

Set the sftunnel port to 8305.

D.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

Full Access
Question # 88

Which capability is provided by application visibility and control?

A.

reputation filtering

B.

data obfuscation

C.

data encryption

D.

deep packet inspection

Full Access
Question # 89

A customer has various external HTTP resources available including Intranet Extranet and Internet, with a

proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured

to select when to connect direct or when to use the proxy?

A.

Transport mode

B.

Forward file

C.

PAC file

D.

Bridge mode

Full Access