Which DoS attack uses fragmented packets to crash a target machine? teardrop MITM smurf LAND. A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy? Transport mode Forward file PAC file Bridge mode. What is the difference between Cross-site Scripting and SQL Injection attacks? Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side. What is the purpose of a Netflow version 9 template record? It specifies the data format of NetFlow processes It provides a standardized set of information about an IP flow It defines the format of data records t serves as a unique identification number to distinguish individual data records. A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented Which two actions must be taken in order to meet these requirements? (Choose two) Use outbreak filters from SenderBase Enable a message tracking service Configure a recipient access table Deploy the Cisco ESA in the DMZ Scan quarantined emails using AntiVirus signatures. What is a difference between an XSS attack and an SQL injection attack? SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them. An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems? missing encryption lack of file permission weak passwords lack of input validation. Which component of cisco umbrella architecture increases reliability of the service? Anycast IP AMP Threat grid Cisco Talos BGP route reflector. What are two functions of secret key cryptography? (Choose two) key selection without integer factorization utilization of different keys for encryption and decryption utilization of large prime number iterations utilization of less memory provides the capability to only know the key on one side. A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this? Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy Make the priority for the new policy 5 and the primary policy 1 Change the encryption to AES* to support all AES algorithms in the primary policy Make the priority for the primary policy 10 and the new policy 1. Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA. An administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this? Group policy Method SAML server AAA server group. Which type of encryption uses a public key and private Key? asymmetric symmetric linear nonlinear. Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious? Cisco Dynamic Cisco Talos Cisco AMP Cisco AnyConnect. Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node? RADIUS Change of Authorization device tracking DHCP snooping VLAN hopping. Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources? BYOD on boarding Simple Certificate Enrollment Protocol Client provisioning MAC authentication bypass. A switch with Dynamic ARP inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation? It forwards the packet without validation It forwards the packet after validation by using the MAC Binding Table It drops the packet after validation by using the IP & MAC Binding Table It drops the packet Without validation. An organization wants to secure data in a cloud environment Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements? virtual routing and forwarding microsegmentation access control policy virtual LAN. Refer to the exhibit. What will happen when this Python script is run? The compromised computers and malware trajectories will be received from Cisco AMP The list of computers and their current vulnerabilities will be received from Cisco AMP The compromised computers and what compromised them will be received from Cisco AMP The list of computers, policies and connector statuses will be received from Cisco AMP. Which IPS engine detects ARP spoofing? Atomic ARP Engine Service Generic Engine ARP Inspection Engine AIC Engine. When choosing an algorithm to us what should be considered about Diffie Hellman and RSA for key establishment? RSA is an asymmetric key establishment algorithm Intended to output symmetric keys DH is a symmetric key establishment algorithm Intended to output asymmetric keys DH is on asymmetric key establishment algorithm intended to output symmetric keys RSA is a symmetric key establishment algorithm intended to output asymmetric keys. An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked? Configure the *.com address in the block list Configure the *.domain.com address in the block list Configure the domain.com address in the block list. Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group? private hybrid community public. Which parameter is required when configuring a Netflow exporter on a Cisco Router? DSCP value exporter name source interface exporter description. Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two) Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the
preconfigured interval Use EEM to have the ports return to service automatically in less than 300 seconds Enter the shutdown and no shutdown commands on the interfaces Enable the snmp-server enable traps command and wait 300 seconds Ensure that interfaces are configured with the error-disable detection and recovery feature. What is managed by Cisco Security Manager? Cisco ASA Cisco WSA Cisco WLC Cisco ESA. What is a difference between DMVPN and sVTI? DMVPN supports tunnel encryption, whereas sVTI does not DMVPN supports dynamic tunnel establishment, whereas sVTI does not DMVPN supports static tunnel establishment, whereas sVTI does not DMVPN provides interoperability with other vendors, whereas sVTI does not. An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements? Cisco Umbrella Cisco AMP Cisco Stealthwatch Cisco Tetration. Which kind of API that is used with Cisco DNA Center provisions SSIDs, Qos policies, and update software versions on switches? integration event intent multivendor. A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network? Use MAB with profiling Use MAB with posture assesment Use 802.1X with posture assessment Use 802.1X with profiling. Which attack is preventable by Cisco ESA but not by the Cisco WSA? buffer overflow DoS SQL injection phishing. Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System? It allows traffic if it does not meet the profile It defines a traffic baseline for traffic anomaly deduction It inspects hosts that meet the profile with more intrusion rules It blocks traffic if it does not meet the profile. What does Cisco AMP for Endpoints use to help an organization detect different families of malware? Ethos Engine to perform fuzzy fingerprinting Tetra Engine to detect malware when me endpoint is connected to the cloud Clam AV Engine to perform email scanning Spero Engine with machine learning to perform dynamic analysis. An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue? Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE Configure the device sensor feature within the switch to send the appropriate protocol information Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect. What is a difference between a DoS attack and a DDoS attack? A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets. In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two) It allows multiple security products to share information and work together to enhance security posture in the network It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint It integrates with third-party products to provide better visibility throughout the network It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID). What Cisco command shows you the status of an 802.1X connection on interface gi0/1? show authorization status show authen sess int gi0/1 show connection status gi0/1 show ver gi0/1. What is a functional difference between a cisco ASA and a Cisco IOS router with Zone-based policy firewall? The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces. Which type of protection encrypts RSA keys when they are exported and imported? file passphrase NGE nonexportable. What are two advantages of using Cisco Any connect over DMVPN? (Choose two) It provides spoke-to-spoke communications without traversing the hub It allows different routing protocols to work over the tunnel It allows customization of access policies based on user identity It allows multiple sites to connect to the data center It enables VPN access for individual users from their machines. An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command nip authentication-key 1 md5 Clse392368270. The server at 184.108.40.206 is attempting to authenticate to the client at 220.127.116.11 however is unable to do so. Which command is required to enable the client to accept the server's authenhcation key? ntp peer 18.104.22.168 key 1 ntp server 22.214.171.124 key 1 ntp server 126.96.36.199 key 1 ntp peer 188.8.131.52 key 1. Which action controls the amount of URI text that is stored in Cisco WSA logs files? Configure the datasecurityconfig command Configure the advancedproxyconfig command with the HTTPS subcommand Configure a small log-entry size Configure a maximum packet size. A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details? Adoptive Network Control Policy List Context Visibility Accounting Reports RADIUS Live Logs. In an laaS cloud services modal, which security function is the provider responsible for managing? Internet proxy firewalling virtual machines CASB hypervisor OS hardening. An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished? Set a trusted interface for the DHCP server Set the DHCP snooping bit to 1 Add entries in the DHCP snooping database Enable ARP inspection for the required VLAN. Which attribute has the ability to change during the RADIUS CoA? NTP authorization accessibility membership. An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal? SIEM CASB Adaptive MFA Cisco Cloudlock. When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN? Multiple routers or VRFs are required Traffic is distributed statically by default Floating static routes are required HSRP is used for fallover. What is a capability of Cisco ASA Netflow? It sends NetFlow data records from active and standby ASAs in an active standby failover pair It filters NSEL events based on traffic It logs ll event types only to the same collector It generates NSEL events even if the MPF is not configured. An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this? crypto ca identity 172.19.20.24 crypto isakmp key CiscoOl23456789 172.19.20.24 crypto enrollment peer address 172.19.20.24 crypto isakmp identity address 172.19.20.24. What are the two types of managed Intercloud Fabric deployment models? (Choose two) Public managed Service Provider managed Enterprise managed User managed Hybrid managed. An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements? Cisco Umbrella Cisco Cloud Email Security Cisco NGFW Cisco Cloudlock. Which algorithm is an NGE hash function? HMAC SHA-1 MD5 SHA-2. On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices? health policy system policy correlation policy access control policy health awareness policy. What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two) blocked ports simple custom detections command and control allowed applications URL. A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue? The policy was created to send a message to quarantine instead of drop The file has a reputation score that is above the threshold The file has a reputation score that is below the threshold The policy was created to disable file analysis. Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
