Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Cisco 350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Exam Practice Test

Page: 1 / 73
Total 726 questions

Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Questions and Answers

Question 1

Why is it important to implement MFA inside of an organization?

Options:

A.

To prevent man-the-middle attacks from being successful.

B.

To prevent DoS attacks from being successful.

C.

To prevent brute force attacks from being successful.

D.

To prevent phishing attacks from being successful.

Question 2

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

Options:

A.

Orchestration

B.

CI/CD pipeline

C.

Container

D.

Security

Question 3

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

Options:

A.

WSAv performance

B.

AVC performance

C.

OTCP performance

D.

RTP performance

Question 4

Which type of API is being used when a controller within a software-defined network architecture dynamically

makes configuration changes on switches within the network?

Options:

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Question 5

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively u: of the default policy elements. What else must be done to accomplish this task?

Options:

A.

Add the specified addresses to the identities list and create a block action.

B.

Create a destination list for addresses to be allowed or blocked.

C.

Use content categories to block or allow specific addresses.

D.

Modify the application settings to allow only applications to connect to required addresses.

Question 6

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

Options:

A.

Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.

B.

Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.

C.

Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.

D.

Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

Question 7

Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?

Options:

A.

NTP

B.

syslog

C.

SNMP

D.

NetFlow

Question 8

What are two DDoS attack categories? (Choose two)

Options:

A.

sequential

B.

protocol

C.

database

D.

volume-based

E.

screen-based

Question 9

Why should organizations migrate to an MFA strategy for authentication?

Options:

A.

Single methods of authentication can be compromised more easily than MFA.

B.

Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.

C.

MFA methods of authentication are never compromised.

D.

MFA does not require any piece of evidence for an authentication mechanism.

Question 10

Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?

Options:

A.

api/v1/fie/config

B.

api/v1/onboarding/pnp-device/import

C.

api/v1/onboarding/pnp-device

D.

api/v1/onboarding/workflow

Question 11

In which cloud services model is the customer responsible for scanning for and mitigation of application vulnerabilities?

Options:

A.

PaaS

B.

VMaaS

C.

IaaS

D.

SaaS

Question 12

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?

(Choose two)

Options:

A.

configure Active Directory Group Policies to push proxy settings

B.

configure policy-based routing on the network infrastructure

C.

reference a Proxy Auto Config file

D.

configure the proxy IP address in the web-browser settings

E.

use Web Cache Communication Protocol

Question 13

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)

Options:

A.

GET

B.

CONNECT

C.

PUSH

D.

OPTIONS

E.

PUT

Question 14

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

Options:

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Question 15

Which two Cisco Umbrella security categories are used to prevent command-and-control callbacks on port 53 and protect users from being tricked into providing confidential information? (Choose two.)

Options:

A.

DNS Tunneling VPN

B.

Dynamic DNS

C.

Newly Seen Domains

D.

Potentially Harmful Domains

E.

Phishing Attacks

Question 16

Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two.)

Options:

A.

It must include the current date.

B.

It must reside in the trusted store of the WSA.

C.

It must reside in the trusted store of the endpoint.

D.

It must have been signed by an internal CA.

E.

it must contain a SAN.

Question 17

How is a cross-site scripting attack executed?

Options:

A.

Force a currently authenticated end user to execute unwanted actions on a web app

B.

Execute malicious client-side scripts injected to a client via a web app

C.

Inject a database query via the input data from the client to a web app

D.

Intercept communications between a client and a web server

Question 18

What is a characteristic of an EDR solution and not of an EPP solution?

Options:

A.

stops all ransomware attacks

B.

retrospective analysis

C.

decrypts SSL traffic for better visibility

D.

performs signature-based detection

Question 19

Which system performs compliance checks and remote wiping?

Options:

A.

MDM

B.

ISE

C.

AMP

D.

OTP

Question 20

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

Options:

A.

DHCP snooping has not been enabled on all VLANs.

B.

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

C.

Dynamic ARP Inspection has not been enabled on all VLANs

D.

The no ip arp inspection trust command is applied on all user host interfaces

Question 21

Which two preventive measures are used to control cross-site scripting? (Choose two)

Options:

A.

Enable client-side scripts on a per-domain basis.

B.

Incorporate contextual output encoding/escaping.

C.

Disable cookie inspection in the HTML inspection engine.

D.

Run untrusted HTML input through an HTML sanitization engine.

E.

Same Site cookie attribute should not be used.

Question 22

What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)

Options:

A.

Allows developers to create code once and deploy to multiple clouds

B.

helps maintain source code for cloud deployments

C.

manages Docker containers

D.

manages Kubernetes clusters

E.

Creates complex tasks for managing code

Question 23

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

Options:

A.

to prevent theft of the endpoints

B.

because defense-in-depth stops at the network

C.

to expose the endpoint to more threats

D.

because human error or insider threats will still exist

Question 24

Refer to the exhibit.

Question # 24

What will happen when this Python script is run?

Options:

A.

The compromised computers and malware trajectories will be received from Cisco AMP

B.

The list of computers and their current vulnerabilities will be received from Cisco AMP

C.

The compromised computers and what compromised them will be received from Cisco AMP

D.

The list of computers, policies, and connector statuses will be received from Cisco AMP

Question 25

Which statement describes a serverless application?

Options:

A.

The application delivery controller in front of the server farm designates on which server the application runs each time.

B.

The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

C.

The application is installed on network equipment and not on physical servers.

D.

The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

Question 26

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?

Options:

A.

File Analysis

B.

IP Reputation Filtering

C.

Intelligent Multi-Scan

D.

Anti-Virus Filtering

Question 27

Which deployment model is the most secure when considering risks to cloud adoption?

Options:

A.

Public Cloud

B.

