Venezuela2.1
COMMENTS |
STATISTICS |
RECORDS
|
Title of test: Venezuela2.1 Description: Bastantes preguntas |
Nuevo Comentario| New Comment |
|---|
NO RECORDS |
|
469. Which deployment approach must be used to prevent harmful traffic spreading at branch sites?. antivirus module of the firewall. intrusion prevention system at the branch. intrusion detection system at the branch. antimalware module of the firewall. 470. Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?. To view bandwidth usage for Net-low records, the QoS feature must be enabled. NSEL can be used without a collector configured. A flow-export event type must be defined under a policy. A sysopt command can be used to enable NSEL on a specific interface. 471. Which security mechanism is designed to protect against "offline brute-force" attacks?. Token. MFA. Salt. CAPTCHA. 472. Which command enabled 802.1X globally on a Cisco switch?. dot1x system-auth-control. dot1x pae authenticator. aaa new-model. authentication port-control auto. 473. Why is it important for the organization to have an endpoint patching strategy?. so the internal PSIRT organization is ware of the latest bugs. so the organization can identify the endpoint vulnerabilities. so the latest security fixes are installed on the endpoints. so the network administrator is no fed when an existing bug is encountered. 474. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two). Write SQL code instead of using object-relational mapping libraries. Block SQL code execution in the web application database login. Secure the connection between the web and the app tier. Use prepared statements and parameterized queries. Check integer, float, or Boolean string parameters to ensure accurate values. 475. What is the function of SDN southbound API protocols?. to allow for the static configuration of control plane applications. to allow for the dynamic configuration of control plane applications. to enable the controller to make changes. to enable the controller to use REST. 476. Which two mechanism are used to control phishing attacks? (Choose Two.). Enable browser alerts for fraudulent websites. Implement email filtering techniques. Revoke expired CRL of the websites. Define security group memberships. Use antispyware software. 477. How is Cisco Umbrella configured to log only security events?. in the Reporting settings. per network in the Deployment section. Deployments section. per policy. 478. An engineer is configured AMP for endpoints and wants to block certain files from executing Which outbreak control method is used to accomplish this task?. application blocking list. device flow correlation. advanced custom detections. simple detections. 479. A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMWare vMotion. What is a requirement for both physical hosts?. The hosts must run different versions of Cisco AsyncOS. The hosts must run Cisco AsyncOS 10.0 or greater. The host must have access to the same defined network. The hosts must use a different datastore than the virtual appliance. 480. What is an attribute of the DevSecOps process?. isolated security team. mandated security controls and check lists. security scanning and theoretical vulnerabilities. development security. 481. What are two rootkit types? (Choose two.). virtual. bootloader. registry. buffer mode. user mode. 482. What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.). allowed applications. simple custom detections. blocked ports. URL. command and control. 483. What are two trojan malware attacks? (Choose two.). frontdoor. rootkit. smurf. sync. backdoor. 484. Which two conditions are prerequisites for stateful failover for IPSec? (Choose two.). Only the IKE configuration that is set up on the active device must be duplicated on the standby device, the IPSec configuration is copied automatically. Only the IPSec configuration that is set up on the active device must be duplicated on the standby device, the IKE configuration is copied automatically. The IPSec configuration that is set up on the active device must be duplicated on the standby device. The active and standby devices can run different version of the Cisco IOS software but must be the same type of device. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device. 485. How is DNS tunneling used to exfiltrate data out of a corporate network?. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers. It computes DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks. It encodes the payload with random characters that are broken into shot stings and the DNS server rebuilds the exfiltrated data. 486. Which two features of Cisco DNA Center are used in a Software Defined Network Solution? (Choose two.). encryption. assurance. accounting. authentication. automation. 487. Which algorithm provides encryption and authentication for data plane communication?. SHA-384. AES-256. SHA-96. AES-GCM. 488. Which two facts must be considered when deciding whether to deploy the Cisco WSA in Standard mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two.). External DLP is availably only in Standard mode and Hybrid Web Security Mode. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring. ISE Integration is available only in Standard mode and Hybrid Web Security mode. The onsite web proxy is not supported in Cloud Web Security Connector mode. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy. 489. A network engineer has configured a NTP server on a Cisco ASA. The ASA has IP reachability to the NTP server and is not filtering any traffic The "show ntp association detail" command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the Cause of this issue?. An access list entry for UDP port 123 on the outside interface is missing. An access list entry for UDP port 123 on the inside interface is missing. NTP is not configured to use a working server. Resynchronization of NTP is not forced. 490. A networking team must harden an organization's core switch against man-in-the-middle attacks. The team must use Dynamic ARP inspection on the switch to meet the requirement. The team enables DHCP snooping and Dynamic ARP Inspection and configures the trust state of the service. Which action must be taken next to complete the configuration of the Dynamic ARP inspection feature?. Configure the ARP packet rate limiting feature. Only ARP access control lists for Dynamic ARP inspection filtering. Enable Dynamic ARP inspection logging for dropped packets. Enable Dynamic ARP inspection error-disabled recovery. 491. What are two benefits of workload security? (Choose two.). scalable security policies. reduced attack surface. automated patching. workload modeling. tracked application security. 492. Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?. Cisco Talos. Cisco AnyConnect. Cisco AMP. Cisco Dynamic DNS. 493. How is ICMP used as an exfiltration technique?. by sending large numbers of ICMP packets with targeted hosts source IP address using an IP broadcast address. by flooding the destination host with unreachable packets. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host. by overwhelming a targeted host with ICMP echo-request packets. 494. What is a feature of Cisco Netflow Secure Event Logging for Cisco ASAs?. Multiple NetFlow collectors are supported. Secure NetFlow connections are optimized for Cisco Prime Infrastructure. Flow-create events are delayed. Advanced NetFlow V9 templates and legacy v5 formatting are supported. 495. An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platform. Which software should be used to accomplish this goal?. Cisco DNA Center. Cisco Defense Orchestrator. Cisco Configuration Professional. Cisco Secureworks. 496. What is a prerequisite when integrating a Cisco ISE and an AD domain?. Place the Cisco ISE server and the AD server in the same subnet. Synchronize the clocks of the Cisco ISE server and the AD Server. Configure a common DNS server. Configure a common administrator account. 497. A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud Analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM Appliance deployed in a VMware-based hypervisor?. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud. 498. What are two functions of IKEv1 but not IKEv2? (Choose two.). With IKEv1, aggressive mode negotiates faster than main mode. IKEv1 conversations are initiated by the IKE_SA_INIT message. IKEv1 uses EAP for authentication. NAT-T is supported in IKEv1 but not in IKEv2. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext. 499. A small organization needs to reduce the VPN bandwidth load on their headed Cisco ASA in order to ensure that bandwidth is available for VPN users needing access to corporate resources on the 10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the network?. Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network. Configure VPN load balancing to distribute traffic for the 10.0.0.0/24 network. Configure VPN load balancing to send non-corporate traffic straight to the internet. Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only. 500. Which Cisco solution integrates Encrypted traffic analytics to perform enhanced visibility, promote compliance, shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?. Cisco DNA Center. Cisco SDN. Cisco Security Compliance Solution. Cisco ISE. 501. Which Algorithm does ISAKMP use to securely derive encryption and integrity keys?. Diffie-Hellman. 3DES. AES. RSA. 502. Why is it important to implement multifactor authentication inside of an organization?. To prevent DoS attack from being successful. To prevent brute force attacks from being successful. To prevent phishing attacks from being successful. To prevent man-in-the-middle attacks from being successful. 503. Which two application layer preprocessors are used by Secure Firewall IPS? (Choose two.). inline normalization. packet decoder. SIP. SSL. modbus. 504. An engineer has configured TACACS+ to perform user authentication on Cisco catalyst switch. The authentication must fall back to the local user database of the switch in case TACACS server is unreachable. The engineer performed configurations already: 1. Enable AAA Services. 2. TACACS server with server group named TACACS-GROUP Which configuration must be done next to meet the requirement?. aaa authentication login TACACS group TACACS-GROUP local. aaa authentication login TACACS-GROUP group TACACS local. aaa authentication login TACACS-GROUP group local TACACS. aaa authentication login TACACS group local TACACS+GROUP. An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?. RADIUS requests are generated only by a router if a RADIUS source interface is defined. The RADIUS authentication key is transmitted only from the defined RADIUS source interface. Only requests that originate from a configured NAS IP are accepted by a RADIUS server. Encrypted RADIUS authentication requires the RADIUS source interface be defined. Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Tetration implementation? (Choose two.). ERSPAN. NetFlow. CADC. Cisco Secure Workload. Cisco ASA. An engineer must set up 200 new laptops on a network and wants to prevent the users from moving their laptops around and simplify administration. Which switch port MAC address security setting must be used?. maximum. sticky. aging. static. An engineer is configuring Outbreak Filters for a Cisco Secure Email Gateway to protect a network from large-scale virus outbreaks and phishing scans. Any URLs that match the filter files must be logged with these details: Category Reputation score Outbreak filte rewrites. dlpconfig. outbreakconfig. quarantineconfig. outbreakfilters. An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?. Ensure that the client computers are pointing to the on-premises DNS servers. Add the public IP address that the client computers are behind to a Core Identity. Enable the Intelligent Proxy to validate that traffic is being routed correctly. Browse to http://welcome.umbrella.com to validate that the new identity is working. Refer to the exhibit. What are two indications of the Cisco Firepower Services Module configuration? (Choose two.). The module is operating in IPS mode. Traffic is blocked if the module fails. Traffic continues to flow if the module fails. The module is operating in IDS mode. The module fails to receive redirected traffic. An engineer configured 802.1X authentication on a switch port but cannot authenticate. Which action must the engineer take to validate if user credentials are correct?. Check the logs of the authentication server for the username and authentication rejection logs. Check the supplicant logs for the username and password entered, then check the authentication provider. Check the authenticator and view the debug logs for the username and password. Check policy enforcement point for the authentication mechanism and credentials used. Which common exploit method is TLS 1.3 designed to prevent?. denial-of-service attack. cross-site request forgery. cross-site scripting. man-in-the-middle attack. What is a benefit of using Cisco AVC for application control?. dynamic application scanning. zero-trust approach. retrospective application analysis. management of application sessions. Refer to the exhibit. An engineer is deploying an incoming mail policy. When usera1@example.com sends an email to usera1@cisco.com, the policy must drop any emails suspected of being spam. Which action must be taken to meet the requirement?. Delete usera1 policy to use the Default policy settings. Enable the Graymail section of usera1 policy. Enable the Anti-Spam policy of Default policy. Modify the Anti-Spam section of usera1 policy. An engineer is implementing a network access control solution for a client. The client has separate data and voice VLANs and the deployment is not entering testing phase. Which configuration must be made next to ensure there are no user authentication issues?. Add TACACS+ as a failover backup solution. Change the ID of the voice VLAN. Delete the downloadable MAC access control lists. Remove VRF settings from the relevant ports on the switch. A security administrator is designing an email protection solution for an onsite email server and must meet these requirements: 1. remove malware from email before it reaches corporate premises 2. drop emails with risky links automatically 3. block access to newly infected sites with real-time URL analysis Which solution must be used?. Cisco Security for Office 365. Cisco Secure Email and Web Manager Cloud. Cisco Stealth Watch Cloud. Cisco Secure Email Cloud. An engineer must create a new custom URL on a Cisco Secure Web Appliance to block cisco.com and all its subdomains. The engineer performs these actions: 1. Create a new custom URL category named Block_Domain. 2. Add a site named cisco.com. 3. Click Submit. Which additional configuration must be performed?. Add an additional site named www.cisco.com, and then click Submit. Add an additional site named .cisco.com, and then click Submit. Set the cisco.com site to *cisco.com, and then click Submit. Change the cisco.com site to www.cisco.com, and then click Submit. What is an advantage of FlexVPN when compared to DMVPN?. FlexVPN provides NHRP for communication, and DMVPN provides NHRP for registration and communication. FlexVPN provides one static multipoint GRE interface, and DMVPN provides static and dynamic point-to-point interfaces. FlexVPN provides NHRP for communication, and DMVPN provides IPsec to announce routing information. FlexVPN provides IPsec to announce routing information, and DMVPN provides NHRP for communication. Which component is included in a zero-trust architecture model?. cloud provider. encryption management. interconnected infrastructure. multifactor authentication. Refer to the exhibit. A security engineer must create a new VIP user group on a Cisco Secure Endpoint device To automate the procedure, a Python script is used. Which code snippet completes the script?. request = request.post(url, auth=(amp_client_id, amp_api_key), data=VIP). request = request.get(url, auth=(amp_client_id, amp_api_key), data=data). request = request.post(url, auth=(client_id, api_key), data=data). request = request.post(url, auth=(amp_client_id, amp_api_key), data=data). Which policy does a Cisco Secure Web Appliance use to block or monitor URL requests based on the reputation score?. Outbound Malware Scanning. Cisco Data Security. Enforcement Security. Encryption. A company named ABC.inc recently deployed a new website www.abc.inc to a SaaS platform. An engineer must secure the website because the company has experienced a recent increase in DoS, DDoS, cross-site scripting, and SQL injection attacks. Which security solution must be deployed?. Cisco IDS Host Sensor on the SaaS platform. Cisco Secure Firewall at ABC.inc. Secure Web Application Firewall on the SaaS platform. Cisco Intrusion Prevention System at ABC.inc. Refer to the exhibit. An administrator is adding a new Cisco Secure Firewall Threat Defence with IP address 10.1.1.100 managed with Cisco Secure Firewall Management Center. The registration key will be used for integration. Which command must be configured on Cisco Secure Firewall Threat Defence?. Configure manager add 10.1.1.100 <registration key>. Configure manager add DONTRESOLVE <registration key> FTD01. Configure manager add <registration key> 10.1.1.100 10. Configure manager add DONTRESOLVE <registration key>. What is a difference between a zone-based firewall and a Cisco Adaptive Security Appliance firewall?. Zone-based firewalls support virtual tunnel interfaces across different locations, and Cisco Adaptive Security Appliance firewalls support DMVPN. Zone-based firewalls are used in large deployments with multiple areas, and Adaptive Security Appliance firewalls are used in small deployments. Zone-based firewalls provide static routing based on interfaces, and Cisco Adaptive Security Appliance firewalls provide dynamic routing. Zone-based firewalls have a default allow-all policy between interfaces in the same zone, and Cisco Adaptive Security Appliance firewalls have a deny-all policy. How is a cross-site scripting attack executed?. force a currently authenticated end user to execute unwanted actions on a web app. execute malicious client-side scripts injected to a client via a web app. inject a database query via the input data from the client to a web app. intercept communications between a client and a web server. Refer to the exhibit. Which protocol should be used to encrypt a client connection that signs in to the router remotely to make common configuration changes?. SSH. SCP. SFTP. FTPS. What are two components of the Cisco ISE posture service? (Choose two.). administration services. client services. real-time services. run-time services. deployment services. An engineer must monitor the behavior of devices on an on-premises network and send the data to the Cisco Secure Cloud Analytics platform for analysis. The engineer will perform this task on a virtual machine. What must be configured next?. Cisco Secure Firewall Threat Defense sensor to send network events to Secure Cloud Analytics. Cisco Secure Firewall Management Center to send syslog messages to Secure Cloud Analytics. Cisco Secure Firewall Management Center to send NetFlow data to Secure Cloud Analytics. Cisco Secure Cloud Analytics Cloud PIM sensor to send data to Secure Cloud Analytics. Why is it important to implement a comprehensive endpoint patching strategy?. protects the organization by using zero-trust model metrics and analytics. protects the confidentiality and availability of information in an organization. ensures patching is performed automatically from the endpoint and at a regular cadence. ensures endpoint-to-destination encryption of any sensitive data transmitted in an organization. A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?. A Threat Intelligence policy to download the data from the host. A Network Discovery policy to receive data from the host. A Network Analysis policy to receive NetFlow data from the host. A File Analysis policy to send file data into Cisco Firepower. An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?. UDP 1700. TCP 49. UDP 1812. TCP 6514. Which problem is solved by deploying a multicontext firewall?. overlapping IP addressing plan. more secure policy. faster inspection. resilient high availability design. What is a benefit of implementing multifactor authentication for an application?. allows remote access to the application. helps prevent stolen credentials from being used. links devices with applications improving discovery. allows secure connections to the application. What is offered by an EPP solution but not an EDR solution?. detection. investigation. containment. sandboxing. An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?. Consumption. Sharing. Editing. Authoring. Which command is used to log all events to a destination collector 209.165.201.10?. CiscoASA(config-cmap)# flow-export event-type flow-update destination 209.165.201.10. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.10. CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10. CiscoASA(config-pmap-c)# flow-export event-type flow-update destination 209.165.201.10. Which key feature of ZFW is unique among other Cisco IOS firewall solutions?. security levels. SSL inspection. stateless inspection. security zones. A Cisco Secure Cloud Analytics administrator is setting up a private network monitor sensor to monitor an on-premises environment. Which two pieces of information from the sensor are used to link to the Secure Cloud Analytics portal? (Choose two.). Public IP address. SSL certificate. Unique service key. NAT ID. Private IP address. Which Secure Email Gateway implementation method segregates inbound and outbound email?. one listener on a single physical interface. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address. one listener on one logical IPv4 address on a single logical interface. pair of logical IPv4 listeners and a pair of IIPv6 listeners on two physically separate interfaces. An organization configures Cisco Umbrella to be its DNS for its service. The organization must be able to block traffic based on the subnet that the endpoint is on, but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?. Use the tenant control feature to identify each subnet being used and track the connections within the Cisco Umbrella dashboard. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains. Set up a Cisco Umbrella virtual appliance to internally field the requests and see traffic of each IP address. 181 What is a capability of a Cloud Access Security Broker?. It controls access to and usage of a cloud-based application. It issues oAuth tokens for user-level access to cloud-based applications. It encrypts data between a cloud provider and a cloud consumer. It secures proxy connections to a cloud-based application. 182 How do the features of DMVPN compare to IPsec VPN?. DMVPN supports multiple vendors, and IPsec VPN only supports Cisco products. DMVPN supports high availability routing, and IPsec VPN supports stateless failover. DMVPN uses hub-and-spoke topology, and IPsec VPN uses on-demand spoke topology. DMVPN supports non-IP protocols, and IPsec VPN only supports IP protocols. 