1 to 1. Version 1 Version 5 Version 8 Version 9. Refer to the exhibit. What will happen when the Python script is executed? The hostname will be translated to an IP address and printed The hostname will be printed for the client in the client ID field The script will pull all computer hostnames and print them The script will translate the IP address to FODN and print it. An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability? quarantine and alter the subject header with a DLP violation deliver and add disclaimer text deliver and send copies to other recipients quarantine and send a DLP violation notification. Which two features of Cisco Email Security can protect your organization against email threats? (Choose two) Time-based one-time passwords Data loss prevention Heuristic-based filtering Geolocation-based filtering NetFlow. Which risk is created when using an Internet browser to access cloud-based service? misconfiguration of Infra, which allows unauthorized access intermittent connection to the cloud connectors vulnerabilities within protocol insecure implementation of API. What are two Trojan malware attacks? (Choose two) rootkit frontdoor smurf backdoor sync. For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two) LDAP SDP subordinate CA HTTP SCP. Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? westbound API southbound API northbound API eastbound API. How does Cisco Workload Optimization Manager help mitigate application performance issues? It deploys an AWS Lambda system It automates resource resizing It optimizes a flow path It sets up a workload forensic score. An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs. Which solution meets the needs of the organization? Cisco FMC CSM Cisco FDM CDO. Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue? The hashing algorithm that was used was MD5 which is unsupported The key was configured in plain text NTP authentication is not enabled The router was not rebooted after the NTP configuration updated. Why is it important to implement MFA inside of an organization? To prevent man-the-middle attacks from being successful To prevent DoS attacks from being successful To prevent brute force attacks from being successful To prevent phishing attacks from being successful. Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network? westbound API southbound API northbound API eastbound API. Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Coose two) Port Rule Source Application Protocol. Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications? orchestration CI/CD pipeline container security. A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment. They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why? DMVPN because it supports lKEv2 and FlexVPN does not FlexVPN because it supports IKEv2 and DMVPN does not FlexVPN because it uses multiple SAs and DMVPN does not DMVPN because it uses multiple SAs and FlexVPN does not. A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should? Create an IP block list for the website from which the file was downloaded Block the application that the file was using to open Upload the hash for the file into the policy Send the file to Cisco Threat Grid for dynamic analysis. A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this? a Network Discovery policy to receive data from the host a Threat Intelligence policy to download the data from the host a File Analysis policy to send file data into Cisco Firepower a Network Analysis policy to receive NetFlow data from the host. After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform to determine where each message was lost? Configure the trackingconfig command to enable message tracking Generate a system report Review the log files Perform a trace. A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two) DHCP Snooping 802.1AE MacSec Port security IP Device tracking Dynamic ARP inspection Private VLANs. What is a difference between GETVPN and IPsec? GETVPN provides key management and security association management GETVPN reduces latency and provides encryption over MPLS without the use of a central hub GETVPN is based on IKEv2 and does not support IKEv1 GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices. An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task? Set content settings to High Configure the intelligent proxy Use destination block lists Configure application block lists. Which type of DNS abuse exchanges data between two computers even when there is no direct connection? malware installation command-and-control communication network footprinting data exfiltration. Which attack type attempts to shut down a machine or network so that users are not able to access it? IP spoofing bluesnarfing MAC spoofing smurf. An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue? Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains. Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them? to prevent theft of the endpoints because defense-in-depth stops at the network to expose the endpoint to more threats because human error or insider threats will still exist. What is the primary benefit of deploying an ESA in hybrid mode? You can fine-tune its settings to provide the optimum balance between security and performance for your environment It provides the lowest total cost of ownership by reducing the need for physical appliances They correlate data about intrusions and vulnerability They identify data that the ASA sends to the Firepower module. An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue? The hash being uploaded is part of a set in an incorrect format The file being uploaded is incompatible with simple detections and must use advanced detections The engineer is attempting to upload a hash created using MD5 instead of SHA-256 The engineer is attempting to upload a file instead of a hash. Drag and drop the cloud security assessment components from the left onto the definitions on the right.