Hybrid Cloud

C.

Community Cloud

D.

Private Cloud

Question 28

What features does Cisco FTDv provide over ASAv?

Options:

A.

Cisco FTDv runs on VMWare while ASAv does not

B.

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C.

Cisco FTDv runs on AWS while ASAv does not

D.

Cisco FTDv supports URL filtering while ASAv does not

Question 29

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)

Options:

A.

blocks malicious websites and adds them to a block list

B.

does a real-time user web browsing behavior analysis

C.

provides a defense for on-premises email deployments

D.

uses a static algorithm to determine malicious

E.

determines if the email messages are malicious

Question 30

What is the most commonly used protocol for network telemetry?

Options:

A.

SMTP

B.

SNMP

C.

TFTP

D.

NctFlow

Question 31

When a next-generation endpoint security solution is selected for a company, what are two key

deliverables that help justify the implementation? (Choose two.)

Options:

A.

signature-based endpoint protection on company endpoints

B.

macro-based protection to keep connected endpoints safe

C.

continuous monitoring of all files that are located on connected endpoints

D.

email integration to protect endpoints from malicious content that is located in email

E.

real-time feeds from global threat intelligence centers

Question 32

What are two recommended approaches to stop DNS tunneling for data exfiltration and command and control call backs? (Choose two.)

Options:

A.

Use intrusion prevention system.

B.

Block all TXT DNS records.

C.

Enforce security over port 53.

D.

Use next generation firewalls.

E.

Use Cisco Umbrella.

Question 33

Which API method and required attribute are used to add a device into Cisco DNA Center with the native API?

Options:

A.

GET and serialNumber

B.

userSudiSerlalNos and deviceInfo

C.

POST and name

D.

lastSyncTime and pid

Question 34

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to

prevent the session during the initial TCP communication?

Options:

A.

Configure the Cisco ESA to drop the malicious emails

B.

Configure policies to quarantine malicious emails

C.

Configure policies to stop and reject communication

D.

Configure the Cisco ESA to reset the TCP connection

Question 35

Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection,

enabling the platform to identify and output various applications within the network traffic flows?

Options:

A.

Cisco NBAR2

B.

Cisco ASAV

C.

Account on Resolution

D.

Cisco Prime Infrastructure

Question 36

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

Options:

A.

Port

B.

Rule

C.

Source

D.

Application

E.

Protocol

Question 37

What is the purpose of a denial-of-service attack?

Options:

A.

to disrupt the normal operation of a targeted system by overwhelming It

B.

to exploit a security vulnerability on a computer system to steal sensitive information

C.

to prevent or limit access to data on a computer system by encrypting It

D.

to spread throughout a computer system by self-replicating to additional hosts

Question 38

Which two activities can be done using Cisco DNA Center? (Choose two)

Options:

A.

DHCP

B.

Design

C.

Accounting

D.

DNS

E.

Provision

Question 39

What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

Options:

A.

show authorization status

B.

show authen sess int gi0/1

C.

show connection status gi0/1

D.

show ver gi0/1

Question 40

How many interfaces per bridge group does an ASA bridge group deployment support?

Options:

A.

up to 2

B.

up to 4

C.

up to 8

D.

up to 16

Question 41

Which attack gives unauthorized access to files on the web server?

Options:

A.

Distributed DoS

B.

Broadcast storm

C.

DHCP snooping

D.

Path traversal

Question 42

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

Options:

A.

buffer overflow

B.

DoS

C.

SQL injection

D.

phishing

Question 43

What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

Options:

A.

It provides spoke-to-spoke communications without traversing the hub

B.

It allows different routing protocols to work over the tunnel

C.

It allows customization of access policies based on user identity

D.

It allows multiple sites to connect to the data center

E.

It enables VPN access for individual users from their machines

Question 44

Refer to the exhibit.

Question # 44

A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?

Options:

A.

set the IP address of an interface

B.

complete no configurations

C.

complete all configurations

D.

add subinterfaces

Question 45

Drag and drop the VPN functions from the left onto the descriptions on the right.

Question # 45

Options:

Question 46

Refer to the exhibit.

Question # 46

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

Options:

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Question 47

Question # 47

Refer to the exhibit. Which configuration item makes it possible to have the AAA session on the network?

Options:

A.

aaa authorization exec default ise

B.

aaa authentication enable default enable

C.

aaa authorization network default group ise

D.

aaa authorization login console ise

Question 48

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

Options:

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Question 49

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

Options:

A.

Enable IP Layer enforcement.

B.

Activate the Advanced Malware Protection license

C.

Activate SSL decryption.

D.

Enable Intelligent Proxy.

Question 50

A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?

Options:

A.

file prevalence

B.

file discovery

C.

file conviction

D.

file manager

Question 51

Refer to the exhibit.

Question # 51

An engineer is implementing a certificate based VPN. What is the result of the existing configuration?

Options:

A.

The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.

B.

Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully

C.

The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER

D.

The OU of the IKEv2 peer certificate is set to MANGLER

Question 52

Which two parameters are used to prevent a data breach in the cloud? (Choose two.)

Options:

A.

DLP solutions

B.

strong user authentication

C.

encryption

D.

complex cloud-based web proxies

E.

antispoofing programs

Question 53

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256

cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

Options:

A.

snmp-server host inside 10.255.254.1 version 3 andy

B.

snmp-server host inside 10.255.254.1 version 3 myv3

C.

snmp-server host inside 10.255.254.1 snmpv3 andy

D.

snmp-server host inside 10.255.254.1 snmpv3 myv3

Question 54

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized

solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over

to Cisco FTDs. Which solution meets the needs of the organization?

Options:

A.

Cisco FMC

B.

