What is a commonality between DMVPN and FlexVPN technologies? FlexVPN and DMVPN use the same hashing algorithms IOS routers run the same NHRP code for DMVPN and FlexVPN FlexVPN and DMVPN use the new key management protocol FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes. Refer to the exhibit. What does the number 15 represent in this configuration? Privilege level for an authorized user to this router Access list that identifies the SNMP devices that can access the router Interval in seconds between SNMPv3 authentication attempts Number of possible failed attempts until the SNMPv3 user is locked out. How is DNS tunneling used to exfiltrate data out of a corporate network? It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers lt encodes the payload with random characters that are broken into short strings and the DNS server
rebuilds the exfiltrated data It redirects DNS requests to a malicious server used to steal user credentials, which allows further
damage and theft on the network It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or
start other attacks. What is the function of the Context Directory Agent? Accepts user authentication requests on behalf of Web Security Appliance for user identification Relays user authentication requests from Web Security Appliance to Active Directory Maintains users' group memberships Reads the Active Directory logs to map IP addresses to usernames. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products? Encrypted Traffic Analytics Threat Intelligence Director Cognitive Threat Analytics Cisco Talos Intelligence. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two) eavesdropping denial-of-service attacks ARP spoofing malware exploits. Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity? ip dhcp snooping verify mac-address ip dhcp snooping limit 41 ip dhcp snooping vlan 41 ip dhcp snooping trust. Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration? Complete no configurations Add subinterfaces Complete all configurations Set the IP address of an interface. In which cloud services model is the tenant responsible for virtual machine OS patching? IaaS UCaaS PaaS SaaS. A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two) permit trust reset allow monitor. Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two) SIP inline normalization SSL packet decoder modbus. What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two) TACACS+ central web auth single sign-on multiple factor auth local web auth. How does DNS Tunneling exfiltrate data? An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection An attacker opens a reverse DNS shell to get into the client's system and install malware on it An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain. An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing? Ensure that the client computers are pointing to the on-premises DNS servers Enable the Intelligent Proxy to validate that traffic is being routed correctly Add the public IP address that the client computers are behind to a Core Identity Browse to http://welcome.umbrella.com/ to validate that the new identity is working. A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis? AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload The file is queued for upload when connectivity is restored The file upload is abandoned The ESA immediately makes another attempt to upload the file. What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs? Multiple NetFlow collectors are supported Advanced NetFlow v9 templates and legacy v5 formatting are supported Flow-create events are delayed Secure NetFlow connections are optimized for Cisco Prime Infrastructure. An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue? Bridge Protocol Data Unit guard embedded event monitoring access control lists Storm Control. An MDM provides which two advantages to an organization with regards to device management? (Choose two) asset inventory management allowed application management Active Directory group policy management network device management critical device management. Which type of attack is social engineering? trojan MITM phishing malware. What is provided by the Secure Hash Algorithm in a VPN? integrity key exchange encryption authentication. An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used? flow exporter <name> ip flow monitor <name> input ip flow-export destination 1.1.1.1 2055 flow-export destination inside 1.1.1.1 2055. Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak? Cisco WiSM Cisco ESA Cisco ISE Cisco Prime Infrastructure. Which two capabilities does TAXII support? (Choose two) exchange pull messaging binding correlation mitigating. What is the purpose of the My Devices Portal in a Cisco ISE environment? to manage and deploy antivirus definitions and patches on systems owned by the end user to register new laptops and mobile devices to provision userless and agentless systems to request a newly provisioned mobile device. When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used? Common Vulnerabilities and Exposures Common Exploits and Vulnerabilities Common Security Exploits Common Vulnerabilities, Exploits and Threats. Which solution protects hybrid cloud deployment workloads with application visibility and segmentation? Nexus Stealthwatch Firepower Tetration. How many interfaces per bridge group does an ASA bridge group deployment support? up to 16 up to 8 up to 4 up to 2. What is an attribute of the DevSecOps process? development security isolated security team mandated security controls and check lists security scanning and theoretical vulnerabilities. Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment? NGFW AMP WSA ESA. A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal? snmp-server host inside 10.255.254.1 snmpv3 myv3 snmp-server host inside 10.255.254.1 snmpv3 andy snmp-server host inside 10.255.254.1 version 3 myv3 snmp-server host inside 10.255.254.1 version 3 andy. A network administrator is configuring a rule in an access control policy to block certain URLs and selects the "Chat and Instant Messaging" category. Which reputation score should be selected to accomplish this goal? 1 10 5 3. Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic? IP and Domain Reputation Center File Reputation Center IP Slock List Center AMP Reputation Center. An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring? Client computers do not have the Cisco Umbrella Root CA certificate installed IP-Layer Enforcement is not configured Intelligent proxy and SSL decryption is disabled in the policy Client computers do not have an SSL certificate deployed from an internal CA server. Which benefit does endpoint security provide the overall security posture of an organization? It streamlines the incident response process to automatically perform digital forensics on the endpoint It allows the organization to mitigate web-based attacks as long as the user is active in the domain It allows the organization to detect and respond to threats at the edge of the network It allows the organization to detect and mitigate threats that the perimeter security devices do not detect. Which threat involves software being used to gain unauthorized access to a computer system? ping of death NTP amplification HTTP flood virus. What provides the ability to program and monitor networks from somewhere other than the DNAC GUI? ASDM desktop client API NetFlow. What is the difference between deceptive phishing and spear phishing? Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role A spear phishing campaign is aimed at a specific person versus a group of people Spear phishing is when the attack is aimed at the C-level executives of an organization Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server? url profile terminal selfsigned. What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two) data exfiltration command and control communication intelligent proxy snort URL categorization. What is the function of SDN southbound API protocols? to enable the controller to make changes to allow for the dynamic configuration of control plane applications to enable the controller to use REST to allow for the static configuration of control plane applications. Which attack is commonly associated with C and C++ programming languages? cross-site scripting water holing DDoS buffer overflow. What are two benefits of Flexible NetFlow records? (Choose two) They provide attack prevention by dropping the traffic They allow the user to configure flow information to perform customized traffic identification They provide accounting and billing enhancements They provide monitoring of a wider range of IP packet information from Layer 2 to 4 They converge multiple accounting technologies into one accounting mechanism. Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab? show authentication registrations show authentication method show dot1x all show authentication sessions. Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other? Platform Exchange Grid Advanced Malware Protection Multifactor Platform Integration Firepower Threat Defense. Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output? hashing algorithm mismatch interesting traffic was not applied authentication key mismatch encryption algorithm mismatch. Which technology reduces data loss by identifying sensitive information stored in public computing environments? Cisco SDA Cisco Firepower Cisco HyperFlex Cisco Cloudlock. A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs? multiple context mode transparent mode routed mode multiple zone mode. Why would a user choose an on-premises ESA versus the CES solution? Sensitive data must remain onsite Demand is unpredictable The server team wants to outsource this service ESA is deployed inline. What must be used to share data between multiple security products? Cisco Stealthwatch Cloud Cisco Advanced Malware Protection Cisco Platform Exchange Grid Cisco Rapid Threat Containment. Using Cisco Firepower's Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two) protocol IDs URLs IP addresses port numbers MAC addresses. After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future? Modify an access policy Modify identification profiles Modify outbound malware scanning policies Modify web proxy settings. Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device? ip device-tracking aaa new-model aaa server radius dynamic-author auth-type all. Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two) Malware infects the messenger application on the user endpoint to send company data Outgoing traffic is allowed so users can communicate with outside organizations An exposed API for the messaging platform is used to send large amounts of data Traffic is encrypted, which prevents visibility on firewalls and IPS systems Messenger applications cannot be segmented with standard network controls. An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2? sniffing the packets between the two hosts sending continuous pings overflowing the buffer's memory inserting malicious commands into the database. Which type of algorithm provides the highest level of protection against brute-force attacks? PFS HMAC MD5 SHA. Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System? correlation intrusion access control network discovery. What are two DDoS attack categories? (Choose two) sequential protocol database volume-based scree-based. What provides visibility and awareness into what is currently occurring on the network? CMX WMI Prime Infrastructure Telemetry. What is a benefit of using Cisco FMC over Cisco ASDM? Cisco FMC uses Java while Cisco ASDM uses HTML5 Cisco FMC provides centralized management while Cisco ASDM does not Cisco FMC supports pushing configurations to devices while Cisco ASDM does not Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices. Refer to the exhibit. What is a result of the configuration? Traffic from the DMZ network is redirected Traffic from the inside network is redirected All TCP traffic is redirected Traffic from the inside and DMZ networks is redirected. What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol? STIX XMPP pxGrid SMTP. What are the two most commonly used authentication factors in multifactor authentication? (Choose two) biometric factor time factor confidentiality factor knowledge factor encryption factor. What is a characteristic of a bridge group in ASA Firewall transparent mode? It allows ARP traffic with a single access rule It is a Layer 3 segment and includes one port and customizable access rules It includes multiple interfaces and access rules between interfaces are customizable It has an IP address on its BVI interface and is used for management traffic. Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE? It adds endpoints to identity groups dynamically verifies that the endpoint has the latest Microsoft security patches installed It allows the endpoint to authenticate with 802.1xor MAB It allows CoA to be applied if the endpoint status is compliant. Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two) Create an ACL to allow UDP traffic on port 9996 Enable NetFlow Version 9 Create a class map to match interesting traffic Apply NetFlow Exporter to the outside interface in the inbound direction Define a NetFlow collector by using the flow-export command. Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two) sophos engine white list RAT outbreak filters DLP. Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.
