Exam F Flashcards by Yevgeniy Levin

Which attack is commonly associated with C and C++ programming languages?

A. cross-site scriptingwrong
B. DDoS
C. buffer overflow
D. water holing

buffer overflow

How well did you know this?

Not at all

Perfectly

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. SMTPwrong
B. pxGrid
C. STIX
D. XMPP

STIX

How well did you know this?

Not at all

Perfectly

Which two preventive measures are used to control cross-site scripting? (Choose two)

A. Disable cookie inspection in the HTML inspection engine.wrong

B. Incorporate contextual output encoding/escaping

C. Enable client-side scripts on a per-domain basis

D. Run untrusted HTML input through an HTML sanitization engine.

E. Same Site cookie attribute should not be used.

Incorporate contextual output encoding/escaping

Enable client-side scripts on a per-domain basis

How well did you know this?

Not at all

Perfectly

Which two mechanisms are used to control phishing attacks? (Choose two)

A. Use antispyware software.wrong
B. Implement email filtering techniques.
C. Revoke expired CRL of the websites.
D. Enable browser alerts for fraudulent websites.
E. Define security group memberships.

Implement email filtering techniques.

Enable browser alerts for fraudulent websites.

How well did you know this?

Not at all

Perfectly

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. rootkit exploitwrong
B. Smurf
C. distributed denial of service
D. cross-site scripting

cross-site scripting

How well did you know this?

Not at all

Perfectly

Which two behavioral patterns characterize a ping of death attack? (Choose two)

A. Malformed packets are used to crash systems.

B. The attack is fragmented into groups of 8 octets before transmission.

C. The attack is fragmented into groups of 16 octets before transmission.

D. Publicly accessible DNS servers are typically used to execute the attack.

E. Short synchronized bursts of traffic are used to disrupt TCP connections.

Malformed packets are used to crash systems.

The attack is fragmented into groups of 8 octets before transmission.

How well did you know this?

Not at all

Perfectly

What is the difference between deceptive phishing and spear phishing?

A. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

B. A spear phishing campaign is aimed at a specific person versus a group of people.

C. Spear phishing is when the attack is aimed at the C-level executives of an organization.

D. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

A spear phishing campaign is aimed at a specific person versus a group of people.

How well did you know this?

Not at all

Perfectly

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

A. Patch for cross-site scripting.
B. Perform backups to the private cloud.
C. Protect systems with an up-to-date antimalware program.
D. Protect against input validation and character escapes in the endpoint.
E. Install a spam and virus email filter.

Protect systems with an up-to-date antimalware program.

Install a spam and virus email filter.

How well did you know this?

Not at all

Perfectly

Which two capabilities does TAXII support? (Choose two)

A. Binding
B. Exchange
C. Mitigating
D. Pull messaging
E. Correlation

Binding

Pull messaging

How well did you know this?

Not at all

Perfectly

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. web page images
B. database
C. Linux and Windows operating systems
D. user input validation in a web page or web application

user input validation in a web page or web application

How well did you know this?

Not at all

Perfectly

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A. Secure the connection between the web and the app tier.
B. Use prepared statements and parameterized queries.
C. Check integer, float, or Boolean string parameters to ensure accurate values.
D. Block SQL code execution in the web application database login.
E. Write SQL code instead of using object-relational mapping libraries.

Use prepared statements and parameterized queries.

Check integer, float, or Boolean string parameters to ensure accurate values.

How well did you know this?

Not at all

Perfectly

Which form of attack is launched using botnets?

A. DDOS
B. EIDDOS
C. TCP flood
D. virus

DDOS

How well did you know this?

Not at all

Perfectly

Which type of attack is social engineering?

A. trojan
B. malware
C. phishing
D. MITM

phishing

How well did you know this?

Not at all

Perfectly

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A. profile
B. url
C. terminal
D. selfsigned

profile

How well did you know this?

Not at all

Perfectly

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two)

A. ARP spoofing
B. exploits
C. malware
D. eavesdropping
E. denial-of-service attacks

exploits

malware

How well did you know this?

Not at all

Perfectly

What are two rootkit types? (Choose two)

A. bootloader
B. buffer mode
C. registry
D. virtual
E. user mode

bootloader

user mode

How well did you know this?

