Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Cisco 350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Exam Practice Test

Page: 1 / 69
Total 688 questions

Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Questions and Answers

Question 1

An engineer is configuring Cisco Secure Endpoint to enhance security by preventing the execution of certain files by users. The engineer needs to ensure that the specific executable file name Cisco_Software_0505446151.exe is blocked from running while never being quarantined. What must the engineer configure to meet the requirement?

Options:

A.

Create advanced custom detection list.

B.

Configure application control blocked applications list.

C.

Implement simple custom detection list.

D.

Enable scheduled scans to detect and block the executable files.

Question 2

What is the purpose of a denial-of-service attack?

Options:

A.

to disrupt the normal operation of a targeted system by overwhelming It

B.

to exploit a security vulnerability on a computer system to steal sensitive information

C.

to prevent or limit access to data on a computer system by encrypting It

D.

to spread throughout a computer system by self-replicating to additional hosts

Question 3

Question # 3

Refer to the exhibit. An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two.)

Options:

A.

Labels the key pair to be used for SSH

B.

Uses the FQDN with the label command

C.

Generates AES key pairs on the router

D.

Generates RSA key pair on the router

E.

Enables SSHv1 on the router

Question 4

DoS attacks are categorized as what?

Options:

A.

phishing attacks

B.

flood attacks

C.

virus attacks

D.

trojan attacks

Question 5

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

Options:

A.

Cisco AMP for Endpoints

B.

Cisco AnyConnect

C.

Cisco Umbrella

D.

Cisco Duo

Question 6

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

Options:

A.

Implement pre-filter policies for the CIP preprocessor

B.

Enable traffic analysis in the Cisco FTD

C.

Configure intrusion rules for the DNP3 preprocessor

D.

Modify the access control policy to trust the industrial traffic

Question 7

What is a characteristic of a bridge group in ASA Firewall transparent mode?

Options:

A.

It includes multiple interfaces and access rules between interfaces are customizable

B.

It is a Layer 3 segment and includes one port and customizable access rules

C.

It allows ARP traffic with a single access rule

D.

It has an IP address on its BVI interface and is used for management traffic

Question 8

Refer to the exhibit.

Question # 8

Which configuration item makes it possible to have the AAA session on the network?

Options:

A.

aaa authentication login console ise

B.

aaa authentication enable default enable

C.

aaa authorization network default group ise

D.

aaa authorization exec default ise

Question 9

Refer to the exhibit.

Question # 9

What will happen when this Python script is run?

Options:

A.

The compromised computers and malware trajectories will be received from Cisco AMP

B.

The list of computers and their current vulnerabilities will be received from Cisco AMP

C.

The compromised computers and what compromised them will be received from Cisco AMP

D.

The list of computers, policies, and connector statuses will be received from Cisco AMP

Question 10

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

Options:

A.

sniffing the packets between the two hosts

B.

sending continuous pings

C.

overflowing the buffer’s memory

D.

inserting malicious commands into the database

Question 11

When a next-generation endpoint security solution is selected for a company, what are two key

deliverables that help justify the implementation? (Choose two.)

Options:

A.

signature-based endpoint protection on company endpoints

B.

macro-based protection to keep connected endpoints safe

C.

continuous monitoring of all files that are located on connected endpoints

D.

email integration to protect endpoints from malicious content that is located in email

E.

real-time feeds from global threat intelligence centers

Question 12

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

Options:

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Question 13

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?

Options:

A.

The changes are applied immediately it the destination list is part or a policy.

B.

The destination list must be removed from the policy before changes are made to It.

C.

The changes are applied only after the configuration is saved in Cisco Umbrella.

D.

The user role of Block Page Bypass or higher is needed to perform these changes.

Question 14

Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)

Options:

A.

NTLMSSP

B.

Kerberos

C.

CHAP

D.

TACACS+

E.

RADIUS

Question 15

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this

requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

Options:

A.

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

B.

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

D.

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

Question 16

What is a benefit of using Cisco AVC (Application Visibility and Control) for application control?

Options:

A.

management of application sessions

B.

retrospective application analysis

C.

zero-trust approach

D.

dynamic application scanning

Question 17

A Cisco Secure Cloud Analytics administrator is setting up a private network monitor sensor to monitor an on-premises environment. Which two pieces of information from the sensor are used to link to the Secure Cloud Analytics portal? (Choose two.)

Options:

A.

Unique service key

B.

NAT ID

C.

SSL certificate

D.

Public IP address

E.

Private IP address

Question 18

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?

Options:

A.

Cisco Content Platform

B.

Cisco Container Controller

C.

Cisco Container Platform

D.

Cisco Cloud Platform

Question 19

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?

Options:

A.

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

B.

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

C.

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

D.

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

Question 20

What is the role of an endpoint in protecting a user from a phishing attack?

Options:

A.

Use Cisco Stealthwatch and Cisco ISE Integration.

B.

Utilize 802.1X network security to ensure unauthorized access to resources.

C.

Use machine learning models to help identify anomalies and determine expected sending behavior.

D.

Ensure that antivirus and anti malware software is up to date

Question 21

Question # 21

Refer to the exhibit. What is the result of the Python script?

Options:

A.

It uses the POST HTTP method to obtain a username and password to be used for authentication.

B.

It uses the POST HTTP method to obtain a token to be used for authentication.

C.

It uses the GET HTTP method to obtain a token to be used for authentication.

D.

It uses the GET HTTP method to obtain a username and password to be used for authentication

Question 22

In which scenario is endpoint-based security the solution?