1 to 1. privilege scalation user login suspicious behavior interesting file access file access from a different user. A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem? The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users DHCP snooping has not been enabled on all VLANs The no ip arp inspection trust command is applied on all user host interfaces Dynamic ARP Inspection has not been enabled on all VLANs. A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing? SYN flood slowloris pharming phishing. What are two list types within AMP for Endpoints Outbreak Control? (Choose two) blocked ports simple custom detections command and control allowed applications URL. Drag and drop the descriptions from the left onto the encryption algorithms on the right.
2 -> Asymmetric
2 -> Symmetric requires secret keys requieres more time Diffie-Hellman exchange 3DES. Which compliance status is shown when a configured posture policy requirement is not met? unknown authorized compliant noncompliant. Refer to the exhibit. What does the API do when connected to a Cisco security appliance? gather network telemetry information from AMP for endpoints create an SNMP pull mechanism for managing AMP get the process and PID information from the computers in the network gather the network interface information about the computers AMP sees. What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway? Enable IP Layer enforcement Activate the Advanced Malware Protection license Activate SSL decryption Enable Intelligent Proxy. In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two) configure policy-based routing on the network infrastructure reference a Proxy Auto Config file use Web Cache Communication Protocol configure the proxy IP address in the web-browser settings configure Active Directory Group Policies to push proxy settings. What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise? Cisco Cloudlock Cisco Umbrella Cisco AMP Cisco App Dynamics. How does Cisco Advanced Phishing Protection protect users? It validates the sender by using DKIM It determines which identities are perceived by the sender It uses machine learning and real-time behavior analytics It utilizes sensors that send messages securely. An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network? TCP 6514 UDP 1700 TCP 49 UDP 1812. How does Cisco Umbrella archive logs to an enterprise-owned storage? by using the Application Programming Interface to fetch the logs by sending logs via syslog to an on-premises or cloud-based syslog server by the system administrator downloading the logs from the Cisco Umbrella web portal by being configured to send logs to a self-managed AWS S3 bucket. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network? SDN controller and the cloud management console and the SDN controller management console and the cloud SDN controller and the management solution. Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic? Cisco Security Intelligence Cisco Application Visibility and Control Cisco Model Driven Telemetry Cisco DNA Center. What is a key difference between Cisco Firepower and Cisco ASA? Cisco ASA provides access control while Cisco Firepower does not Cisco Firepower provides identity-based access control while Cisco ASA does not Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not Cisco ASA provides SSL inspection while Cisco Firepower does not. Under which two circumstances is a CoA issued? (Choose two) A new authentication rule was added to the policy on the Policy Service node An endpoint is deleted on the Identity Service Engine server A new Identity Source Sequence is created and referenced in the authentication policy An endpoint is profiled for the first time A new Identity Service Engine server is added to the deployment with the Administration persona. What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats? Cisco Umbrella External Threat Feeds Cisco Threat Grid Cisco Stealthwatch. What is a difference between FlexVPN and DMVPN? FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2 DMVPN uses only IKEv1. FlexVPN uses only IKEv2 DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1 FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2. Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which
port configuration is missing? cisp enable dotlx reauthentication authentication open dot1x pae authenticator. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center? quality of service time synchronization network address translations intrusion policy. Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
3 -> Cisco Firepower
3 -> Cisco AMP provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks provides superior threat prevention and mitigation for known and unknown threats provides outbreak control through custom detections provides the root cause of a threat based on the indicators of compromise seen provides the ability to perform network discovery provides intrusion prevention before malware compromises the host. Where are individual sites specified to be blacklisted in Cisco Umbrella? application settings content categories security settings destination lists. Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN? Cisco Firepower Cisco Umbrella Cisco Stealthwatch NGIPS. Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities? user input validation in a web page or web application Linux and Windows operating systems database web page images. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two) Check integer, float, or Boolean string parameters to ensure accurate values Use prepared statements and parameterized queries Secure the connection between the web and the app tier Write SQL code instead of using object-relational mapping libraries Block SQL code execution in the web application database login. A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 1.1.1.1 command on host A. The tunnel is not being established to host B. What action is needed to authenticate the VPN? Enter the same command on host B Enter the command with a different password on host B Change isakmp to ikev2 in the command on host A Change the password on host A to the default password. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN? TLSv1.2 TLSv1 TLSv1.1 DTLSv1. Which functions of an SDN architecture require southbound APIs to enable communication? SDN controller and the network elements management console and the SDN controller management console and the cloud SDN controller and the cloud. An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal? mirror port NetFlow Flow VPC flow logs. Which information is required when adding a device to Firepower Management Center? Username and password Encryption method Device serial number Registration key. Which form of attack is launched using botnets? virus EIDDOS TCP flood ODOS. Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two) DDoS antispam antivirus encryption DLP. What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective? It allows the administrator to quarantine malicious files so that the application can function, just not maliciously It discovers and controls cloud apps that are connected to a company’s corporate environment It deletes any application that does not belong in the network It sends the application information to an administrator to act on. Drag and drop the descriptions from the left onto the correct protocol versions on the right.
2 -> IKEv1
3 -> IKEv2 standard includes NAT-T uses six packets in main mode to stablish phase 1 uses four packets to stablish phase 1 and phase 2 uses three packets in aggressive mode to stablish phase 1 uses EAP for authenticating remote access clients. Which technology is used to improve web traffic performance by proxy caching? WSA Firepower FireSIGHT ASA. What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two) When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination The Cisco WSA responds with its own IP address only if it is running in explicit mode The Cisco WSA is configured in a web browser only if it is running in transparent mode The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode The Cisco WSA responds with its own IP address only if it is running in transparent mode. Which two fields are defined in the NetFlow flow? (Choose two) type of service byte Layer 4 protocol type class of service bits output logical interface destination port. Refer to the exhibit. Which type of authentication is in use? LDAP authentication for Microsoft Outlook POP3 authentication SMTP relay server authentication external user and relay mail authentication. An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this? Configure the Cisco WSA to modify policies based on the traffic seen Configure the Cisco ESA to receive real-time updates from Talos Configure the Cisco WSA to receive real-time updates from Talos Configure the Cisco ESA to modify policies based on the traffic seen. Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment? group policy access control policy device management policy platform service policy. Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
1 to 1. Install monitoring extension for AWS EC2 Restart the Machine Engine Update config.yaml Configure a Machine Agent or SIM Agent. An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal? Configure the port using the ip ssh port 22 command Enable the SSH server using the ip ssh server command Disable telnet using the no ip telnet command Generate the RSA key using the crypto key generate rsa command. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two) Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS Cisco FTDv with one management interface and two traffic interfaces configured Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises Cisco FTDv with two management interfaces and one traffic interface configured Cisco FTDv configured in routed mode and IPv6 configured. An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal? Use Bounce Verification Configure incoming content filters Bypass LDAP access queries in the recipient access table Configure Directory Harvest Attack Prevention. Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two) Patch for cross-site scripting Perform backups to the private cloud Protect against input validation and character escapes in the endpoint Install a spam and virus email filter Protect systems with an up-to-date antimalware program. What is managed by Cisco Security Manager? WSA ASA access point O ESA. What is the benefit of installing Cisco AMP for Endpoints on a network? It provides operating system patches on the endpoints for security It provides flow-based visibility for the endpoints' network connections It protects endpoint systems through application control and real-time scanning It enables behavioral analysis to be used for the endpoints. An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication? Configure the Cisco ESA to drop the malicious emails Configure policies to quarantine malicious emails Configure policies to stop and reject communication Configure the Cisco ESA to reset the TCP connection. Refer to the exhibit. What is the result of this Python script of the Cisco DNA Center API? adds authentication to a switch receives information about a switch adds a switch to Cisco DNA Center. A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment Which tool should be used to accomplish this goal? Security Manager Cloudlock Web Security Appliance Cisco ISE. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two) Put Option Get Push Connect. Which two cryptographic algorithms are used with IPsec? (Choose two) AES-BAC AES-ABC HMAC-SHA1/SHA2 Triple AMC-CBC AES-CBC. Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.