Not at all

Perfectly

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death
B. HTTP flood
C. virus
D. NTP amplification

virus

How well did you know this?

Not at all

Perfectly

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

A. 3DES
B. DES
C. RSA
D. AES

RSA

How well did you know this?

Not at all

Perfectly

Which two descriptions of AES encryption are true? (Choose two)

A. AES is more secure than 3DES.
B. AES can use a 168-bit key for encryption.
C. AES can use a 256-bit key for encryption.
D. AES encrypts and decrypts a key three times in sequence.
E. AES is less secure than 3DES.

AES is more secure than 3DES.

AES can use a 256-bit key for encryption.

How well did you know this?

Not at all

Perfectly

Which algorithm provides encryption and authentication for data plane communication?

A. SHA-96
B. SHA-384
C. AES-GCM
D. AES-256

AES-GCM

How well did you know this?

Not at all

Perfectly

Which two key and block sizes are valid for AES? (Choose two)

A. 128-bit block size, 192-bit key length
B. 128-bit block size, 256-bit key length
C. 64-bit block size, 168-bit key length
D. 192-bit block size, 256-bit key length
E. 64-bit block size, 112-bit key length

128-bit block size, 192-bit key length

128-bit block size, 256-bit key length

How well did you know this?

Not at all

Perfectly

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

How well did you know this?

Not at all

Perfectly

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A. DMVPN
B. FlexVPN
C. IPsec DVTI
D. GET VPN

GET VPN

How well did you know this?

Not at all

Perfectly

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically

B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device

D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

How well did you know this?

Not at all

Perfectly

Which VPN technology can support a multivendor environment and secure traffic between sites? A. SSL VPN B. GET VPN C. FlexVPN D. DMVPN

GET VPN

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN? A. Change isakmp to ikev2 in the command on hostA. B. Enter the command with a different password on hostB. C. Enter the same command on hostB. D. Change the password on hostA to the default password.

Enter the same command on hostB.

What is a difference between FlexVPN and DMVPN? A. DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1 B. DMVPN uses only IKEv1 FlexVPN uses only IKEv2 C. FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2 D. FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

FlexVPN uses IKEv2

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN? A. TLSv1.2 B. TLSv1.1 C. BJTLSv1 D. DTLSv1

DTLSv1

What is a commonality between DMVPN and FlexVPN technologies? A. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes B. FlexVPN and DMVPN use the new key management protocol C. FlexVPN and DMVPN use the same hashing algorithms D. IOS routers run the same NHRP code for DMVPN and FlexVPN

IOS routers run the same NHRP code for DMVPN and FlexVPN

Which functions of an SDN architecture require southbound APIs to enable communication? A. management console and the cloud B. management console and the SDN controller C. SDN controller and the cloud D. SDN controller and the network elements

SDN controller and the network elements

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two) A. accounting B. encryption C. assurance D. automation E. authentication

assurance automation

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network? A. SDN controller and the cloud B. management console and the cloud C. management console and the SDN controller D. SDN controller and the management solution

SDN controller and the management solution

Which two request of REST API are valid on the Cisco ASA Platform? (Choose two) A. push B. options C. connect D. put E. get

push put

Which API is used for Content Security? A. OpenVuln API B. IOS XR API C. NX-OS API D. AsyncOS API

AsyncOS API

Which option is the main function of Cisco Firepower impact flags? A. They alert administrators when critical events occur. B. They identify data that the ASA sends to the Firepower module. C. They correlate data about intrusions and vulnerability. D. They highlight known and suspected malicious IP addresses in reports.

They correlate data about intrusions and vulnerability.

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two) A. Cisco FTDv configured in routed mode and IPv6 configured B. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises C. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS D. Cisco FTDv with two management interfaces and one traffic interface configured E. Cisco FTDv with one management interface and two traffic interfaces configured

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform? A. Endpoint Trust List B. Secured Collaboration Proxy C. Certificate Trust List D. Enterprise Proxy Service

Certificate Trust List

Which two deployment modes does the Cisco ASA FirePower module support? (Choose two) A. routed mode B. active mode C. transparent mode D. inline mode E. passive monitor-only mode

inline mode passive monitor-only mode

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center? A. time synchronization B. network address translations C. quality of service D. intrusion policy

time synchronization

Which information is required when adding a device to Firepower Management Center? A. encryption method B. username and password C. device serial number D. registration key

registration key

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two) A. Protocol B. Source C. Port D. Application E. Rule