CSM

C.

Cisco FDM

D.

CDO

Question 55

How is DNS tunneling used to exfiltrate data out of a corporate network?

Options:

A.

It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

B.

It encodes the payload with random characters that are broken into short strings and the DNS serverrebuilds the exfiltrated data.

C.

It redirects DNS requests to a malicious server used to steal user credentials, which allows further damageand theft on the network.

D.

It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Question 56

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

Options:

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

Question 57

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

Options:

A.

Cisco Endpoint Security Analytics

B.

Cisco AMP for Endpoints

C.

Endpoint Compliance Scanner

D.

Security Posture Assessment Service

Question 58

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the

ASA be added on the Cisco UC Manager platform?

Options:

A.

Certificate Trust List

B.

Endpoint Trust List

C.

Enterprise Proxy Service

D.

Secured Collaboration Proxy

Question 59

What is an attribute of Cisco Talos?

Options:

A.

Introduction of attributes that use objects and narrative relations

B.

Fast and intelligent responses based on threat data

C.

Cyber threat intelligence interchange and maintenance

D.

Cyber threats posing as authorized users and devices

Question 60

Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?

Options:

A.

supports VMware vMotion on VMware ESXi

B.

requires an additional license

C.

performs transparent redirection

D.

supports SSL decryption

Question 61

What is the primary role of the Cisco Email Security Appliance?

Options:

A.

Mail Submission Agent

B.

Mail Transfer Agent

C.

Mail Delivery Agent

D.

Mail User Agent

Question 62

Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)

Options:

A.

posture assessment

B.

aaa authorization exec default local

C.

tacacs-server host 10.1.1.250 key password

D.

aaa server radius dynamic-author

E.

CoA

Question 63

What is the function of the Context Directory Agent?

Options:

A.

maintains users’ group memberships

B.

relays user authentication requests from Web Security Appliance to Active Directory

C.

reads the Active Directory logs to map IP addresses to usernames

D.

accepts user authentication requests on behalf of Web Security Appliance for user identification

Question 64

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)

Options:

A.

Create an LDAP authentication realm and disable transparent user identification.

B.

Create NTLM or Kerberos authentication realm and enable transparent user identification.

C.

Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

D.

The eDirectory client must be installed on each client workstation.

E.

Deploy a separate eDirectory server; the dent IP address is recorded in this server.

Question 65

What must be configured on Cisco Secure Endpoint to create a custom detection tile list to detect and quarantine future files?

Options:

A.

Use the simple custom detection feature and add each detection to the list.

B.

Add a network IP block allowed list to the configuration and add the blocked files.

C.

Create an advanced custom detection and upload the hash of each file

D.

Configure an application control allowed applications list to block the files

Question 66

How does a cloud access security broker function?

Options:

A.

It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution

B.

lt integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution

C.

It acts as a security information and event management solution and receives syslog from other cloud solutions.

D.

It scans other cloud solutions being used within the network and identifies vulnerabilities

Question 67

Question # 67

Refer to the exhibit. When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZ_inside zone once the configuration is deployed?

Options:

A.

All traffic from any zone will be allowed to the DMZ_inside zone only after inspection.

B.

No traffic will be allowed through to the DMZ_inside zone regardless of if it's trusted or not.

C.

No traffic will be allowed through to the DMZ_inside zone unless it's already trusted.

D.

All traffic from any zone to the DMZ_inside zone will be permitted with no further inspection.

Question 68

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this

requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

Options:

A.

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

B.

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

D.

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

Question 69

Refer to the exhibit.

Question # 69

The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

Options:

A.

P2 and P3 only

B.

P5, P6, and P7 only

C.

P1, P2, P3, and P4 only

D.

P2, P3, and P6 only

Question 70

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen

on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose

two)

Options:

A.

permit

B.

trust

C.

reset

D.

allow

E.

monitor

Question 71

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

Options:

A.

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

B.

A sysopt command can be used to enable NSEL on a specific interface.

C.

NSEL can be used without a collector configured.

D.

A flow-export event type must be defined under a policy

Question 72

An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?

Options:

A.

Change the IP address of the new Cisco ISE node to the same network as the others.

B.

Make the new Cisco ISE node a secondary PAN before registering it with the primary.

C.

Open port 8905 on the firewall between the Cisco ISE nodes

D.

Add the DNS entry for the new Cisco ISE node into the DNS server

Question 73

What is a benefit of using a multifactor authentication strategy?

Options:

A.

It provides visibility into devices to establish device trust.

B.

It provides secure remote access for applications.

C.

It provides an easy, single sign-on experience against multiple applications

D.

lt protects data by enabling the use of a second validation of identity.

Question 74

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a

connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

Options:

A.

Cisco Firepower

B.

Cisco Umbrella

C.

ISE

D.

AMP

Question 75

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

Options:

A.

Change isakmp to ikev2 in the command on hostA.

B.

Enter the command with a different password on hostB.

C.

Enter the same command on hostB.

D.

Change the password on hostA to the default password.

Question 76

What is a description of microsegmentation?

Options:

A.

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.

B.

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

C.

Environments deploy centrally managed host-based firewall rules on each server or container.

D.

Environments implement private VLAN segmentation to group servers with similar applications.

Question 77

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

Options:

A.

Cisco Umbrella

B.

Cisco AMP

C.

Cisco Stealthwatch

D.

Cisco Tetration

Question 78

When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?

Options:

A.

It blocks the request.

B.

It applies the global policy.

C.

It applies the next identification profile policy.

D.

It applies the advanced policy.

Question 79

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?

Options:

A.

Cisco Content Platform

B.

Cisco Container Controller

C.

Cisco Container Platform

D.