Options:

A.

inspecting encrypted traffic

B.

device profiling and authorization

C.

performing signature-based application control

D.

inspecting a password-protected archive

Question 23

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

Options:

A.

Configure the *.com address in the block list.

B.

Configure the *.domain.com address in the block list

C.

Configure the *.domain.com address in the block list

D.

Configure the domain.com address in the block list

Question 24

Which compliance status is shown when a configured posture policy requirement is not met?

Options:

A.

compliant

B.

unknown

C.

authorized

D.

noncompliant

Question 25

A small organization needs to reduce the VPN bandwidth load on their headend Cisco ASA in order to

ensure that bandwidth is available for VPN users needing access to corporate resources on the10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the

network?

Options:

A.

Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only.

B.

Configure VPN load balancing to distribute traffic for the 10.0.0.0/24 network,

C.

Configure VPN load balancing to send non-corporate traffic straight to the internet.

D.

Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network.

Question 26

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue?

Options:

A.

Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE

B.

Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect

C.

Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE

D.

Configure the device sensor feature within the switch to send the appropriate protocol information

Question 27

What is the purpose of CA in a PKI?

Options:

A.

To issue and revoke digital certificates

B.

To validate the authenticity of a digital certificate

C.

To create the private key for a digital certificate

D.

To certify the ownership of a public key by the named subject

Question 28

Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the

network?

Options:

A.

Posture

B.

Profiling

C.

pxGrid

D.

MAB

Question 29

Which security solution protects users leveraging DNS-layer security?

Options:

A.

Cisco ISE

B.

Cisco FTD

C.

Cisco Umbrella

D.

Cisco ASA

Question 30

A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.

They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?

Options:

A.

DMVPN because it supports IKEv2 and FlexVPN does not

B.

FlexVPN because it supports IKEv2 and DMVPN does not

C.

FlexVPN because it uses multiple SAs and DMVPN does not

D.

DMVPN because it uses multiple SAs and FlexVPN does not

Question 31

Refer to the exhibit.

Question # 31

What is the function of the Python script code snippet for the Cisco ASA REST API?

Options:

A.

adds a global rule into policies

B.

changes the hostname of the Cisco ASA

C.

deletes a global rule from policies

D.

obtains the saved configuration of the Cisco ASA firewall

Question 32

What is a difference between a zone-based firewall and a Cisco Adaptive Security Appliance firewall?

Options:

A.

Zone-based firewalls provide static routing based on interfaces, and Cisco Adaptive Security Appliance firewalls provide dynamic routing.

B.

Zone-based firewalls support virtual tunnel interfaces across different locations, and Cisco Adaptive Security Appliance firewalls support DMVPN.

C.

Zone-based firewalls have a default allow-all policy between interfaces in the same zone, and Cisco Adaptive Security Appliance firewalls have a deny-all policy.

D.

Zone-based firewalls are used in large deployments with multiple areas, and Cisco Adaptive Security Appliance firewalls are used in small deployments.

Question 33

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

Options:

A.

SDLC

B.

Docker

C.

Lambda

D.

Contiv

Question 34

What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?

Options:

A.

public collection of threat intelligence feeds

B.

threat intelligence sharing organization

C.

language used to represent security information

D.

service used to exchange security information

Question 35

Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is

authenticated?

Options:

A.

Authorization

B.

Accounting

C.

Authentication

D.

CoA

Question 36

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

Options:

A.

Spero analysis

B.

dynamic analysis

C.

sandbox analysis

D.

malware analysis

Question 37

Which two activities can be done using Cisco DNA Center? (Choose two)

Options:

A.

DHCP

B.

Design

C.

Accounting

D.

DNS

E.

Provision

Question 38

Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication?

Options:

A.

single-sign on

B.

RADIUS/LDAP authentication

C.

Kerberos security solution

D.

multifactor authentication

Question 39

Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?

Options:

A.

api/v1/fie/config

B.

api/v1/onboarding/pnp-device/import

C.

api/v1/onboarding/pnp-device

D.

api/v1/onboarding/workflow

Question 40

Which Cisco security solution secures public, private, hybrid, and community clouds?

Options:

A.

Cisco ISE

B.

Cisco ASAv

C.

Cisco Cloudlock

D.

Cisco pxGrid

Question 41

Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains IPs, and flies, and helps to pinpoint attackers' infrastructures and predict future threat?

Options:

A.

Cisco Secure Network Analytics

B.

Cisco Secure Cloud Analytics

C.

Cisco Umbrella Investigate

D.

Cisco pxGrid

Question 42

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed

through the Cisco Umbrella network. Which action tests the routing?

Options:

A.

Ensure that the client computers are pointing to the on-premises DNS servers.

B.

Enable the Intelligent Proxy to validate that traffic is being routed correctly.

C.

Add the public IP address that the client computers are behind to a Core Identity.

D.

Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Question 43

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements.

What else must be done to accomplish this task?

Options:

A.

Modify the application settings to allow only applications to connect to required addresses.

B.

Create a destination list for addresses to be allowed or blocked.

C.

Add the specified addresses to the identities list and create a block action.

D.

Use content categories to block or allow specific addresses.

Question 44

What features does Cisco FTDv provide over ASAv?

Options:

A.

Cisco FTDv runs on VMWare while ASAv does not

B.

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C.

Cisco FTDv runs on AWS while ASAv does not

D.