Source Rule

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System? A. Security Intelligence B. URL Filtering C. Impact Flags D. Health Monitoring

Impact Flags

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System? A. protect B. malware C. URL filtering D. control

protect

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices? A. health policy B. correlation policy C. system policy D. health awareness policy E. access control policy

health policy

What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging? A. Its events match all traffic classes in parallel. B. It tracks the flow continuously and provides updates every 10 seconds. C. It tracks flow-create, flow-teardown, and flow-denied events. D. It provides stateless IP flow tracking that exports all records of a specific flow.

It tracks flow-create

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two) A. SSL B. packet decoder C. SIP D. modbus E. inline normalization

SSL SIP

Which feature is supported when deploying Cisco ASAv within AWS public cloud? A. user deployment of Layer 3 networks B. multiple context mode C. clustering D. IPv6

user deployment of Layer 3 networks

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs? A. routed mode B. transparent mode C. multiple zone mode D. multiple context mode

multiple context mode

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two) A. Define a NetFlow collector by using the flow-export command. B. Enable NetFlow Version 9. C. Create an ACL to allow UDP traffic on port 9996. D. Create a class map to match interesting traffic. E. Apply NetFlow Exporter to the outside interface in the inbound direction.

Define a NetFlow collector by using the flow-export command. Apply NetFlow Exporter to the outside interface in the inbound direction.

How many interfaces per bridge group does an ASA bridge group deployment support? A. up to 8 B. up to 4 C. up to 16 D. up to 2

up to 4

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System? A. Intrusion B. Correlation C. Access Control D. Network Discovery

Network Discovery

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System? A. It inspects hosts that meet the profile with more intrusion rules. B. It defines a traffic baseline for traffic anomaly deduction. C. It allows traffic if it does not meet the profile. D. It blocks traffic if it does not meet the profile.

It defines a traffic baseline for traffic anomaly deduction.

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true? A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled. B. A flow-export event type must be defined under a policy. C. NSEL can be used without a collector configured. D. A sysopt command can be used to enable NSEL on a specific interface.

A flow-export event type must be defined under a policy.

Which ASA deployment mode can provide separation of management on a shared appliance? A. transparent firewall mode B. routed mode C. multiple context mode D. DMZ multiple zone mode

multiple context mode

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment? A. Device Management Policy B. Group Policy C. Platform Service Policy D. Access Control Policy

Platform Service Policy

```Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center? A. configure manager add host B. configure system add C. configure manager add D. configure manager delete```

```configure manager add ```

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used? A. ip flow monitor input B. flow-export destination inside 1.1.1.1 2055 C. flow exporter D. ip flow-export destination 1.1.1.1 2055

flow-export destination inside 1.1.1.1 2055

Which statement about IOS zone-based firewalls is true? A. An unassigned interface can communicate with assigned interfaces B. An interface can be assigned to multiple zones. C. An interface can be assigned only to one zone. D. Only one interface can be assigned to a zone.

An interface can be assigned only to one zone.

What is a characteristic of Firepower NGIPS inline deployment mode? A. It must have inline interface pairs configured. B. ASA with Firepower module cannot be deployed. C. It is out-of-band from traffic. D. It cannot take actions such as blocking traffic.

It must have inline interface pairs configured.

Which technology is used to improve web traffic performance by proxy caching? A. FireSIGHT B. WSA C. ASA D. Firepower

WSA

What is the primary benefit of deploying an ESA in hybrid mode? A. You can fine-tune its settings to provide the optimum balance between security and performance for your environment B. It provides the lowest total cost of ownership by reducing the need for physical appliances C. It provides email security while supporting the transition to the cloud D. It provides maximum protection and control of outbound messages

It provides email security while supporting the transition to the cloud

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP? A. redirection B. forward C. transparent D. proxy gateway

transparent

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options? A. It alerts users when the WSA decrypts their traffic. B. It provides enhanced HTTPS application detection for AsyncOS. C. It decrypts HTTPS application traffic for unauthenticated users. D. It decrypts HTTPS application traffic for authenticated users.

It provides enhanced HTTPS application detection for AsyncOS.