Cisco Cloud Platform

Question 80

What is a difference between an XSS attack and an SQL injection attack?

Options:

A.

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

B.

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

C.

SQL injection attacks are used to steal information from databases whereas XSS attacks are used toredirect users to websites where attackers can steal data from them

D.

XSS attacks are used to steal information from databases whereas SQL injection attacks are used toredirect users to websites where attackers can steal data from them

Question 81

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Question # 81

Options:

Question 82

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

Options:

A.

Malware installation

B.

Command-and-control communication

C.

Network footprinting

D.

Data exfiltration

Question 83

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

Options:

A.

Hybrid

B.

Community

C.

Private

D.

Public

Question 84

What is the benefit of installing Cisco AMP for Endpoints on a network?

Options:

A.

It provides operating system patches on the endpoints for security.

B.

It provides flow-based visibility for the endpoints network connections.

C.

It enables behavioral analysis to be used for the endpoints.

D.

It protects endpoint systems through application control and real-time scanning

Question 85

A Cisco Secure Email Gateway network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Secure Email Gateway is not dropping files that have an undetermined verdict. What is causing this issue?

Options:

A.

The file has a reputation score that is below the threshold.

B.

The file has a reputation score that is above the threshold.

C.

The policy was created to disable file analysis.

D.

The policy was created to send a message to quarantine instead of drop.

Question 86

Which two descriptions of AES encryption are true? (Choose two)

Options:

A.

AES is less secure than 3DES.

B.

AES is more secure than 3DES.

C.

AES can use a 168-bit key for encryption.

D.

AES can use a 256-bit key for encryption.

E.

AES encrypts and decrypts a key three times in sequence.

Question 87

An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE Which action accomplishes this task?

Options:

A.

Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot get an IP address

B.

Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE

C.

Modify the DHCP relay and point the IP address to Cisco ISE.

D.

Configure DHCP snooping on the switch VLANs and trust the necessary interfaces

Question 88

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

Options:

A.

user input validation in a web page or web application

B.

Linux and Windows operating systems

C.

database

D.

web page images

Question 89

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)

Options:

A.

RADIUS communication must be permitted between the ISE server and the domain controller.

B.

The ISE account must be a domain administrator in Active Directory to perform JOIN operations.

C.

Active Directory only supports user authentication by using MSCHAPv2.

D.

LDAP communication must be permitted between the ISE server and the domain controller.

E.

Active Directory supports user and machine authentication by using MSCHAPv2.

Question 90

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

Options:

A.

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

B.

Make the priority for the new policy 5 and the primary policy 1

C.

Change the encryption to AES* to support all AES algorithms in the primary policy

D.

Make the priority for the primary policy 10 and the new policy 1

Question 91

Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?

Options:

A.

source NAT

B.

reverse tunnel

C.

GRE tunnel

D.

destination NAT

Question 92

What is a difference between GETVPN and IPsec?

Options:

A.

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

B.

GETVPN provides key management and security association management

C.

GETVPN is based on IKEv2 and does not support IKEv1

D.

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

Question 93

Refer to the exhibit.

Question # 93

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is

complaining that an IP address is not being obtained. Which command should be configured on the switch

interface in order to provide the user with network connectivity?

Options:

A.

ip dhcp snooping verify mac-address

B.

ip dhcp snooping limit 41

C.

ip dhcp snooping vlan 41

D.

ip dhcp snooping trust

Question 94

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

Options:

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Question 95

Drag and drop the security solutions from the left onto the benefits they provide on the right.

Question # 95

Options:

Question 96

An engineer is configuring device-hardening on a router in order to prevent credentials from being seen

if the router configuration was compromised. Which command should be used?

Options:

A.

service password-encryption

B.

username privilege 15 password

C.

service password-recovery

D.

username < username> password

Question 97

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?

Options:

A.

Configure the default policy to redirect the requests to the correct policy

B.

Place the policy with the most-specific configuration last in the policy order

C.

Configure only the policy with the most recently changed timestamp

D.

Make the correct policy first in the policy order

Question 98

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

Options:

A.

interpacket variation

B.

software package variation

C.

flow insight variation

D.

process details variation

Question 99

What is a benefit of an endpoint patch management strategy?

Options:

A.

Patches are deployed without a testing phase.

B.

Fewer staff is needed to manage the endpoints.

C.

Endpoints are resistant to vulnerabilities.

D.

Ensures adherence to regulatory and compliance standards.

Question 100

What are two functionalities of SDN Northbound APIs? (Choose two.)

Options:

A.

Northbound APIs provide a programmable interface for applications to dynamically configure the network.

B.

Northbound APIs form the interface between the SDN controller and business applications.

C.

OpenFlow is a standardized northbound API protocol.

D.

Northbound APIs use the NETCONF protocol to communicate with applications.

E.

Northbound APIs form the interface between the SDN controller and the network switches or routers.

Question 101

Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?

Options:

A.

CoA-NCL

B.

CoA-NAK

C.

СоА-МАВ

D.

CoA-ACK

Question 102

Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?

Options:

A.

IaC

B.

SaaS

C.

IaaS

D.

PaaS

Question 103

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

Options:

A.

Configure the trackingconfig command to enable message tracking.

B.

Generate a system report.

C.

Review the log files.

D.

Perform a trace.

Question 104

An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG. The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?

Options:

A.

Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI.

B.

Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI.

C.

Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI

D.

Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.

Question 105

Which technology limits communication between nodes on the same network segment to individual applications?

Options:

A.

serverless infrastructure

B.

microsegmentation

C.

SaaS deployment

D.

machine-to-machine firewalling

Question 106

What does endpoint isolation in Cisco AMP for Endpoints security protect from?

