|How does Cisco Umbrella protect clients when they operate outside of the corporate network? by forcing DNS queries to the corporate name servers by modifying the registry for DNS lookups by using the Cisco Umbrella roaming client by using Active Directory group policies to enforce Cisco Umbrella DNS servers.
DRAG DROP -
Drag and drop the deployment models from the left onto the corresponding explanations on the right.
Select and Place:
routed passive passive with ERSPAN transparent .
An administrator is configuring NTP on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source. Which two steps must be taken to accomplish this task? (Choose two.) Choose the interface for syncing to the NTP server. Specify the NTP version Set the NTP DNS hostname Set the authentication key. Configure the NTP stratum.
Which two capabilities of Integration APIs are utilized with Cisco DNA Center? (Choose two.) Upgrade software on switches and routers Application monitors for power utilization of devices and IoT sensors Connect to Information Technology Service Management (ITSM) Platforms Create new SSIDs on a wireless LAN controller Automatically deploy new virtual routers.
What is the most common type of data exfiltration that organizations currently experience? encrypted SMTP SQL database injections HTTPS file upload site Microsoft Windows network shares.
Which DoS attack uses fragmented packets in an attempt to crash a target machine? teardrop smurf LAND SYN flood.
DRAG DROP -
Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right.
Select and Place:
esp-3des esp-aes-256 esp-md5-hmac esp-sha-hmac.
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?
Configure Dynamic ARP inspection and add entries in the DHCP snooping database. Configure DHCP snooping and set trusted interfaces for all client connections. Configure Dynamic ARP inspection and antispoofing ACLs in the DHCP snooping database. Configure DHCP snooping and set a trusted interface for the DHCP server.
DoS attacks are categorized as what? flood attacks virus attacks trojan attacks phishing attacks.
What is the process of performing automated static and dynamic analysis of files in an isolated environment against preloaded behavioral indicators for threat analysis?
advanced sandboxing adaptive scanning deep visibility scan point-in-time checks.
What are two benefits of Flexible NetFlow records? (Choose two.)
They provide accounting and billing enhancements. They allow the user to configure flow information to perform customized traffic identification. They provide monitoring of a wider range of IP packet information from Layer 2 to 4. They provide attack prevention by dropping the traffic. They converge multiple accounting technologies into one accounting mechanism.
An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG. The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?
Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
supports VMware vMotion on VMware ESXi supports SSL decryption performs transparent redirection requires an additional license.
What are two workload security models? (Choose two.)
SaaS off-premises PaaS on-premises IaaS.
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?
Authorize Dropbox within the Platform settings in the Cloudlock portal. Send an API request to Cloudlock from Dropbox admin portal. Add Dropbox to the Cloudlock Authentication and API section in the Cloudlock portal. Add Cloudlock to the Dropbox admin portal.
Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?
CoA-ACK CoA-MAB CoA-NCL CoA-NAK.
DRAG DROP -
Drag and drop the security solutions from the left onto the benefits they provide on the right.
Select and Place:
Full contextual awareness NGIPS Cisco AMP for Endpoints Collective Security Intelligence.
What is the benefit of using GET VPN over FlexVPN within a VPN deployment?
GET VPN supports Remote Access VPNs GET VPN uses multiple security associations for connections GET VPN natively supports MPLS and private IP networks. GET VPN interoperates with non-Cisco devices.
Email security has become a high-priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (`"10.00 to `"6.00) on the Cisco ESA. Which action will the system perform to desirable any links in messages that match the filter?
Defang FilterAction Quarantine ScreenAction.
Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?
IaC IaaS PaaS SaaS.
What is a characteristic of an EDR solution and not of an EPP solution?
performs signature-based detection decrypts SSL traffic for better visibility stops all ransomware attacks retrospective analysis.
What is the benefit of using Cisco Umbrella?
It prevents malicious inbound traffic. All Internet traffic is encrypted. Files are scanned for viruses before they are allowed to run. Attacks can be mitigated before the application connection occurs.
Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers and can be stopped by Cisco Umbrella?
DNS hijacking cache poisoning DNS tunneling DNS flood attack.
Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?
Link Aggregation Reverse ARP private VLANs Dynamic ARP Inspection.
Which command is used to log all events to a destination collector 188.8.131.52?
CiscoASA(config-pmap-c)# flow-export event-type all destination 184.108.40.206 CiscoASA(config-cmap)# flow-export event-type flow-update destination 220.127.116.11 CiscoASA(config-pmap-c)# flow-export event-type flow-update destination 18.104.22.168 CiscoASA(config-cmap)# flow-export event-type all destination 22.214.171.124.