1 to 1. user entity behavior assesment cloud data protection assesment cloud security strategy workshop cloud security architecture assesment. An organization wants to use Cisco FTD or Cisco ASA devices Specific URLs must be blocked from being accessed via the firewall which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy Which solution should be used to meet this requirement? Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not Cisco ASA because it includes URL filtering in the access control policy capabilities whereas Cisco FTD does not Cisco FTD because it includes URL filtering in the access control policy capabilities whereas Cisco ASA does not Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not. What features does Cisco FTDv provide over ASAv? Cisco FTDv supports URL filtering while ASAv does not Cisco FTDv runs on VMWare while Cisco ASAv does not Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not Cisco FTDv runs on AWS while Cisco ASAv does not. Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System? control matware URL filtering protect. What is a prerequisite when integrating a Cisco ISE server and an AD domain? Place the Cisco ISE server and the AD server in the same subnet Configure a common administrator account Configure a common DNS server Synchronize the docks of the Cisco ISE server and the AD server. In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform? when there is a need for traditional anti-malware detection when there is no need to have the solution centrally managed when there is no firewall on the network when there is a need to have more advanced detection capabilities. Drag and drop the threats from the left onto examples of that threat on the right
1 to 1. DoS/DDoS Insecure APIs data breach compromised credentials. Which Cisco AMP file disposition valid? pristine malware dirty nonmalicios. Which factor must be considered when choosing the on-premise solution over the cloud-based one? With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it. What is a benefit of performing device compliance? providing multi-factor authentication device classification and authorization providing attribute-driven policies verification of the latest OS patches. Refer to the exhibit. What does this python script accomplish? It lists the LDAP users from the external identity store configured on Cisco ISE It authenticates to a Cisco ISE server using the username of ersad It allows authentication with TLSv1 SSL protocol It authenticates to a Cisco ISE with an SSH connection. Which CLI command is used to register a Cisco FirePOWER sensor to Firepower Management Center? configure system add <host> <key> configure manager <key> add host configure manager delete configure manager add <host> <key>. Refer to the exhibit. How does Cisco Umbrella manage traffic that is directed toward risky domains? Traffic is managed by the application settings, unhandled and allowed Traffic is allowed but logged Traffic is managed by the security settings and blocked Traffic is proxied through the intelligent proxy. Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos? consumption sharing analysis authoring. What are two characteristics of Cisco DNA Center APIs? (Choose two) Postman is required to utilize Cisco DNA Center API calls They do not support Python scripts They are Cisco proprietary They quickly provision new devices They view the overall health of the network. Which category includes Dos Attacks? virus attacks trojan attacks flood attacks phishing attacks. An organization is using Cisco Firepower and Cisco Meraki MX for network security and; needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal? Cisco Defense Orchestrator Cisco Secureworks Cisco DNA Center Cisco Configuration Professional. An organization wants to secure users, data and applications in the cloud. The solution must be API-based and operate as a cloud-native CASB. What solution must be used for this implementation? Cisco Firepower Next-Generation Firewall Cisco Cloud Email Security Cisco Umbrella Cisco Cloudlock. Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD uses a registration key of Cisc392368270 and is not behind a NAT device, Which command is needed to enable this on the Cisco FTD? configure manager add DONTRESOLVE kregistration key> configure manager add <FMC IP address> <registration key> 16 configure manager add DONTRESOLVE <registration key> FTD123 configure manager add <FMC IP address> <registration key>. What is the role of an endpoint in protecting a user from a phishing attack? Use Cisco Stealthwatch and Cisco ISE Integration Utilize 802.1X network security to ensure unauthorized access to resources Use machine learning models to help identify anomalies and determine expected sending behavior Ensure that antivirus and anti malware software is up to date. Drag and drop the solutions from the left onto the solution's benefits on the right.
