David_145-180

When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?. Cisco AMP Private Cloud. Cisco ASA. Cisco ISE. Cisco CloudLock.

Which action blocks specific IP addresses whenever a computer with Cisco AMP for Endpoints installed connects to the network?. Create an advanced custom detection policy and add the IP addresses. Create an application block list and add the IP addresses. Create an IP Block & Allow list and add the IP addresses. Create a simple custom detection policy and add the IP addresses.

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?. websecurityconfig. websecurityadvancedconfig. webadvancedconfig. outbreakconfig.

What is a benefit of flexible NetFlow records?. They have customized traffic identification. They are used for security. They monitor a packet from Layer 2 to Layer 5. They are used for accounting.

A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to mitigate this risk?. no service password-recovery. config-register 0x00000041. no service sw-reset-button. aaa authentication console.

Which solution provides end-to-end visibility of applications and insights about application performance?. Cisco Secure Workload. Cisco AppDynamics. Cisco Cloudlock. Cisco Secure Cloud Analytics.

An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware?. Detect Files. Malware Cloud Lookup. Block Files. Block Malware.

Refer to the exhibit. Which task is the Python script performing by using the Cisco Secure Firewall API?. pushing a bulk list of network hosts to Cisco Secure Firewall Management Center. adding to an existing bulk list of internal hosts on Cisco Secure Firewall Management Center. retrieving a bulk list of network hosts from Cisco Secure Firewall Management Center. removing an existing bulk list of internal hosts from Cisco Secure Firewall Management Center.

Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organization's cloud environment?. Cisco CSR 1000v. Cisco FTD. Cisco DNA. Cisco Secure Workload.

What is a capability of EPP compared to EDR?. EPP prevents attacks on an endpoint, and EDR focuses on protecting email and web servers. EPP prevents attacks made via email, and EDR prevents attacks on a web server. EPP prevents attacks on an endpoint, and EDR detects attacks that penetrate the environment. EPP prevents attacks on a website, and EDR focuses on protecting computers and servers.

How should an organization gain visibility into encrypted flows leaving the organization?. Decrypt and inspect the HTTPS traffic. Implement AAA for external users. Add Cisco Secure Firewall IPS. Enable a VPN for more sensitive data.

How does a Cisco Secure Firewall help to lower the risk of exfiltration techniques that steal customer data?. blocking TCP port 53. inspecting the DNS traffic. encrypting the DNS communication. blocking UDP port 53.

An administrator is configuring a new destination list in Cisco Umbrella. The administrator received a Microsoft Excel file that contains a long list of domains. Which two actions must be taken to ensure successful implementation? (Choose two.). Keep one domain per line. Limit each file to 50 domains. Use a semicolon instead of a comma. Convert the Excel file into XML format. Convert the Microsoft Excel file to .TXT.

An administrator is implementing management plane protection and must configure an interface on a Cisco router to only terminate management packets that are destined for the router. Which set of IOS commands must be used to complete the implementation?. #control-plane #management-plane #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh #allow peer ssh. #control-plane #management-plane #inband #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh. #control-plane #management-plane #out-of-band #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh. #control-plane #management-plane #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh.

An engineer must implement a Cisco Secure Web Appliance to filter internet traffic for a company with a Cisco ASA. All internet traffic on ports 80 and 443 must go: 1. From Client-SiteA to the Cisco ASA 2. From the Cisco ASA to the Secure Web Appliance What must be implemented to meet the requirements?. SPAN. RSPAN. HSRP. WCCP.

A company is planning to deploy an application to a secure cloud environment. Requirements include the following: 1. A third-party must control the underlying cloud infrastructure. 2. The company must control the deployed applications. 3. A third-party must control networking components. Which cloud service model must be used?. SaaS. IaaS. PaaS. private cloud.

A security engineer must prevent users from accessing malicious websites by enabling URL filtering in Cisco Secure Firewall Management Center. The engineer activates the appropriate licenses, enables access from Firewall Management Center to the internet, and enables the URL filtering feature. Which action must be taken next to complete the implementation?. Order the rules so that traffic hits key rules first. Deploy configuration changes to Firewall Management Center. Configure category and reputation-based blocking. Ensure that the system has received updated URL data.

What is a difference between weak passwords and missing encryption?. Weak passwords are guessed easily, and missing encryption allows information to be decrypted. Weak passwords cause programs to crash, and missing encryption sends data to a memory location. Weak passwords consume bandwidth, and missing encryption allows user information to be hijacked. Weak passwords allow programs to be renamed, and missing encryption hides .exe extensions.

What has driven an increase in the need for endpoint-based security?. minimal endpoint-based security manual configuration and implementation. stricter control mechanism requirements for enterprise access. increased number of BYOD policies and hybrid remote worker. increased data volumes and value in data center storage.