183. An engineer must implement a backup solution between a branch office and the headquarters of a company. The solution must use a protocol that meets these requirements: Be connection-oriented and support authentication. Support encryption to protect against man-in-the-middle attacks. Be able to list the remote directories for ease of management. Which protocol must be used?. SCP. FTP. SFTP. SSH. 184. A network engineer configures a site-to-site VPN with a colleague. During testing, the engineer discovers that only phase 1 is up, and application traffic cannot pass. Which configuration parameter must be checked on each device?. encryption domain. shared key. Hash algorithm. peer IP address. 185. What is a capability of Cisco Secure Email Gateway compared to Cisco Secure Email Cloud Gateway?. Secure Email Gateway is an add-on for an email server, and Secure Email Cloud Gateway is a cloud-based solution. Secure Email Cloud Gateway is hosted by Cisco using managed services, and Secure Email Gateway is hosted on- premises. Secure Email Gateway is hosted by Cisco by using a local agent deployed onsite, and Secure Email Cloud Gateway is a software as a service. Secure Email Cloud Gateway is an add-on for a web browser, and Secure Email Gateway requires that a server be deployed on-premises. 186. What is a difference between an SQL injection and a cross-site scripting attack?. SQL injection modifies SQL queries, and XSS cloaks by encoding tags. SQL injection detects environments, and XSS cloaks by encoding tags. SQL injection modifies SQL queries, and XSS allows access to files beyond the root folder. SQL injection intercepts user information, and XSS causes false or unpredictable results. 187. What is Cisco Talos?. public collection of threat intelligence feeds. threat intelligence that powers Cisco Secure products and services. public collection of IP address and URL reputations. service used to exchange security information between Cisco devices. 188. An engineer implements Cisco CloudLock to secure a Microsoft Office 365 application in the cloud. The engineer must configure protection for corporate files in case of any incidents. Which two actions must be taken to complete the implementation? (Choose two(. Remove all users as collaborators on the files. send Cisco Webex message to specified users when an incident is triggered. disable the ability for commenters and viewers to download and copy the files. Expire the public share URL. Transfer ownership of the files to a specified owner and folder. 189 What is a key difference between Cisco Firepower and Cisco ASA?. Cisco ASA provides access control while Cisco Firepower does not. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not. Cisco ASA provides SSL inspection while Cisco Firepower does not. Cisco Firepower provides identity based access control while Cisco ASA does not. 190 An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device. 191. How is data sent out to the attacker during a DNS tunneling attack?. as part of the domain name. as part of the UDP/53 packet payload. as part of the DNS response packet. as part of the TCP/53 packet header. 192. What is an advantage of network telemetry over SNMP pulls?. security. encapsulation. scalability. accuracy. 193. Which Cisco Secure Web Appliance feature supports access control using URL categories?. transparent user identification. SOCKS proxy services. web usage controls. user session restrictions. 194. Which attack gives unauthorized access to files on the web server?. path traversal. distributed DoS. DHCP snooping. broadcast storm. 195. refer to the exhibit. An engineer must configure a new Cisco ISE backend server as a RADIUS server to provide AAA for all access requests from the client to the ISE-Frontend server. Which Cisco ISE configuration must be used. Set 10.11.1.2 as the external RADIUS server in ISE-Frontend. Set ports 1812/1813 for authentication and accounting. Set 10.11.1.1 as the external RADIUS server in ISE-Frontend. Set ports 1812/1813 for authentication and accounting. Set 10.11.1.2 as a network device in ISE-Frontend. Set port 1700/2083 for RADIUS authentication. Set 10.11.1.1 as a network device in ISE-Frontend. Set ports 1700/2083 for RADIUS authentication. 196. What is the goal of an endpoint patching strategy?. to maintain an accurate register of all applications and devices. to ensure consistent and reliable patching for important applications or devices. to test and review all patches before deploying to production systems. to ensure that lack of expertise is not a consideration in security. 197. What is the purpose of the Structured Threat Information expression?. cyber threat intelligence maintenance. stealing sensitive information. sharing of cyber threat information. fast and intelligent responses. 198. What is a capability of a Cisco Next-Generation Firewall?. intrusion prevention. IOC scanning. deep file analysis. endpoint isolation. 199. Which firewall mode does a Cisco Adaptive Security Appliance use to inspect Layer 2 traffic?. routed. passive. inline. transparent. 200. A company deploys an application that contains confidential data and has a hybrid hub-and-spoke topology. The hub resides in a public cloud environment, and the spoke resides on- premises. An engineer must secure the application to ensure that confidential data in transit between the hub-and-spoke servers is accessible only to authorized users. The engineer performs these configurations: 1. Segregation of duties 2 Role-based access control 3. Privileged access management What must be implemented to protect the data in transit?. MD5. TLS-1.3. SHA-512. AES-256. 201. Which email security feature protects users from phishing attempts?. malicious signature detection. intrusion prevention. reputation-based filtering. anti-malware file scanning. 202. What is part of a network monitoring solution that uses streams to push operational data to the solution and provide a near real-time view of activity?. . telemetry. SNMP. .Syslog. SMTP. 203. What is a benefit of using Cisco ISE for device compliance?. zero-trust approach. device analysis. outbreak control. retrospective analysis. 204. In a PaaS model, which layer is the tenant responsible for maintaining and patching?. application. hypervisor. .network. virtual machine. 205. What is the primary role of the Cisco Secure Email Gateway?. Mail Transfer Agent. Mail User Agent. Mail delivery agent. Mail Submission Agent. 206. Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?. authentication key mismatch. hashing algorithm mismatch. encryption algorithm mismatch. interesting traffic was not applied. 207. In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.). configure AD Group Policies to push proxy settings. reference a Proxy Auto Config file. use Web Cache Communication Protocol. configure the proxy IP address in the web-browser settings. . configure policy-based routing on the network infrastructure. 208. How does DNS Tunneling exfiltrate data?. An attacker opens a reverse DNS shell to get into the client's system and install malware on it. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. 209. When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?. Common Vulnerabilities and Exposures. Common Vulnerabilities, Exploits and Threats. Common Security Exploits. Common Exploits and Vulnerabilities. 210. A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two. monitor. permit. reset. allow. trust. 211. What is the role of an endpoint in protecting a user from a phishing attack?. Use machine learning models to help identify anomalies and determine expected sending behavior. Use Cisco Stealthwatch and Cisco ISE Integration. .Utilize 802.1X network security to ensure unauthorized access to resources. Ensure that antivirus and antimalware software is up-to-date. 212 What is a benefit of conducting device compliance checks?. It indicates what type of operating system is connecting to the network. It detects email phishing attacks. It scans endpoints to determine if malicious activity is taking place. It validates if anti-virus software is installed. Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue?. The hashing algorithm that was used was MD5, which is unsupported. The router was not rebooted after the NTP configuration updated. The key was configured in plain text. NTP authentication is not enabled. 214. An organization wants to improve its cybersecurity processes and to add intelligence to its data. The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?. Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides. Download the threat ntelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases. Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use. Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to the to the dynamic access control policies. 215. An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two.). Configure Cisco ACI to ingest AWS information. Configure Cisco Thousand Eyes to ingest AWS information. Configure Cisco Stealthwatch Cloud to ingest AWS information. Send syslog from AWS to Cisco Stealthwatch Cloud. Send VPC Flow Logs to Cisco Stealthwatch Cloud. 216. Refer to the exhibit. What is the function of the Python script code snippet for the Cisco ASA REST API?. adds a global rule into policies. changes the hostname of the ASA. obtains the saved configuration of the ASA firewall. deletes a global rule from policies. Which standard is used to automate exchanging cyber threat information?. IoC. TAXII. STIX. MITRE. What are the components of endpoint protection against social engineering attacks?. ESA. IDS. IPSec. firewall. An engineer adds a custom detection policy to a Cisco AMP Deployments and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?. The file being uploaded is incompatible with sample detections and must use advanced detections. The engineer is attempting to upload a hash created using MD5 instead of SHA-256. The engineer is attempting to upload a file instead of a hash. The hash being uploaded is part of a set in an incorrect format. Which two services must remain as on premises equipment when a hybrid email solutions is deployed? (Choose two.). DDoS. Encryption. DLP. antivirus. antispam. Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.). Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval. Enter the "shutdown" and "no shutdown" commands on the interfaces. Ensure that interfaces are configured with the error-disable detection and recovery feature. Use EEM to have the ports return to service automatically in less than 300 seconds. Enable the "snmp-server enable traps" command and wait 300 seconds. Refer to the exhibit. What is the result of using this authentication protocol in the configuration?. The authentication request contains only a password. The authentication and authorization requests are grouped in a single packet. There are separate authentication and authorization request packets. The authentication request contains only a username. Refer to the exhibit. An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two.). Uses the FQDN with the label command. Enables SSHv1 on the router. Labels the key pairs to be used for SSH. Generates AES key pairs on the router. Generates RSA key pairs on the router. An organization has a Cisco Secure Cloud Analytics deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue?. Deploy a FTD sensor to send events to Cisco Stealthwatch Cloud. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud. Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?. sharing. authoring. consumption. analysis. Refer to the exhibit Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?. show authentication sessions. show dot1x all. show authentication registrations. show authentication method. Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.). Cisco TrustSec. Cisco Umbrella. Cisco ISE. Cisco Due Security. Cisco DNA Center. Which Cisco security solution stops exfiltration using HTTPS?. Cisco ASA. Cisco CTA. Cisco FTD. Cisco AnyConnect. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?. management console and the cloud. management console and the SDN controller. SDN controller and the cloud. SDN controller and the management solution. What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.). The POST action replaces existing data at the URL path. REST codes can be compiled with any programming language. REST uses HTTP to send a request to a web service. REST is a Linux platform-based architecture. REST uses methods such as GET, PUT, POST, and DELETE. Which feature must be configured before implementing NetFlow on a router?. SNMPv3. VRF. IP Routing. syslog. Refer to the exhibit. What does this Python script accomplish?. It authenticates to a Cisco ISE with an SSH connection. It allows authentication with TLSv1 SSL protocol. It authenticates to a Cisco ISE server using the username of ersad. It lists the LDAP users from the external identity store configured on Cisco ISE. Which capability is provided by application visibility and control?. data encryption. deep packet inspection. reputation filtering. data obfuscation. Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?. Secure Network Analytics. Secure Workload. Secure Firewall. Nexus. An organization is using CSR 1000 routers in their private cloud infrastructure. They must upgrade their code to address vulnerabilities within their running code version. Who is responsible for these upgrades?. The CSR 1000V updates automatically, as new code becomes available. The organization must update the code for the devices they manage. The cloud vendor is responsible for updating all code hosted in the cloud. The cloud service provider must be asked to perform the upgrade. Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?. Configure an IP Block & Allow custom detection list. Configure an application custom detection list. Configure an advanced custom detection list. Configure a simple custom detection list. Which function is included when Cisco AMP is added to web security?. multifactor, authentication-based user identity. detailed analytics of the unknown file's behavior. threat prevention on an infected endpoint. phishing detection on emails. Which DoS attack uses fragmented packets in an attempt to crash a target machine?. SYN flood. smurf. LAND. teardrop. Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?. CoA request. carrier-grade NAT. AV pair. AAA attributes. Which configuration method provides the option to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with VMware VDS or Microsoft vSwitch?. intra-EPG isolation. inter-VLAN security. placement in separate EPGs. inter-EPG isolation. Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.). DLP. Sophos engine. white list. outbreak filters. RAT. Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.). Seed IP. CDP AutoDiscovery. Cisco Cloud Director. Cisco Prime Infrastructure. PowerOn Auto Provisioning. Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802.1X deployment and hast difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials; however, printer and video cameras cannot. Based on the interface provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls?. Enable insecure protocols within Cisco ISE in the allowed protocols configuration. Add mab to the interface configuration. Configure authentication event fail retry 2 action authorize vlan 41 on the interface. Change the default policy in Cisco ISE to allow all devices not using machine authentication. Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?. VMware horizons. VMware APIC. VMware fusion. VMware vRealize. An organization is trying to implement micro-segregation on the network and wants to be able to gain visibility on the application within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?. Cisco Secure Workload. Cisco Secure Network Analytics. Cisco Umbrella. Cisco AMP. An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?. Configure the *domain.com address in the block list. Configure the *.com address in the block list. Configure the *.domain.com address in the block list. Configure the domain.com address in the block list. Which two activities are performed using Cisco DNA Center? (Choose two.). DHCP. design. provision. accounting. DNS. Under which two circumstances is a CoA issued? (Choose two). A new identity Source Sequence is created and referenced in the authentication policy. A new identity Service Engine server is added to the deployment with the Administration persona. An endpoint is profiled for the first time. An endpoint is deleted on the identity Service Engine server. A new authentication rule was added to the policy on the Policy Service node. Which risk is created when using an Internet browser to access cloud-based service?. intermittent connection to the cloud connectors. misconfiguration of Infra, which allows unauthorized access. vulnerabilities within protocol. insecure implementation of API. Refer to the exhibit. What is a result of the configuration?. Traffic from the inside network is redirected. All TCP traffic is redirected. Traffic from the inside and DMZ networks is redirected. Traffic from the FMZ network is redirected. Refer to the exhibit. Which configuration item makes it possible to have the AAA session on the network?. aaa authentication enable default enable. aaa authentication login console ise. aaa authorization exec default ise. aaa authorization network default group ise. Refer to the exhibit. What is the result of the Python script?. It used the POST HTTP method to obtain a token to be used for authentication. It used the POST HTTP method to obtain a username and password to be used for authentication. It used the GET HTTP method to obtain a token to be used for authentication. It used the GET HTTP method to obtain a username and password to be used for authentication. An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?. Configure the default policy to redirect the request to the correct policy. Place the policy with the most-specific configuration last in the policy order. Make the correct policy first in the policy order. Configure only the policy with the most recently changed timestamp. Which two capabilities of Integration APIs are utilized with Cisco Catalyst Center? (Choose two.). Third party reporting. Create new SSIDs on a wireless LAN controller. Upgrade software on switches and routers. Automatically deploy new virtual routers. Connect to ITSM platforms. Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?. Fuzzing Framework. Radamsa. AFL. OWASP. A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against a Active Directory. What must be considered about the authentication requirements? (Choose two.). The ISE account must be a domain administrator in Active Directory to perform JOIN operations. RADIUS communication must be permitted between the ISE server and the domain controller. Active Directory supports users and machine authentication by using MSCHAPv2. Active Directory only supports user authentication by using MSCHAPv2. LDAP communication must be permitted between the ISE server and the domain controller. What is the purpose of a NetFlow version 9 template record?. It provides a standardized set of information about an IP flow. It defines the format of data records. It serves as a unique identification number to distinguish individual data records. It specifies the data format of NetFlow processes. Which VPN provides scalability for organizations with many remote sites?. DMVPN. site-to-site IPsec. GRE over IPsec. SSL VPN. WhatWhat are two ways that Cisco Container Platform provides value to customer who utilize cloud service providers? (Choose two.). manages Kubernetes clusters. manages Docker containers. helps maintain source code for could deployments. creates complex tasks for managing code. allows developers to create code once and deploy to multiple clouds. An engineer wants to assign a printer to a different VLAN than what is statically configured on the switch port. Which CoA type should the engineers use?. No CoA. CoA-Terminate. Port-Bounce. CoA-Reauth. What are two core components of Cisco Umbrella solution (Choose two.). cloud access security broker. could container platform. DNS layer security. Transport Layer Security. Cisco ISE. A company has an infrastructure ACL policy on its perimeter router that denies FC 1918 addresses, unused address ranges, any packets that use the IP address that is assigned to the internal IP infrastructure, and 127.0.0.1. All these rules apply to incoming traffic from the internet. Which two attacks are prevented by using this method? (Choose two.). gaining of access to network devices using a spoofed address. losing the line protocol keep-alives and routing protocol update. routing processor resource exhaustion. DOS attack that cause high CPU utilization. spoofing the IP address of another customer to steal service. What is the target in a phishing attack?. IPS. web server. perimeter firewall. endpoint. What are two benefits of adaptive multifactor authentication? (Choose two.). improved access management. secure remote access. managed encryption policies. no need to remember passwords. contextual factor-based authentication. What is a characteristic of traffic storm control behavior?. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. Traffic storm control cannot determine if the packet is unicast or broadcast. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. How does Cisco Umbrella archive logs to an enterprise-owned storage?. by being configured to send logs to a self-managed AWS S3 bucket. by the system administrator downloading the logs from the Cisco Umbrella web portal. by sending logs via syslog to an on-premises or cloud-based syslog server. by using the Application Programming Interface to fetch the logs. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?. intrusion policy. quality of service. network address translations. time synchronization. After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?. Modify an access policy. Modify web proxy settings. Modify identification profiles. Modify outbound malware scanning policies. Refer to the exhibit. Which type of authentication is in use?. SMTP relay server authentication. LDAP authentication for Microsoft Outlook. POP3 authentication. external user and relay mail authentication. An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?. Configure the Cisco ESA to reset the TCP connection. Configure policies to stop and reject communication. Configure the Cisco ESA to drop the malicious emails. Configure policies to quarantine malicious emails. Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.). Data. Applications. middleware. operating systems. virtualization. What does endpoint isolation in Cisco AMP for Endpoints security protect from?. a malware spreading across the user device. a malware spreading across the LDAP or Active Directory domain from a user account. an infection spreading across the network. an infection spreading across the LDAP or Active Directory domain from a user account. An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?. Cisco ASA firewall with Dynamic Access Policies configured. Cisco ISE with PxGrid services enabled. Cisco Stealthwatch and Cisco ISE integration. Cisco ISE and AnyConnect Posture module. Which baseline form of telemetry is recommended for network infrastructure devices?. passive taps. NetFlow. SNMP. DNS. Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.). ARP spoofing. exploits. denial-of-service attacks. malware. eavesdropping. What features does Cisco FTDv provide over Cisco ASAv?. Cisco FTDv runs on VMWare while Cisco ASAv does not. Cisco FTDv supports URL filtering while Cisco ASAV does not. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not. Cisco FTDv runs on AWS while Cisco ASAV does not. An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not. Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?. NTP. NetFlow. Syslog. SNMP. Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two.). aaa authorization exec default local. tacacs-server host 10.1.1.250 key password. CoA. aaa server radius dynamic-author. posture assessment. What is the recommendation in a zero-trust model before granting access to corporate applications and resources?. to use a wired network, not wireless. to use strong passwords. to disconnect from the network when inactive. to use multifactor authentication. Which Cisco solution secures the cloud users, data, and applications with the cloud-native CASB and cloud cybersecurity platform?. Cisco CloudLock. Cisco Appdynamics. Cisco Stealthwatch. Cisco Umbrella. An administrator wants to ensure that the organization's remote access VPN devices can connect to the VPN without the user logging into the devices. Which action accomplishes this task?. Modify the Cisco AnyConnect Client image to start before logon and use the users' cached credentials for authentication. Add the Auto Connect feature in the Cisco AnyConnect Group Policy and use the machine certificate as the authentication identity. Change the Cisco AnyConnect Connection Profile to allow for authentication prior to logon and use the user certificate for authentication. Configure the Start Before Logon feature in the Cisco AnyConnect Client profile and use certificate authentication. Which process is used to obtain a certificate from a CA?. approval. enrollment. registration. signing. Which Cisco ISE service checks the state of all the endpoints connecting to a network for compliance with corporate security policies?. Cisco TrustSec. posture service. Threat Centric NAC service. compliance module. What is a capability of Cisco AVC?. traffic filtering by using a Security Intelligence policy. Interoperates by using GET VPN on tunnel interfaces. application bandwidth enforcement on Cisco IOS platforms. deep packet inspection on IPsec encapsulated traffic. What is the difference between deceptive phishing and spear phishing?. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role. A spear phishing campaign is aimed at a specific person versus a group of people. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage. Spear phishing is when the attack is aimed at the C-level executives of an organization. Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?. Cisco Firepower. Cisco Umbrella. Cisco Firepower NGIPS. D.Cisco Stealthwatch. A network administrator configures Dynamic ARP Inspection on a switch After Dynamic ARP Inspection is applied all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces and there is no err-disabled interface. What is causing this problem?. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users. The no ip arp inspection trust command is applied on all user host interfaces. DHCP snooping has not been enabled on all VLANs. Dynamic ARP Inspection has not been enabled on all VLANs. When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?. Cisco AMP Private Cloud. Cisco ASA. Cisco ISE. Cisco CloudLock. Which action blocks specific IP addresses whenever a computer with Cisco AMP for Endpoints installed connects to the network?. Create an advanced custom detection policy and add the IP addresses. Create an application block list and add the IP addresses. Create an IP Block & Allow list and add the IP addresses. Create a simple custom detection policy and add the IP addresses. Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?. websecurityconfig. websecurityadvancedconfig. webadvancedconfig. outbreakconfig. What is a benefit of flexible NetFlow records?. They have customized traffic identification. They are used for security. They monitor a packet from Layer 2 to Layer 5. They are used for accounting. A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to mitigate this risk?. no service password-recovery. config-register 0x00000041. no service sw-reset-button. aaa authentication console. Which solution provides end-to-end visibility of applications and insights about application performance?. Cisco Secure Workload. Cisco AppDynamics. Cisco Cloudlock. Cisco Secure Cloud Analytics. An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware?. Detect Files. Malware Cloud Lookup. Block Files. Block Malware. Refer to the exhibit. Which task is the Python script performing by using the Cisco Secure Firewall API?. pushing a bulk list of network hosts to Cisco Secure Firewall Management Center. adding to an existing bulk list of internal hosts on Cisco Secure Firewall Management Center. retrieving a bulk list of network hosts from Cisco Secure Firewall Management Center. removing an existing bulk list of internal hosts from Cisco Secure Firewall Management Center. Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organization's cloud environment?. Cisco CSR 1000v. Cisco FTD. Cisco DNA. Cisco Secure Workload. What is a capability of EPP compared to EDR?. EPP prevents attacks on an endpoint, and EDR focuses on protecting email and web servers. EPP prevents attacks made via email, and EDR prevents attacks on a web server. EPP prevents attacks on an endpoint, and EDR detects attacks that penetrate the environment. EPP prevents attacks on a website, and EDR focuses on protecting computers and servers. How should an organization gain visibility into encrypted flows leaving the organization?. Decrypt and inspect the HTTPS traffic. Implement AAA for external users. Add Cisco Secure Firewall IPS. Enable a VPN for more sensitive data. How does a Cisco Secure Firewall help to lower the risk of exfiltration techniques that steal customer data?. blocking TCP port 53. inspecting the DNS traffic. encrypting the DNS communication. blocking UDP port 53. An administrator is configuring a new destination list in Cisco Umbrella. The administrator received a Microsoft Excel file that contains a long list of domains. Which two actions must be taken to ensure successful implementation? (Choose two.). Keep one domain per line. Limit each file to 50 domains. Use a semicolon instead of a comma. Convert the Excel file into XML format. Convert the Microsoft Excel file to .TXT. An administrator is implementing management plane protection and must configure an interface on a Cisco router to only terminate management packets that are destined for the router. Which set of IOS commands must be used to complete the implementation?. #control-plane #management-plane #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh #allow peer ssh. #control-plane #management-plane #inband #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh. #control-plane #management-plane #out-of-band #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh. #control-plane #management-plane #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh. An engineer must implement a Cisco Secure Web Appliance to filter internet traffic for a company with a Cisco ASA. All internet traffic on ports 80 and 443 must go: 1. From Client-SiteA to the Cisco ASA 2. From the Cisco ASA to the Secure Web Appliance What must be implemented to meet the requirements?. SPAN. RSPAN. HSRP. WCCP. A company is planning to deploy an application to a secure cloud environment. Requirements include the following: 1. A third-party must control the underlying cloud infrastructure. 2. The company must control the deployed applications. 3. A third-party must control networking components. Which cloud service model must be used?. SaaS. IaaS. PaaS. private cloud. A security engineer must prevent users from accessing malicious websites by enabling URL filtering in Cisco Secure Firewall Management Center. The engineer activates the appropriate licenses, enables access from Firewall Management Center to the internet, and enables the URL filtering feature. Which action must be taken next to complete the implementation?. Order the rules so that traffic hits key rules first. Deploy configuration changes to Firewall Management Center. Configure category and reputation-based blocking. Ensure that the system has received updated URL data. What is a difference between weak passwords and missing encryption?. Weak passwords are guessed easily, and missing encryption allows information to be decrypted. Weak passwords cause programs to crash, and missing encryption sends data to a memory location. Weak passwords consume bandwidth, and missing encryption allows user information to be hijacked. Weak passwords allow programs to be renamed, and missing encryption hides .exe extensions. What has driven an increase in the need for endpoint-based security?. minimal endpoint-based security manual configuration and implementation. stricter control mechanism requirements for enterprise access. increased number of BYOD policies and hybrid remote worker. increased data volumes and value in data center storage. What is an attribute of Cisco Talos?. fast and intelligent responses based on threat data. cyber threat intelligence interchange and maintenance. cyber threats posing as authorized users and devices. introduction of attributes that use objects and narrative relations. An engineer must deploy a Cisco Secure Web Appliance. Antimalware scanning must use the Outbreak Heuristic antimalware category on files identified as malware before performing any other processes. What must be configured on the Secure Web Appliance to meet the requirements?. McAfee scanning engine. Adaptive Scanning. Webroot scanning engine. Sophos scanning engine. What is the definition of phishing?. malicious email spoofing attack that targets a specific organization or individual. any kind of unwanted, unsolicited digital communication that gets sent out in bulk. sending fraudulent communications that appear to come from a reputable source. impersonation of an authorized website to deceive users into entering their credentials. Which network technology does Cisco Next-Generation Firewall replace?. load balancer. intrusion detection. Web Application Firewall. Demilitarized Zone router. What is a capability of the Cisco ISE guest service in the web-based portal?. creates an open SSID to give Wi-Fi access to guests without authentication. provides sponsors with a portal to create and manage accounts for visitors. gives consultants a self-service platform for password resets. allows Cisco Technical Assistance Center to create a temporary root account. A company named Org.Co plans to migrate a messaging app to a software as a service offering. A security engineer must protect data-at-rest and data in transit, and the solution must enforce policy-based security control automatically. What must be integrated with the SaaS offering to meet these requirements?. next generation firewall. Perimeter Extended Detection and Response. Cloud Access Security Broker. Cloud Workload Protection. A network administrator wants to deploy a Secure Web Appliance to protect users even when they are outside of the corporate environment. The destination IP and port of all packets sent from the user devices must be that of the proxy. Which proxy method must be used to meet this requirement?. reverse. anonymity. transparent. explicit. Which type of attack does multifactor authentication help protect against?. cross-site scripting. SQL injection. brute force. man-in-the-middle. What are the two distribution methods available to an administrator when performing a fresh rollout of the Cisco Secure Client Secure Mobility Client? (Choose two.). web deploy. SFTP. TFTP. cloud update. predeploy. A network engineer must segment a corporate network into smaller, more manageable networks by using a Cisco Nexus 1000V switch. The corporate infrastructure uses port 443 for access. The