Juan 37-72

37. An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?. Import the Umbrella root CA into the trusted root store on the user's device. Modify the user's browser settings to suppress errors from Umbrella. Restrict access to only websites with trusted third-party signed certificates. Upload the organization root CA to the Umbrella admin portal.

38 Which Cisco firewall solution supports configuration via Cisco Policy Language?. NGFW. CBAC. NGIPS. ZFW.

39. Which feature only implements on the Cisco ASA in the transparent mode?. stateful inspection. inspect traffic between hosts in the same subnet. inspect application layer of the traffic sent between hosts. inspect anycast traffic.

40. What is the term for the concept of limiting communication between applications or containers on the same node?. microsegmentation. software-defined access. microservicing. container orchestration.

41. An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?. Configure the intelligent proxy. Configure application block lists. Set content settings to High. Use destination block lists.

42. Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?. Encrypted Traffic Analytics. Cognitive Threat Analytics. Cisco Talos Intelligence. Threat Intelligence Director.

43. How does Cisco Stealthwatch Cloud provide security for cloud environments?. It delivers visibility and threat detection. It assigns Internet-based DNS protection for clients and servers. It prevents exfiltration of sensitive data. It facilitates secure connectivity between public and private networks.

44. Which Cisco AnyConnect module is integrated with Splunk Enterprise to provide monitoring capabilities to administrators to allow them to view endpoint application usage?. Umbrella Roaming Security. Network Visibility. ISE Posture. . AMP Enabler.

45. Why should organizations migrate to a multifactor authentication strategy?. Biometrics authentication leads to the need for multifactor authentication due to its ability to be hacked easily. Multifactor authentication methods of authentication are never compromised. Multifactor authentication does not require any piece of evidence for an authentication mechanism. Single methods of authentication can be compromised more easily than multifactor authentication.

46. An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?. Bypass LDAP access queries in the recipient access table. Configure incoming content filters. Use Bounce Verification. Configure Directory Harvest Attack Prevention.

47. A network engineering team wants to configure web reputation URL filtering in Cisco vManage by setting the web reputation to Moderate Risk. Which reputation score must be configured in vManage for the URL filtering?. 65. 40. 80. 60.

48. What must be disabled on a Cisco Secure Web Appliance to ensure HTTPS traffic with a good reputation score bypasses decryption?. Decrypt Policies. Decrypt for End-User Acknowledgment. Decrypt for Application Detection. Decrypt for End-User Notification.

49. Which IPsec mode must be used when encrypting data over a public network between two servers with RFC1918 IP addresses?. aggressive mode. main mode. transport mode. tunnel mode.

50. An engineer is onboarding a teleworker to Cisco Umbrella. After the worker’s home network identity is configured, which additional action must be taken to complete the network registration?. Change the public IP addresses from static to dynamic. Point the home modem DHCP to Cisco Umbrella DHCP. Set up a point-to-point VPN with the head office. Point the home modem DNS to Cisco Umbrella DNS.

51. Which platform uses Cyber Threat Intelligence as its main source of information?. Cisco ASA. EPP. Cisco Secure Endpoint. EDR.

52. Refer to the exhibit. All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and all servers must communicate with the default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports.

53. Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?. Linux and Windows operating systems. web page images. database. user input validation in a web page or web application.

54. Which two behavioral patterns characterize a ping of death attack? (Choose two.). Short synchronized bursts of traffic are used to disrupt TCP connections. The attack is fragmented into groups of 8 octets before transmission. Malformed packets are used to crash systems. The attack is fragmented into groups of 16 octets before transmission. Publicly accessible DNS servers are typically used to execute the attack.

55. Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection, enabling the platform to identify and output various applications within the network traffic flows?. Cisco NBAR2. Cisco ASAv. Cisco Prime Infrastructure. Account on Resolution.

56. An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?. File Analysis. Anti-Virus Filtering. Intelligent Multi-Scan. IP Reputation Filtering.

57. What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?. Telemetry uses a push method, which makes it faster than SNMP. Telemetry uses push and pull, which makes it more scalable than SNMP. Telemetry uses a pull method, which makes it more reliable than SNMP. Telemetry uses push and pull, which makes it more secure than SNMP.

58. Which two capabilities does TAXII support? (Choose two). mitigating. exchange. pull messaging. correlation. binding.

59. What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.). Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE. Southbound APIs utilize CLI, SNMP, and RESTCONF. Southbound interfaces utilize device configurations such as VLANs and IP addresses. Southbound APIs are used to define how SDN controllers integrate with applications. Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

60. Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?. complete no configurations. complete all configurations. set the IP address of an interface. add subinterfaces.

61. What is a description of microsegmentation?. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery. Environments implement private VLAN segmentation to group servers with similar applications. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate. Environments deploy centrally managed host-based firewall rules on each server or container.

62. Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?. Eternal Blue Windows. HeartBleed SSL Bug. W32/AutoRun worm. Spectre Worm.

63. An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?. Implement pre-filter policies for the CIP preprocessor. Configure intrusion rules for the DNP3 preprocessor. Modify the access control policy to trust the industrial traffic. Enable traffic analysis in the Cisco FTD.

64. An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?. Cisco ISE. Cisco Firepower. Cisco Umbrella. Cisco AMP.

65. What is the purpose of a denial-of-service attack?. to exploit a security vulnerability on a computer system to steal sensitive information. to prevent or limit access to data on a computer system by encrypting it. to disrupt the normal operation of a targeted system by overwhelming it. to spread throughout a computer system by self-replicating to additional hosts.

66. An engineer is configuring DHCP snooping on a Cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition will this occur?. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0. A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. A packet from a DHCP server is received from inside the network or firewall.

67. An organization is implementing ASA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?. RADIUS. TACACS+. SSH. EAPOL.

68. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.). Cisco FTDv with two management interfaces and one traffic interface configured. Cisco FTDv configured in routed mode and IPv6 configured. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises. Cisco FTDv with one management interface and two traffic interfaces configured.

69. Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?. auth-type all. ip device-tracking. aaa new-model. aaa server radius dynamic-author.

70. What provides visibility and awareness into what is currently occurring on the network?. CMX. Telemetry. WMI. Cisco Prime Infrastructure.

71. NO ESTA EN EL DRIVE, FAVOR TRANSCRIBIR ACA. a. b. c. d.

72. For a given policy in Cisco Umbrella, how should a customer block websites based on a custom list?. by specifying blocked domains in the policy settings. by adding the websites to a blocked type destination list. by adding the website IP addresses to the Cisco Umbrella blocklist. by specifying the websites in a custom blocked category.