Exam A Flashcards by Yevgeniy Levin

An engineer wants to assign a printer to a different VLAN than it is statically configured on the switch port. Which CoA type should the engineer use?

A. CoA-Terminate
B. No-CoA
C. Port-Bounce
D. CoA-Reauth

Port-Bounce

How well did you know this?

Not at all

Perfectly

An administrator needs to be able to have a router securely with a network management system. The connections must be authenticated but not encrypted. While meeting these requirements, which command will create a group that allows a user on the network management system access to the router?

A. snmp-server group v2c
B. snmp-server group v3 priv write
C. snmp-server group v3 auth
D. snmp-server group v2c write

snmp-server group v3 auth

How well did you know this?

Not at all

Perfectly

What are two core components of a Cisco Umbrella solution? (Choose two)

A. Cloud container platform
B. DNS layer security
C. Cisco ISE
D. Transport Layer Security
E. Cloud access security broker

DNS layer security

Cloud access security broker

How well did you know this?

Not at all

Perfectly

Which solution provides a comprehensive views of internet domains, IP address, and autonomous system to help pinpoint attackers and malicious infrastructures?

A. Cisco Advanced Malware Investigate
B. Cisco Umbrella Investigate
C. Cisco Tetration Cloud
D. Cisco Thread Indication Database

Cisco Umbrella Investigate

How well did you know this?

Not at all

Perfectly

A network engineer has been tasked with configuring OSPF neighbor authentication on the WAN router for a branch office. The WAN router connects to the OSPF backbone area via an MPLS circuit that terminates on interface GigabitEthernet 0/0/0. The router id for this router is tied to the loopback0 interface. The password used for neighbor authentication should be encrypted when transmitted over the WAN. Which two IOS commands are required to enable OSPF neighbor authentication on this scenario? (Choose two)

A. ip ospf message-digest-key under the GigabitEthernet0/0/0 interface configuration

B. ip ospf authentication-key under Loopback0 interface configuration

C. service password-encryption under global configuration mode

D. area 0 authentication under the OSPF routing process configuration

E. area 0 authentication message-digest under the OSPF routing process configuration

ip ospf message-digest-key under the GigabitEthernet0/0/0 interface configuration

area 0 authentication message-digest under the OSPF routing process configuration

How well did you know this?

Not at all

Perfectly

How can Cisco Tetration connect to something within customer/3rd party network if the customer/3rd party network doesn’t allow incoming connections?

A. Reverse tunnel
B. GRE tunnel
C. Source NAT
D. Destination NAT

Reverse tunnel

How well did you know this?

Not at all

Perfectly

Which Cisco security platform is integrated into an organization’s cloud environment on AWS, google cloud, or AZUR to provide agentless visibility across the network by using advance machine learning and behavioral analytics?

A. Cisco ISE cloud
B. Cisco Stealthwatch cloud
C. Cisco ASAv
D. Cisco AMP cloud

Cisco Stealthwatch cloud

How well did you know this?

Not at all

Perfectly

An engineer is configuring DHCP snooping on a cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition this will occur?

A. A packet from a DHCP server is received from inside the network or firewall

B. A packet is received on an untrusted interface and the source MAC Address and the DHCP client hardware address do not match

C. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0

D. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database

A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0

How well did you know this?

Not at all

Perfectly

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A. Application settings
B. Destination lists
C. Content categories
D. Security settings

Destination lists

How well did you know this?

Not at all

Perfectly

While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two)

A. IP addresses
B. URLs
C. port numbers
D. protocol IDs
E. MAC addresses

IP addresses

URLs

How well did you know this?

Not at all

Perfectly

Which actions configure the IEEE 802.11x Flexible Authentication feature to support Layer 3 authentications mechanisms?

A. Modify the Dot1X configuration on the VPN server to send Layer 3 authentications to an external authentication database.

B. Add MAB into the switch to allow redirection to a Layer 3 device for authentication

C. Identify the devices using this feature and create a policy that allows them to pass Layer2 authentication

D. Configure WebAuth so the hosts are redirected to a web page for authentication

Configure WebAuth so the hosts are redirected to a web page for authentication

How well did you know this?

