Elias 217-252

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?. Configure the default policy to redirect the request to the correct policy. Place the policy with the most-specific configuration last in the policy order. Make the correct policy first in the policy order. Configure only the policy with the most recently changed timestamp.

Which two capabilities of Integration APIs are utilized with Cisco Catalyst Center? (Choose two.). Third party reporting. Create new SSIDs on a wireless LAN controller. Upgrade software on switches and routers. Automatically deploy new virtual routers. Connect to ITSM platforms.

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?. Fuzzing Framework. Radamsa. AFL. OWASP.

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against a Active Directory. What must be considered about the authentication requirements? (Choose two.). The ISE account must be a domain administrator in Active Directory to perform JOIN operations. RADIUS communication must be permitted between the ISE server and the domain controller. Active Directory supports users and machine authentication by using MSCHAPv2. Active Directory only supports user authentication by using MSCHAPv2. LDAP communication must be permitted between the ISE server and the domain controller.

What is the purpose of a NetFlow version 9 template record?. It provides a standardized set of information about an IP flow. It defines the format of data records. It serves as a unique identification number to distinguish individual data records. It specifies the data format of NetFlow processes.

Which VPN provides scalability for organizations with many remote sites?. DMVPN. site-to-site IPsec. GRE over IPsec. SSL VPN.

WhatWhat are two ways that Cisco Container Platform provides value to customer who utilize cloud service providers? (Choose two.). manages Kubernetes clusters. manages Docker containers. helps maintain source code for could deployments. creates complex tasks for managing code. allows developers to create code once and deploy to multiple clouds.

An engineer wants to assign a printer to a different VLAN than what is statically configured on the switch port. Which CoA type should the engineers use?. No CoA. CoA-Terminate. Port-Bounce. CoA-Reauth.

What are two core components of Cisco Umbrella solution (Choose two.). cloud access security broker. could container platform. DNS layer security. Transport Layer Security. Cisco ISE.

A company has an infrastructure ACL policy on its perimeter router that denies FC 1918 addresses, unused address ranges, any packets that use the IP address that is assigned to the internal IP infrastructure, and 127.0.0.1. All these rules apply to incoming traffic from the internet. Which two attacks are prevented by using this method? (Choose two.). gaining of access to network devices using a spoofed address. losing the line protocol keep-alives and routing protocol update. routing processor resource exhaustion. DOS attack that cause high CPU utilization. spoofing the IP address of another customer to steal service.

What is the target in a phishing attack?. IPS. web server. perimeter firewall. endpoint.

What are two benefits of adaptive multifactor authentication? (Choose two.). improved access management. secure remote access. managed encryption policies. no need to remember passwords. contextual factor-based authentication.

What is a characteristic of traffic storm control behavior?. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. Traffic storm control cannot determine if the packet is unicast or broadcast. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

How does Cisco Umbrella archive logs to an enterprise-owned storage?. by being configured to send logs to a self-managed AWS S3 bucket. by the system administrator downloading the logs from the Cisco Umbrella web portal. by sending logs via syslog to an on-premises or cloud-based syslog server. by using the Application Programming Interface to fetch the logs.

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?. intrusion policy. quality of service. network address translations. time synchronization.

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?. Modify an access policy. Modify web proxy settings. Modify identification profiles. Modify outbound malware scanning policies.

Refer to the exhibit. Which type of authentication is in use?. SMTP relay server authentication. LDAP authentication for Microsoft Outlook. POP3 authentication. external user and relay mail authentication.

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?. Configure the Cisco ESA to reset the TCP connection. Configure policies to stop and reject communication. Configure the Cisco ESA to drop the malicious emails. Configure policies to quarantine malicious emails.

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.). Data. Applications. middleware. operating systems. virtualization.

What does endpoint isolation in Cisco AMP for Endpoints security protect from?. a malware spreading across the user device. a malware spreading across the LDAP or Active Directory domain from a user account. an infection spreading across the network. an infection spreading across the LDAP or Active Directory domain from a user account.

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?. Cisco ASA firewall with Dynamic Access Policies configured. Cisco ISE with PxGrid services enabled. Cisco Stealthwatch and Cisco ISE integration. Cisco ISE and AnyConnect Posture module.

Which baseline form of telemetry is recommended for network infrastructure devices?. passive taps. NetFlow. SNMP. DNS.

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.). ARP spoofing. exploits. denial-of-service attacks. malware. eavesdropping.

What features does Cisco FTDv provide over Cisco ASAv?. Cisco FTDv runs on VMWare while Cisco ASAv does not. Cisco FTDv supports URL filtering while Cisco ASAV does not. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not. Cisco FTDv runs on AWS while Cisco ASAV does not.

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?. NTP. NetFlow. Syslog. SNMP.

Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two.). aaa authorization exec default local. tacacs-server host 10.1.1.250 key password. CoA. aaa server radius dynamic-author. posture assessment.

What is the recommendation in a zero-trust model before granting access to corporate applications and resources?. to use a wired network, not wireless. to use strong passwords. to disconnect from the network when inactive. to use multifactor authentication.

Which Cisco solution secures the cloud users, data, and applications with the cloud-native CASB and cloud cybersecurity platform?. Cisco CloudLock. Cisco Appdynamics. Cisco Stealthwatch. Cisco Umbrella.

An administrator wants to ensure that the organization's remote access VPN devices can connect to the VPN without the user logging into the devices. Which action accomplishes this task?. Modify the Cisco AnyConnect Client image to start before logon and use the users' cached credentials for authentication. Add the Auto Connect feature in the Cisco AnyConnect Group Policy and use the machine certificate as the authentication identity. Change the Cisco AnyConnect Connection Profile to allow for authentication prior to logon and use the user certificate for authentication. Configure the Start Before Logon feature in the Cisco AnyConnect Client profile and use certificate authentication.

Which process is used to obtain a certificate from a CA?. approval. enrollment. registration. signing.

Which Cisco ISE service checks the state of all the endpoints connecting to a network for compliance with corporate security policies?. Cisco TrustSec. posture service. Threat Centric NAC service. compliance module.

What is a capability of Cisco AVC?. traffic filtering by using a Security Intelligence policy. Interoperates by using GET VPN on tunnel interfaces. application bandwidth enforcement on Cisco IOS platforms. deep packet inspection on IPsec encapsulated traffic.

What is the difference between deceptive phishing and spear phishing?. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role. A spear phishing campaign is aimed at a specific person versus a group of people. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage. Spear phishing is when the attack is aimed at the C-level executives of an organization.

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?. Cisco Firepower. Cisco Umbrella. Cisco Firepower NGIPS. D.Cisco Stealthwatch.

A network administrator configures Dynamic ARP Inspection on a switch After Dynamic ARP Inspection is applied all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces and there is no err-disabled interface. What is causing this problem?. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users. The no ip arp inspection trust command is applied on all user host interfaces. DHCP snooping has not been enabled on all VLANs. Dynamic ARP Inspection has not been enabled on all VLANs.