An engineer is configuring Cisco Secure Endpoint to enhance security by preventing the execution of certain files by users. The engineer needs to ensure that the specific executable file name Cisco_Software_0505446151.exe is blocked from running while never being quarantined. What must the engineer configure to meet the requirement?
What is the purpose of a denial-of-service attack?
Refer to the exhibit. An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two.)
DoS attacks are categorized as what?
Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?
What is a characteristic of a bridge group in ASA Firewall transparent mode?
Refer to the exhibit.
Which configuration item makes it possible to have the AAA session on the network?
Refer to the exhibit.
What will happen when this Python script is run?
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?
When a next-generation endpoint security solution is selected for a company, what are two key
deliverables that help justify the implementation? (Choose two.)
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?
(Choose two)
A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?
Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this
requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?
What is a benefit of using Cisco AVC (Application Visibility and Control) for application control?
A Cisco Secure Cloud Analytics administrator is setting up a private network monitor sensor to monitor an on-premises environment. Which two pieces of information from the sensor are used to link to the Secure Cloud Analytics portal? (Choose two.)
Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?
What is the role of an endpoint in protecting a user from a phishing attack?
Refer to the exhibit. What is the result of the Python script?
In which scenario is endpoint-based security the solution?
An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?
Which compliance status is shown when a configured posture policy requirement is not met?
A small organization needs to reduce the VPN bandwidth load on their headend Cisco ASA in order to
ensure that bandwidth is available for VPN users needing access to corporate resources on the10.0.0.0/24 local HQ network. How is this accomplished without adding additional devices to the
network?
An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue?
What is the purpose of CA in a PKI?
Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the
network?
Which security solution protects users leveraging DNS-layer security?
A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.
They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?
Refer to the exhibit.
What is the function of the Python script code snippet for the Cisco ASA REST API?
What is a difference between a zone-based firewall and a Cisco Adaptive Security Appliance firewall?
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?
What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?
Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is
authenticated?
When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?
Which two activities can be done using Cisco DNA Center? (Choose two)
Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication?
Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?
Which Cisco security solution secures public, private, hybrid, and community clouds?
Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains IPs, and flies, and helps to pinpoint attackers' infrastructures and predict future threat?
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed
through the Cisco Umbrella network. Which action tests the routing?
An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements.
What else must be done to accomplish this task?
What features does Cisco FTDv provide over ASAv?
What is the purpose of the Cisco Endpoint loC feature?
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
What are two benefits of Flexible NetFlow records? (Choose two)
What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)
What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?
How does a cloud access security broker function?
Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
What are two DDoS attack categories? (Choose two)
What are two workload security models? (Choose two.)
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?
A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?
A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?
When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN
configuration as opposed to DMVPN?
An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?
Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)
For a given policy in Cisco Umbrella, how should a customer block website based on a custom list?
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
Drag and drop the capabilities from the left onto the correct technologies on the right.
What is an attribute of the DevSecOps process?
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly
identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which
vulnerability allows the attacker to see the passwords being transmitted in clear text?
What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?
What is the recommendation in a zero-trust model before granting access to corporate applications and resources?
Drag and drop the threats from the left onto examples of that threat on the right
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.)
What is the difference between a vulnerability and an exploit?
What is a benefit of using Cisco Umbrella?
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The
company needs to be able to protect sensitive data throughout the full environment. Which tool should be used
to accomplish this goal?
Refer to the exhibit. A network engineer must configure a Cisco router to send traps using SNMPv3. The engineer configures a remote user to receive traps and sets the security level to use authentication without privacy. Which command completes the configuration?
Which two fields are defined in the NetFlow flow? (Choose two)
What is a benefit of using GET VPN over FlexVPN within a VPN deployment?
Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?
What is a description of microsegmentation?
What is a prerequisite when integrating a Cisco ISE server and an AD domain?
Refer to the exhibit.
A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced What is the cause of this issue?
How does DNS Tunneling exfiltrate data?
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?
What is the purpose of the certificate signing request when adding a new certificate for a server?
What is an attribute of Cisco Talos?
Which threat involves software being used to gain unauthorized access to a computer system?
Which technology limits communication between nodes on the same network segment to individual applications?
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.) The eDirectory client must be installed on each client workstation.
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?
Refer to the exhibit.
An engineer must configure a Cisco switch to perform PPP authentication via a TACACS server located at IP address 10.1.1.10. Authentication must fall back to the local database using the username LocalUser and password C1Sc0451069341l if the TACACS server is unreachable.
Drag and drop the commands from the left onto the corresponding configuration steps on the right.
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed
devices?
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is
deleted from an identity group?
An engineer is deploying a Cisco Secure Email Gateway and must ensure it reaches the Cisco update servers to retrieve new rules. The engineer must now manually configure the Outbreak Filter rules on an AsyncOS for Cisco Secure Email Gateway. Only outdated rules must be replaced. Up-to-date rules must be retained. Which action must the engineer take next to complete the configuration?
Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?
