Andy 397-432

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?. Cisco Cloudlock. Cisco Umbrella. Cisco App Dynamics. Cisco AMP.

Refer to the exhibit. What will happen when this Python script is run?. The list of computers, policies, and connector statuses will be received from Cisco AMP. The compromised computers and what compromised them will be received from Cisco AMP. The compromised computers and malware trajectories will be received from Cisco AMP. The list of computers and their current vulnerabilities will be received from Cisco AMP.

In which scenario is downloading Umbrella Dynamic IP Updater a configuration step?. static IPv6. dynamic IPv6. dynamic IPv4. static IPv4.

What is the ideal deployment mode to use when you need to manage separate security policies for multiple customers on a Cisco ASA device?. IRB mode. VRF mode. multiple context mode. spanned cluster mode.

A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?. file conviction. file prevalence. file discovery. file manager.

Which Cisco Umbrella security category prevents attackers from exploiting UDP port 53 to send malware to a victim within a company’s headquarters?. Malware. Newly Seen Domains. DNSSEC. DNS tunneling VPN.

Refer to the exhibit. A network engineer wants to reduce the operational costs of SNMPv3 by using trapping instead of polling. Which code snippet completes the configuration to enable authentication for SNMPv3 trapping?. snmp-server user trapuser trapgroup version 3 auth sha AuthPass. snmp-server user trap trapgroup v3 auth sha AuthPass. snmp-server user trapuser trapgroup version 3 AuthPass. snmp-server user trapuser trapgroup v3 auth sha AuthPass.

Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?. Dynamic ARP Inspection. Link Aggregation. private VLANs. Reverse ARP.

What are two functionalities of SDN southbound APIs? (Choose two.). OpenFlow is a standardized southbound API protocol used between the SDN controller and the switch. Southbound APIs provide a programmable interface for applications to configure the network. Southbound APIs form the interface between the SDN controller and the network switches and routers. Southbound APIs form the interface between the SDN controller and business applications. Application layer programs communicate with the SDN controller through the southbound APIs.

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?. SAT. RAT. BAT. HAT.

Which two VPN tunneling protocols support the use of IPsec to provide data integrity, authentication, and data encryption? (Choose two.). Generic Routing Encapsulation Protocol. Point-to-Point Tunneling Protocol. Layer 2 Tunneling Protocol. Secure Socket Tunneling Protocol. OpenVPN.

Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.). RADIUS. TACACS+. CHAP. NTLMSSP. Kerberos.

Which endpoint solution protects a user from a phishing attack?. Cisco ISE. Cisco AnyConnect with Umbrella Roaming Security module. Cisco AnyConnect with Network Access Manager module. Cisco AnyConnect with ISE Posture module.

Which two products are used to forecast capacity needs accurately in real time? (Choose two.). Cisco Workload Optimization Manager. Cisco Cloudlock. Cisco Umbrella. Cisco Tetration. Cisco AppDynamics.

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?. malware installation. command-and-control communication. network footprinting. data exfiltration.

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?. IP-Layer Enforcement is not configured. Intelligent proxy and SSL decryption is disabled in the policy. Client computers do not have an SSL certificate deployed from an internal CA server. Client computers do not have the Cisco Umbrella Root CA certificate installed.

Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.). no service password-recovery. ip ssh version 2. no cdp run. no ip http server. service tcp-keepalives-in.

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?. ClamAV Engine to perform email scanning. Spero Engine with machine learning to perform dynamic analysis. Ethos Engine to perform fuzzy fingerprinting. Tetra Engine to detect malware when the endpoint is connected to the cloud.

Which entity is responsible for encrypting data in transit using an IaaS model versus a SaaS model?. Cloud Application Developer for IaaS and Cloud SLA Manager for SaaS. Cloud Service Customer for IaaS and Cloud Service Provider for SaaS. Cloud Service Provider for IaaS and Cloud Service Customer for SaaS. Cloud SLA Manager for IaaS and Cloud Application Developer for SaaS.

Which feature is used to restrict communication between interfaces on a Cisco ASA?. security levels. traffic zones. VXLAN interfaces. VLAN subinterfaces.

What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?. After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL 100. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds. If four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt. After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL 60.

Refer to the exhibit. An engineer is implementing a certificate-based VPN. What is the result of the existing configuration?. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy. The OU of the IKEv2 peer certificate is set to MANGLER. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.

What is a feature of NetFlow Secure Event Logging?. It exports only records that indicate significant events in a flow. It supports v5 and v8 templates. It filters NSEL events based on the traffic and event type through RSVP. It delivers data records to NSEL collectors through NetFlow over TCP only.

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?. Use MAB with posture assessment. Use MAB with profiling. Use 802.1X with posture assessment. Use 802.1X with profiling.

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?. Cisco ISE. Cisco AnyConnect. Cisco Stealthwatch. Cisco AMP.

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?. The policy was created to disable file analysis. The policy was created to send a message to quarantine instead of drop. The file has a reputation score that is below the threshold. The file has a reputation score that is above the threshold.

Which role is a default guest type in Cisco ISE?. Full-Time. Contractor. Yearly. Monthly.

An engineer is deploying a Cisco Secure Email Gateway and must ensure it reaches the Cisco update servers to retrieve new rules. The engineer must now manually configure the Outbreak Filter rules on AsyncOS for Cisco Secure Email Gateway. Only outdated rules must be replaced. Up-to-date rules must be retained. Which action must the engineer take next to complete the configuration?. Use the outbreakconfig command in CLI. Perform a backup/restore of the database. Click Update Rules Now. Select Outbreak Filters.

Which Cisco security solution provides patch management in the cloud?. Cisco Tetration. Cisco CloudLock. Cisco Umbrella. Cisco ISE.

A network administrator is modifying a remote access VPN on an FTD managed by an FMC. The administrator wants to offload traffic to certain trusted domains. The administrator wants this traffic to go out of the client’s local internet and send other internet-bound traffic over the VPN. Which feature must the administrator configure?. Reverse route injection. Local LAN access. Dynamic split tunneling. Dynamic access policies.

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?. device management policy. group policy. access control policy. platform service policy.

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics?. multiple context. routed. cluster. transparent.

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?. SIG Advantage. DNS Security Advantage. DNS Security Essentials. SIG Essentials.

How does Cisco Workload Optimization Manager help mitigate application performance issues?. It sets up a workload forensic score. It deploys an AWS Lambda system. It optimizes a flow path. It automates resource resizing.

Which two devices support WCCP for traffic redirection? (Choose two.). Cisco Secure Web Appliance. proxy server. Cisco IPS. Cisco IOS. Cisco ASA.

What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two.). integration with 802.1x security using native Microsoft Windows supplicant. identification and correction of application vulnerabilities before allowing access to resources. single sign-on access to on-premises and cloud applications. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications. secure access to on-premises and cloud applications.