What is an attribute of Cisco Talos?. fast and intelligent responses based on threat data. cyber threat intelligence interchange and maintenance. cyber threats posing as authorized users and devices. introduction of attributes that use objects and narrative relations.

An engineer must deploy a Cisco Secure Web Appliance. Antimalware scanning must use the Outbreak Heuristic antimalware category on files identified as malware before performing any other processes. What must be configured on the Secure Web Appliance to meet the requirements?. McAfee scanning engine. Adaptive Scanning. Webroot scanning engine. Sophos scanning engine.

What is the definition of phishing?. malicious email spoofing attack that targets a specific organization or individual. any kind of unwanted, unsolicited digital communication that gets sent out in bulk. sending fraudulent communications that appear to come from a reputable source. impersonation of an authorized website to deceive users into entering their credentials.

Which network technology does Cisco Next-Generation Firewall replace?. load balancer. intrusion detection. Web Application Firewall. Demilitarized Zone router.

What is a capability of the Cisco ISE guest service in the web-based portal?. creates an open SSID to give Wi-Fi access to guests without authentication. provides sponsors with a portal to create and manage accounts for visitors. gives consultants a self-service platform for password resets. allows Cisco Technical Assistance Center to create a temporary root account.

A company named Org.Co plans to migrate a messaging app to a software as a service offering. A security engineer must protect data-at-rest and data in transit, and the solution must enforce policy-based security control automatically. What must be integrated with the SaaS offering to meet these requirements?. next generation firewall. Perimeter Extended Detection and Response. Cloud Access Security Broker. Cloud Workload Protection.

A network administrator wants to deploy a Secure Web Appliance to protect users even when they are outside of the corporate environment. The destination IP and port of all packets sent from the user devices must be that of the proxy. Which proxy method must be used to meet this requirement?. reverse. anonymity. transparent. explicit.

Which type of attack does multifactor authentication help protect against?. cross-site scripting. SQL injection. brute force. man-in-the-middle.

What are the two distribution methods available to an administrator when performing a fresh rollout of the Cisco Secure Client Secure Mobility Client? (Choose two.). web deploy. SFTP. TFTP. cloud update. predeploy.

A network engineer must segment a corporate network into smaller, more manageable networks by using a Cisco Nexus 1000V switch. The corporate infrastructure uses port 443 for access. The engineer enables Network Segmentation Manager and sets up the port profiles. Which action must be taken next?. Migrate networks to a nondefault segmentation policy. Register Network Segmentation Manager with vShield Manager. Enable all ports associated with the segmented VLANs. Create the network segmentation policies.

An engineer must protect data hosted in the cloud by using Cisco CloudLock data loss protection policies. the engineer uses a predefined policy for the configuration and needs the policy to return the closest exact match for a regular expression. Which action completes the implementation?. Set the occurrence threshold of search patterns to the lowest number. Configure the policy to use specific regular expressions for the proximity. Set the tolerance to Strict in the policy. Configure exceptions to the regular expression.

What is the purpose of the Trusted Automated eXchange cyber threat intelligence industry standard?. language used to represent security information. service used to exchange security information. public collection of threat intelligence feeds. threat intelligence sharing organization.

Refer to the exhibit. A network engineer must delete part of a Cisco router configuration using the NETCONF API. The engineer uses a Python script to automate the activity. Which code snippet completes the script?. <interface nc:actions="delete" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>. <interface nc:operation="delete" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>. <interface nc:operation="erase" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>. <interface nc:operation="change" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>.

Refer to the exhibit. A network engineer configures a network on a Cisco switch that has interVLAN routing where PC1 belongs to VLAN10 and PC2 belongs to VLAN20. Which action should be taken to allow the devices on PC1 to connect to the internet?. Create VLAN10 and assign port G0/0/1. Create VLAN10 and assign port Fa0/6. Create VLAN10. Delete VLAN20 and recreate new VLANs.

What is a difference between SQL injection and buffer overflow attacks?. SQL injection targets databases, and buffer overflow targets applications. SQL injection requires only remote access, and buffer overflow needs local access. SQL injection targets websites, and buffer overflow targets software. SQL injection reads data from memory, and buffer overflow inserts data into memory.

An engineer must prevent communication with a cloud application being decrypted. The application database uses AES-256 with SHA-512, and web access to the application uses HTTPS with SSLv2 self-signed certificates. TLS 1.3 with self-signed certificates. SSLv3 with signed certificates. TLS 1.3 with signed certificates. SSLv3 with self-signed certificates.

How is an amplification DDoS attack performed?. sending instructions to a collection of compromised devices to launch a large-scale network attack. generating and sending the packets directly to the target device from the source of the attack to overwhelm the device. turning small DNS queries into DNS responses that are much larger in packet size to flood the target device. triggering a memory buffer overflow that causes a device to consume all the available resources.