Alfonso

361. An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?. CSM. Cisco FDM. Cisco FMC. CDO.

362. What is the intent of a basic SYN flood attack?. to flush the register stack to re-initiate the buffers. to solicit DNS responses. to exceed the threshold limit of the connection queue. to cause the buffer to overflow.

363. What are two capabilities of Cisco Umbrella? (Choose two.). consistent policies across remote sites. Web Application Firewall. flexible security protection on and off network. automated threat categorization. centralized network monitoring.

364. An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?. Use URL categorization to prevent the application traffic. Use security services to configure the traffic monitor. Use an access policy group to configure application control settings. Use web security reporting to validate engine functionality.

365. Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.). determines if the email messages are malicious. uses a static algorithm to determine malicious. blocks malicious websites and adds them to a block list. does a real-time user web browsing behavior analysis. provides a defense for on-premises email deployments.

366. What is the purpose of CA in a PKI?. to create the private key for a digital certificate. to validate the authenticity of a digital certificate. to certify the ownership of a public key by the named subject. to issue and revoke digital certificates.

367. Which network monitoring solution uses streams and pushes operational data to provide a near real time view of activity?. SNMP. SMTP. model-driven telemetry. Syslog.

368. Which statement describes a serverless application?. The application is installed on network equipment and not on physical servers. The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider. The application delivery controller in front of the server farm designates on which server the application runs each time.

369. While using Cisco Secure Firewall's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.). port numbers. IP addresses. protocol IDs. MAC addresses. URLs.

370. What is the purpose of the certificate signing request when adding a new certificate for a server?. It is the password for the certificate that is needed to install it with. It provides the server information so a certificate can be created and signed. It is the certificate that will be loaded onto the server. It provides the certificate client information so the server can authenticate against it when installing.

371. What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?. drop. buffer. reset. pass.

372. An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?. It is included in the license cost for the multi-org console of Cisco Umbrella. It can grant third-party SIEM integrations write access to the S3 bucket. Data can be stored offline for 30 days. No other applications except Cisco Umbrella can write to the S3 bucket.

373. What is a benefit of using a multifactor authentication strategy?. It provides visibility into devices to establish device trust. It provides secure remote access for applications. It provides an easy, single sign-on experience against multiple applications. It protects data by enabling the use of a second validation of identity.

374. An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue?. Configure the device sensor feature within the switch to send the appropriate protocol information. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.

375. What are two DDoS attack categories? (Choose two.). volume-based. sequential. source-based. protocol. database.

376. What is the function of Cisco Cloudlock for data security?. controls malicious cloud apps. user and entity behavior analytics. detects anomalies. data loss prevention.

377. How does a cloud access security broker function?. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution. It scans other cloud solutions being used within the network and identifies vulnerabilities. It acts as a security information and event management solution and receives syslog from other cloud solutions. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.

378. What are two characteristics of Cisco DNA Center APIs? (Choose two.). They are Cisco proprietary. They view the overall health of the network. Postman is required to utilize Cisco DNA Center API calls. They do not support Python scripts. They quickly provision new devices.

379. Which two components do southbound APIs use to communicate with downstream devices? (Choose two.). services running over the network. OpenFlow. applications running over the network. OpFlex. external application APIs.

380. A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full?. It overwrites the oldest log files. It archives older logs in a compressed file to free space. It deletes logs older than a configurable age. It suspends logging and reporting functions.

381. Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?. intent. event. integration. multivendor.

382. Which parameter is required when configuring a NetFlow exporter on a Cisco router?. source interface. exporter description. exporter name. DSCP value.

383. An organization wants to reduce their attack surface for cloud applications. They want to understand application communications, detect abnormal application behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?. Implement Cisco Umbrella to control the access each application is granted. Configure Cisco Tetration to detect anomalies and vulnerabilities. Modify the Cisco Duo configuration to restrict access between applications. Use Cisco ISE to provide application visibility and restrict access to them.

384. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?. IaaS. XaaS. PaaS. SaaS.

385. What is a benefit of a Cisco ESAv as compared to a physical ESA?. provides an automated setup process. enables the allocation of additional resources. provides faster performance. simplifies the distribution of software updates.

386. An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE. Modify the current policy with the condition MFA SourceSequence:DUO=true in the authorization conditions within Cisco ISE.

387. Which solution should a network administrator deploy to protect a webserver from SQL injection attacks?. Secure Web Appliance. ISE. IPS. IDS.

388. An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two.). Install the Umbrella root certificate. Configure the DNS security settings. Enter a network public IP address. Point DNS to Umbrella platform DNS servers. Point DHCP to Umbrella platform DHCP servers.

389. What is a benefit of using GETVPN over FlexVPN within a VPN deployment?. GETVPN supports Remote Access VPNs. GETVPN uses multiple security associations for connections. GETVPN natively supports MPLS and private IP networks. GETVPN interoperates with non-Cisco devices.

390. What is the purpose of RADIUS Co in a network access control implementation?. Apply new TACACS+ settings. Push a new policy for authenticated users. Reinforce the policy for unauthenticated users. Change the RADIUS server credentials.

391. Refer to the exhibit. Logins from internal users to a Cisco Adaptive Security Appliance firewall must be performed by using a TACACS server. The firewall is already configured. Which additional configuration must be performed to configure the TACACS+ server group with a key of Cisco45612?. ASA(config)# aaa-server SERVERGROUP (inside) host 192.168.10.1 ASA(config-aaa-server-host)# key Cisco45612. ASA(config)# aaa-server SERVERGROUP (outside) host 4.4.4.2 ASA(config-aaa-server-host)# key Cisco45612. ASA(config)# aaa-server SERVERGROUP (external) host 4.4.4.2 ASA(config-aaa-server-host)# key Cisco45612. ASA(config)# aaa-server SERVERGROUP (internal) host 192.168.10.10 ASA(config-aaa-server-host)# key Cisco45612.

392. How does Cisco Secure Endpoint exclude server IP addresses and ports from detection?. Advanced Custom Detections. Simple Custom Detections. IP allow list. Allowed Applications.

393. Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?. Cisco Umbrella. Cisco Stealthwatch. Cisco CTA. Cisco Encrypted Traffic Analytics.

394. Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?. Cisco DNA Center. Cisco Secureworks. Cisco Defense Orchestrator. Cisco Configuration Professional.

395. An engineer is implementing a network access control solution. Users can authenticate against the RADIUS server, and now the engineer must configure a downloadable access control list switch port. Which command must be used next to complete the configuration?. ip access-group ACL-NAME out. radius-server vsa send authentication. switchport mode access. authentication order mab dot1x.

396. Which API is used for Content Security?. IOS XR API. AsyncOS API. OpenVuln API. NX-OS API.