engineer enables Network Segmentation Manager and sets up the port profiles. Which action must be taken next?. Migrate networks to a nondefault segmentation policy. Register Network Segmentation Manager with vShield Manager. Enable all ports associated with the segmented VLANs. Create the network segmentation policies. An engineer must protect data hosted in the cloud by using Cisco CloudLock data loss protection policies. the engineer uses a predefined policy for the configuration and needs the policy to return the closest exact match for a regular expression. Which action completes the implementation?. Set the occurrence threshold of search patterns to the lowest number. Configure the policy to use specific regular expressions for the proximity. Set the tolerance to Strict in the policy. Configure exceptions to the regular expression. What is the purpose of the Trusted Automated eXchange cyber threat intelligence industry standard?. language used to represent security information. service used to exchange security information. public collection of threat intelligence feeds. threat intelligence sharing organization. Refer to the exhibit. A network engineer must delete part of a Cisco router configuration using the NETCONF API. The engineer uses a Python script to automate the activity. Which code snippet completes the script?. <interface nc:actions="delete" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>. <interface nc:operation="delete" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>. <interface nc:operation="erase" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>. <interface nc:operation="change" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"/>. Refer to the exhibit. A network engineer configures a network on a Cisco switch that has interVLAN routing where PC1 belongs to VLAN10 and PC2 belongs to VLAN20. Which action should be taken to allow the devices on PC1 to connect to the internet?. Create VLAN10 and assign port G0/0/1. Create VLAN10 and assign port Fa0/6. Create VLAN10. Delete VLAN20 and recreate new VLANs. What is a difference between SQL injection and buffer overflow attacks?. SQL injection targets databases, and buffer overflow targets applications. SQL injection requires only remote access, and buffer overflow needs local access. SQL injection targets websites, and buffer overflow targets software. SQL injection reads data from memory, and buffer overflow inserts data into memory. An engineer must prevent communication with a cloud application being decrypted. The application database uses AES-256 with SHA-512, and web access to the application uses HTTPS with SSLv2 self-signed certificates. TLS 1.3 with self-signed certificates. SSLv3 with signed certificates. TLS 1.3 with signed certificates. SSLv3 with self-signed certificates. How is an amplification DDoS attack performed?. sending instructions to a collection of compromised devices to launch a large-scale network attack. generating and sending the packets directly to the target device from the source of the attack to overwhelm the device. turning small DNS queries into DNS responses that are much larger in packet size to flood the target device. triggering a memory buffer overflow that causes a device to consume all the available resources. 109. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. FlexVPN. DMVPN. GET VPN. IPsec DVTI. 110. An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements. What else must be done to accomplish this task?. Use content categories to block or allow specific addresses. Modify the application settings to allow only applications to connect to required addresses. Create a destination list for addresses to be allowed or blocked. Add the specified addresses to the identities list and create a block action. 111. An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices. Set the sftunnel to go through the Cisco FTD. Set the sftunnel port to 8305. Manually change the management port on Cisco FMC and all managed Cisco FTD devices. 112. An engineer is configuring Cisco WSA and needs to ensure end clients are protected against DNS spoofing attacks. Which deployment method accomplishes this goal?. transparent mode. single-context mode. Web Cache Communication Protocol. explicit forward. 113. Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?. southbound API. eastbound API. northbound API. westbound API. 114. Which two request methods of REST API are valid on the Cisco ASA Platform?(Choose two). get. push. options. put. connect. 115. What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?. Active SSL decryption. Enable Intelligent Proxy. Active the Advanced Malware Protection license. Enable IP Layer enforcement. 116. Which feature requires a network discovery policy on the Cisco Firepower NGIPS?. security intelligence. health monitoring. URL filtering. impact flags. 117. When MAB is configured for use within the 802. 1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password?. The MAB uses the IP address as username and password. The MAB uses the Call-Station-ID as username and password. The MAB uses the MAC address as username and password. Each device must be set manually by the administrator C. 118. What is the concept of CI/CD pipelining?. The project is split into time-limited cycles and focuses on pair programming for continuous code review. Each project phase is independent from other phases to maintain adaptiveness and continual improvement. The project code is centrally maintained, and each code change should trigger an automated build and test sequence. The project is split into several phases where one phase cannot start before the previous phase finishes successfully. 119. Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?. source NAT. reverse tunnel. GRE tunnel. destination NAT. 120. Which feature is used to configure an encrypted route-based site-to-site VPN from a Cisco router to a cloud environment?. IKE profile based selection. FlexVPN Mixed mode. Tunnel Mode Auto Selection. virtual tunnel interface. 121. What is an advantage of using a next-generation firewall compared to a traditional firewall?. Next-generation firewalls use intrusion prevention policies, and traditional firewalls use intrusion detection policies. Next-generation firewall have stateless inspection capabilities, and traditional firewalls use stateful inspection. Next-generation firewalls have threat intelligence feeds, and traditional firewalls use signature detection. Next-generation firewalls use dynamic packet filtering, and traditional firewalls use static packet filtering. 122. What must be configured on Cisco Secure Endpoint to create a custom detection file list to detect and quarantine future files?. Configure an application control allowed applications list to block the files. Add a network IP block allowed list to the configuration and add the blocked files. Use the simple custom detection feature and add each detection to the list. Create an advanced custom detection and upload the hash of each file. 123. Which action configures the IEEE 802.1X Flexible Authentication feature to support Layer 3 authentication mechanisms?. Modify the Dot1X configuration on the VPN server to send Layer 3 authentications to an external authentication database. Identify the devices using this feature and create a policy that allows them to pass Layer 2 authentication. Add MAB into the switch to allow redirection to a Layer 3 device for authentication. Configure WebAuth so the hosts are redirected to a web page for authentication. 124. Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?. OpenC2. STIX. CybOX. OpenIOC. 125. Refer to the exhibit. Which command was used to display this output. show dot1x all summary. show dot1x. show dot1x interface gi1/0/12. show dot1x all. 126. Which two probes are configured to gather attributes of connected endpoints using Cisco identity Services Engine? (Choose two.). RADIUS. SMTP. DHCP. sFlow. TACACS+. 127. When wired 802.1X authentication is implemented, which two components are required? (Choose two.). authenticator: Cisco identity Services Engine. authenticator: Cisco Catalyst switch. supplicant: Cisco AnyConnect ISE Posture module. authentication server: Cisco Prime Infrastructure. authentication server: Cisco identity Service Engine. 128. What is a commonality between DMVPN and FlexVPN technologies?. IOS routers run the same NHRP code for DMVPN and FlexVPN. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes. FlexVPN and DMVPN use the new key management protocol, IKEv2. FlexVPN and DMVPN use the same hashing algorithms. 129. Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Secure Firewall Threat Defense appliance. What is causing this issue?. The access control policy is not allowing VPN traffic in. Site-to-site VPN peers are using different encryption algorithms. No split-tunnel policy is defined on the Firepower Threat Defense appliance. Site-to-site VPN preshared keys are mismatched. 130. A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.How does the switch behave in this situation?. It forwards the packet without validation. It drops the packet without validation. It forwards the packet after validation by using the IP& MAC Binding Table. It drops the packet after validation by using the IP & MAC Binding Table. 131. In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.). It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID). It allows for the assignment of Security Group Tags and does not require 802.1X to be configured on the switch or the endpoint. It allows multiple security products to share information and work together to enhance security posture in the network. It integrates with third-party products to provide better visibility throughout the network. 132. An administrator has been tasked with configuring the Cisco Secure Emall Gateway to ensure there are no viruses before quarantined emails are dellvered. In addiion, dellvery of mall from known bad mall servers must be prevented. Which two actions must be taken order to meet these requirements? (Choose two.). Configure a recipient access table. Deploy the Cisco ESA in the DMZ. Use outbreak filters from SenderBase. Enable a message tracking service. Scan quarantined emails using AntiVirus signatures. 133. An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement?. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not. Cisco ASA because it enables URL filtering and blocks malicious URLS by default, whereas Cisco FTD does not. Cisco FTD because it enables URL filtering and blocks. malicious URLs by default, whereas Cisco ASA does not. Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not. 134. Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this. The administrator must upload the file instead of the hash for Cisco AMP to use. The MD5 hash uploaded to the simple detection policy is in the incorrect format. Detections for MD5 signatures must be configured in the advanced custom detection policies. The APK must be uploaded for the application that the detection is intended. 135. An organization wants to implement a cloud-delivered and SaaS based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead Which solution meets these requirements?. Cisco Secure Cloud Analytics. Cisco Cloudlock. NetFlow collectors. Cisco Umbrella. 136. What are two functionalities of SDN Northbound APIs? (Choose two.). Northbound APIs form the interface between the SDN controller and business applications. Northbound APIs use the NETCONF protocol to communicate with applications. Northbound APIs provide a programmable interface for applications to dynamically configure the network. Northbound APIs form the interface between the SDN controller and the network switches or routers. OpenFlow is a standardized northbound API protocol. 