|Which two capabilities does an MDM provide? (Choose two.)
manual identification and classification of client devices unified management of mobile devices, Macs, and PCs from a centralized dashboard delivery of network malware reports to an inbox in a schedule enforcement of device security policies from a centralized dashboard unified management of Android and Apple devices from a centralized dashboard.
What are two recommended approaches to stop DNS tunneling for data exfiltration and command and control call backs? (Choose two.)
Use Cisco Umbrella Use next generation firewalls. Block all 'TXT' DNS records. Use intrusion prevention system Enforce security over port 53.
What is the capability of Cisco ASA NetFlow?
It sends NetFlow data records from active and standby ASAs in an active-standby failover pair. It logs all event types only to the same collector. It filters NSEL events based on traffic. It generates NSEL events even if the MPF is not configured.
Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to the network?
Threat Centric NAC Cisco TrustSec Posture Profiler.
What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and infrastructure automation?
cloud application security broker compile-time instrumentation container orchestration continuous integration and continuous deployment.
When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?
It applies the next identification profile policy. It applies the global policy. It applies the advanced policy. It blocks the request.
Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations?
community cloud private cloud public cloud hybrid cloud.
Drag and drop the descriptions from the left onto the encryption algorithms on the right.
requires secret keys requires more time Diffie-Hellman exchange 3DES.
Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?
VMware horizons VMware vRealize VMware APIC VMware fusion.
A small organization needs to reduce the VPN bandwidth load on their headend Cisco ASA in order to ensure that bandwidth is available for VPN users needing access to corporate resources on the 10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the network?
Configure VPN load balancing to distribute traffic for the 10.0.0.0/24 network. Configure VPN load balancing to send non-corporate traffic straight to the internet. Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only. Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network.
An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?
It can grant third-party SIEM integrations write access to the S3 bucket. Data can be stored offline for 30 days. No other applications except Cisco Umbrella can write to the S3 bucket. It is included in the license cost for the multi-org console of Cisco Umbrella.
Which algorithm is an NGE hash function?
HMAC SHA-1 MD5 SHA-2.
An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?
EAPOL SSH RADIUS TACACS+.
In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)
It prevents use of compromised accounts and social engineering. It automatically removes malicious emails from users' inbox. It secures all passwords that are shared in video conferences. It prevents trojan horse malware using sensors. It prevents all zero-day attacks coming from the Internet.
In which two customer environments is the Cisco WSAv connector traffic direction method selected? (Choose two.)
Customer owns ASA Appliance and Virtual Form Factor is required. Customer does not own Cisco hardware and needs Explicit Proxy. Customer owns ASA Appliance and SSL Tunneling is required. Customer needs to support roaming users. Customer does not own Cisco hardware and needs Transparent Redirection (WCCP).
Which capability is provided by application visibility and control?
data obfuscation deep packet inspection reputation filtering data encryption.
Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the network?
pxGrid Profiling Posture MAB.
Which two fields are defined in the NetFlow flow? (Choose two.)
destination port Layer 4 protocol type output logical interface class of service bits type of service byte.
Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?
northbound API westbound API eastbound API southbound API.
Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?
W32/AutoRun worm HeartBleed SSL Bug Eternal Blue Windows Spectre Worm.
An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Cisc433392759. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?
ntp server 192.168.1.110 primary key 1 ntp server 192.168.1.110 key 1 prefer ntp peer 192.168.1.110 prefer key 1 ntp peer 192.168.1.110 key 1 primary.
Which function is included when Cisco AMP is added to web security?
detailed analytics of the unknown file's behavior multifactor, authentication-based user identity threat prevention on an infected endpoint phishing detection on emails.
An organization is moving toward the zero-trust model. Which Cisco solution enables administrators to deploy and control microsegmentation of endpoints that are connected to a Cisco Data Center Virtual Edge, Cisco Application Virtual Switch, Microsoft vSwitch, and VMware vSphere Distributed Switch?
Cisco Titration Cisco DCNM Cisco Stealthwatch Cisco ACI.
What is offered by an EPP solution but not an EDR solution?
investigation containment sandboxing detection.
Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?
endpoint isolation retrospective security advanced search advanced investigation.
Which feature is used in a push model to allow for session identification host reauthentication and session termination?
CoA request carrier-grade NAT AAA attributes AV pair.
What is the term for the concept of limiting communication between applications or containers on the same node?
software-defined access microservicing microsegmentation container orchestration.
