Emir 253-288

Item 253 of 576 (Choice, Q253) Which form of attack is launched using botnets?. A. Dos. B. DDOS. C.TCP flood. D. virus.

Item 254 of 576 (Choice, Q254) A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?. A. Phishing. B. SYN flood. C. Pharming. D. Slowloris.

Item 255 of 576 (Choice, Q255) Which type of dashboard does Cisco DNA Center provide for complete control of the network?. A. service management. B. distributed management. C.centralized management. D. application management.

Item 256 of 576 (Choice, Q256) A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?. A. need to be reestablished with both stateful and stateless failover. B. preserved with stateful failover and need to be reestablished with stateless failover. C. preserved with both stateful and stateless failover. D. need to be reestablished with stateful failover and preserved with stateless failover.

Item 257 of 576 (Choice, Q257) When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?. A. The address that Will be used as the cryptovalidation authority,. B. The remote connection Will only be allowed from 1.2.3.4. C. The key server that is managing the keys for the connection Will be at 1.2.3.4. D.AII IP addresses other than 1.2.3.4 Will be allowed.

Item 258 of 576 (Choice, Q258) Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?. A. interesting file access. B. user login suspicious behavior. C. file access from a different user. D. privilege escalation.

Item 259 of 576 (Choice, Q259) Which attribute has the ability to change during the RADIUS CoA?. A. authorization. B. membership. C. accessibility. D.NTP.

Item 260 of 576 (Choice, Q260) What is a difference between a DOS attack and a DDoS attack?. A. A DOS attack is where a computer is used to flood a server with UDP packets, whereas a DDoS attack is where a computer is used to flood a server with TCP packets. B. A DOS attack is where a computer is used to flood a server with TCP and UDP packets, whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN. C.A DOS attack is where a computer is used to flood a server with TCP packets, whereas a DDoS attack is where a computer is used to flood a server with UDP packets. D.A DOS attack is where a computer is used to flood a server with TCP and UDP packets, whereas a DDoS attack is where multiple systems target a single system with a DOS attack.

Item 261 of576 (Choice, Q261) Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?. A. public. B. private. C. hybrid. D. community.

Item 262 of 576 (Choice, Q262) Which metric is used by the monitoring agent to collect and output packet loss and jitter information?. A. AVC performance. B. WSAv performance. C.RTP performance. D. TCP performance.

Item 263 of 576 (Choice, Q263) Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two.). A. The latest antivirus updates are applied before access is allowed. B. Patch management remediation is performed. C.Assignments to endpoint groups are made dynamically, based on endpoint attributes. D.A centralized management solution is deployed. E. Endpoint supplicant configuration is deployed.

Item 264 of 576 (Choice, Q264) What are two benefits of Flexible NetFlow records? (Choose two.). A. They allow the user to configure flow information to perform customized traffic identification. B. They converge multiple accounting technologies into one accounting mechanism. C. They provide attack prevention by dropping the traffic. D. They provide monitoring of a wider range of IP packet information from Layer 2 to 4. E. They provide accounting and billing enhancements.

Item 265 of 576 (Choice, Q265) Which system performs compliance checks and remote wiping?. A. Cisco AMP. B. OTP. C.MDM. D.Cisco ISE.

Item 266 of 576 (Choice, Q266) What are two workload security models? (Choose two.). A. SaaS. B. off-premises. C. on-premises. D. laaS. E. PaaS.

Item 267 of 576 (Choice, Q267) For which type of attack is multifactor authentication an effective deterrent?. A. syn flood. B. teardrop. C. ping of death. D.phishing.

Item 268 of 576 (Choice, Q268) In which two customer environments is the Cisco WSAv connector traffic direction method selected? (Choose two.). A. Customer owns ASAAppliance and Virtual Form Factor is required. B. Customer needs to support roaming users. C. Customer owns ASAAppliance and SSL Tunneling is required. D.Customer does not own Cisco hardware and needs Transparent Redirection (WCCP). E. Customer does not own Cisco hardware and needs Explicit Proxy.

