An MDM provides which two advantages to an organization with regard to device management? (Choose two.)
asset inventory management allowed application management AD group policy management network device management critical device management.
What is the purpose of the My Devices Portal in a Cisco ISE environment? to register new laptops and mobile devices to manage and deploy antivirus definitions and patches on systems owned by the end user to provision userless and agentless systems to request a newly provisioned mobile device.
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?
Cisco Prime Infrastructure Cisco ESA Cisco WiSM Cisco ISE.
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.)
It integrates with third-party products to provide better visibility throughout the network. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID). It allows multiple security products to share information and work together to enhance security posture in the network.
What does Cisco AMP for Endpoints use to help an organization detect different families of malware? Tetra Engine to detect malware when the endpoint is connected to the cloud ClamAV Engine to perform email scanning Spero Engine with machine learning to perform dynamic analysis Ethos Engine to perform fuzzy fingerprinting.
What is the benefit of conducting device compliance checks? It validates if anti-virus software is installed. It scans endpoints to determine if malicious activity is taking place. It indicates what type of operating system is connecting to the network. It detects email phishing attacks.
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?
Context Visibility Accounting Reports Adaptive Network Control Policy List RADIUS Live Logs.
What is the role of an endpoint in protecting a user from a phishing attack? Ensure that antivirus and antimalware software is up-to-date. Use machine learning models to help identify anomalies and determine expected sending behavior. Use Cisco Stealthwatch and Cisco ISE Integration. Utilize 802.1X network security to ensure unauthorized access to resources.
Why is it important to implement MFA inside of an organization? To prevent brute force attacks from being successful. To prevent phishing attacks from being successful. To prevent DoS attacks from being successful. To prevent man-in-the-middle attacks from being successful.
Which posture assessment requirement provides options to the client for remediation within a certain timeframe?
audit mandatory visibility optional.
An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but sees only the requests from its public IP addresses instead of each internal IP address. What must be done to resolve this issue?
Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.
An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?
The hash being uploaded is part of a set in an incorrect format. The engineer is attempting to upload a file instead of a hash. The file being uploaded is incompatible with simple detections and must use advanced detections. The engineer is attempting to upload a hash created using MD5 instead of SHA-256.
What is the benefit of integrating Cisco ISE with a MDM solution? It provides compliance checks for access to the network. It provides the ability to update other applications on the mobile device. It provides the ability to add applications to the mobile device through Cisco ISE. It provides network device administration access.
Which feature is leveraged by advanced antimalware capabilities to be an effective endpoint protection platform?
blocklisting storm centers big data sandboxing.
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?
The administrator must upload the file instead of the hash for Cisco AMP to use. The APK must be uploaded for the application that the detection is intended. The MD5 hash uploaded to the simple detection policy is in the incorrect format. Detections for MD5 signatures must be configured in the advanced custom detection policies.
An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?
Change the IP address of the new Cisco ISE node to the same network as the others. Make the new Cisco ISE node a secondary PAN before registering it with the primary. Open port 8905 on the firewall between the Cisco ISE nodes. Add the DNS entry for the new Cisco ISE node into the DNS server.
Which portion of the network do Cisco Endpoint Protection Platform EPP solutions solely focus on and EDR solutions do not?
East-West gateways server farm core perimeter.
Which benefit does endpoint security provide the overall security posture of an organization? It allows the organization to detect and mitigate threats that the perimeter security devices do not detect. It allows the organization to detect and respond to threats at the edge of the network. It allows the organization to mitigate web-based attacks as long as the user is active in the domain. It streamlines the incident response process to automatically perform digital forensics on the endpoint.
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation? Tetration Firepower Stealthwatch Nexus.
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth.
Cisco Prime Infrastructure Cisco Identity Services Engine Cisco Stealthwatch Cisco AMP for Endpoints.
How does Cisco Stealthwatch Cloud provide security for cloud environments? It delivers visibility and threat detection. It prevents exfiltration of sensitive data. It assigns Internet-based DNS protection for clients and servers It facilitates secure connectivity between public and private networks.
Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?
Cisco Umbrella Cisco Firepower NGIPS Cisco Stealthwatch Cisco Firepower.