Options:

A.

an infection spreading across the network E

B.

a malware spreading across the user device

C.

an infection spreading across the LDAP or Active Directory domain from a user account

D.

a malware spreading across the LDAP or Active Directory domain from a user account

Question 107

Refer to the exhibit.

Question # 107

Which configuration item makes it possible to have the AAA session on the network?

Options:

A.

aaa authentication login console ise

B.

aaa authentication enable default enable

C.

aaa authorization network default group ise

D.

aaa authorization exec default ise

Question 108

An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?

Options:

A.

Identity the network IPs and place them in a blocked list.

B.

Modify the advanced custom detection list to include these files.

C.

Create an application control blocked applications list.

D.

Add a list for simple custom detection.

Question 109

Which feature is configured for managed devices in the device platform settings of the Firepower Management

Center?

Options:

A.

quality of service

B.

time synchronization

C.

network address translations

D.

intrusion policy

Question 110

An organization wants to secure data in a cloud environment. Its security model requires that all users be

authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

Options:

A.

Virtual routing and forwarding

B.

Microsegmentation

C.

Access control policy

D.

Virtual LAN

Question 111

An organization recently installed a Cisco Secure Web Appliance and would like to take advantage of the AVC engine to allow the organization to create a policy to control application-specific activity. After enabling the AVC engine, what must be done to implement this?

Options:

A.

Use an access policy group to configure application control settings.

B.

Use security services to configure the traffic monitor.

C.

Use URL categorization to prevent the application traffic.

D.

Use web security reporting to validate engine functionality.

Question 112

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

Options:

A.

Cisco NGFW

B.

Cisco AnyConnect

C.

Cisco AMP for Endpoints

D.

Cisco Duo

Question 113

Which attack is commonly associated with C and C++ programming languages?

Options:

A.

cross-site scripting

B.

water holing

C.

DDoS

D.

buffer overflow

Question 114

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

Options:

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Question 115

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

Options:

A.

LDAP injection

B.

man-in-the-middle

C.

cross-site scripting

D.

insecure API

Question 116

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?

Options:

A.

AFL

B.

Fuzzing Framework

C.

Radamsa

D.

OWASP

Question 117

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?

(Choose two)

Options:

A.

Outgoing traffic is allowed so users can communicate with outside organizations.

B.

Malware infects the messenger application on the user endpoint to send company data.

C.

Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

D.

An exposed API for the messaging platform is used to send large amounts of data.

E.

Messenger applications cannot be segmented with standard network controls

Question 118

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

Options:

A.

Ethos Engine to perform fuzzy fingerprinting

B.

Tetra Engine to detect malware when me endpoint is connected to the cloud

C.

Clam AV Engine to perform email scanning

D.

Spero Engine with machine learning to perform dynamic analysis

Question 119

Refer to the exhibit.

Question # 119

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

Options:

A.

authentication open

B.

dotlx reauthentication

C.

cisp enable

D.

dot1x pae authenticator

Question 120

Which technology enables integration between Cisco ISE and other platforms to gather and share

network and vulnerability data and SIEM and location information?

Options:

A.

pxGrid

B.

NetFlow

C.

SNMP

D.

Cisco Talos

Question 121

Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication?

Options:

A.

single-sign on

B.

RADIUS/LDAP authentication

C.

Kerberos security solution

D.

multifactor authentication

Question 122

In which two customer environments is the Cisco Secure Web Appliance Virtual connector traffic direction method selected? (Choose two.)

Options:

A.

Customer needs to support roaming users.

B.

Customer does not own Cisco hardware and needs Transparent Redirection (WCCP).

C.

Customer owns ASA Appliance and Virtual Form Factor is required.

D.

Customer does not own Cisco hardware and needs Explicit Proxy.

E.

Customer owns ASA Appliance and SSL Tunneling is required.

Question 123

Refer to the exhibit.

Question # 123

Which command was used to display this output?

Options:

A.

show dot1x all

B.

show dot1x

C.

show dot1x all summary

D.

show dot1x interface gi1/0/12

Question 124

In which scenario is endpoint-based security the solution?

Options:

A.

inspecting encrypted traffic

B.

device profiling and authorization

C.

performing signature-based application control

D.

inspecting a password-protected archive

Question 125

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

Options:

A.

Use outbreak filters from SenderBase

B.

Enable a message tracking service

C.

Configure a recipient access table

D.

Deploy the Cisco ESA in the DMZ

E.

Scan quarantined emails using AntiVirus signatures

Question 126

Which form of attack is launched using botnets?

Options:

A.

EIDDOS

B.

virus

C.

DDOS

D.

TCP flood

Question 127

What is provided by the Secure Hash Algorithm in a VPN?

Options:

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Question 128

Which capability is provided by application visibility and control?

Options:

A.

reputation filtering

B.

data obfuscation

C.

data encryption

D.

deep packet inspection

Question 129

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

Options:

A.

accounting

B.

assurance

C.

automation

D.

authentication

E.

encryption

Question 130

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

Options:

A.

RSA SecureID

B.

Internal Database

C.

Active Directory

D.

LDAP

Question 131

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1 1 11 using the flow record Stea!thwatch406397954 command Which additional command is required to complete the flow record?

Options:

A.

transport udp 2055

B.

match ipv4 ttl

C.

cache timeout active 60

D.

destination 1.1.1.1

Question 132

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed

devices?

Options:

A.

health policy

B.

system policy

C.

correlation policy

D.

access control policy

E.

health awareness policy

Question 133

Refer to the exhibit.

Question # 133

What is the function of the Python script code snippet for the Cisco ASA REST API?

Options:

A.

adds a global rule into policies

B.

changes the hostname of the Cisco ASA

C.

deletes a global rule from policies

D.

obtains the saved configuration of the Cisco ASA firewall

Question 134

What is an advantage of network telemetry over SNMP pulls?