What is the primary role of the Cisco Email Security Appliance? A. Mail Submission Agent B. Mail User Agent C. Mail Transfer Agent D. Mail Delivery Agent

Mail Transfer Agent

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two) A. RAT B. white list C. Sophos engine D. outbreak filters E. DLP

Sophos engine outbreak filters

Which action controls the amount of URI text that is stored in Cisco WSA logs files? A. Configure the advancedproxyconfig command with the HTTPS subcommand B. Configure a maximum packet size. C. Configure a small log-entry size. D. Configure the datasecurityconfig command

Configure the advancedproxyconfig command with the HTTPS subcommand

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two) A. NetFlow B. Data loss prevention C. Time-based one-time passwords D. Heuristic-based filtering E. Geolocation-based filtering

Data loss prevention Geolocation-based filtering

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two) A. reference a Proxy Auto Config file B. configure policy-based routing on the network infrastructure C. use Web Cache Communication Protocol D. configure the proxy IP address in the web-browser settings E. configure Active Directory Group Policies to push proxy settings

reference a Proxy Auto Config file use Web Cache Communication Protocol

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform to determine where each message was lost? A. Perform a trace. B. Configure the trackingconfig command to enable message tracking. C. Review the log files. D. Generate a system report.

Configure the trackingconfig command to enable message tracking.

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two) A. It can handle explicit HTTP requests. B. It requires a proxy for the client web browser. C. Layer 4 switches can automatically redirect traffic destined to port 80. D. It requires a PAC file for the client web browser. E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

Layer 4 switches can automatically redirect traffic destined to port 80. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses? A. RAT B. HAT C. SAT D. BAT

RAT

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two) A. antispam B. DDoS C. encryption D. antivirus E. DLP

encryption DLP

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic? A. AMP Reputation Center B. IP Blacklist Center C. IP and Domain Reputation Center D. File Reputation Center

IP and Domain Reputation Center

Why would a user choose an on-premises ESA versus the CES solution? A. Demand is unpredictable. B. ESA is deployed inline. C. Sensitive data must remain onsite. D. The server team wants to outsource this service.

Sensitive data must remain onsite.

Which deployment model is the most secure when considering risks to cloud adoption? A. Public Cloud B. Community Cloud C. Private Cloud D. Hybrid Cloud

Private Cloud

Which technology reduces data loss by identifying sensitive information stored in public computing environments? A. Cisco HyperFlex B. Cisco Cloudlock C. Cisco Firepower D. Cisco SDA

Cisco Cloudlock

On which part of the IT environment does DevSecOps focus? A. application development B. perimeter network C. data center D. wireless network

application development

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation? A. Tetration B. Firepower C. Nexus D. Stealthwatch

Tetration

In which cloud services model is the tenant responsible for virtual machine OS patching? A. SaaS B. PaaS C. UCaaS D. IaaS

IaaS

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure? A. XaaS B. PaaS C. SaaS D. IaaS

PaaS

In a PaaS model, which layer is the tenant responsible for maintaining and patching? A. virtual machine B. hypervisor C. application D. network

application

What is the function of Cisco Cloudlock for data security? A. user and entity behavior analytics B. controls malicious cloud apps C. detects anomalies D. data loss prevention

data loss prevention

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective? A. It sends the application information to an administrator to act on. B. It discovers and controls cloud apps that are connected to a company's corporate environment. C. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously. D. It deletes any application that does not belong in the network.

It discovers and controls cloud apps that are connected to a company's corporate environment.

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network? A. Cisco Identity Services Engine with PxGrid services enabled B. Cisco Identity Services Engine and AnyConnect Posture module C. Cisco ASA firewall with Dynamic Access Policies configured D. Cisco Stealthwatch and Cisco Identity Services Engine integration

Cisco Identity Services Engine and AnyConnect Posture module

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE? A. It allows the endpoint to authenticate with 802.1x or MAB. B. It allows CoA to be applied if the endpoint status is compliant. C. It adds endpoints to identity groups dynamically. D. It verifies that the endpoint has the latest Microsoft security patches installed.

It allows the endpoint to authenticate with 802.1x or MAB.