Not at all

Perfectly

Which action adds IOCs to customize detections for a new attack?

A. Upload the IOCs into the installed Endpoint IOC feature within Cisco AMP For Endpoints.

B. Use the initiate Endpoint IOC scan feature to gather the IOC information and push it to the clients.

C. Modify the base policy within Cisco AMP for Endpoints to include simple custom detections.

D. Add a custom Advanced detection to include the IOCs needed within Cisco For endpoints.

Upload the IOCs into the installed Endpoint IOC feature within Cisco AMP For Endpoints.

How well did you know this?

Not at all

Perfectly

Which platform besides the Cisco ASA should be deployed to provide content redirection using Direct-To-Tower methods without the need for the customer to send traffic using PAC files or third-party proxies?

A. Cisco ASR
B. Cisco ISR
C. Cisco WSA
D. Cisco CWS

Cisco CWS

How well did you know this?

Not at all

Perfectly

An organization is using CSR1000v routers in their private cloud infrastructure. They must upgrade their code to address vulnerabilities within their running code version. Who is responsible for these upgrades?

A. The cloud vendor is responsible for updating all code hosted in the cloud

B. The cloud service provider must be asked perform the upgrade

C. The organization must upgrade the code for the devices they manage

D. The CSR1000v is upgraded automatically as new code becomes available

The organization must upgrade the code for the devices they manage

How well did you know this?

Not at all

Perfectly

Which action blocks specific IP address whenever a computer with Cisco AMP for Endpoints installed connects to the network?

A. Create a simple custom detection policy and add the IP address

B. Create an application block list and add the IP address

C. Create an advanced custom detection policy and add the IP address

D. Create an IP Block & Allow list and add the IP address

Create an IP Block & Allow list and add the IP address

How well did you know this?

Not at all

Perfectly

A company has an infrastructure ACI policy on its perimeter router that denies RFC1918 address, unused address ranges, any packets that use the IP address range that is assigned to the internal IP infrastructure, and 127.0.0.1. All these rules apply to incoming traffic from the internet. Which two attacks are prevented by using this method? (Choose two)

A. Losing the line protocol keep-alives and routing protocol update
B. Spoofing the IP address of another customer to steal service
C. DoS attack that cause high CPU utilization
D. Gaining of access to network devices using a spoofed address
E. Routing processor resource exhaustion

Spoofing the IP address of another customer to steal service

Gaining of access to network devices using a spoofed address

How well did you know this?

Not at all

Perfectly

Which two tasks are required when a decryption policy is implemented on a Cisco WSA? (Choose two)

A. Upload a root certificate and private key
B. Enable HTTPS attack protection
C. Enable real-time revocation status checking
D. Configure invalid certificate handing
E. Enable the HTTPS proxy

Upload a root certificate and private key

Enable the HTTPS proxy

How well did you know this?

Not at all

Perfectly

What is a difference between GRE over IPsec and IPsec with crypto map?

A. GRE over IPsec supports non-IP protocols
B. Multicast traffic is supported by IPsec with crypto map
C. GRE provides its own encryption mechanism
D. IPsec with crypto map offers better scalability

GRE over IPsec supports non-IP protocols

How well did you know this?

Not at all

Perfectly

Which attack gives unauthorized access to files on the web server?

A. Broadcast storm
B. DHCP snooping
C. Distributed DoS
D. Path transversal

Path transversal

How well did you know this?

Not at all

Perfectly

Which VPN provides scalability for organizations with many remote sites?

A. SSL VPN
B. Site-to-site IPsec
C. DMVPN
D. GRE over IPsec

DMVPN

How well did you know this?

Not at all

Perfectly

When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?

A. Cisco ISE
B. Cisco ASA
C. Cisco AMP Private Cloud
D. Cisco Cloudlock

Cisco Cloudlock

How well did you know this?

Not at all

Perfectly

What are two examples of code injection vulnerabilities? (Choose two)

A. Session hijacking
B. Cross-site-scripting
C. XML external entity injection
D. Arbitrary command injection
E. SQL injection

Cross-site-scripting

SQL injection

How well did you know this?