Options:

A.

accuracy

B.

encapsulation

C.

security

D.

scalability

Question 135

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

Options:

A.

need to be reestablished with stateful failover and preserved with stateless failover

B.

preserved with stateful failover and need to be reestablished with stateless failover

C.

preserved with both stateful and stateless failover

D.

need to be reestablished with both stateful and stateless failover

Question 136

Which type of protection encrypts RSA keys when they are exported and imported?

Options:

A.

file

B.

passphrase

C.

NGE

D.

nonexportable

Question 137

Which two fields are defined in the NetFlow flow? (Choose two)

Options:

A.

type of service byte

B.

class of service bits

C.

Layer 4 protocol type

D.

destination port

E.

output logical interface

Question 138

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites

but other sites are not accessible due to an error. Why is the error occurring?

Options:

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Client computers do not have an SSL certificate deployed from an internal CA server.

D.

Intelligent proxy and SSL decryption is disabled in the policy

Question 139

Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?

Options:

A.

Cisco CTA

B.

Cisco Encrypted Traffic Analytics

C.

Cisco Umbrella

D.

Cisco Secure Network Analytics

Question 140

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for

violations. The organization wants a copy of the message to be delivered with a message added to flag it as a

DLP violation. Which actions must be performed in order to provide this capability?

Options:

A.

deliver and send copies to other recipients

B.

quarantine and send a DLP violation notification

C.

quarantine and alter the subject header with a DLP violation

D.

deliver and add disclaimer text

Question 141

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

Options:

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of theproduct, whereas with a cloud-based solution, the provider is responsible for it.

Question 142

Drag and drop the VPN functions from the left onto the description on the right.Question # 142

Options:

Question 143

A web hosting company must upgrade its older, unsupported on-premises servers. The company wants a cloud solution in which the cloud provider is responsible for:

    Server patching

    Application maintenance

    Data center security

    Disaster recovery

Which type of cloud meets the requirements?

Options:

A.

Hybrid

B.

IaaS

C.

SaaS

D.

PaaS

Question 144

An engineer recently completed the system setup on a Cisco WSA Which URL information does the system send to SensorBase Network servers?

Options:

A.

Summarized server-name information and MD5-hashed path information

B.

complete URL,without obfuscating the path segments

C.

URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnect

D.

none because SensorBase Network Participation is disabled by default

Question 145

Which command enables 802.1X globally on a Cisco switch?

Options:

A.

dot1x system-auth-control

B.

dot1x pae authenticator

C.

authentication port-control aut

D.

aaa new-model

Question 146

What limits communication between applications or containers on the same node?

Options:

A.

microsegmentation

B.

container orchestration

C.

microservicing

D.

Software-Defined Access

Question 147

What is an advantage of the Cisco Umbrella roaming client?

Options:

A.

the ability to see all traffic without requiring TLS decryption

B.

visibility into IP-based threats by tunneling suspicious IP connections

C.

the ability to dynamically categorize traffic to previously uncategorized sites

D.

visibility into traffic that is destined to sites within the office environment

Question 148

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

Options:

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Question 149

Which benefit does endpoint security provide the overall security posture of an organization?

Options:

A.

It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B.

It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C.

It allows the organization to detect and respond to threats at the edge of the network.

D.

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Question 150

Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is

authenticated?

Options:

A.

Authorization

B.

Accounting

C.

Authentication

D.

CoA

Question 151

A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?

Options:

A.

Need to be reestablished with both stateful and stateless failover

B.

Need to be reestablished with stateful failover and preserved with stateless failover

C.

Preserved with both stateful and stateless failover

D.

Preserved with stateful failover and need to be reestablished with stateless failover

Question 152

Drag and drop the cloud security assessment components from the left onto the definitions on the right.

Question # 152

Options:

Question 153

An engineer must implement a file transfer solution between a company's data center and branches. The company has numerous servers hosted in a hybrid cloud implementation. The file transfer protocol must support authentication, protect the data against unauthorized access, and ensure that users cannot list directories or remove files remotely. Which protocol must be used?

Options:

A.

SCP

B.

SSH

C.

FTPS

D.

SFTP

Question 154

DoS attacks are categorized as what?

Options:

A.

phishing attacks

B.

flood attacks

C.

virus attacks

D.

trojan attacks

Question 155

A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access The Cisco ESA must also join a cluster machine using preshared keys What must be configured to meet these requirements?

Options:

A.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.

B.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI

C.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI.

D.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI

Question 156

An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, Cisco Stealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as well as protection against data exfiltration Which solution best meets these requirements?

Options:

A.

Cisco CloudLock

B.

Cisco AppDynamics Cloud Monitoring

C.

Cisco Umbrella

D.

Cisco Stealthwatch

Question 157

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?

Options:

A.

Cisco Defense Orchestrator

B.

Cisco Configuration Professional

C.

Cisco Secureworks

D.

Cisco DNAC

Question 158

Question # 158

Refer to the exhibit. An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two.)

Options:

A.

Labels the key pair to be used for SSH

B.

Uses the FQDN with the label command

C.

Generates AES key pairs on the router

D.

Generates RSA key pair on the router

E.

Enables SSHv1 on the router

Question 159

A company has 5000 Windows users on its campus. Which two precautions should IT take to prevent WannaCry ransomware from spreading to all clients? (Choose two.)

Options:

A.

Segment different departments to different IP blocks and enable Dynamic ARp inspection on all VLANs

B.

Ensure that noncompliant endpoints are segmented off to contain any potential damage.

C.

Ensure that a user cannot enter the network of another department.

D.

Perform a posture check to allow only network access to (hose Windows devices that are already patched.