1 to 1. Cisco Stealthwatch Cisco ISE Cisco TrustSec Cisco Umbrella. Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two) It can handle explicit HTTP requests It requires a PAC file for the client web browser It requires a proxy for the client web browser WCCP v2-enabled devices can automatically redirect traffic destined to port 80 Layer 4 switches can automatically redirect traffic destined to port 80. With which components does a southbound API within a software-defined network architecture communicate? controllers within the network applications appliances devices such as routers and switches. Which two deployment modes does the Cisco ASA FirePOWER module support? (Choose two) transparent mode routed mode inline mode active mode passive monitor-only mode. An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this? Use security services to configure the traffic monitor Use URL categorization to prevent the application traffic Use an access policy group to configure application control settings Use web security reporting to validate engine functionality. An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together? Set the sftunnel to go through the Cisco FTD Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices Set the sftunnel port to 8305 Manually change the management port on Cisco FMC and all managed Cisco FTD devices. An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal? AES-192 IKEv1 AES-256 ESP. Which function is the primary function of Cisco AMP threat Grid? automated email encryption applying a real-time URI blacklist automated malware analysis monitoring network traffic. Which two capabilities of Integration APIs are utilized with Cisco DNA center? (Choose two) Application monitors for power utilization of devices and loT sensors Upgrade software on switches and routers Automatically deploy new virtual routers Connect to Information Technology Service Management Platforms Create new SSIDs on a wireless LAN controller. When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP address in this command is used for. What would he the effect of changing the IP address from 0.0.0 0 to 184.108.40.206? The key server that is managing the keys for the connection will be at 220.127.116.11 The remote connection will only be allowed from 18.104.22.168 The address that will be used as the crypto validation authority All IP addresses other than 22.214.171.124 will be allowed. With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment? vulnerable software file analysis detections prevalence threat root cause. An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this? NetFlow Packet Tracer Network Discovery Access Control. An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue? Configure security appliances to send syslogs to Cisco Stealthwatch Cloud Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud. What is a benefit of conducting device compliance checks? It indicates what type of operating system is connecting to the network It validates if anti-virus software is installed It scans endpoints to determine if malicious activity is taking place It detects email phishing attacks. Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users? file access from a different user interesting file access user login suspicious behavior privilege escalation. Drag and drop the VPN functions from the left onto the description on the right.
1 to 1. RSA AES SHA-1 ISAKMP. What is the benefit of integrating cisco ISE with a MDM solution? It provides the ability to update other applications on the mobile device It provides compliance checks for access to the network It provides the ability to add applications to the mobile device through Cisco ISE It provides network device administration access. A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this? map SNMPv3 users to SNMP views set the password to be used for SNMPv3 authentication define the encryption algorithm to be used by SNMPv3 specify the UDP port used by SNMP. Drag and drop the common security threats from the left onto the definitions on the right.
1 to 1. phishing botnet spam worm. What are two features of NetFlow flow monitoring? (Choose two) Copies all ingress flow information to an interface Include the flow record and the flow importer Can track ingress and egress information Can be used to track multicast, MPLS or bridged traffic Does not required packet sampling on interfaces. An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements? Implement pre-filter policies for the CIP preprocessor Enable traffic analysis in the Cisco FTD Configure intrusion rules for the DNP3 preprocessor Modify the access control policy to trust the industrial traffic. A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor? Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. What is the role of Cisco Umbrella Roaming when it is installed on an endpoint? to ensure that assets are secure from malicious links on and off the corporate network to protect the endpoint against malicious file transfers to establish secure VPN connectivity to the corporate network to enforce posture compliance and mandatory software. Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance? RBAC ETHOS detection engine SPERO detection engine TETRA detection engine. What is the purpose of CA in a PKI? to create the private key for a digital certificate to validate the authenticity of a digital certificate to issue and revoke digital certificates to certify the ownership of a public key by the named subject. An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network Which solution meets these requirements? Cisco Umbrella Cloud Cisco Stealthwatch Cloud PNM Cisco Stealthwatch Cloud PCM Cisco Umbrella On-Premises. Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment? 1 6 31 2. Which service allows a user export application usage and performance statistics with Cisco Application Visibility and control? SNORT 802.1X SNMP NetFlow. Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe? Audio Mandatory Optional Visibility. Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets? ESP AH IKEv1 IKEv2. What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes? Telemetry uses a pull, method which makes it more reliable than SNMP Telemetry uses push and pull, which makes it more scalable than SNMP Telemetry uses a push method, which makes it faster than SNMP Telemetry uses push and pull, which makes it more secure than SNMP. Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter? cloud web services network AMP private cloud public cloud. An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements? Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device Configure active traffic redirection using WPAD m the Cisco WSA and on the network device Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA. A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases? need to be reestablished with stateful failover and preserved with stateless failover need to be reestablished with both stateful and stateless failover preserved with both stateful and stateless failover preserved with stateful failover and need to be reestablished with stateless failover. Which type of dashboard does Cisco DNA Center provide tor complete control of the network? service management centralized management application management distributed management.