Not at all

Perfectly

A network engineer must secure a Cisco switch from a MAC address flooding attack by allowing only the MAC address of currently connected PC on port Gi1/0/28. Which Cisco IOS command must be run to check if that MAC address is currently known and is the only MAC address allowed on that port?

A. show port-security
B. show port-security interface GigabitEthernet 1/0/28
C. show port-security address

show port-security interface GigabitEthernet 1/0/28

How well did you know this?

Not at all

Perfectly

Which problem is solved by deploying a multicontext firewall?

A. Overlapping IP addressing plan
B. Faster inspection
C. More secure policy
D. Resilient high availability design

Overlapping IP addressing plan

How well did you know this?

Not at all

Perfectly

What are two targets in cross-site scripting attacks? (Choose two) A. Footer B. Cookie C. Image D. Input E. Header

Cookie Input

An administrator wants to ensure that the organization’s remote access VPN devices can connect to the VPN without the user logging into the devices. Which action accomplishes this task? A. Modify the Cisco AnyConnect Client image to start before logon and use the users cached credentials for authentication B. Change the Cisco AnyConnect Connection Profile to allow for authentication prior to logon and use the user certificate for authentication C. Configure the Start Before Logon feature in the Cisco AnyConnect Client and use certificate authentication D. Add the Auto Connect feature in the Cisco AnyConnect Group Policy and use the machine certificate as the authentication indentity

Configure the Start Before Logon feature in the Cisco AnyConnect Client and use certificate authentication

Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches? A. Northbound APIs B. Unprotected APIs C. Southbound APIs D. Rest APIs

Southbound APIs

Which security mechanism is designed to protect against offline brute-force attacks? A. Salt B. CAPTCHA C. MFA D. Token

MFA

Which process is used to obtain a certificate from a CA? A. Enrollment B. Signing C. Approval D. Registration

Enrollment

Which two products are used to forecast capacity needs accurately in real time? (Choose two) A. Cisco Workload Optimization Manager B. Cisco Cloudlock C. Cisco AppDynamics D. Cisco Umbrella E. Cisco Tetration

Cisco Workload Optimization Manager Cisco AppDynamics

Which two algorithms must be used when an engineer is creating a connection that will have classified data across it? (Choose two) A. SHA-384 B. RC4 C. RSA-3072 D. AES-256 E. ECDSA-256

SHA-384 AES-256

Which common exploit method is TLS 1.3 designed to prevent? A. Man-in-the-middle attack B. Cross-site-request forgery C. Cross-site-scripting D. Denial-of-service attack

Man-in-the-middle attack

A website administrator wants to prevent SQL injection attacks the company’s customer database, which is referenced by the web server. Which two methods help prevent SQL injection attacks? (Choose two) A. using load balancers with NAT B. enforcing TLS 1.3 only C. using SSL certificates D. using web application firewalls E. performing input validation

using web application firewalls performing input validation

Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco implementation (Choose two) A. ADC B. ERSPAN C. Cisco ASA D. NetFlow E. Cisco Secure Workload

ERSPAN NetFlow

An engineer is configuring a Cisco Cloud Email Security instance to send logs to an external server for auditing. For security purposes, a username and SSH key has been generated on the remote log server that accepts only the SSHv2 protocol. Which log retrieval method must be configured in the log subscription? A. Syslog push B. FTP push C. Manually download D. SCP push

SCP push

A network Administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants to limit the strain on firewall resources. Which method must be used to send these logs to Cisco Security Analytics and Logging? A. SFTP using the FMC CLI B. HTTP POST using the Security Analytics FMC plugin C. Direct connection using SNMP traps D. Syslog using the Secure Event Connector