Cisco FTDv supports URL filtering while ASAv does not

Question 45

What is the purpose of the Cisco Endpoint loC feature?

Options:

A.

It provides stealth threat prevention.

B.

lt is a signature-based engine.

C.

lt is an incident response tool

D.

It provides precompromise detection.

Question 46

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Question # 46

Options:

Question 47

What are two benefits of Flexible NetFlow records? (Choose two)

Options:

A.

They allow the user to configure flow information to perform customized traffic identification

B.

They provide attack prevention by dropping the traffic

C.

They provide accounting and billing enhancements

D.

They converge multiple accounting technologies into one accounting mechanism

E.

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

Question 48

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

Options:

A.

Southbound APIs are used to define how SDN controllers integrate with applications.

B.

Southbound interfaces utilize device configurations such as VLANs and IP addresses.

C.

Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.

D.

Southbound APIs utilize CLI, SNMP, and RESTCONF.

E.

Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

Question 49

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

Options:

A.

Telemetry uses a pull mehod, which makes it more reliable than SNMP

B.

Telemetry uses push and pull, which makes it more scalable than SNMP

C.

Telemetry uses push and pull which makes it more secure than SNMP

D.

Telemetry uses a push method which makes it faster than SNMP

Question 50

How does a cloud access security broker function?

Options:

A.

It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution

B.

lt integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution

C.

It acts as a security information and event management solution and receives syslog from other cloud solutions.

D.

It scans other cloud solutions being used within the network and identifies vulnerabilities

Question 51

Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

Options:

A.

VMware APIC

B.

VMwarevRealize

C.

VMware fusion

D.

VMware horizons

Question 52

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

Options:

A.

Cisco NGFW

B.

Cisco AnyConnect

C.

Cisco AMP for Endpoints

D.

Cisco Duo

Question 53

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

Options:

A.

It allows the administrator to quarantine malicious files so that the application can function, just notmaliciously.

B.

It discovers and controls cloud apps that are connected to a company’s corporate environment.

C.

It deletes any application that does not belong in the network.

D.

It sends the application information to an administrator to act on.

Question 54

What are two DDoS attack categories? (Choose two)

Options:

A.

sequential

B.

protocol

C.

database

D.

volume-based

E.

screen-based

Question 55

What are two workload security models? (Choose two.)

Options:

A.

SaaS

B.

PaaS

C.

off-premises

D.

on-premises

E.

IaaS

Question 56

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

Options:

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Intelligent proxy and SSL decryption is disabled in the policy.

D.

Client computers do not have an SSL certificate deployed from an internal CA server.

Question 57

A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

Options:

A.

Transparent mode

B.

Forward file

C.

PAC file

D.

Bridge mode

Question 58

A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?

Options:

A.

Implement synchronized system clock on TACACS server that matches the network device.

B.

Install a compatible operating system version on the TACACS server.

C.

Configure the TACACS key on the server to match with the network device.

D.

Apply an access control list on TACACS server to allow communication with the network device.

Question 59

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

Options:

A.

Multiple routers or VRFs are required.

B.

Traffic is distributed statically by default.

C.

Floating static routes are required.

D.

HSRP is used for faliover.

Question 60

An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?

Options:

A.

EAPOL

B.

SSH

C.

RADIUS

D.

TACACS+

Question 61

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

Options:

A.

transparent mode

B.

routed mode

C.

inline mode

D.

active mode

E.

passive monitor-only mode

Question 62

For a given policy in Cisco Umbrella, how should a customer block website based on a custom list?

Options:

A.

by specifying blocked domains in me policy settings

B.

by specifying the websites in a custom blocked category

C.

by adding the websites to a blocked type destination list

D.

by adding the website IP addresses to the Cisco Umbrella blocklist

Question 63

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

Options:

A.

It can handle explicit HTTP requests.

B.

It requires a PAC file for the client web browser.

C.

It requires a proxy for the client web browser.

D.

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

E.

Layer 4 switches can automatically redirect traffic destined to port 80.

Question 64

Drag and drop the capabilities from the left onto the correct technologies on the right.

Question # 64

Options:

Question 65

What is an attribute of the DevSecOps process?

Options:

A.

mandated security controls and check lists

B.

security scanning and theoretical vulnerabilities

C.

development security

D.

isolated security team

Question 66

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

Options:

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Question 67

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

Options:

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Question 68

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Options:

A.

Cisco Cloudlock

B.

Cisco Umbrella

C.

Cisco AMP

D.

Cisco App Dynamics

Question 69

What is the recommendation in a zero-trust model before granting access to corporate applications and resources?

Options:

A.

To use a wired network, not wireless

B.

To use strong passwords

C.

To use multifactor authentication

D.

To disconnect from the network when inactive

Question 70

Drag and drop the threats from the left onto examples of that threat on the right

Question # 70

Options:

Question 71

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also

provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

Options:

A.

url

B.

terminal

C.

profile

D.

selfsigned

Question 72

Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.)

Options:

A.

TACACS+

B.

CHAP

C.

NTLMSSP

D.

RADIUS

E.

Kerberos

Question 73

What is the difference between a vulnerability and an exploit?

Options:

A.

A vulnerability is a hypothetical event for an attacker to exploit

B.

A vulnerability is a weakness that can be exploited by an attacker

C.

An exploit is a weakness that can cause a vulnerability in the network

D.

An exploit is a hypothetical event that causes a vulnerability in the network

Question 74

What is a benefit of using Cisco Umbrella?

Options:

A.

DNS queries are resolved faster.