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two) A. single sign-on B. local web auth C. multiple factor auth D. central web auth E. TACACS+

local web auth central web auth

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node? A. RADIUS Change of Authorization B. DHCP snooping C. device tracking D. VLAN hopping

RADIUS Change of Authorization

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two) A. Windows service B. computer identity C. default browser D. Windows firewall E. user identity

Windows service Windows firewall

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two) A. sFlow B. TACACS+ C. DHCP D. SMTP E. RADIUS

DHCP RADIUS

Which compliance status is shown when a configured posture policy requirement is not met? A. noncompliant B. authorized C. unknown D. compliant

noncompliant

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransom ware infection? (Choose two) A. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. B. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion. C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. D. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. E. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal? A. Port Bounce B. CoA Reauth C. CoA Session Query D. CoA Terminate

CoA Reauth

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work? A. Internal Database B. RSA SecureID C. LDAP D. Active Directory

Active Directory

What is a characteristic of Dynamic ARP Inspection? A. DAI intercepts all ARP requests and responses on trusted ports only. B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted C. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database. D. DAI associates a trust state with each switch.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two) A. Dynamic ARP inspection B. 802.1AE MacSec C. Private VLANs D. DHCP Snooping E. Port security F. IP Device track

Dynamic ARP inspection DHCP Snooping

Which command enables 802.1X globally on a Cisco switch? A. dot1x pae authenticator B. authentication port-control aut C. dot1x system-auth-control D. aaa new-model

dot1x system-auth-control

What is a characteristic of traffic storm control behavior? A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. B. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. C. Traffic storm control cannot determine if the packet is unicast or broadcast. D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem? A. The no ip arp inspection trust command is applied on all user host interfaces B. Dynamic ARP Inspection has not been enabled on all VLANs C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users. D. DHCP snooping has not been enabled on all VLANs.

The no ip arp inspection trust command is applied on all user host interfaces

Which IPS engine detects ARP spoofing? A. AIC Engine B. Atomic ARP Engine C. Service Generic Engine D. ARP Inspection Engine

Atomic ARP Engine

Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment? A. 2 B. 6 C. 1 D. 31

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal? A. snmp-server host inside 10.255.254.1 version 3 andy B. snmp-server host inside 10.255.254.1 version 3 myv3 C. snmp-server host inside 10.255.254.1 snmpv3 andy D. snmp-server host inside 10.255.254.1 snmpv3 myv3

snmp-server host inside 10.255.254.1 version 3 andy

Which SNMPv3 configuration must be used to support the strongest security possible? A. asa-host(config)#snmpserver group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy B. asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy C. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy D. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length? A. process details variation B. software package variation C. flow insight variation D. interpacket variation

interpacket variation

What Cisco command shows you the status of an 802.1X connection on interface gi0/1? A. show authorization status B. show ver gi0/1 C. show authen sess int gi0/1 D. show connection status gi0/1

show authen sess int gi0/1

Refer to the exhibit. HQ_Router(config)#username admin5 privilege 5 HQ_Router(config)#privilege interface level 5 shutdown HQ_Router(config)#privilege interface level 5 ip HQ_Router(config)#privilege interface level 5 description A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration? A. set the IP address of an interface B. complete no configurations C. complete all configurations D. add subinterfaces

complete no configurations

Refer to the exhibit. snmp-server group SNMP v3 auth access 15 What does the number 15 represent in this configuration? A. privilege level for an authorized user to this router B. access list that identifies the SNMP devices that can access the router C. interval in seconds between SNMPv3 authentication attempts D. number of possible failed attempts until the SNMPv3 user is locked out

access list that identifies the SNMP devices that can access the router

Under which two circumstances is a CoA issued? (Choose two) A. A new authentication rule was added to the policy on the Policy Service node. B. An endpoint is profiled for the first time. C. A new Identity Service Engine server is added to the deployment with the Administration persona D. A new Identity Source Sequence is created and referenced in the authentication policy. E. An endpoint is deleted on the Identity Service Engine server.

An endpoint is profiled for the first time. An endpoint is deleted on the Identity Service Engine server.