Syslog using the Secure Event Connector

Refer to the exhibit. *Jul 1 15:33:50.027: ISAKMP: (0):Enqueued KEY_MGR_SESSION_CLOSED for Tunnel0 deletion *Jul 1 15:33:50.027: ISAKMP: (0):Deleting peer node by peer_reap for 2.2.2.2: D1250B0 *Jul 1 15:33:50.029: ISAKMP: (1001):peer does not do paranoid keepalives. *Jul 1 15:33:54.781: ISAKMP-PAK: (0) received packet from 2.2.2.2 dport 500 sport 500 Global (N) NEW SA *Jul 1 15:33:54.781: ISAKMP: (0):Created a peer struct for 2.2.2.2, peer port 500 *Jul 1 15:33:54.781: ISAKMP: (0):New peer created peer = 0x11026528 peer_handle = 0x80000004 *Jul 1 15:33:54.781: ISAKMP: (0):Locking peer struct 0x11026528, refcount 1 for crypto_isakmp_process_block *Jul 1 15:33:54.782: ISAKMP: (0):local port 500, remote port 500 *Jul 1 15:33:54.782: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 104E3C68 *Jul 1 15:33:54.782: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Jul 1 15:33:54.782: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1 Which command results in these messages when attempting to troubleshoot an IPsec VPN connection? A. debug crypto ipsec B. debug crypto isakmp C. debug crypto isakmp connection D. debug crypto ipsec endpoint

debug crypto isakmp

What describes the function of the crypto isakmp key C1$c449400824 address 0.0.0.0 0.0.0.0 command when configuring an IPsec VPN tunnel on a Cisco IOS router? A. It configures the IP address and subnet mask of the VPN server B. It allows connections from any hosts using the defined preshared key C. It defines that all data is going to be encrypted via the VPN D. It drops spoofed VPN traffic using 0.0.0.0 as the source or destination IP address

It allows connections from any hosts using the defined preshared key

Which two activities are performed using Cisco DNA Center? (Choose two) A. DNS B. DHCP C. design D. provision E. accounting

design provision

What is the ideal deployment mode to use when you need to manage separate security policies for multiple customers on a Cisco ASA device? A. spanned cluster mode B. IRB mode C. VRF mode D. multiple context mode

multiple context mode

Which algorithm does ISAKMP use to securely derive encryption and integrity keys? A. AES B. Diffie-Hellman C. 3DES D. RSA

Diffie-Hellman

In which cloud services model is the customer responsible for scanning for and mitigation of application vulnerabilities? A. VMaaS B. IaaS C. PaaS D. SaaS

IaaS

For which type of attack is multifactor authentication an effective deterrent? A. syn flood B. ping of death C. phishing D. teardrop

phishing

An organization wants to reduce their attack surface for cloud applications. They want to understand application communications, detect abnormal application behavior, and detect vulnerabilities within the applications. Which action accomplishes this task? A. Modify the Cisco Duo configuration to restrict access between applications. B. Use Cisco ISE to provide application visibility and restrict access to them. C. Configure Cisco Tetration to detect anomalies and vulnerabilities. D. Implement Cisco Umbrella to control the access each application is granted.

Configure Cisco Tetration to detect anomalies and vulnerabilities.

Refer to the exhibit. RouterA(config)#crypto key generate rsa general-keys label SSH modules 2048 RouterA(config)#ip ssh rsa keypair-name SSH RouterA(config)#ip ssh version 2 An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two) A. enables SSHv1 on the router B. uses the FQDN with the label command C. generates RSA key pairs on the router D. generates AES key pairs on the router E. labels the key pairs to be used for SSH

generates RSA key pairs on the router labels the key pairs to be used for SSH

When MAB is configured for use within the 802.1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password? A. The MAB uses the Call-Station-ID as username and password B. The MAB uses the IP address as username and password. C. Each device must be set manually by the administrator. D. The MAB uses the MAC address as username and password

The MAB uses the MAC address as username and password

Which solution operates as a cloud-native CASB? A. Cisco Umbrella B. Cisco pxGrid C. Cisco CloudLock D. Cisco Stealthwatch Cloud