Item 269 of 576 (Choice, Q269) What is a capability of Cisco ASA NetFlow?. A. lt filters NSEL events based on traffic. B. lt generates NSEL events even if the MPF is not configured. C. lt logs all event types only to the same collector. D. lt sends NetFlow data records from active and standby ASAs in an active-standby failover pair.

Item 270 of 576 (Choice, Q270) Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?. A. Cisco ESA. B. Cisco ISE. C.Cisco WSA. D.Cisco ASA.

Item 271 of576 (Choice, Q271) Which type of algorithm provides the highest level of protection against brute-force attacks?. A. PFS. B. HMAC. C.MD5. D. SHA.

Itern 272 of576 (Choice, Q272) A network engineer is tasked to configure ARA authentication using TACACS on Cisco Catalyst Switch. The engineer enables AAA and configures a TACACS Server with IP address 192.168.10.10. What must the engineer configure next to meet the requirement?. A. Implement list of login authentication methods. B. Set the TACACS+ server source interface. C. Configure a local user database for authentication. D. Create list of login authorization methods.

Item 273 of576 (Choice, Q273) An engineer is implementing NAC for LAN users on a segmented network. The engineer confirms that the device of each user is supported and the Cisco switch configuration is correct. Which configuration should be made next to ensure there are no authentication issues?. A. Enable TACACS+ on the switch. B. open TCP port 49. C. Disable the host firewall. D. Permit UDP port 1812.

Item 274 of 576 (Choice, Q274) A network administrator must grant a TACACS administrator access to converged access WLCs. The administrator configures the TACACS server and server groups and maps the server on the WLC. What must be configured next?. A. Create and apply a policy to the VTY line. B. Configure authentication and authorization policies. C. Create and apply a policy to HTTP. D. Enable accounting for TACACS connections.

Item 275 of 576 (Choice, Q275) Which feature is configured in Cisco Umbrella to block domains if they host malware, command-and-control, or phishing content?. A. File Analysis. B. Security Category Blocking. C.Application Control. D. Content Category Blocking.

Item 276 of 576 (Choice, Q276) Refer to the exhibit. Network access control is implemented on the LAN and an engineer must now configure the switch port level so that users with new corporate devices can connect to the corporate LAN without issues. What must be configured next?. A. shut and no shut. B. clear port-security dynamic. C. authentication violation replace. D.errdisable recovery cause psecure-violation.

Item 277 of 576 (Choice, Q277) Refer to the exhibit. An administrator must configure AAA authentication on a Cisco router with a RADIUS server for administrative access. Which command completes the configuration?. A. radius-server attribute 6 on-for-login-auth. B. radius-server attribute 8 include-in-access-req. C. radius-server attribute 4. D. radius-server attribute 32 include-in-access-req.

Item 278 of 576 (Choice, Q278) What is a function of the Layer 4 Traffic Monitor on a Cisco Secure Web Appliance?. A. prevents data exfiltration by searching all the network traffic for specified sensitive information. B. blocks traffic from URL categories that are known to contain malicious content. C.decrypts SSL traffic to monitor for malicious content. D.monitors suspicious traffic across all the TCP/UDP ports.

Item 279 of 576 (Choice, Q279) Refer to the exhibit. A company named ABC has a Cisco Secure Email Gateway and an engineer must configure the incoming mail policy so that emails containing malware files are quarantined instead of dropped and to prevent an increase in false positives causing emails to be dropped erroneously. What must be configured on the Secure Email Gateway?. A. Open usera1 policy, Messages with Malware Attachments, and then Action Applied to Message. B. Change the Policies Order. C.Delete usera1 policy. D.Open Default Policy, Malware File, and then Action Applied to Message.

Item 280 of 576 (Choice, Q280) Which interface mode does a Cisco Secure IPS device use to block suspicious traffic?. A. promiscuous. B. inline. C. passive. D. active.