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries? A. DNSSEC B. DNS tunneling C. DNS security D. DNSCrypt

DNS tunneling

How is ICMP used an exfiltration technique? A. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address B. by overwhelming a targeted host with ICMP echo-request packets C. by flooding the destination host with unreachable packets D. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

How is DNS tunneling used to exfiltrate data out of a corporate network? A. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data. B. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks. C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network. D. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two) A. Traffic is encrypted, which prevents visibility on firewalls and IPS systems. B. An exposed API for the messaging platform is used to send large amounts of data. C. Outgoing traffic is allowed so users can communicate with outside organizations. D. Malware infects the messenger application on the user endpoint to send company data. E. Messenger applications cannot be segmented with standard network controls.

Traffic is encrypted, which prevents visibility on firewalls and IPS systems. Messenger applications cannot be segmented with standard network controls.

What are two list types within AMP for Endpoints Outbreak Control? (Choose two) A. URL B. allowed applications C. simple custom detections D. command and control E. blocked ports

allowed applications simple custom detections

Which function is the primary function of Cisco AMP threat Grid? A. monitoring network traffic B. automated malware analysis C. applying a real-time URI blacklist D. automated email encryption

automated malware analysis

Which Cisco AMP file disposition valid? A. malware B. non malicious C. pristine D. dirty

malware

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter? A. public cloud B. private cloud C. cloud web services D. network AMP

private cloud

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance? A. TETRA detection engine B. ETHOS detection engine C. RBAC D. SPERO detection engine

ETHOS detection engine

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis? A. Spero analysis B. sandbox analysis C. dynamic analysis D. malware analysis

dynamic analysis

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway? A. Activate SSL decryption. B. Activate the Advanced Malware Protection license C. Enable IP Layer enforcement. D. Enable Intelligent Proxy.

Enable Intelligent Proxy.

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task? A. device flow correlation B. simple detections C. application blocking list D. advanced custom detections

application blocking list

When wired 802.1X authentication is implemented, which two components are required? (Choose two) A. authentication server: Cisco Identity Service Engine B. authenticator: Cisco Identity Services Engine C. authenticator: Cisco Catalyst switch D. authentication server: Cisco Prime Infrastructure E. supplicant: Cisco AnyConnect ISE Posture module

authentication server: Cisco Identity Service Engine authenticator: Cisco Catalyst switch

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device? A. aaa new-model B. auth-type all C. ip device-tracking D. aaa server radius dynamic-author

aaa new-model

Refer to the exhibit. aaa new-model radius-server host 10.0.0.12 key secret12 Which statement about the authentication protocol used in the configuration is true? A. There are separate authentication and authorization request packets B. The authentication request contains only a username C. The authentication request contains only a password D. The authentication and authorization requests are grouped in a single packet

The authentication and authorization requests are grouped in a single packet

An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements? A. Cisco Identity Services Engine B. Cisco AMP for Endpoints C. Cisco Stealthwatch D. Cisco Prime Infrastructure

Cisco Identity Services Engine

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment? A. NGFW B. WSA C. AMP D. ESA

AMP

An MDM provides which two advantages to an organization with regards to device management? (Choose two) A. Active Directory group policy management B. network device management C. allowed application management D. critical device management E. asset inventory management

allowed application management asset inventory management

Which benefit does endpoint security provide the overall security posture of an organization? A. It allows the organization to detect and respond to threats at the edge of the network. B. It streamlines the incident response process to automatically perform digital forensics on the endpoint. C. It allows the organization to mitigate web-based attacks as long as the user is active in the domain. D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work? A. DHCP B. NMAP C. NetFlow D. SNMP

NMAP

What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two) A. secure access to on-premises and cloud applications B. identification and correction of application vulnerabilities before allowing access to resources C. single sign-on access to on-premises and cloud applications D. integration with 802.1x security using native Microsoft Windows supplicant E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

secure access to on-premises and cloud applications flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response? A. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses. B. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses. C. EPP focuses on network security, and EDR focuses on device security. D. EDR focuses on network security, and EPP focuses on device security.