Cisco CloudLock

A security audit recently revealed that an administrator is using the same password of C1$c0451175124 for his personal account across multiple systems. What must be implemented by the company to reduce the changes of this happening again? A. centralized user authentication B. security awareness training C. strict password policies D. role based access control

security awareness training

Which entity is responsible for encrypting data in transit using an IaaS model versus a SaaS model? A. Cloud Service Provider for IaaS and Cloud Service Customer for SaaS B. Cloud SLA Manager for IaaS and Cloud Application Developer for SaaS C. Cloud Service Customer for IaaS and Cloud Service Provider for SaaS D. Cloud Application Developer for IaaS and Cloud SLA Manager for SaaS

Cloud Service Customer for IaaS and Cloud Service Provider for SaaS

Which common threat can be prevented by implementing port security on switch ports? A. VLAN hopping attacks B. spoofing attacks C. denial-of-service attacks D. eavesdropping attacks

denial-of-service attacks

When a site-to-site VPN is configuring in Cisco FMC, which topology is supported when crypto ACLs are used instead of protected networks to define interesting traffic? A. point-to-point B. hub-and-spoke C. DMVPN D. full mesh

point-to-point

Which solution provides end-to-end visibility of applications and insights about application performance? A. Cisco Secure Cloud Analytics B. Cisco Cloudlock C. Cisco Tetration D. Cisco AppDynamics

Cisco AppDynamics

Which two methods are valid to be included in an authentication method list? (Choose two) A. default B. login C. console D. line E. enable

Which two aspects of the IaaS cloud service model are managed by the service provider? (Choose two) A. virtual network B. applications C. physical network D. hypervisors E. virtual machines

physical network hypervisors

A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to mitigate this risk? A. aaa authentication console B. config-register 0x00000041 C. no service password-recovery D. no service sw-reset-button

no service password-recovery

What is the purpose of a denial-of-service attack? A. to exploit a security vulnerability on a computer system to steal sensitive information B. to disrupt the normal operation of a targeted system by overwhelming it C. to spread throughout a computer system by self-replicating to additional hosts D. to prevent or limit access to data on a computer system by encrypting it

to disrupt the normal operation of a targeted system by overwhelming it

What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physical Secure Email Gateway? A. provides faster performance B. enables the allocation of additional resources C. provides an automated setup process D. simplifies the distribution of software updates

simplifies the distribution of software updates

Which Cisco AnyConnect module is integrated with Splunk Enterprise to provide monitoring capabilities to administrators to allow them to view endpoint application usage? A. ISE Posture B. Umbrella Roaming Security C. AMP Enabler D. Network Visibility

Network Visibility

An engineer must configure Cisco Secure Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement? A. Create an application control blocked applications list. B. Add a list for simple custom detection. C. Modify the advanced custom detection list to include these files. D. Identify the network IPs and place them in a blocked list.

Create an application control blocked applications list

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains? A. DNS Security Essentials B. SIG Essentials C. DNS Security Advantage D. SIG Advantage

DNS Security Advantage

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains? A. DNS Security Essentials B. SIG Essentials C. DNS Security Advantage D. SIG Advantage

DNS Security Advantage

Which two VPN tunneling protocols support the use of IPsec to provide data integrity, authentication, and data encryption? (Choose two) A. OpenVPN B. Secure Socket Tunneling Protocol C. Generic Routing Encapsulation Protocol D. Point-to-Point Tunneling Protocol E. Layer 2 Tunneling Protocol

Generic Routing Encapsulation Protocol Layer 2 Tunneling Protocol

Which firewall deployment mode allows inspection of traffic between servers in the same IP subnet? A. transparent B. multicontext C. virtual D. routed

transparent

Which two Cisco ISE components enforce security policies on noncompliant endpoints by blocking network access? (Choose two) A. profiling B. TACACS+ C. Apex licensing D. DHCP and SNMP probes E. posture agents

profiling posture agents

An administrator is testing new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue? A. NTP authentication has been configured on the network device. B. The network device is sending the wrong password to the server. C. NTP authentication has been configured on the NTP server. D. The server changed its time source to stratum 1.

The network device is sending the wrong password to the server.