E.

Put all company users in the trusted segment of NGFW and put all servers to the DMZ segment of the Cisco NGFW. ni

Question 160

Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

Options:

A.

PaaS

B.

XaaS

C.

IaaS

D.

SaaS

Question 161

An administrator is implementing management plane protection and must configure an interface on a Cisco router to only terminate management packets that are destined for the router. Which set of IOS commands must be used to complete the implementation?

Options:

A.

Option A161

B.

Option B161

C.

Option C161

D.

Option D161

Question 162

A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)

Options:

A.

using Cisco Umbrella

B.

using Cisco ESA

C.

using Cisco FTD

D.

using an inline IPS/IDS in the network

E.

using Cisco ISE

Question 163

What is a function of Cisco AMP for Endpoints?

Options:

A.

It detects DNS attacks

B.

It protects against web-based attacks

C.

It blocks email-based attacks

D.

It automates threat responses of an infected host

Question 164

What are two functions of TAXII in threat intelligence sharing? (Choose two.)

Options:

A.

determines the "what" of threat intelligence

B.

Supports STIX information

C.

allows users to describe threat motivations and abilities

D.

exchanges trusted anomaly intelligence information

E.

determines how threat intelligence information is relayed

Question 165

With which components does a southbound API within a software-defined network architecture communicate?

Options:

A.

controllers within the network

B.

applications

C.

appliances

D.

devices such as routers and switches

Question 166

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally

manage cloud policies across these platforms. Which software should be used to accomplish this goal?

Options:

A.

Cisco Defense Orchestrator

B.

Cisco Secureworks

C.

Cisco DNA Center

D.

Cisco Configuration Professional

Question 167

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

Options:

A.

weak passwords

B.

lack of input validation

C.

missing encryption

D.

lack of file permission

Question 168

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

Options:

A.

multiple context mode

B.

user deployment of Layer 3 networks

C.

IPv6

D.

clustering

Question 169

What are two features of NetFlow flow monitoring? (Choose two)

Options:

A.

Can track ingress and egress information

B.

Include the flow record and the flow importer

C.

Copies all ingress flow information to an interface

D.

Does not required packet sampling on interfaces

E.

Can be used to track multicast, MPLS, or bridged traffic

Question 170

Which function is included when Cisco AMP is added to web security?

Options:

A.

multifactor, authentication-based user identity

B.

detailed analytics of the unknown file's behavior

C.

phishing detection on emails

D.

threat prevention on an infected endpoint

Question 171

What are two workloaded security models? (Choose two)

Options:

A.

SaaS

B.

IaaS

C.

on-premises

D.

off-premises

E.

PaaS

Question 172

A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?

Options:

A.

The hosts must run Cisco AsyncOS 10.0 or greater.

B.

The hosts must run different versions of Cisco AsyncOS.

C.

The hosts must have access to the same defined network.

D.

The hosts must use a different datastore than the virtual appliance.

Question 173

What is a function of 3DES in reference to cryptography?

Options:

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Question 174

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue?

Options:

A.

Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE

B.

Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect

C.

Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE

D.

Configure the device sensor feature within the switch to send the appropriate protocol information

Question 175

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

Options:

A.

TCP 6514

B.

UDP 1700

C.

TCP 49

D.

UDP 1812

Question 176

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

Options:

A.

It allows the endpoint to authenticate with 802.1x or MAB.

B.

It verifies that the endpoint has the latest Microsoft security patches installed.

C.

It adds endpoints to identity groups dynamically.

D.

It allows CoA to be applied if the endpoint status is compliant.

Question 177

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

Options:

A.

Adaptive Network Control Policy List

B.

Context Visibility

C.

Accounting Reports

D.

RADIUS Live Logs

Question 178

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

Options:

A.

Cisco Tetration

B.

Cisco ISE

C.

Cisco AMP for Network

D.

Cisco AnyConnect

Question 179

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

Options:

A.

biometric factor

B.

time factor

C.

confidentiality factor

D.

knowledge factor

E.

encryption factor

Question 180

Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

Options:

A.

IP and Domain Reputation Center

B.

File Reputation Center

C.

IP Slock List Center

D.

AMP Reputation Center

Question 181

Which solution supports high availability in routed or transparent mode as well as in northbound and

southbound deployments?

Options:

A.

Cisco FTD with Cisco ASDM

B.

Cisco FTD with Cisco FMC

C.

Cisco Firepower NGFW physical appliance with Cisco. FMC

D.

Cisco Firepower NGFW Virtual appliance with Cisco FMC

Question 182

Which IPS engine detects ARP spoofing?

Options:

A.

Atomic ARP Engine

B.

Service Generic Engine

C.

ARP Inspection Engine

D.

AIC Engine

Question 183

What is the purpose of the Cisco Endpoint loC feature?

Options:

A.

It provides stealth threat prevention.

B.

lt is a signature-based engine.

C.

lt is an incident response tool

D.

It provides precompromise detection.

Question 184

Which Cisco firewall solution supports configuration via Cisco Policy Language?

Options:

A.

CBAC

B.

ZFW

C.

IPS

D.

NGFW

Question 185

Which benefit does DMVPN provide over GETVPN?

Options:

A.

DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.

B.

DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.

C.

DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.

D.

DMVPN can be used over the public Internet, and GETVPN requires a private network.

Question 186

Email security has become a high priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the Cisco ESA Which action will the system perform to disable any links in messages that match the filter?

Options:

A.

Defang

B.

Quarantine

C.

FilterAction

D.

ScreenAction

Question 187

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

Options:

A.

transparent mode

B.

routed mode

C.

inline mode

D.

active mode

E.

passive monitor-only mode

Question 188

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

Options:

A.