137. An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints. Configure Dynamic ARP Inspection and add entries in the DHCP snooping database. Configure DHCP snooping and set a trusted interface for the DHCP server. Configure Dynamic ARP Inspection and antispoofing ACLs in the DHCP snooping database,. Configure DHCP snooping and set trusted interfaces for all client connections. 138. Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?. Cisco Secure Client. Cisco Umbrella. Cisco Duo. Cisco Secure Endpoint. 139. Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments?. Cisco Stealthwatch Cloud. Cisco CloudLock. Cisco AppDynamics. Cisco Umbrella. 140. Which action controls the amount of URI text that is stored in Cisco WSA log files?. Configure the advancedproxyconfig command with the HTTPS subcommand. Configure a maximum packet size. Configure a small log-entry size. Configure the datasecurityconfig command. 141. What is the difference between EPP and EDR?. EPP focuses primarily on threats that have evaded front-line defenses that entered the environment. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats. EDR focuses solely on prevention at the perimeter. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior. 142. Which two fields are defined in the NetFlow flow? (Choose two.). destination port. class of service bits. type of service byte. output logical interface. layer 4 protocol type. 143. An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal?. Cisco analytics. SDC VM. SDC event viewer. SWC service. 144. What is the process in DevSecOps where all changes in the central code repository are merged and synchronized?. QA. CI. EP. CD. What does endpoint isolation in Cisco Secure Endpoint security protect from?. an infection spreading across the network. an infection spreading across the LDAP or active Directory domain from a user account. a malware spreading across the user device. a malware spreading across the LDAP or Active Directory domain from a user account. What are two differences between a cisco WSA that is running in transparent mode and one running in explicit mode?. The Cisco WSA responds with its own IP address only if it running in explicit mode. The Cisco WSA responds with its own IP address only if it is running in transparent mode. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode. When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination. The Cisco WSA is configured in a web browser only if it is running in transparent mode. A network engineer must configure an access control policy on top of an existing Cisco Secure Firewall Threat Defense access control policy. The policy contain IP addresses and port values with no need for deeper inspection. Which type of policy must be created?. Identity. prefilter. SSL. access control. What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?. It provides enhanced HTTPS application detection for AsyncOS. It alerts users when the WSA decrypts their traffic. It decrypts HTTPS application traffic for authenticated users. It decrypts HTTPS application traffic for unauthenticated users. Email security has become a high-priority task a security engineer a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content filter with a URL reputation of (-10.00 to -6.00) on the Cisco ESA. Which action will the system perform to disable any links in messages that match the filter?. Quarantine. ScreenAction. Defang. FilterAction. A web hosting company must upgrade its older, unsupported on-premises servers. The company wants a cloud solution in which the cloud provider is responsible for: 1- Server patching 2-Application Maintenance 3-Data center security 4-Disaster recovery Which type of cloud meets the requirements?. IaaS. hybrid. SaaS. PaaS. An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?. deliver and add disclaimer text. deliver and send copies to other recipients. quarantine and after the subject header with a DLP violation. quarantine and send a DLP violation notification. An engineer recently completed the system setup on a Cisco WSA. Which URL information does the system send to Sensor Base network servers?. none because SensorBase Network Participation is disabled by default. complete URL, without obfuscating the path segments. URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnnect. summarized server-name information and MD5-hashed path information. Which function is performed by certificate authorities but is a limitation of registration authorities?. accepts enrollment request. verifying user identity. certificate re-enrollment. CRL publishing. Which attack is commonly associated with C and C++ programing languages?. buffer overflow. water holing. DDoS. cross site scripting. after a security incident, an engineer proposed a solution to secure management traffic better. The engineer must ensure that remote access is maintained in case the internet fails. Which action must taken?. Modify the existing ACL. Change the local accounts to AAA. Configure IpSec VPN. Add out-of-band access. Which Cisco firewall solution requires zone definition?. Cisco ASA. CBAC. Cisco AMP. ZBFW. Which solution should be leveraged for secure access of a CI/CD pipeline?. Remote access client. Cisco FTD network gateway. DUO network gateway. SSL web VPN. A company named Org.Co is upgrading it's infrastructure and wants to migrate from a legacy firewall appliance to a cloud security service that will provide 1-Threat Intelligence 2-Real-time Malware blocking 3- Protection against malicious domains 4- SSL visibility Which security solution should be used?. Cisco Cloudlock. Cisco secure cloud analytics. Cisco Secure firewall threat defense. Cisco Umbrella. Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?. Cisco Secure Web Appliance. Cisco NAC. Cisco TACACS+. Cisco ISE. When a next-generation Endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation ? (chose two). Email integration to protect endpoints from malicious content that is located in the Email. real-time feed from global threats intelligence centers. Continues monitoring of all files that are located on connected endpoints. Signature-based endpoint protection on company endpoints. Macro-based protection to keep connected endpoints safe. Refer to the exhibit. An engineer must configured a remote access VPN connection between a teleworker and site B. The engineer already perform some configuration on the Cisco Adaptive Security Appliance ASA_B firewall. Which address pool must to be assigned to the tunnel group to complete the configuration?. 192.168.11.0/24. 20.20.20.0/24. 30.30.30.0/24. 40.40.40.0/24. What is different between a Cisco AMP for Endpoints and Cisco Umbrella ?. AMP for endpoints prevents, detects and responds to attack before damage can be done, and Umbrella provides the first line of defense against Internet Threats. AMP for endpoints automatically researches indicators of compromise and confirms threats, and Umbrella does not. AMP for endpoints prevents connections to malicious destinations, and Umbrella works at the file level to prevent the initial execution of malware. AMP for Endpoints is a Cloud-Based service, and Umbrella is not. Which Cisco DNA center intent API action is used to retrieve the number of devices known to a DNA center?. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/startingindexlrecordsToReturn. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device?parameter1=value¶meter2?value&... GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-devicelcount. An organization is using DNS services for their network and to help improve the security of the DNS infrastructure. Which action accomplishes this task ?. Modify the Cisco Umbrella configuration to pass the queries only yo non-DNSSEC capable zones. Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional. Use DNSSEC between the Endpoints and Cisco Umbrella DNS servers. Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers. Refer to the exhibit. An engineer is implementing a site-to-site VPN on a Cisco router with a remote Cisco router. What must be configured next to ensure the tunnel status is up ?. transform set. NAT translation. remote peer. IKE version. When choosing an algorithm to use, what should be considered about Diffie Hellman and RSA for key establishment ?. DH is an asymmetric key establishment algorithm intended to output symmetric keys. RSA is symmetric key establishment algorithm intended to output asymmetric keys. DH is asymmetric key establishment algorithm intended to output asymmetric keys. RSA is an asymmetric key establishment algorithm intended to output symmetric keys. Which solution combines a Cisco IOS and IOS XE components to enable administrators and recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools , and prioritize application traffic?. Cisco Application Visibility and Control. Cisco Model Driven Telemetry. Cisco Security Intelligence. Cisco DNA center. What is a characteristic of a bridge group in Cisco ASA Firewall running in transparent mode?. It has an IP address on its BVI interface and its used for management traffic. It is a layer 3 segment and includes one port and customizable access rules. It allows ARP traffic with a single access rule. It includes multiples interfaces and access rules between interfaces are customizable. Which algorithm provides asymmetric encryption?. RC4. RSA. AES. 3DES. Which two capabilities does and MDM provide? (choose two). Unified management of mobile devices , Macs , and PCs from a centralized dashboard. manual identification and classification of client devices. delivery of network malware reports to an inbox in a schedule. Unified management of Android and Apple devices from a centralized dashboard. enforcement of device security policies from centralized dashboard. Which firewall deployment mode allows the inspection to traffic between severs in the same IP subnet?. Transparent. Routed. Virtual. Multicontext. A network administrator is setting a Cisco FMC to send logs to Cisco security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants to limit the strain on the firewall resources. Which method must the administrator used to send these logs to Cisco Security Analytics and Logging?. Direct connection using SNMP traps. SFTP using FMC CLI. HTTP POST using the Security Analytics FMC plugin. syslog using the Secure Event Connector. What is the capability of Cisco Secure Email Cloud Gateway compared to Cisco Secure Email Gateway?. Secure Email Cloud Gateway requires that a proxy be deployed to a web browser, and Secure Email Gateway requires a network reconfiguration. Secure Email Cloud Gateway protects email without having to deploy an infrastructure, and Secure Email Gateway requires a server infrastructure. Secure Email Cloud Gateway requires an ASA to redirect email by using WCCP, and Secure Email Gateway requires an ASA be inline. Secure Email Cloud Gateway is an add-on that is deployed to a web browser by using a group policy , and Secure Email Gateway requires a server infrastructure. What are two facts about Cisco Secure Web Appliance HTTP proxy configuration with a PAC file? (choose two). The PAC file, which references the proxy, is deployed to the client web browser. it is defined as an Explicit proxy deployment. In a Dual-Nic configuration, the PAC file directs traffic through the two NICs to the proxy. It is defined as a bridged proxy deployment. It is defined as a transparent proxy deployment. Which type of API is being used when a controller within a software-defined network architecture dynamically configuration changes on switches within the network?. southbound API. eastbound API. westbound API. northbound API. A developer must create a script to retrieve a count of inactive and devices by using the Cisco Catalyst Center API. Which Endpoint and method pair is needed to make the API call?. GET/dna/intent/api/v1/client-health. POST/dna/intent/api/v1/discovery. POST/dna/intent/api/v1/network-device. GET/dna/intent/api/v1/network-device/collection-schedule/global. What is a capability of cross-site scripting?. supplies valid credentials by hijacking DNS queries sent by the user device. steals cookies used to obtain access as an authenticated user to a clous service. exploit vulnerable applications for attackers to pass commands to a database. intercepts traffic to take over a connection to a cloud-based service. An email containing a URL passes through the Cisco Security Email Gateway. Content filtering is disabled for all mail policies. The sender of the email is admin@test.com while the recipient is user1@test.com. The subject of the email is important Document. And administrator must configure a policy to ensure that the web reputation score is evaluated before permitting the email. Which criteria must be configured to meet the requirement?. sender matches domain test.com. mail recipient is user1@test.cvom. email body contains a URL. subject contains Import Document. Which suspicious pattern enables the Cisco Secure Workload platform to learn the normal behavior of users ?. privilege escaltion. interesting file access. file access from a different user. user login suspicious behavior. Which feature must be enabled to configured a predefined URL category on a Cisco Secure Web Appliance?. Acceptable use Controls. Local Custom Category. External Live Feed Category. Selected Embedded/referred content. 