B.

Attacks can be mitigated before the application connection occurs.

C.

Files are scanned for viruses before they are allowed to run.

D.

It prevents malicious inbound traffic.

Question 75

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The

company needs to be able to protect sensitive data throughout the full environment. Which tool should be used

to accomplish this goal?

Options:

A.

Security Manager

B.

Cloudlock

C.

Web Security Appliance

D.

Cisco ISE

Question 76

Refer to the exhibit. A network engineer must configure a Cisco router to send traps using SNMPv3. The engineer configures a remote user to receive traps and sets the security level to use authentication without privacy. Which command completes the configuration?

Options:

A.

snmp-server host 10.12.8.4 informs version 3 noauthno remoteuser config

B.

snmp-server host 10.12.8.4 informs version 3 noauthnoPriv remoteuser config

C.

snmp-server user TrapUser group2 remote 10.12.8.4 v3 auth md5 password1

D.

snmp-server user TrapUser group2 remote 10.12.8.4 v3 auth md5 password1 priv access des56

Question 77

Which two fields are defined in the NetFlow flow? (Choose two)

Options:

A.

type of service byte

B.

class of service bits

C.

Layer 4 protocol type

D.

destination port

E.

output logical interface

Question 78

What is a benefit of using GET VPN over FlexVPN within a VPN deployment?

Options:

A.

GET VPN supports Remote Access VPNs

B.

GET VPN natively supports MPLS and private IP networks

C.

GET VPN uses multiple security associations for connections

D.

GET VPN interoperates with non-Cisco devices

Question 79

Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?

Options:

A.

buffer overflow

B.

browser WGET

C.

SQL injection

D.

cross-site scripting

Question 80

What is a description of microsegmentation?

Options:

A.

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate

B.

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery

C.

Environments implement private VLAN segmentation to group servers with similar applications.

D.

Environments deploy centrally managed host-based firewall rules on each server or container

Question 81

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Options:

A.

Place the Cisco ISE server and the AD server in the same subnet

B.

Configure a common administrator account

C.

Configure a common DNS server

D.

Synchronize the clocks of the Cisco ISE server and the AD server

Question 82

Refer to the exhibit.

Question # 82

A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced What is the cause of this issue?

Options:

A.

The key was configured in plain text.

B.

NTP authentication is not enabled.

C.

The hashing algorithm that was used was MD5. which is unsupported.

D.

The router was not rebooted after the NTP configuration updated.

Question 83

How does DNS Tunneling exfiltrate data?

Options:

A.

An attacker registers a domain that a client connects to based on DNS records and sends malware throughthat connection.

B.

An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C.

An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order topoison the resolutions.

D.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a maliciousdomain.

Question 84

An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?

Options:

A.

MDA on the router

B.

PBR on Cisco WSA

C.

WCCP on switch

D.

DNS resolution on Cisco WSA

Question 85

What is the purpose of the certificate signing request when adding a new certificate for a server?

Options:

A.

It is the password for the certificate that is needed to install it with.

B.

It provides the server information so a certificate can be created and signed

C.

It provides the certificate client information so the server can authenticate against it when installing

D.

It is the certificate that will be loaded onto the server

Question 86

What is an attribute of Cisco Talos?

Options:

A.

Introduction of attributes that use objects and narrative relations

B.

Fast and intelligent responses based on threat data

C.

Cyber threat intelligence interchange and maintenance

D.

Cyber threats posing as authorized users and devices

Question 87

Which threat involves software being used to gain unauthorized access to a computer system?

Options:

A.

virus

B.

NTP amplification

C.

ping of death

D.

HTTP flood

Question 88

Which technology limits communication between nodes on the same network segment to individual applications?

Options:

A.

serverless infrastructure

B.

microsegmentation

C.

SaaS deployment

D.

machine-to-machine firewalling

Question 89

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.) The eDirectory client must be installed on each client workstation.

Options:

A.

Create NTLM or Kerberos authentication realm and enable transparent user identification

B.

Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

C.

Create an LDAP authentication realm and disable transparent user identification.

D.

Deploy a separate eDirectory server: the client IP address is recorded in this server

Question 90

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

Options:

A.

Use security services to configure the traffic monitor, .

B.

Use URL categorization to prevent the application traffic.

C.

Use an access policy group to configure application control settings.

D.

Use web security reporting to validate engine functionality

Question 91

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

Options:

A.

file access from a different user

B.

interesting file access

C.

user login suspicious behavior

D.

privilege escalation

Question 92

Refer to the exhibit.

Question # 92

An engineer must configure a Cisco switch to perform PPP authentication via a TACACS server located at IP address 10.1.1.10. Authentication must fall back to the local database using the username LocalUser and password C1Sc0451069341l if the TACACS server is unreachable.

Drag and drop the commands from the left onto the corresponding configuration steps on the right.

Question # 92

Options:

Question 93

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed

devices?

Options:

A.

health policy

B.

system policy

C.

correlation policy

D.

access control policy

E.

health awareness policy

Question 94

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is

deleted from an identity group?

Options:

A.

posture assessment

B.

CoA

C.

external identity source

D.

SNMP probe

Question 95

An engineer is deploying a Cisco Secure Email Gateway and must ensure it reaches the Cisco update servers to retrieve new rules. The engineer must now manually configure the Outbreak Filter rules on an AsyncOS for Cisco Secure Email Gateway. Only outdated rules must be replaced. Up-to-date rules must be retained. Which action must the engineer take next to complete the configuration?