An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal?
AES-256 ESP IKEv1 AES-192.
An administrator is testing a new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue?
The server changed its time source to stratum 1. The network device is sending the wrong password to the server. NTP authentication has been configured on the network device. NTP authentication has been configured on the NTP server.
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
service password-encryption username <username> privilege 15 password <password> username <username> password <password> service password-recovery.
What is a feature of container orchestration?
ability to deploy Kubernetes clusters in air-gapped sites automated daily updates ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane.
During a recent security audit, a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command. The VPN peer is a SOHO router with a dynamically assigned IP address. Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the hostname of vpn.sohoroutercompany.com. In addition to the command crypto isakmp key Cisc123456789 hostname vpn.sohoroutercompany.com, what other two commands are now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two.)
ip host vpn.sohoroutercompany.com <VPN Peer IP Address> crypto isakmp identity hostname Add the dynamic keyword to the existing crypto map command fqdn vpn.sohoroutercompany.com <VPN Peer IP Address> ip name-server <DNS Server IP Address>.
What does Cisco ISE use to collect endpoint attributes that are used in profiling?
probes posture assessment Cisco AnyConnect Secure Mobility Client Cisco pxGrid.
What are the two functions of IKEv1 but not IKEv2? (Choose two.)
IKEv1 conversations are initiated by the IKE_SA_INIT message. With IKEv1, aggressive mode negotiates faster than main mode. IKEv1 uses EAP for authentication. NAT-T is supported in IKEv1 but not in IKEv2. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext.
Which action controls the amount of URI text that is stored in Cisco WSA log files?
Configure the advancedproxyconfig command with the HTTPS subcommand. Configure a small log-entry size. Configure the datasecurityconfig command. Configure a maximum packet size.
Where are individual sites specified to be blacklisted in Cisco Umbrella?
security settings content categories destination lists application settings.
What is the most commonly used protocol for network telemetry?
NetFlow SNMP TFTP SMTP.
Which two Cisco ISE components enforce security policies on noncompliant endpoints by blocking network access? (Choose two.)
Apex licensing TACACS+ profiling DHCP and SNMP probes posture agents.
What is the difference between DMVPN and sVTI?
DMVPN provides interoperability with other vendors, whereas sVTI does not. DMVPN supports static tunnel establishment, whereas sVTI does not. DMVPN supports dynamic tunnel establishment, whereas sVTI does not. DMVPN supports tunnel encryption, whereas sVTI does not.
Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains, IPs, and files, and helps to pinpoint attackers' infrastructures and predict future threats?
Cisco Umbrella Investigate Cisco Stealthwatch Cisco pxGrid Cisco Stealthwatch Cloud.
Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls? NTP SNMP syslog NetFlow.
Which threat intelligence standard contains malware hashes?
advanced persistent threat open command and control structured threat information expression trusted automated exchange of indicator information.
Which security solution is used for posture assessment of the endpoints in a BYOD solution?
Cisco ISE Cisco FTD Cisco Umbrella Cisco ASA.
Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two.)
flow-export event-type policy-map access-list flow-export template timeout-rate 15 access-group.
What are two trojan malware attacks? (Choose two.)
frontdoor sync smurf rootkit backdoor.
What are the two benefits of using an MDM solution? (Choose two.)
provides simple and streamlined login experience for multiple applications and users grants administrators a way to remotely wipe a lost or stolen device allows for centralized management of endpoint device applications and configurations native integration that helps secure applications across multiple cloud platforms or on-premises environments encrypts data that is stored on endpoints.
Which VPN provides scalability for organizations with many remote sites?
DMVPN SSLVPN GRE over IPsec site-to-site IPsec.
For which type of attack is multifactor authentication an effective deterrent?
syn flood phishing teardrop ping of death.
Which two cryptographic algorithms are used with IPsec? (Choose two.)
HMAC-SHA/SHA2 AES-BAC Triple AMC-CBC AES-CBC AES-ABC.
Which Cisco security solution secures public, private, hybrid, and community clouds?
Cisco ISE Cisco ASAv Cisco Cloudlock Cisco pxGrid.
A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?
file prevalence file discovery file conviction file manager.
Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?
Configure an advanced custom detection list. Configure an IP Block & Allow custom detection list Configure an application custom detection list Configure a simple custom detection list.