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software? A. pass B. buffer C. reset D. drop

pass

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization’s inside network 192.168.1.0/24. Which IOS command must be used to create the access control list? A. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 B. access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80 C. access-list permit http 192.168.1.0 255.255.255.0 any D. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations? A. hybrid cloud B. private cloud C. community cloud D. public cloud

community cloud

What must be configured on Cisco Secure Endpoint to create a custom detection file list to detect and quarantine future files? A. Use the simple custom detection feature and add each detection to the list B. Add a network IP block allowed list to the configuration and add the blocked files C. Create an advanced custom detection and upload the hash of each file D. Configure an application control allowed applications list to block the files

Use the simple custom detection feature and add each detection to the list

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation? A. denial-of-service B. cross-site request forgery C. man-in-the-middle D. SQL injection

SQL injection

Which two devices support WCCP for traffic redirection? (Choose two) A. Cisco Secure Web Appliance B. Cisco IOS C. proxy server D. Cisco ASA E. Cisco IPS

Cisco IOS Cisco ASA

An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generated by the user is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goal? A. group policy B. NAT exemption C. encryption domain D. routing table

group policy

A network administrator is modifying a remote access VPN on an FTD managed by an FMC. The administrator wants to offload traffic to certain trusted domains. The administrator wants this traffic to go out of the client’s local internet and send other internet-bound traffic over the VPN. Which feature must the administrator configure? A. dynamic access policies B. local LAN access C. dynamic split tunneling D. reverse route injection

dynamic split tunneling

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes? A. The changes are applied immediately if the destination list is part of a policy B. The destination list must be removed from the policy before changes are made to it C. The changes are applied only after the configuration is saved in Cisco Umbrella D. The user role of Block Page Bypass or higher is needed to perform these changes

The changes are applied immediately if the destination list is part of a policy

What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard? A. public collection of threat intelligence feeds B. service used to exchange security information C. language used to represent security information D. threat intelligence sharing organization

service used to exchange security information

A network administrator has configured TACACS on a network device using the key Cisc0467380030 for authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is failing. Which configuration step must the administrator complete? A. Configure the TACACS key on the server to match with the network device. B. Install a compatible operating system version on the TACACS server. C. Implement synchronized system clock on TACACS server that matches the network device. D. Apply an access control list on TACACS server to allow communication with the network device.

Configure the TACACS key on the server to match with the network device.

Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains IPs, and flies, and helps to pinpoint attackers’ infrastructures and predict future threat? A. Cisco Secure Network Analytics B. Cisco Secure Cloud Analytics C. Cisco pxGrid D. Cisco Umbrella Investigate

Cisco Umbrella Investigate

How should an organization gain visibility into encrypted flows leaving the organization? A. Decrypt and inspect the HTTPS traffic B. Add Cisco Secure Firewall IPS C. Enable a VPN for more sensitive data D. Implement AAA for external users

Decrypt and inspect the HTTPS traffic

What is a capability of EPP compared to EDR? A. EPP prevents attacks on a website, and EDR focuses on protecting computers and servers B. EPP prevents attacks made via email, and EDR prevents attacks on a web server C. EPP prevents attacks on an endpoint, and EDR detects attacks that penetrate the environment D. EPP prevents attacks on an endpoint, and EDR focuses on protecting email and web servers

EPP prevents attacks on an endpoint

Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organizations cloud environment? A. Cisco DNA B. Cisco Secure Workload C. Cisco FTD D. Cisco CSR 1000v

Cisco DNA

Refer to the exhibit. host_api_url = "/api/fmc_config/v1/domain/" + DOMAIN_UUID + "/object/hosts?bulk=true" host_url = "https://" + address + host_api_uri header = { 'Content-Type':application/json', ' x-auth-access-token': accesstoken } if host != []: response = requests.request("POST", host_url, headers=headers, data = host_payload , verify=False) else: print("Please validate that the CSV file provided is correct or at correct location") Which task is the Python script performing by using the Cisco Secure Firewall API? A. removing an existing bulk list of internal hosts from Cisco Secure Firewall Management Center B. retrieving a bulk list of network hosts from Cisco Secure Firewall Management Center C. adding to an existing bulk list of internal hosts on Cisco Secure Firewall Management Center D. pushing a bulk list of network hosts to Cisco Secure Firewall Management Center

pushing a bulk list of network hosts to Cisco Secure Firewall Management Center

An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware? A. Block Files B. Block Malware C. Detect Files D. Malware Cloud Lookup

