|What is the difference between EPP and EDR?
EPP focuses primarily on threats that have evaded front-line defenses that entered the environment. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats. EDR focuses solely on prevention at the perimeter. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behaviour.
What are the components of endpoint protection against social engineering attacks?
firewall IDS IPsec ESA.
Which feature only implements on the Cisco ASA in the transparent mode?
inspect anycast traffic stateful inspection inspect application layer of the traffic sent between hosts inspect traffic between hosts in the same subnet.
What are two functionalities of SDN southbound APIs? (Choose two)
Southbound APIs provide a programmable interface for applications to configure the network Southbound APIs form the interface between the SDN controller and the network switches and routers OpenFlow is a standardized southbound API protocol used between the SDN controller and the switch. Application layer programs communicate with the SDN controller through the southbound APIs Southbound APIs form the interface between the SDN controller and business applications.
An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE. Which action accomplishes this task?
Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot get an IP address Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE Modify the DHCP relay and point the IP address to Cisco ISE. Configure DHCP snooping on the switch VLANs and trust the necessary interfaces.
Which Cisco Firewall solution requires zone definition?
CBAC Cisco AMP ZBFW Cisco ASA.
For a given policy in Cisco Umbrella, how should a customer block website based on a custom list?
by specifying blocked domains in the policy settings by specifying the websites in a custom blocked category by adding the websites to a blocked type destination list by adding the website IP addresses to the Cisco Umbrella blocklist.
Which ESA implementation method segregates inbound and outbound email?
one listener on a single physical interface pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces one listener on one logical IPv4 address on a single logical interface.
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?
MDA on the router PBR on Cisco WSA WCCP on switch DNS resolution on Cisco WSA.
Which type of algorithm provides the highest level of protection against brute-force attacks?
PFS HMAC MD5 SHA.
What is the purpose of the certificate signing request when adding a new certificate for a server?
It is the password for the certificate that is needed to install it with. It provides the server information so a certificate can be created and signed It provides the certificate client information so the server can authenticate against it when installing It is the certificate that will be loaded onto the server.
When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?
Multiple routers or VRFs are required. Traffic is distributed statically by default. Floating static routes are required. HSRP is used for fallover.
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)
SDP LDAP subordinate CA SCP HTTP.
An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?
weak passwords lack of input validation missing encryption lack of file permission.
Drag and drop the VPN functions from the left onto the description on the right.
SAH-1 RSA AES ISKAMP.
Which type of protection encrypts RSA keys when they are exported and imported?
file passphrase NGE nonexportable.
What are two features of NetFlow flow monitoring? (Choose two)
Can track ingress and egress information Include the flow record and the flow importer Copies all ingress flow information to an interface Does not required packet sampling on interfaces Can be used to track multicast, MPLS, or bridged traffic.
An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?
client server publisher controller.
A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https://<FMC IP>/capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?
Disable the proxy setting on the browser Disable the HTTPS server and use HTTP instead Use the Cisco FTD IP address as the proxy server setting on the browser Enable the HTTPS server for the device platform policy.
Which system is InfluxDB and Grafana be used on to pull the data and display the visualization information?
Docker containers Windows Server 2019 specialized Cisco Linux system Windows Server 2016.
When implementing transparent user identification for single sign-on with Internet Explorer, how is the redirect hostname configured?
as an IP address as a FQDN as a distinguished name as a short host name.
Which MDM configuration provides scalability?
BYOD support without extra appliance or licenses enabling use of device features such as camera use pushing WPA2-Enterprise settings automatically to devices automatic device classification with level 7 fingerprinting.
Drag and drop the concepts from the left onto the correct descriptions on the right.
BYOD posture assasement profiling guest services.
Refer to the exhibit:
The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally? P2 and P3 only P5, P6, and P7 only P1, P2, P3, and P4 only P2, P3, and P6 only.
Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?
filters group key company key connector.
What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?
blocks traffic from URL categories that are known to contain malicious content decrypts SSL traffic to monitor for malicious content monitors suspicious traffic across all the TCP/UDP ports prevents data exfiltration by searching all the network traffic for specified sensitive information.
How does the Cisco WSA enforce bandwidth restrictions for web applications?
It implements a policy route to redirect application traffic to a lower-bandwidth link It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA It sends commands to the uplink router to apply traffic policing to the application traffic It simulates a slower link by introducing latency into application traffic.
What are two benefits of using Cisco Duo as an MFA solution? (Choose two)
grants administrators a way to remotely wipe a lost or stolen device provides simple and streamlined login experience for multiple applications and users native integration that helps secure applications across multiple cloud platforms or on-premises environments encrypts data that is stored on endpoints allows for centralized management of endpoint device applications and configurations.
A company has 5000 Windows users on its campus. Which two precautions should IT take to prevent WannaCry ransomware from spreading to all clients? (Choose two)
Segment different departments to different IP blocks and enable Dynamic ARP inspection on all VLANs Ensure that noncompliant endpoints are segmented off to contain any potential damage. Ensure that a user cannot enter the network of another department. Perform a posture check to allow only network access to those Windows devices that are already patched. Put all company users in the trusted segment of NGFW and put all servers to the DMZ segment of the Cisco NGFW.
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
Cisco ISE Cisco NAC Cisco TACACS+ Cisco WSA.
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
WCCP v2-enabled devices can automatically redirect traffic destined to port 80 It requires a proxy for the client web browser. It can handle explicit HTTP requests. Layer 4 switches can automatically redirect traffic destined to port 80 It requires a PAC file for the client web browser.