An engineer is configuring Cisco WSA and needs to ensure end clients are protected against DNS spoofing attacks. Which deployment method accomplishes this goal?
transparent mode Web Cache Communication Protocol explicit forward single-context mode.
Refer to the exhibit. What is the result of this Python script of the Cisco DNA Center API?
adds a switch to Cisco DNA Center receives information about a switch deletes a switch from Cisco DNA Center adds authentication to a switch.
Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two.)
posture assessment aaa authorization exec default local tacacs-server host 10.1.1.250 key password aaa server radius dynamic-author CoA.
Which Cisco network security device supports contextual awareness?
ISE Cisco IOS Cisco ASA Firepower.
When a next-generation endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation? (Choose two.)
signature-based endpoint protection on company endpoints email integration to protect endpoints from malicious content that is located in email real-time feeds from global threat intelligence centers macro-based protection to keep connected endpoints safe continuous monitoring of all files that are located on connected endpoints.
A company recently discovered an attack propagating throughout their Windows network via a file named abc123456789xyz.exe. The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list. Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise. What must be performed to ensure the detection of the malicious file?
Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis. Upload the malicious file to the Blocked Application Control List. Upload the SHA-256 hash for the file to the Simple Custom Detection List. Use an Advanced Custom Detection List instead of a Simple Custom Detection List.
An engineer must set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration. Which switch port MAC address security setting must be used?
aging static sticky maximum.
Which service allows a user to export application usage and performance statistics with Cisco Application Visibility and Control?
NetFlow SNORT SNMP 802.1X.
Which solution allows an administrator to provision, monitor, and secure mobile devices on Windows and Mac computers from a centralized dashboard?
Cisco Stealthwatch Cisco Umbrella Cisco AMP for Endpoints Cisco ISE.
Which parameter is required when configuring a NetFlow exporter on a Cisco router?
exporter name exporter description source interface DSCP value.
Which type of encryption uses a public key and a private key?
nonlinear symmetric linear asymmetric.
Which two authentication protocols are supported by the Cisco WSA? (Choose two.)
TLS LDAP SSL WCCP NTLM.
Which metric is used by the monitoring agent to collect and output packet loss and jitter information?
RTP performance TCP performance WSAv performance AVC performance.
Drag and drop the VPN functions from the left onto the descriptions on the right.
AES SHA-1 ISAKMP .
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?
outbound north-south east-west inbound.
What are two benefits of using Cisco Duo as an MFA solution? (Choose two)
grants administrators a way to remotely wipe a lost or stolen device provides simple and streamlined login experience for multiple applications and users native integration that helps secure applications across multiple cloud platforms or on-premises environments encrypts data that is stored on endpoints allows for centralized management of endpoint device applications and configurations.
How does Cisco AMP for Endpoints provide next-generation protection?
It encrypts data on user endpoints to protect against ransomware.
It leverages an endpoint protection platform and endpoint detection and response. It utilizes Cisco pxGrid, which allows Cisco AMP to pull threat feeds from threat intelligence centers. It integrates with Cisco FTD devices.
A company has 5000 Windows users on its campus. Which two precautions should IT take to prevent WannaCry ransomware from spreading to all clients? (Choose two)
Segment different departments to different IP blocks and enable Dynamic ARP inspection on all VLANs Ensure that noncompliant endpoints are segmented off to contain any potential damage. Ensure that a user cannot enter the network of another department. Perform a posture check to allow only network access to those Windows devices that are already patched. Put all company users in the trusted segment of NGFW and put all servers to the DMZ segment of the Cisco NGFW.
What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two)
REST uses methods such as GET, PUT, POST, and DELETE. REST codes can be compiled with any programming language. REST is a Linux platform-based architecture. The POST action replaces existing data at the URL path. REST uses HTTP to send a request to a web service.
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
Cisco ISE Cisco NAC Cisco TACACS+ Cisco WSA.
Email security has become a high-priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10.00 to -6.00) on the Cisco ESA. Which action will the system perform to disable any links in messages that match the filter?
Defang Quarantine FilterAction ScreenAction.
Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two)
It must include the current date. It must reside in the trusted store of the WSA. It must reside in the trusted store of the endpoint. It must have been signed by an internal CA. It must contain a SAN.
Which feature does the IaaS model provide?
granular control of data software-defined network segmentation dedicated, restricted workstations automatic updates and patching of software.