What must be used to share data between multiple security products? Cisco Platform Exchange Grid Cisco Rapid Threat Containment Cisco Stealthwatch Cloud Cisco Advanced Malware Protection.
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)
Messenger applications cannot be segmented with standard network controls Malware infects the messenger application on the user endpoint to send company data Traffic is encrypted, which prevents visibility on firewalls and IPS systems An exposed API for the messaging platform is used to send large amounts of data Outgoing traffic is allowed so users can communicate with outside organizations.
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
Cisco Security Intelligence Cisco Application Visibility and Control Cisco Model Driven Telemetry Cisco DNA Center.
What provides visibility and awareness into what is currently occurring on the network? CMX WMI Cisco Prime Infrastructure Telemetry.
How is ICMP used as an exfiltration technique? by flooding the destination host with unreachable packets by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host by overwhelming a targeted host with ICMP echo-request packets.
SwitchA (config)# interface GigabitEthernet1/0/1
SwitchA (config-if)# dot1x host-name multi-host
SwitchA (config-if)# dot1x timeout quite-period 3
SwitchA (config-if)# dot1x timeout tx-period 15
SwitchA (config-if)# authentication port-control auto
SwitchA (config-if)# switchport mode access
SwitchA (config-if)# switchport access vlan 12
Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?
dot1x reauthentication cisp enable dot1x pae authenticator authentication open.
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
UDP 1700 TCP 6514 UDP 1812 TCP 49.
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.) data exfiltration command and control communication intelligent proxy snort URL categorization.
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?
Platform Exchange Grid Multifactor Platform Integration Firepower Threat Defense Advanced Malware Protection.
Which compliance status is shown when a configured posture policy requirement is not met? authorized compliant unknown noncompliant.
An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?
Cisco Stealthwatch Cisco Tetration Cisco AMP Cisco Umbrella.
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue?
Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud.
A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?
Use 802.1X with posture assessment. Use MAB with profiling. Use 802.1X with profiling. Use MAB with posture assessment.
Drag and drop the solutions from the left onto the solution's benefits on the right.
Select and Place:
Cisco Stealthwatch Cisco ISE Cisco TrustSec Cisco Umbrella.
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?
Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.
An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements? Cisco Umbrella Cloud Cisco Stealthwatch Cloud PNM Cisco Stealthwatch Cloud PCM Cisco Umbrella On-Premises.
What is the benefit of performing device compliance? providing multi-factor authentication verification of the latest OS patches providing attribute-driven policies device classification and authorization.
Which type of DNS abuse exchanges data between two computers even when there is no direct connection?
malware installation network footprinting command-and-control communication data exfiltration.
How is data sent out to the attacker during a DNS tunneling attack? as part of the domain name as part of the UDP/53 packet payload as part of the TCP/53 packet header as part of the DNS response packet.
Refer to the exhibit.
A Cisco ISE administrator adds a new switch to an 802. 1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials; however, printers and video cameras cannot. Based on the interface configuration provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls?
Configure authentication event fail retry 2 action authorize vlan 41 on the interface. Add mab to the interface configuration. Enable insecure protocols within Cisco ISE in the allowed protocols configuration. Change the default policy in Cisco ISE to allow all devices not using machine authentication.
Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find pattern on threats. Which term describes this process?
deployment consumption authoring sharing.
Refer to the exhibit. What will occur when this device tries to connect to the port? 802. 1X and MAB will both be used and ISE can use policy to determine the access level. 802. 1X will not work and the device will not be allowed network access. 802. 1X will work and the device will be allowed on the network. 802. 1X will not work, but MAB will start and allow the device on the network.
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?
flow insight variation software package variation interpacket variation process details variation.
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?
SNMP SMTP syslog model-driven telemetry.
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)
TACACS+ central web auth single sign-on multiple factor auth local web auth.
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work? RSA SecureID Internal Database Active Directory LDAP.
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.
What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?
Cisco Identity Services Engine and AnyConnect Posture module Cisco Stealthwatch and Cisco Identity Services Engine integration Cisco ASA firewall with Dynamic Access Policies configured Cisco Identity Services Engine with PxGrid services enabled.
Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?
Cisco Identity Services Engine Cisco Enterprise Security Appliance Cisco Web Security Appliance Cisco Advanced Stealthwatch Appliance.
|