1 to 1. PortScan Detection Port Sweep Decoy PortScan Distributed PortScan. How is Cisco Umbrella configured to log only security events? per policy in the Reporting settings in the Security Settings section per network in the Deployments section. What are the two types of managed Intercloud Fabric deployment models? (Choose two) Public managed Service Provider managed Enterprise managed User managed Hybrid managed. Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two) virtualization middleware operating systems applications data. Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats? PSIRT DEVNET CSIRT Talos. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure? PaaS XaaS IaaS SaaS. Which algorithm provides asymmetric encryption? RC4 RSA AES 3DES. Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length? process details variation flow insight variation interpacket variation software package variation. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats? Application Control Security Category Blocking Content Category Blocking File Analysis. Which feature is supported when deploying Cisco ASA within AWS public cloud? multiple context mode user deployment of Layer 3 networks IPv6 clustering. An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network Which product should be used to accomplish this goal? Cisco Firepower Cisco Umbrella ISE AMP. Which public cloud provider supports the Cisco Next Generation Firewall Virtual? Google Cloud Platform Red Hat Enterprise Visualization VMware ESXi Amazon Web Services. What is the function of Cisco Cloudlock for data security? data loss prevention controls malicious cloud apps detects anomalies user and entity behavior analytics. What is the primary role of the Cisco Email Security Appliance? Mail Submission Agent Mail Transfer Agent Mail Delivery Agent Mail User Agent. What are two rootkit types? (Choose two) registry bootloader buffer mode user mode virtual. Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work? RSA SecureID Internal Database Active Directory LDAP. An engineer wants to automatically assign endpoints that have a specific OUl into a new endpoint group. Which probe must be enabled for this type of profiling to work? NetFlow DHCP SNMP NMAP. Drag and drop the capabilities from the left onto the correct technologies on the right.
1 to 1. detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks superior threat prevention and mitigation for know and unknown threats application-layer control and ability to enforce usage and tailor detection policies based on custom applications and URLs combined integrated solution of strong defense and web protection, visibility and controlling solutions. What is the purpose of the certificate signing request when adding a new certificate for a server? It is the password for the certificate that is needed to install it with It provides the server information so a certificate can be created and signed It is the certificate that will be loaded onto the server It provides the certificate client information so the server can authenticate against it when installing. An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text? weak passwords for authentication improper file security software bugs on applications unencrypted links for traffic. What is a feature of the open platform capabilities of Cisco DNA Center? domain integration intent-based APIs automation adapters application adapters. What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group? CoA external identity source posture assessment SNMP probe. What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response? EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses EPP focuses on network security, and EDR focuses on device security EDR focuses on network security, and EPP focuses on device security. What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two) integration with 802.1x security using native Microsoft Windows supplicant identification and correction of application vulnerabilities before allowing access to resources flexibility of different methods of 2FA such as phone callbacks, SMS passcodes and push notifications secure access to on-premises and cloud applications single sign-on access to on-premises and cloud applications. What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group? device flow correlation simple detections application blocking list advanced custom detections. In which type of attack does the attacker insert their machine between two hosts that are communicating with each other? LDAP injection cross-site scripting man-in-the-middle insecure API. Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is
causing this issue? Site-to-site VPN peers are using different encryption algorithms Site-to-site VPN preshared keys are mismatched No split-tunnel policy is defined on the Firepower Threat Defense appliance The access control policy is not allowing VPN traffic in. On which part of the IT environment does DevSecOps focus? application development wireless network data center perimeter network. Refer to the exhibit. Which command was used to display this output? show dot1x all show dot1x show dot1x all summary show dot1x interface gi1/0/12. What is a characteristic of Firepower NGIPS inline deployment mode? It cannot take actions such as blocking traffic ASA with Firepower module cannot be deployed It must have inline interface pairs configured It is out-of-band from traffic. How does Cisco Stealthwatch Cloud provide security for cloud environments? It delivers visibility and threat detection It prevents exfiltration of sensitive data It assigns Internet-based DNS protection for clients and servers It facilitates secure connectivity between public and private networks.