EPP focuses on prevention

Which two kinds of attacks are prevented by multifactor authentication? (Choose two) A. phishing B. teardrop C. DDOS D. brute force E. man-in-the-middle

brute force man-in-the-middle

What are the two most commonly used authentication factors in multifactor authentication? (Choose two) A. encryption factor B. time factor C. confidentiality factor D. knowledge factor E. biometric factor

time factor knowledge factor

How is Cisco Umbrella configured to log only security events? A. per policy B. per network in the Deployments section C. in the Reporting settings D. in the Security Settings section

per policy

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic? A. SSL Decryption B. Destination Lists C. SafeSearch D. File Analysis

SSL Decryption

Where are individual sites specified to be blacklisted in Cisco Umbrella? A. destination lists B. security settings C. content categories D. application settings

destination lists

How does Cisco Umbrella archive logs to an enterprise owned storage? A. by sending logs via syslog to an on-premises or cloud-based syslog server B. by using the Application Programming Interface to fetch the logs C. by being configured to send logs to a self-managed AWS S3 bucket D. by the system administrator downloading the logs from the Cisco Umbrella web portal

by being configured to send logs to a self-managed AWS S3 bucket

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats? A. File Analysis B. Security Category Blocking C. Application Control D. Content Category Blocking

Security Category Blocking

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing? A. Add the public IP address that the client computers are behind to a Core Identity. B. Enable the Intelligent Proxy to validate that traffic is being routed correctly. C. Ensure that the client computers are pointing to the on-premises DNS servers. D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN? A. Cisco Firepower B. NGIPS C. Cisco Umbrella D. Cisco Stealthwatch

Cisco Umbrella

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious? A. AMP B. DynDNS C. AnyConnect D. Talos

Talos

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats? A. Cisco Threat Grid B. Cisco Umbrella C. External Threat Feeds D. Cisco Stealthwatch

Cisco Threat Grid

What must be used to share data between multiple security products? A. Cisco Rapid Threat Containment B. Cisco Platform Exchange Grid C. Cisco Stealthwatch Cloud D. Cisco Advanced Malware Protection

Cisco Platform Exchange Grid

Which two activities can be done using Cisco DNA Center? (Choose two) A. Design B. Provision C. DHCP D. DNS E. Accounting

Design Provision

What provides visibility and awareness into what is currently occurring on the network? A. Prime Infrastructure B. Telemetry C. CMX D. WMI

Prime Infrastructure

What is the function of the Context Directory Agent? A. reads the Active Directory logs to map IP addresses to usernames B. accepts user authentication requests on behalf of Web Security Appliance for user identification C. relays user authentication requests from Web Security Appliance to Active Directory D. maintains users' group memberships

reads the Active Directory logs to map IP addresses to usernames

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other? A. Advanced Malware Protection B. Platform Exchange Grid C. Multifactor Platform Integration D. Firepower Threat Defense

Platform Exchange Grid

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two) A. command and control communication B. snort C. data exfiltration D. intelligent proxy E. URL categorization

command and control communication data exfiltration

How does Cisco Stealthwatch Cloud provide security for cloud environments? A. It delivers visibility and threat detection. B. It assigns Internet-based DNS protection for clients and servers. C. It facilitates secure connectivity between public and private networks. D. It prevents exfiltration of sensitive data.

It delivers visibility and threat detection.

Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity? A. SNMP B. model-driven telemetry C. SMTP D. syslog

model-driven telemetry

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic? A. Cisco Security Intelligence B. Cisco Application Visibility and Control C. Cisco DNA Center D. Cisco Model Driven Telemetry

Cisco Application Visibility and Control

What is a feature of the open platform capabilities of Cisco DNA Center? A. domain integration B. application adapters C. intent-based APIs D. automation adapters

intent-based APIs

What is a characteristic of a bridge group in ASA Firewall transparent mode? A. It includes multiple interfaces and access rules between interfaces are customizable B. It is a Layer 3 segment and includes one port and customizable access rules C. It allows ARP traffic with a single access rule D. It has an IP address on its BVI interface and is used for management traffic

It includes multiple interfaces and access rules between interfaces are customizable

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used? A. Common Security Exploits B. Common Vulnerabilities and Exposures C. Common Exploits and Vulnerabilities D. Common Vulnerabilities, Exploits and Threats

Common Vulnerabilities and Exposures

Which two fields are defined in the NetFlow flow? (Choose two) A. type of service byte B. class of service bits C. Layer 4 protocol type D. destination port E. output logical interface

type of service byte destination port

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI? A. NetFlow B. desktop client C. ASDM D. API

API

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2? A. sniffing the packets between the two hosts B. sending continuous pings C. overflowing the buffer's memory D. inserting malicious commands into the database

inserting malicious commands into the database

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal? A. Cisco Firepower B. Cisco Umbrella C. ISE D. AMP

Cisco Umbrella

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal? A. Security Manager B. Cloudlock C. Web Security Appliance D. Cisco ISE

Cloudlock

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal? A. Disable telnet using the no ip telnet command. B. Enable the SSH server using the ip ssh server command. C. Configure the port using the ip ssh port 22 command. D. Generate the RSA key using the crypto key generate rsa command.

