Danilo 469-504

469. Which deployment approach must be used to prevent harmful traffic spreading at branch sites?. antivirus module of the firewall. intrusion prevention system at the branch. intrusion detection system at the branch. antimalware module of the firewall.

470. Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?. To view bandwidth usage for Net-low records, the QoS feature must be enabled. NSEL can be used without a collector configured. A flow-export event type must be defined under a policy. A sysopt command can be used to enable NSEL on a specific interface.

471. Which security mechanism is designed to protect against "offline brute-force" attacks?. Token. MFA. Salt. CAPTCHA.

472. Which command enabled 802.1X globally on a Cisco switch?. dot1x system-auth-control. dot1x pae authenticator. aaa new-model. authentication port-control auto.

473. Why is it important for the organization to have an endpoint patching strategy?. so the internal PSIRT organization is ware of the latest bugs. so the organization can identify the endpoint vulnerabilities. so the latest security fixes are installed on the endpoints. so the network administrator is no fed when an existing bug is encountered.

474. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two). Write SQL code instead of using object-relational mapping libraries. Block SQL code execution in the web application database login. Secure the connection between the web and the app tier. Use prepared statements and parameterized queries. Check integer, float, or Boolean string parameters to ensure accurate values.

475. What is the function of SDN southbound API protocols?. to allow for the static configuration of control plane applications. to allow for the dynamic configuration of control plane applications. to enable the controller to make changes. to enable the controller to use REST.

476. Which two mechanism are used to control phishing attacks? (Choose Two.). Enable browser alerts for fraudulent websites. Implement email filtering techniques. Revoke expired CRL of the websites. Define security group memberships. Use antispyware software.

477. How is Cisco Umbrella configured to log only security events?. in the Reporting settings. per network in the Deployment section. Deployments section. per policy.

478. An engineer is configured AMP for endpoints and wants to block certain files from executing Which outbreak control method is used to accomplish this task?. application blocking list. device flow correlation. advanced custom detections. simple detections.

479. A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMWare vMotion. What is a requirement for both physical hosts?. The hosts must run different versions of Cisco AsyncOS. The hosts must run Cisco AsyncOS 10.0 or greater. The host must have access to the same defined network. The hosts must use a different datastore than the virtual appliance.

480. What is an attribute of the DevSecOps process?. isolated security team. mandated security controls and check lists. security scanning and theoretical vulnerabilities. development security.

481. What are two rootkit types? (Choose two.). virtual. bootloader. registry. buffer mode. user mode.

482. What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.). allowed applications. simple custom detections. blocked ports. URL. command and control.

483. What are two trojan malware attacks? (Choose two.). frontdoor. rootkit. smurf. sync. backdoor.

484. Which two conditions are prerequisites for stateful failover for IPSec? (Choose two.). Only the IKE configuration that is set up on the active device must be duplicated on the standby device, the IPSec configuration is copied automatically. Only the IPSec configuration that is set up on the active device must be duplicated on the standby device, the IKE configuration is copied automatically. The IPSec configuration that is set up on the active device must be duplicated on the standby device. The active and standby devices can run different version of the Cisco IOS software but must be the same type of device. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

485. How is DNS tunneling used to exfiltrate data out of a corporate network?. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers. It computes DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks. It encodes the payload with random characters that are broken into shot stings and the DNS server rebuilds the exfiltrated data.

486. Which two features of Cisco DNA Center are used in a Software Defined Network Solution? (Choose two.). encryption. assurance. accounting. authentication. automation.

487. Which algorithm provides encryption and authentication for data plane communication?. SHA-384. AES-256. SHA-96. AES-GCM.

488. Which two facts must be considered when deciding whether to deploy the Cisco WSA in Standard mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two.). External DLP is availably only in Standard mode and Hybrid Web Security Mode. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring. ISE Integration is available only in Standard mode and Hybrid Web Security mode. The onsite web proxy is not supported in Cloud Web Security Connector mode. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy.