Options:

A.

Select Outbreak Filters

B.

Perform a backup/restore of the database

C.

Use the outbreakconfig command in CLI

D.

Click Update Rules Now

Question 96

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

Options:

A.

to prevent theft of the endpoints

B.

because defense-in-depth stops at the network

C.

to expose the endpoint to more threats

D.

because human error or insider threats will still exist

Question 97

Under which two circumstances is a CoA issued? (Choose two)

Options:

A.

A new authentication rule was added to the policy on the Policy Service node.

B.

An endpoint is deleted on the Identity Service Engine server.

C.

A new Identity Source Sequence is created and referenced in the authentication policy.

D.

An endpoint is profiled for the first time.

E.

A new Identity Service Engine server is added to the deployment with the Administration persona

Question 98

A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish

this goal?

Options:

A.

3

B.

5

C.

10

D.

1

Question 99

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

Options:

A.

accounting

B.

assurance

C.

automation

D.

authentication

E.

encryption

Question 100

Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

Options:

A.

put

B.

options

C.

get

D.

push

E.

connect

Question 101

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?

Options:

A.

L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol.

B.

L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701.

C.

GRE over IPsec adds its own header, and L2TP does not.

D.

GRE over IPsec cannot be used as a standalone protocol, and L2TP can.

Question 102

What is a benefit of conducting device compliance checks?

Options:

A.

It indicates what type of operating system is connecting to the network.

B.

It validates if anti-virus software is installed.

C.

It scans endpoints to determine if malicious activity is taking place.

D.

It detects email phishing attacks.

Question 103

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

Options:

A.

OpenC2

B.

OpenlOC

C.

CybOX

D.

STIX

Question 104

What is the difference between deceptive phishing and spear phishing?

Options:

A.

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.

A spear phishing campaign is aimed at a specific person versus a group of people.

C.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Question 105

What is an advantage of the Cisco Umbrella roaming client?

Options:

A.

the ability to see all traffic without requiring TLS decryption

B.

visibility into IP-based threats by tunneling suspicious IP connections

C.

the ability to dynamically categorize traffic to previously uncategorized sites

D.

visibility into traffic that is destined to sites within the office environment

Question 106

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users.

Options:

A.

Upload the organization root CA to the Umbrella admin portal

B.

Modify the user's browser settings to suppress errors from Umbrella.

C.

Restrict access to only websites with trusted third-party signed certificates.

D.

Import the Umbrella root CA into the trusted root store on the user's device.

Question 107

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

Options:

A.

It allows traffic if it does not meet the profile.

B.

It defines a traffic baseline for traffic anomaly deduction.

C.

It inspects hosts that meet the profile with more intrusion rules.

D.

It blocks traffic if it does not meet the profile.

Question 108

What is the function of Cisco Cloudlock for data security?

Options:

A.

data loss prevention

B.

controls malicious cloud apps

C.

detects anomalies

D.

user and entity behavior analytics

Question 109

Which deployment model is the most secure when considering risks to cloud adoption?

Options:

A.

Public Cloud

B.

Hybrid Cloud

C.

Community Cloud

D.

Private Cloud

Question 110

Which DoS attack uses fragmented packets in an attempt to crash a target machine?

Options:

A.

teardrop

B.

smurf

C.

LAND

D.

SYN flood

Question 111

Question # 111

Refer to the exhibit. What is the result of using this authentication protocol in the configuration?

Options:

A.

The authentication request contains only a username.

B.

The authentication request contains only a password.

C.

There are separate authentication and authorization request packets.

D.

The authentication and authorization requests are grouped in a single packet.

Question 112

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Options:

A.

Encrypted Traffic Analytics

B.

Threat Intelligence Director

C.

Cognitive Threat Analytics

D.

Cisco Talos Intelligence

Question 113

What is a capability of Cisco ASA Netflow?

Options:

A.

It filters NSEL events based on traffic

B.

It generates NSEL events even if the MPF is not configured

C.

It logs all event types only to the same collector

D.

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

Question 114

Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?

Options:

A.

inbound

B.

north-south

C.

east-west

D.

outbound

Question 115

Which two behavioral patterns characterize a ping of death attack? (Choose two)

Options:

A.

The attack is fragmented into groups of 16 octets before transmission.

B.

The attack is fragmented into groups of 8 octets before transmission.

C.

Short synchronized bursts of traffic are used to disrupt TCP connections.

D.

Malformed packets are used to crash systems.

E.

Publicly accessible DNS servers are typically used to execute the attack.

Question 116

Refer to the exhibit.

Question # 116

Which statement about the authentication protocol used in the configuration is true?

Options:

A.

The authentication request contains only a password

B.

The authentication request contains only a username

C.

The authentication and authorization requests are grouped in a single packet

D.

There are separate authentication and authorization request packets

Question 117

Refer to the exhibit.

Question # 117

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

Options:

A.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.

The access control policy is not allowing VPN traffic in.

C.

Site-to-site VPN peers are using different encryption algorithms.

D.

Site-to-site VPN preshared keys are mismatched.

Question 118

Refer to the exhibit.

Question # 118

Which type of authentication is in use?

Options:

A.

LDAP authentication for Microsoft Outlook

B.

POP3 authentication

C.

SMTP relay server authentication

D.

external user and relay mail authentication

Question 119

An organization wants to provide visibility and to identify active threats in its network using a VM. The

organization wants to extract metadata from network packet flow while ensuring that payloads are not retained

or transferred outside the network. Which solution meets these requirements?