Block Malware

An engineer configured 802.1X authentication on a switch port but cannot authenticate. Which action must the engineer take to validate if the user credentials are correct? A. Check policy enforcement point for the authentication mechanism and credentials used B. Check the authenticator and view the debug logs for the username and password. C. Check the supplicant logs for the username and password entered then check the authentication provider D. Check the logs of the authentication server for the username and authentication rejection logs

Check the logs of the authentication server for the username and authentication rejection logs

How does a Cisco Secure Web Appliance integrated with LDAP handle the permissions of a currently logged in Active Directory group member when the Active Directory administrator changes the permissions of the user’s group mid session? A. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session B. If the Cisco Secure Client Mobility Client is configured on the endpoint to provide Active Directory updates, the Cisco Secure Web Appliance changes the user’s permissions immediately when alerted by the client. C. The Cisco Secure Web Appliance terminates the current session and prompts the user to re-authenticate in order to update the effective permissions D. If the Cisco Secure Web Appliance is configured to receive real-time updates from the Active Directory user agent, it changes the user’s permissions immediately when the agent sends the update

The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session

The security team has installed a Cisco Secure Email Gateway. During setup, a large number of email messages are being blocked. The security team wants to investigate and determine if the emails are part of a phishing or malware attack. Which configuration step must the security team apply? A. Configure sender domain reputation policy to check if sender email domain is known to be malicious B. Implement a policy to only allow email from trusted to the network senders C. Apply a policy to route all blocked emails to a separate quarantine folder D. Configure a policy to disable spam filtering in order to expedite email delivery

Apply a policy to route all blocked emails to a separate quarantine folder

What is an attribute of a successful endpoint patch management strategy? A. discovering assets B. defining timing to install patches C. deciding which patches to install D. minimizing device variance

defining timing to install patches

An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal? A. SWC service B. SDC VM C. SDC event viewer D. Cisco analytics

SDC VM

Which two facts must be considered when deciding whether to deploy the Cisco WSA in Standard mode, Hybrid Web Security mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two) A. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy B. The onsite web proxy is not supported in Cloud Web Security Connector mode C. External DLP is available only in Standard mode and Hybrid Web Security mode D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring E. ISE integration is available only in Standard mode and Hybrid Web Security mode

Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy The onsite web proxy is not supported in Cloud Web Security Connector mode

What is a benefit of using GETVPN over FlexVPN within a VPN deployment? A. GETVPN natively supports MPLS and private IP networks B. GETVPN interoperates with non-Cisco devices C. GETVPN supports Remote Access VPNs D. GETVPN uses multiple security associations for connections

GETVPN natively supports MPLS and private IP networks

What is an advantage of using a next-generation firewall compared to a traditional firewall? A. Next-generation firewall have stateless inspection capabilities, and traditional firewalls use stateful inspection B. Next-generation firewalls use intrusion prevention policies, and traditional firewalls use intrusion detection policies C. Next-generation firewalls use dynamic packet filtering, and traditional firewalls use static packet filtering D. Next-generation firewalls have threat intelligence feeds, and traditional firewalls use signature detection

Next-generation firewalls have threat intelligence feeds

An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two) A. Configure the DNS security settings B. Point DHCP to Umbrella platform DHCP servers C. Point DNS to Umbrella platform DNS servers D. Install the Umbrella root certificate E. Enter a network public IP address