489. A network engineer has configured a NTP server on a Cisco ASA. The ASA has IP reachability to the NTP server and is not filtering any traffic The "show ntp association detail" command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the Cause of this issue?. An access list entry for UDP port 123 on the outside interface is missing. An access list entry for UDP port 123 on the inside interface is missing. NTP is not configured to use a working server. Resynchronization of NTP is not forced.

490. A networking team must harden an organization's core switch against man-in-the-middle attacks. The team must use Dynamic ARP inspection on the switch to meet the requirement. The team enables DHCP snooping and Dynamic ARP Inspection and configures the trust state of the service. Which action must be taken next to complete the configuration of the Dynamic ARP inspection feature?. Configure the ARP packet rate limiting feature. Only ARP access control lists for Dynamic ARP inspection filtering. Enable Dynamic ARP inspection logging for dropped packets. Enable Dynamic ARP inspection error-disabled recovery.

491. What are two benefits of workload security? (Choose two.). scalable security policies. reduced attack surface. automated patching. workload modeling. tracked application security.

492. Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?. Cisco Talos. Cisco AnyConnect. Cisco AMP. Cisco Dynamic DNS.

493. How is ICMP used as an exfiltration technique?. by sending large numbers of ICMP packets with targeted hosts source IP address using an IP broadcast address. by flooding the destination host with unreachable packets. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host. by overwhelming a targeted host with ICMP echo-request packets.

494. What is a feature of Cisco Netflow Secure Event Logging for Cisco ASAs?. Multiple NetFlow collectors are supported. Secure NetFlow connections are optimized for Cisco Prime Infrastructure. Flow-create events are delayed. Advanced NetFlow V9 templates and legacy v5 formatting are supported.

495. An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platform. Which software should be used to accomplish this goal?. Cisco DNA Center. Cisco Defense Orchestrator. Cisco Configuration Professional. Cisco Secureworks.

496. What is a prerequisite when integrating a Cisco ISE and an AD domain?. Place the Cisco ISE server and the AD server in the same subnet. Synchronize the clocks of the Cisco ISE server and the AD Server. Configure a common DNS server. Configure a common administrator account.

497. A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud Analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM Appliance deployed in a VMware-based hypervisor?. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

498. What are two functions of IKEv1 but not IKEv2? (Choose two.). With IKEv1, aggressive mode negotiates faster than main mode. IKEv1 conversations are initiated by the IKE_SA_INIT message. IKEv1 uses EAP for authentication. NAT-T is supported in IKEv1 but not in IKEv2. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext.

499. A small organization needs to reduce the VPN bandwidth load on their headed Cisco ASA in order to ensure that bandwidth is available for VPN users needing access to corporate resources on the 10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the network?. Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network. Configure VPN load balancing to distribute traffic for the 10.0.0.0/24 network. Configure VPN load balancing to send non-corporate traffic straight to the internet. Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only.

500. Which Cisco solution integrates Encrypted traffic analytics to perform enhanced visibility, promote compliance, shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?. Cisco DNA Center. Cisco SDN. Cisco Security Compliance Solution. Cisco ISE.

501. Which Algorithm does ISAKMP use to securely derive encryption and integrity keys?. Diffie-Hellman. 3DES. AES. RSA.

502. Why is it important to implement multifactor authentication inside of an organization?. To prevent DoS attack from being successful. To prevent brute force attacks from being successful. To prevent phishing attacks from being successful. To prevent man-in-the-middle attacks from being successful.

503. Which two application layer preprocessors are used by Secure Firewall IPS? (Choose two.). inline normalization. packet decoder. SIP. SSL. modbus.

504. An engineer has configured TACACS+ to perform user authentication on Cisco catalyst switch. The authentication must fall back to the local user database of the switch in case TACACS server is unreachable. The engineer performed configurations already: 1. Enable AAA Services. 2. TACACS server with server group named TACACS-GROUP Which configuration must be done next to meet the requirement?. aaa authentication login TACACS group TACACS-GROUP local. aaa authentication login TACACS-GROUP group TACACS local. aaa authentication login TACACS-GROUP group local TACACS. aaa authentication login TACACS group local TACACS+GROUP.