Options:

A.

Cisco Umbrella Cloud

B.

Cisco Stealthwatch Cloud PNM

C.

Cisco Stealthwatch Cloud PCM

D.

Cisco Umbrella On-Premises

Question 120

Which feature is used to restrict communication between interfaces on a Cisco ASA?

Options:

A.

VLAN subinterfaces

B.

Traffic zones

C.

Security levels

D.

VxLAN interfaces

Question 121

Which attack is commonly associated with C and C++ programming languages?

Options:

A.

cross-site scripting

B.

water holing

C.

DDoS

D.

buffer overflow

Question 122

Which ASA deployment mode can provide separation of management on a shared appliance?

Options:

A.

DMZ multiple zone mode

B.

transparent firewall mode

C.

multiple context mode

D.

routed mode

Question 123

What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?

Options:

A.

The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.

B.

The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity

C.

AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.

D.

AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

Question 124

An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, Cisco Stealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as well as protection against data exfiltration Which solution best meets these requirements?

Options:

A.

Cisco CloudLock

B.

Cisco AppDynamics Cloud Monitoring

C.

Cisco Umbrella

D.

Cisco Stealthwatch

Question 125

In an IaaS cloud services model, which security function is the provider responsible for managing?

Options:

A.

Internet proxy

B.

firewalling virtual machines

C.

CASB

D.

hypervisor OS hardening

Question 126

Which two products are used to forecast capacity needs accurately in real time? (Choose two.)

Options:

A.

Cisco Secure Workload

B.

Cisco Umbrella

C.

Cisco Workload Optimization Manager

D.

Cisco AppDynamics

E.

Cisco Cloudlock

Question 127

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

Options:

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Question 128

An organization wants to improve its cybersecurity processes and to add intelligence to its data The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?

Options:

A.

Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use

B.

Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies.

C.

Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases

D.

Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides.

Question 129

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

Options:

A.

a Network Discovery policy to receive data from the host

B.

a Threat Intelligence policy to download the data from the host

C.

a File Analysis policy to send file data into Cisco Firepower

D.

a Network Analysis policy to receive NetFlow data from the host

Question 130

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

Options:

A.

Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not

B.

Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C.

URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA

D.

Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA

Question 131

What is the purpose of the Cisco Endpoint IoC feature?

Options:

A.

It is an incident response tool.

B.

It provides stealth threat prevention.

C.

It is a signature-based engine.

D.

It provides precompromise detection.

Question 132

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

Options:

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Question 133

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites

but other sites are not accessible due to an error. Why is the error occurring?

Options:

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Client computers do not have an SSL certificate deployed from an internal CA server.

D.

Intelligent proxy and SSL decryption is disabled in the policy

Question 134

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.

Question # 134

Options:

Question 135

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,

data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity

platform. What should be used to meet these requirements?

Options:

A.

Cisco Umbrella

B.

Cisco Cloud Email Security

C.

Cisco NGFW

D.

Cisco Cloudlock

Question 136

Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.

Question # 136

Options:

Question 137

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion

Prevention System?

Options:

A.

control

B.

malware

C.

URL filtering

D.

protect

Question 138

Which Dos attack uses fragmented packets to crash a target machine?

Options:

A.

smurf

B.

MITM

C.

teardrop

D.

LAND

Question 139

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

Options:

A.

transparent

B.

redirection

C.

forward

D.

proxy gateway

Question 140

How does Cisco Workload Optimization portion of the network do EPP solutions solely performance issues?

Options:

A.

It deploys an AWS Lambda system

B.

It automates resource resizing

C.

It optimizes a flow path

D.

It sets up a workload forensic score

Question 141

Which attack type attempts to shut down a machine or network so that users are not able to access it?

Options:

A.

smurf

B.

bluesnarfing

C.

MAC spoofing

D.

IP spoofing

Question 142

An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

Options:

A.

Set a trusted interface for the DHCP server

B.

Set the DHCP snooping bit to 1

C.

Add entries in the DHCP snooping database

D.

Enable ARP inspection for the required VLAN

Question 143

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

Options:

A.

Google Cloud Platform

B.

Red Hat Enterprise Visualization

C.

VMware ESXi

D.

Amazon Web Services

Question 144

Which role is a default guest type in Cisco ISE?

Options:

A.

Monthly

B.

Yearly

C.

Contractor

D.

Full-Time

Question 145

Refer to the exhibit.

Question # 145

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

Options:

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Question 146

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

Options:

A.

TCP 6514

B.

UDP 1700

C.

TCP 49

D.

UDP 1812

Question 147

An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)

Options:

A.

Specify the NTP version

B.

Configure the NTP stratum

C.

Set the authentication key

D.

Choose the interface for syncing to the NTP server

E.

Set the NTP DNS hostname

Question 148

Refer to the exhibit.

Question # 148

Consider that any feature of DNS requests, such as the length off the domain name

and the number of subdomains, can be used to construct models of expected behavior to which

observed values can be compared. Which type of malicious attack are these values associated with?

Options:

A.

Spectre Worm

B.

Eternal Blue Windows

C.

Heartbleed SSL Bug

D.

W32/AutoRun worm

Question 149

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

Options:

A.

service management

B.

centralized management

C.

application management

D.

distributed management

Question 150

Which baseline form of telemetry is recommended for network infrastructure devices?

Options:

A.

SDNS

B.

NetFlow

C.

passive taps

D.