Under which two circumstances is a CoA issued? (Choose two)
A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish
this goal?
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)
An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be un solution?
What is a benefit of conducting device compliance checks?
Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?
What is the difference between deceptive phishing and spear phishing?
What is an advantage of the Cisco Umbrella roaming client?
An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users.
Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
What is the function of Cisco Cloudlock for data security?
Which deployment model is the most secure when considering risks to cloud adoption?
Which DoS attack uses fragmented packets in an attempt to crash a target machine?
Refer to the exhibit. What is the result of using this authentication protocol in the configuration?
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
What is a capability of Cisco ASA Netflow?
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?
Which two behavioral patterns characterize a ping of death attack? (Choose two)
Refer to the exhibit.
Which statement about the authentication protocol used in the configuration is true?
Refer to the exhibit.
Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?
Refer to the exhibit.
Which type of authentication is in use?
An organization wants to provide visibility and to identify active threats in its network using a VM. The
organization wants to extract metadata from network packet flow while ensuring that payloads are not retained
or transferred outside the network. Which solution meets these requirements?
Which feature is used to restrict communication between interfaces on a Cisco ASA?
Which attack is commonly associated with C and C++ programming languages?
Which ASA deployment mode can provide separation of management on a shared appliance?
What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?
An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, Cisco Stealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as well as protection against data exfiltration Which solution best meets these requirements?
In an IaaS cloud services model, which security function is the provider responsible for managing?
Which two products are used to forecast capacity needs accurately in real time? (Choose two.)
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)
An organization wants to improve its cybersecurity processes and to add intelligence to its data The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?
A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
What is the purpose of the Cisco Endpoint IoC feature?
An administrator is trying to determine which applications are being used in the network but does not want the
network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites
but other sites are not accessible due to an error. Why is the error occurring?
Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,
data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity
platform. What should be used to meet these requirements?
Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion
Prevention System?
Which Dos attack uses fragmented packets to crash a target machine?
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
How does Cisco Workload Optimization portion of the network do EPP solutions solely performance issues?
Which attack type attempts to shut down a machine or network so that users are not able to access it?
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
Which public cloud provider supports the Cisco Next Generation Firewall Virtual?
Which role is a default guest type in Cisco ISE?
Refer to the exhibit.
When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine
certificates. Which configuration item must be modified to allow this?
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
Refer to the exhibit.
Consider that any feature of DNS requests, such as the length off the domain name
and the number of subdomains, can be used to construct models of expected behavior to which
observed values can be compared. Which type of malicious attack are these values associated with?
Which type of dashboard does Cisco DNA Center provide for complete control of the network?
Which baseline form of telemetry is recommended for network infrastructure devices?
Which Cisco Umbrella package supports selective proxy for Inspection of traffic from risky domains?
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?
Which Secure Email Gateway implementation method segregates inbound and outbound email?
What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?
Which ESA implementation method segregates inbound and outbound email?
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?
How does Cisco Umbrella archive logs to an enterprise owned storage?
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
What is a language format designed to exchange threat intelligence that can be transported over the TAXII
protocol?
What is a benefit of flexible NetFlow records?
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
A web hosting company must upgrade its older, unsupported on-premises servers. The company wants a cloud solution in which the cloud provider is responsible for:
Server patching
Application maintenance
Data center security
Disaster recovery
Which type of cloud meets the requirements?
Drag and drop the deployment models from the left onto the explanations on the right.
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management
port conflicts with other communications on the network and must be changed. What must be done to ensure
that all devices can communicate together?
A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?
For a given policy in Cisco Umbrella, how should a customer block websites based on a custom list?
What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key
establishment?
What is a description of microsegmentation?
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
What does Cisco ISE use to collect endpoint attributes that are used in profiling?
A malicious user gained network access by spoofing printer connections that were authorized using MAB on
four different switch ports at the same time. What two catalyst switch security features will prevent further
violations? (Choose two)
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data
within a network perimeter?
An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?
Refer to the exhibit.
What will happen when the Python script is executed?
II
An engineer musí set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration Which switch port MAC address security setting must be used?
v
Refer to the exhibit When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZjnside zone once the configuration is deployed?
What is a characteristic of Firepower NGIPS inline deployment mode?
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen
if the router configuration was compromised. Which command should be used?
What are two functions of TAXII in threat intelligence sharing? (Choose two.)
Which Cisco security solution protects remote users against phishing attacks when they are not connected to
the VPN?
In which cloud services model is the tenant responsible for virtual machine OS patching?
Refer to the exhibit.
An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.
The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?
Why is it important to patch endpoints consistently?
What is a difference between a DoS attack and a DDoS attack?
Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)
Which technology provides a combination of endpoint protection endpoint detection, and response?
Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?
What is the function of SDN southbound API protocols?
What is a characteristic of traffic storm control behavior?
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)
What is a characteristic of Dynamic ARP Inspection?
Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.)
Which statement about IOS zone-based firewalls is true?
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center?
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and
Response?
Refer to the exhibit.
The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?