Point DNS to Umbrella platform DNS servers Enter a network public IP address

Which feature is used to configure an encrypted route-based site-to-site VPN from a Cisco router to a cloud environment? A. Tunnel Mode Auto Selection B. IKE Profile Based Selection C. FlexVPN Mixed Mode D. virtual tunnel interface

virtual tunnel interface

An engineer is configuring Outbreak Filters for a Cisco Secure Email Gateway to protect a network from large-scale virus outbreaks and phishing scams. Any URLs that match the filter must be logged with these details: 1. Category 2. Reputation score 3. Outbreak Filter rewrites Which CLI command must the engineer use? A. quarantineconfig B. dlpconfig C. outbreakconfig D. outbreakfilters

outbreakconfig

What is a benefit of implementing multifactor authentication for an application? A. links devices with applications improving discovery B. allows secure connections to the application C. allows remote access to the application D. helps prevent stolen credentials from being used

helps prevent stolen credentials from being used

An engineer must configure a Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of emails that violate the DLP policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet the requirements? A. Secure Message Forwarding B. Secure Reply All C. Matched Content Logging D. DLP Message Action

Matched Content Logging

Refer to the exhibit. import requests import json from datetime import datetime import base64 API_req = "c47757e9-9216-4f92-8etd-eff31bb4e0759ee" API_secret ="fjks2454skfj2" API_combined = API_key + ":" API_secret base64= (base64.standard_b64encode(bytes(API_combined, 'utf-8'))).decode("utf-8") organization = "1385624" reporting_url ="https://reports.api.umbrella.com/v1/organization/" + organization + "/security-activity" time= datetime.now().isoformat() headers = { 'Authorization': "Basic" + base64 } req = requests.get{reporting_url, headers=headers) output = req.json() if(req.status.code == 200) print("SUCCESS" at %(time)s is the most recent security activity : %(output)s % {'time':, time, 'output': output}) else: print("An error has occurred with the following code %(error)s, please consult the following link: https://docs.umbrella.con/ investigate-api/" % {’error': req.status_code}) Which task is the Python script performing by using the Cisco Umbrella API? A. creating a list of the latest security events B. copying a list of the latest security activity C. retrieving a list of the latest security events D. sending a list of the latest security activity

sending a list of the latest security activity

What is a feature of an endpoint detection and response solution? A. ensuring the security of network devices by choosing which devices are allowed to reach the network B. rapidly and consistently observing and examining data to mitigate threats C. preventing attacks by identifying harmful events with machine learning and conduct-based defense D. capturing and clarifying data on email, endpoints, and servers to mitigate threats

preventing attacks by identifying harmful events with machine learning and conduct-based defense

Which file type is supported when performing a bulk upload of destinations into a destination list on Cisco Umbrella? A. XLS B. TXT C. CSV D. RTF

TXT

A network administrator has installed Secure Endpoint in the network. During setup it was noticed an endpoint has been exhibiting unusual behavior, including slow performance and unexpected network activity. Administrator discovers a suspicious file running in the background. Which step must the network administrator take to investigate and remediate the potential malware? A. Isolate the endpoint from the network B. Reset the endpoint password and enable multi-factor authentication C. Disable all non-essential processes running on the endpoint D. Format and reinstall the operating system on the endpoint

Isolate the endpoint from the network

Which component performs the resolution between the tunnel address and mGRE address in DMVPN? A. NHRP B. NHS C. GDOI D. NBMA

NHRP

A network administrator needs a solution to match traffic and allow or deny the traffic based on the type of application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement? A. next-generation firewall B. web application firewall C. intrusion detection system D. next-generation intrusion prevention system

next-generation intrusion prevention system

What is a difference between encrypted passwords and hardcoded passwords? A. Encrypted passwords are easier to obtain, and hardcoded passwords are known only to developers B. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code C. Encrypted passwords are used for frontend applications, and hardcoded passwords are used for backend applications D. Encrypted passwords are generated by an application user, and hardcoded passwords are generated randomly

Encrypted passwords are stored in a database

A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full? A. It deletes logs older than a configurable age B. It archives older logs in a compressed file to free space C. It suspends logging and reporting functions D. It overwrites the oldest log files

It suspends logging and reporting functions

Which platform uses Cyber Threat Intelligence as its main source of information? A. Cisco Secure Endpoint B. EDR C. EPP D. Cisco ASA

Cisco Secure Endpoint

Exam A Flashcards

(104 cards)