SNMP

Question 151

Which Cisco Umbrella package supports selective proxy for Inspection of traffic from risky domains?

Options:

A.

SIG Advantage

B.

DNS Security Essentials

C.

SIG Essentials

D.

DNS Security Advantage

Question 152

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

Options:

A.

1

B.

3

C.

5

D.

10

Question 153

Which Secure Email Gateway implementation method segregates inbound and outbound email?

Options:

A.

Pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address

B.

One listener on one logical IPv4 address on a single logical interface

C.

Pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces

D.

One listener on a single physical interface

Question 154

What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

Options:

A.

It defines what data is going to be encrypted via the VPN

B.

lt configures the pre-shared authentication key

C.

It prevents all IP addresses from connecting to the VPN server.

D.

It configures the local address for the VPN server.

Question 155

Which ESA implementation method segregates inbound and outbound email?

Options:

A.

one listener on a single physical Interface

B.

pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address

C.

pair of logical IPv4 listeners and a pair Of IPv6 listeners on two physically separate interfaces

D.

one listener on one logical IPv4 address on a single logical interface

Question 156

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

Options:

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Question 157

Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

Question # 157

Options:

Question 158

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?

Options:

A.

AAA attributes

B.

CoA request

C.

AV pair

D.

carrier-grade NAT

Question 159

How does Cisco Umbrella archive logs to an enterprise owned storage?

Options:

A.

by using the Application Programming Interface to fetch the logs

B.

by sending logs via syslog to an on-premises or cloud-based syslog server

C.

by the system administrator downloading the logs from the Cisco Umbrella web portal

D.

by being configured to send logs to a self-managed AWS S3 bucket

Question 160

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

Options:

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of theproduct, whereas with a cloud-based solution, the provider is responsible for it.

Question 161

What is a language format designed to exchange threat intelligence that can be transported over the TAXII

protocol?

Options:

A.

STIX

B.

XMPP

C.

pxGrid

D.

SMTP

Question 162

What is a benefit of flexible NetFlow records?

Options:

A.

They are used for security

B.

They are used for accounting

C.

They monitor a packet from Layer 2 to Layer 5

D.

They have customized traffic identification

Question 163

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

Options:

A.

File Analysis

B.

SafeSearch

C.

SSL Decryption

D.

Destination Lists

Question 164

A web hosting company must upgrade its older, unsupported on-premises servers. The company wants a cloud solution in which the cloud provider is responsible for:

    Server patching

    Application maintenance

    Data center security

    Disaster recovery

Which type of cloud meets the requirements?

Options:

A.

Hybrid

B.

IaaS

C.

SaaS

D.

PaaS

Question 165

Drag and drop the deployment models from the left onto the explanations on the right.

Question # 165

Options:

Question 166

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management

port conflicts with other communications on the network and must be changed. What must be done to ensure

that all devices can communicate together?

Options:

A.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

B.

Set the tunnel to go through the Cisco FTD

C.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTDdevices

D.

Set the tunnel port to 8305

Question 167

A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?

Options:

A.

Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.

B.

Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.

C.

Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.

D.

Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.

Question 168

For a given policy in Cisco Umbrella, how should a customer block websites based on a custom list?

Options:

A.

By adding the websites to a blocked type destination list

B.

By specifying blocked domains in the policy settings

C.

By adding the website IP addresses to the Cisco Umbrella blocklist

D.

By specifying the websites in a custom blocked category

Question 169

What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)

Options:

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Question 170

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

Options:

A.

Windows service

B.

computer identity

C.

user identity

D.

Windows firewall

E.

default browser

Question 171

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

Options:

A.

Change isakmp to ikev2 in the command on hostA.

B.

Enter the command with a different password on hostB.

C.

Enter the same command on hostB.

D.

Change the password on hostA to the default password.

Question 172

When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key

establishment?

Options:

A.

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

B.

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

C.

DH is a symmetric key establishment algorithm intended to output asymmetric keys

D.

DH is an asymmetric key establishment algorithm intended to output symmetric keys

Question 173

What is a description of microsegmentation?

Options:

A.

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.

B.

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

C.

Environments deploy centrally managed host-based firewall rules on each server or container.

D.

Environments implement private VLAN segmentation to group servers with similar applications.

Question 174

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

Options:

A.

TLSv1.2

B.

TLSv1.1

C.

BJTLSv1

D.

DTLSv1

Question 175

Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

Options:

A.

PaaS

B.

XaaS

C.

IaaS

D.

SaaS

Question 176

What does Cisco ISE use to collect endpoint attributes that are used in profiling?

Options:

A.

probes

B.

posture assessment

C.

Cisco AnyConnect Secure Mobility Client

D.

Cisco pxGrid

Question 177

A malicious user gained network access by spoofing printer connections that were authorized using MAB on

four different switch ports at the same time. What two catalyst switch security features will prevent further

violations? (Choose two)

Options:

A.

DHCP Snooping

B.

802.1AE MacSec

C.

Port security

D.

IP Device track

E.

Dynamic ARP inspection

F.

Private VLANs

Question 178

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

Options:

A.

cloud web services

B.

network AMP

C.

private cloud

D.

public cloud

Question 179

An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?

Options:

A.

Identity the network IPs and place them in a blocked list.

B.

Modify the advanced custom detection list to include these files.

C.

Create an application control blocked applications list.

D.

Add a list for simple custom detection.

Question 180

Refer to the exhibit.

Question # 180

What will happen when the Python script is executed?

Options:

A.