Item 281 of576 (Choice, Q281) An engineer must configure a destination list on Cisco Umbrella. The destination list must allow requests to test.domain.com and block any other URLs to .domain.com. Which configuration must be performed?. A. Block list: Allow List: '.domain.com. B. Block list: Allow List: test.domain.com Block list: .domain.com. C. Block list: .domain.com Allow List: *.domain.com. D. list: test.domain.com Allow List: test.domain.com Block list: .domain.com.

Item 282 of 576 (Choice, Q282) A security engineer is tasked with configuring TACACS on a Cisco ASA firewall. The engineer must be able to access the firewall command line interface remotely. The authentication must fall back to the local user database of the Cisco ASA firewall. AAA server group named TACACS-GROUP is already configured with TACACS server. Which configuration must be done next to meet the requirement?. A. aaa authentication ssh console LOCALTACACS-GROUP. B. aaa authentication http console TACACS-GROUP LOCAL. C.aaa authentication ssh console TACACS-GROUP LOCAL. D.aaa authentication serial console LOCAL TACACS-GROUP.

Item 283 of 576 (Choice, Q283) An organization plans to upgrade its current email security solutions, and an engineer must deploy Cisco Secure Email. The requirements for the upgrade are: 1. implement Data Loss Prevention 2. implement mail encryption 3. integrate with an existing Cisco IronPort Secure Email Gateway solution Which Cisco Secure Email license needed to accomplish this task?. A. Cisco Secure Email Outbound Essentials. B. Cisco Secure Email Domain Protection. C. Cisco Secure Email Inbound Essentials. D. Cisco Secure Email Phishing Defense.

Itern 284 of 576 (Choice, Q284) An engineer must implement a file transfer solution between a company's data center and branches. The company has numerous servers hosted in a hybrid cloud implementation. The file transfer protocol must support authentication, protect the data against unauthorized access, and ensure that users cannot list directories or remove files remotely. Which protocol must be used?. A. scp. B. SFTP. C. SSH. D.FTPS.

Item 285 of 576 (Choice, Q285) An engineer must establish and maintain the redirection of selected types of traffic flowing through a group of routers for a new deployment of Secure Web Appliance by using WCCP. The selected traffic must be redirected to a group of web-caches with the aim of optimizing resource usage and Iowering response times. Which proxy mode must be configured for Secure Web Appliance to meet this requirement?. A. wccp redirect. B. transparent. C. hybrid. D. explicit.

Item 286 of 576 (Choice, Q286) What is an advantage of Cisco Secure Client when compared to IPsec?. A. Cisco Secure Client provides SSL and IKEv1 , and IPsec provides IKEv1. B. Cisco Secure Client provides SSL and IKEv2, and IPsec provides IKEv1 and IKEv2. C. Cisco Secure Client provides SSL and IKEv1 , and IPsec provides SSL and IKEv2. D. Cisco Secure Client provides IKEv1 and IKEv2, and IPsec provides IKEv2.

Itern 287 of 576 (Choice, Q287) Refer to the exhibit An engineer must ensure that SSH and console logins to a Cisco ASA device with an IP address of 192.168.10.100 are performed using an AAA server that has an IP address of 192.168.10.10. If the AAA server fails to respond, the SSH and console logins must be performed locally on the ASA device. Which configuration must be performed on the Cisco ASA device?. A. aaa authentication ssh console RADIUSSERVERS LOCAL. B. aaa authentication RADIUSSERVERS ssh console fallback. C.aaa-server RADIUSSERVERS local faliback. D. aaa-server RADIUSSERVERS (outside) host 192.168.10.1 OO.

Item 288 of 576 (Choice, Q288) A growing software development company recently acquired a smaller start-up social media company. The web security controls for the enterprise must now be configured to allow the new employees access to social media sites as the existing on-premises employees are blocked from accessing this type of website. An engineer must now modify an outbound policy on a Cisco Secure Web Appliance to make it less generic by applying specific policies for a group of users. Which criteria must be used as the method to deploy the new configuration?. A. subnet. B. SOCKS. C. application. D.users agent.