SDN controller and the cloud

B.

management console and the SDN controller

C.

management console and the cloud

D.

SDN controller and the management solution

Question 189

A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish

this goal?

Options:

A.

3

B.

5

C.

10

D.

1

Question 190

An engineer integrates Cisco FMC and Cisco ISE using pxGrid Which role is assigned for Cisco FMC?

Options:

A.

client

B.

server

C.

controller

D.

publisher

Question 191

An engineer must deploy a Cisco Secure Web Appliance. Antimalware scanning must use the Outbreak Heuristics antimalware category on files identified as malware before performing any other processes. What must be configured on the Secure Web Appliance to meet the requirements?

Options:

A.

Sophos scanning engine

B.

Webroot scanning engine

C.

McAfee scanning engine

D.

Adaptive Scanning

Question 192

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

Options:

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Question 193

What is the target in a phishing attack?

Options:

A.

perimeter firewall

B.

IPS

C.

web server

D.

endpoint

Question 194

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?

Options:

A.

L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol.

B.

L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701.

C.

GRE over IPsec adds its own header, and L2TP does not.

D.

GRE over IPsec cannot be used as a standalone protocol, and L2TP can.

Question 195

What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)

Options:

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Question 196

What is the difference between EPP and EDR?

Options:

A.

EPP focuses primarily on threats that have evaded front-line defenses that entered the environment.

B.

Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.

C.

EDR focuses solely on prevention at the perimeter.

D.

Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

Question 197

What must be enabled to secure SaaS-based applications?

Options:

A.

modular policy framework

B.

two-factor authentication

C.

application security gateway

D.

end-to-end encryption

Question 198

An engineer is deploying a Cisco Secure Email Gateway and must configure a sender group that decides which mail policy will process the mail. The configuration must accept incoming mails and relay the outgoing mails from the internal server. Which component must be configured to accept the connection to the listener and meet these requirements on a Cisco Secure Email Gateway?

Options:

A.

RAT

B.

HAT

C.

Sender list

D.

Access list

Question 199

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a

recipient address. Which list contains the allowed recipient addresses?

Options:

A.

SAT

B.

BAT

C.

HAT

D.

RAT

Question 200

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak

control method is used to accomplish this task?

Options:

A.

device flow correlation

B.

simple detections

C.

application blocking list

D.

advanced custom detections

Question 201

Which two methods are available in Cisco Secure Web Appliance to process client requests when configured in Transparent mode? (Choose two.)

Options:

A.

WCCP

B.

Browser settings

C.

WPAD

D.

PAC files

E.

PBR

Question 202

What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?

Options:

A.

public collection of threat intelligence feeds

B.

threat intelligence sharing organization

C.

language used to represent security information

D.

service used to exchange security information

Question 203

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention

System? (Choose two)

Options:

A.

packet decoder

B.

SIP

C.

modbus

D.

inline normalization

E.

SSL

Question 204

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.

Question # 204

Options:

Question 205

An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?

Options:

A.

Provision the email appliance

B.

Deploy an encryption appliance.

C.

Map sender !P addresses to a host interface.

D.

Enable flagged message handling

Question 206

What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?

Options:

A.

Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not.

B.

Cisco AMP for Endpoints prevents connections to malicious destinations, and C malware.

C.

Cisco AMP for Endpoints automatically researches indicators of compromise ..

D.

Cisco AMP for Endpoints prevents, detects, and responds to attacks before and against Internet threats.

Question 207

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

Options:

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Question 208

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and

operate as a cloud-native CASB. Which solution must be used for this implementation?

Options:

A.

Cisco Cloudlock

B.

Cisco Cloud Email Security

C.

Cisco Firepower Next-Generation Firewall

D.

Cisco Umbrella

Question 209

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being

accessed via the firewall which requires that the administrator input the bad URL categories that the

organization wants blocked into the access policy. Which solution should be used to meet this requirement?

Options:

A.

Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTDdoes not

B.

Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not

C.

Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

D.

Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

Question 210

Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

Options:

A.

deployment

B.

consumption

C.

authoring

D.

sharing

Question 211

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.) The eDirectory client must be installed on each client workstation.

Options:

A.

Create NTLM or Kerberos authentication realm and enable transparent user identification

B.

Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

C.

Create an LDAP authentication realm and disable transparent user identification.

D.

Deploy a separate eDirectory server: the client IP address is recorded in this server

Question 212

An engineer must enable Outbreak Filters globally on an AsyncOS for Cisco Secure Email Gateway to protect the network from large-scale malware attacks. Drag and drop the steps from the left into the sequence on the right to complete the configuration.

Question # 212

Options:

Question 213

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint

Protection Platform?

Options:

A.

when there is a need for traditional anti-malware detection

B.

when there is no need to have the solution centrally managed

C.

when there is no firewall on the network

D.

when there is a need to have more advanced detection capabilities

Question 214

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

Options:

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Question 215

Refer to the exhibit.

Question # 215

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

Options:

A.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.

The access control policy is not allowing VPN traffic in.

C.

Site-to-site VPN peers are using different encryption algorithms.

D.

Site-to-site VPN preshared keys are mismatched.

Question 216

Which security solution uses NetFlow to provide visibility across the network, data center, branch

offices, and cloud?

Options:

A.

Cisco CTA

B.

Cisco Stealthwatch

C.

Cisco Encrypted Traffic Analytics

D.

Cisco Umbrella

Question 217

When MAB is configured for use within the 802.1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password?

Options:

A.

The MAB uses the IP address as username and password.

B.

The MAB uses the call-station-ID as username and password.

C.

Each device must be set manually by the administrator.

D.

The MAB uses the MAC address as username and password.

Page: 1 / 73
Total 726 questions