The hostname will be translated to an IP address and printed.

B.

The hostname will be printed for the client in the client ID field.

C.

The script will pull all computer hostnames and print them.

D.

The script will translate the IP address to FODN and print it

Question 181

II

An engineer musí set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration Which switch port MAC address security setting must be used?

Options:

A.

sticky

B.

static

C.

aging

D.

maximum

Question 182

vQuestion # 182

Refer to the exhibit When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZjnside zone once the configuration is deployed?

Options:

A.

All traffic from any zone to the DMZ_inside zone will be permitted with no further inspection

B.

No traffic will be allowed through to the DMZ_inside zone regardless of if it's trusted or not

C.

All traffic from any zone will be allowed to the DMZ_inside zone only after inspection

D.

No traffic will be allowed through to the DMZ_inside zone unless it's already trusted

Question 183

What is a characteristic of Firepower NGIPS inline deployment mode?

Options:

A.

ASA with Firepower module cannot be deployed.

B.

It cannot take actions such as blocking traffic.

C.

It is out-of-band from traffic.

D.

It must have inline interface pairs configured.

Question 184

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

Options:

A.

interpacket variation

B.

software package variation

C.

flow insight variation

D.

process details variation

Question 185

An engineer is configuring device-hardening on a router in order to prevent credentials from being seen

if the router configuration was compromised. Which command should be used?

Options:

A.

service password-encryption

B.

username privilege 15 password

C.

service password-recovery

D.

username < username> password

Question 186

What are two functions of TAXII in threat intelligence sharing? (Choose two.)

Options:

A.

determines the "what" of threat intelligence

B.

Supports STIX information

C.

allows users to describe threat motivations and abilities

D.

exchanges trusted anomaly intelligence information

E.

determines how threat intelligence information is relayed

Question 187

Which Cisco security solution protects remote users against phishing attacks when they are not connected to

the VPN?

Options:

A.

Cisco Stealthwatch

B.

Cisco Umbrella

C.

Cisco Firepower

D.

NGIPS

Question 188

In which cloud services model is the tenant responsible for virtual machine OS patching?

Options:

A.

IaaS

B.

UCaaS

C.

PaaS

D.

SaaS

Question 189

Refer to the exhibit.

Question # 189

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

Options:

A.

configure manager add DONTRESOLVE kregistration key>

B.

configure manager add 16

C.

configure manager add DONTRESOLVE FTD123

D.

configure manager add

Question 190

Why is it important to patch endpoints consistently?

Options:

A.

Patching reduces the attack surface of the infrastructure.

B.

Patching helps to mitigate vulnerabilities.

C.

Patching is required per the vendor contract.

D.

Patching allows for creating a honeypot.

Question 191

What is a difference between a DoS attack and a DDoS attack?

Options:

A.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

B.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

C.

A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

D.

A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

Question 192

Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

Options:

A.

GET VPN

B.

IPsec DVTI

C.

DMVPN

D.

FlexVPN

Question 193

Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?

Options:

A.

Cisco ISE

B.

Cisco NAC

C.

Cisco TACACS+

D.

Cisco WSA

Question 194

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

Options:

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Question 195

Which technology provides a combination of endpoint protection endpoint detection, and response?

Options:

A.

Cisco AMP

B.

Cisco Talos

C.

Cisco Threat Grid

D.

Cisco Umbrella

Question 196

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

Options:

A.

webadvancedconfig

B.

websecurity advancedconfig

C.

outbreakconfig

D.

websecurity config

Question 197

What is the function of SDN southbound API protocols?

Options:

A.

to allow for the dynamic configuration of control plane applications

B.

to enable the controller to make changes

C.

to enable the controller to use REST

D.

to allow for the static configuration of control plane applications

Question 198

What is a characteristic of traffic storm control behavior?

Options:

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level withinthe interval.

B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet isunicast or broadcast.

Question 199

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

Options:

A.

DDoS

B.

antispam

C.

antivirus

D.

encryption

E.

DLP

Question 200

What is a characteristic of Dynamic ARP Inspection?

Options:

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCPsnooping binding database.

B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which areuntrusted

C.

DAI associates a trust state with each switch.

D.

DAI intercepts all ARP requests and responses on trusted ports only.

Question 201

Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.)

Options:

A.

no service password-recovery

B.

no cdp run

C.

service tcp-keepalives-in

D.

no ip http server

E.

ip ssh version 2

Question 202

Which statement about IOS zone-based firewalls is true?

Options:

A.

An unassigned interface can communicate with assigned interfaces

B.

Only one interface can be assigned to a zone.

C.

An interface can be assigned to multiple zones.

D.

An interface can be assigned only to one zone.

Question 203

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

Options:

A.

Cisco Advanced Malware Protection

B.

Cisco Stealthwatch

C.

Cisco Identity Services Engine

D.

Cisco AnyConnect

Question 204

Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?

Options:

A.

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count

B.

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device

C.

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice?parameter1=value ¶meter2=value&....

D.

GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v 1/networkdevice/startIndex/recordsToReturn

Question 205

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and

Response?

Options:

A.

EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

B.

EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

C.

EPP focuses on network security, and EDR focuses on device security.

D.

EDR focuses on network security, and EPP focuses on device security.

Question 206

Refer to the exhibit.

Question # 206

The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

Options:

A.

P2 and P3 only

B.

P5, P6, and P7 only

C.

P1, P2, P3, and P4 only

D.

P2, P3, and P6 only

Page: 1 / 69
Total 688 questions