73. Which two authentication protocols are supported by the Cisco WSA (Choose two?). TLS. LDAP. SSL. NTLM. WCCP. 74. An engineer is configuring guest WLAN access using Cisco ISE and the Cisco WLC. Which action temporarily gives guest endpoints access dynamically while maintaining visibility into who or what is connecting?. Modify the WLC configuration to require local WLC logins for the authentication prompts. Configure ISE and the WLC for guest redirection and services using a hotspot portal. Modify the WLC configuration to allow any endpoint to access an internet-only VLAN. Configure ISE and the WLC fog guest redirection and services using a self-registered portal. 75. Which actions adds IOCs to customize detections for a new attack?. Upload the IOCs into the Installed Endpoint IOC feature within Cisco AMP for Endpoints. Add a customer advanced detection to include the IOCs needed within Cisco AMP for endpoints. Modify the base policy within Cisco AMP for Endpoints to include simple custom detections. Use the Initiate Endpoint IOC scan feature to gather the IOC information and push it to clients. 76. An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the internet and from the LAN. Which deployment mode must be used to accomplish this goal?. single interface. transparent. multi-context. two-interface. 77. An administrator is adding a new Cisco ISE node to an existing deployment. Open port 8905 on the firewall between the Cisco ISE nodes. Make the new Cisco ISE node a secondary PAN before registering it with the primary. Add the DNS entry for the new Cisco node into the DNS server. Change the IP address of the new Cisco ISE node to the same network. 78. Which two endpoint measures are used to minimize the changes of falling victim to phishing and social engineering attacks? (Choose two.). Protect against input validation and character escapes in the endpoint. Patch for cross site scripting. Protect systems with an up-to-date antimalware program. Install a spam and virus email filter. Perform backups to the private cloud. 79. Which two algorithms must be used when an engineer is creating a connection that will have classified data across it (Choose two.). SHA-384. RC4. RSA-3072. ECDSA-256. AES-256. 80. Which IETF attribute is supported for the RADIUS CoA feature?. 81 Message-Authenticator. 24 State. 42 Acct-Session-ID. 30 Calling-Station-ID. 81. A company identified a phishing vulnerability during a pentest. What are two ways the company can protect employees from the attack. using cisco ISE. using Cisco ESA. using Cisco Umbrella. using Cisco FTD. using an inline IPS/IDS in the network. 82. Which feature is supported when deploying cisco ASAv within the AWS public cloud. user deployment of layer 3 networks. clustering. multiple context mode. IPv6. 83. When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and, control, phishing, and more threats?. File Analysis. Content Category Blocking. Application Control. Security Category Blocking. 84. an engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain sage and malicious content. Which action accomplishes these objectives?. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the request for only those categories. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and have the destination list block them. create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device. 85. An engineer needs to configure cloud logging on Cisco ASA with SAL integration. Which parameter must be considered for this configuration?. Required storage size can be allocated dynamically. Onboard Cisco ASA device to CDO is needed. Events can be viewed only from one regional cloud. ALL CSM versions are supported. 86. What is the difference between encrypted passwords and hardcoded passwords?. Encrypted passwords are easier to obtain, and hardcoded passwords are known only to developers. Encrypted passwords are generated by an application user, and hardcoded passwords are generated randomly. Encrypted passwords are used for frontend applications, an hardcoded passwords are used for backed applications. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code. 87. A network administrator needs a solution to match traffic and allow or deny traffic based on the type of the application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement?. intrusion detection system. next-generation firewall. web application firewall. next-generation intrusion prevention sytem. 88. A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?. The changes are applied only after the configuration is saved in Cisco Umbrella. The changes a re applied immediately if the destination list is a part of a policy. The user role of Block Page Bypass or higher is needed to perform these changes. The destination list must be removed from the policy before changes are made to it. 89. What is a feature of an endpoint detection and response solution?. ensuring the security of network devices by choosing which devices are allowed to reach the network. rapidly and consistently observing and examining data to mitigate threats. capturing and clarifying data on email, endpoints, and servers to mitigate threats. preventing attacks by identifying harmful events with machine learning and conduct-based defense. 90. In which cloud services model is the customer responsible for scanning and for mitigation of application vulnerabilities. SaaS. PaaS. IaaS. VMaaS. 91. Which file type is supported when performing a bulk of upload destinations into a destination list on a Cisco Umbrella?. TXT. XLS. CSV. RTF. 92. What is the purpose of the Cisco Endpoint IoC feauter?. it provides stealth threat prevention. it provides precompromise detection. it is a signature-based engine. it is an incident response tool. 93. What is the benefit of integrating Cisco ISE with a MDM solution?. It provides the ability to update other applications on the mobile device. It provides the ability to add applications to the mobile device through Cisco ISE. It provides network device administration access. It provides compliance checks for access to the network. 94. An administrator is configuring DHCP server to better secure their environment. They need to be able rate-limit the traffic and ensure that legitimate requests are not dropped. How this could be accomplished?. Set a trusted interface for the DHCP server. Set a DHCP snooping bit to 1. Add entries in the DHCP snooping database. Enable ARP inspection for the required VLAN. Refer to the exhibit. Which task is the Python script performing by using the Cisco Umbrella API?. retrieving a list of the latest security events. creating a list of the latest security events. copying a list of the latest security activity. sending a list of the latest security activity. 96. An engineer must configure Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of the emails that violate the DLP Policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet the requirements?. Secure Reply All. DLP Message Action. Secure Message Forwarding. Matched Content Logging. 97. An organization has a Cisco Secure Cloud Analytics in their environment Cloud Logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue. Configure security appliances to send NetFlow to Secure Cloud Analytics. Configure security appliances to send syslogs to Secure Cloud Analytics. Deploy a Cisco FTD send to send events to Secure Cloud Analytics. Deploy a Secure Cloud Analytics sensor on the network to send data to Secure Cloud Analytics. 98. What are the two types of managed Intercloud Fabric deployment models. (Choose two.). User managed. Hybrid Managed. Public managed. Enterprise managed. Service Provider managed. 99. Why is it important to patch endpoints consistently?. Patching reduces the attack surface of the infrastructure. Patching is required per the vendor contract. Patching helps to mitigate vulnerabilities. Patching allows for creating a honeypot. 100. Which protocol provides the strongest throughput performance when using Cisco Anyconnect VPN. TLSv1.2. TLSv1. DTLSv1. TLSv1.1. 101. What is the benefit of installing Cisco AMP for Endpoints on a network?. It provides operating system patches on the endpoints for security. It protects endpoint systems through application control and real-time scanning. It provides flow-based visibility for the endpoints network connections. It enables behavioral analysis to be used for the endpoint. 102. What are two security benefits of an MDM deploymenyt? (Choose two.). privacy control checks. robust security policy enforcment. distributed software upgrade. distributed dashboard. on-device content management. 103. Which telemetry data captures variations seen withing the flow, such as the TTL, IP/TCP flags, and payload length?. interpacket variation. software package variation. process details variation. flow insight variation. 104. Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches?. unprotected APIs. northbound APIs. southbound APIs. Rest APIs. 105. What is a benefit of using Cisco FMC over Cisco ASDM?. Cisco FMC provides centralized management while Cisco ASDM does not. Cisco FMC uses java while Cisco ADM uses HTLM5. Cisco FMC supports publishing configurations to the devices while Cisco ASDM does not. Cisco FMC supports all firewall products whereas cisco ASDM only supports Cisco ASA devices. 106. Which threat intelligence standard contains malware hashes?. advanced persisted threat. open command and control. structured threat information expression. trusted automated exchange of indicator information?. 107. refer to the exhibit. What does the number 15 represent in this configuration?. privilege level for an authorized user to this router. interval in seconds between SNMPv3 authentication attepts. number of possible failed attempts until the SNMPv3 user is locked out. access list that identifies the SNMP devices that can access the router. 108. What is the difference between the GRE over IPsec and IPsec with crypto map. IPsec with crypto map offers better scalability. GRE over IPsec supports non-IP protocols. GRE provides its own encryption mechanism. Multicast traffic is supported by IPsec with crypto map. |