Generate the RSA key using the crypto key generate rsa command.

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis? A. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload. B. The file is queued for upload when connectivity is restored. C. The file upload is abandoned. D. The ESA immediately makes another attempt to upload the file.

The file upload is abandoned.

Which type of algorithm provides the highest level of protection against brute-force attacks? A. PFS B. HMAC C. MD5 D. SHA

SHA

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group? A. posture assessment B. CoA C. external identity source D. SNMP probe

CoA

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the "Chat and Instant Messaging" category. Which reputation score should be selected to accomplish this goal? A. 1 B. 3 C. 5 D. 10

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats? A. PSIRT B. Talos C. CSIRT D. DEVNET

Talos

What are the two types of managed Intercloud Fabric deployment models? (Choose two) A. Service Provider managed B. Public managed C. Hybrid managed D. User managed E. Enterprise managed

Service Provider managed Enterprise managed

What are two DDoS attack categories? (Choose two) A. sequential B. protocol C. database D. volume-based E. screen-based

protocol volume-based

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this? A. Configure the Cisco WSA to modify policies based on the traffic seen B. Configure the Cisco ESA to receive real-time updates from Talos C. Configure the Cisco WSA to receive real-time updates from Talos D. Configure the Cisco ESA to modify policies based on the traffic seen

Configure the Cisco ESA to modify policies based on the traffic seen

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products? A. Encrypted Traffic Analytics B. Threat Intelligence Director C. Cognitive Threat Analytics D. Cisco Talos Intelligence

Threat Intelligence Director

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two) A. When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination. B. The Cisco WSA responds with its own IP address only if it is running in explicit mode. C. The Cisco WSA is configured in a web browser only if it is running in transparent mode. D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode. E. The Cisco WSA responds with its own IP address only if it is running in transparent mode.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode. The Cisco WSA responds with its own IP address only if it is running in transparent mode.

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future? A. Modify an access policy B. Modify identification profiles C. Modify outbound malware scanning policies D. Modify web proxy settings

Modify an access policy

What is the function of SDN southbound API protocols? A. to allow for the dynamic configuration of control plane applications B. to enable the controller to make changes C. to enable the controller to use REST D. to allow for the static configuration of control plane applications

to enable the controller to make changes

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text? A. weak passwords for authentication B. unencrypted links for traffic C. software bugs on applications D. improper file security

unencrypted links for traffic

Using Cisco Firepower's Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two) A. URLs B. protocol IDs C. IP addresses D. MAC addresses E. port numbers

URLs IP addresses

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak? A. Cisco WiSM B. Cisco ESA C. Cisco ISE D. Cisco Prime Infrastructure

Cisco ISE

What are two benefits of Flexible NetFlow records? (Choose two) A. They allow the user to configure flow information to perform customized traffic identification B. They provide attack prevention by dropping the traffic C. They provide accounting and billing enhancements D. They converge multiple accounting technologies into one accounting mechanism E. They provide monitoring of a wider range of IP packet information from Layer 2 to 4

They allow the user to configure flow information to perform customized traffic identification They provide accounting and billing enhancements

How does DNS Tunneling exfiltrate data? A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. B. An attacker opens a reverse DNS shell to get into the client's system and install malware on it. C. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions. D. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing? A. phishing B. slowloris C. pharming D. SYN flood

SYN flood

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication? A. Configure the Cisco ESA to drop the malicious emails B. Configure policies to quarantine malicious emails C. Configure policies to stop and reject communication D. Configure the Cisco ESA to reset the TCP connection

Configure the Cisco ESA to drop the malicious emails

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two) A. permit B. trust C. reset D. allow E. monitor

trust monitor

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal? A. mirror port B. Flow C. NetFlow D. VPC flow logs

NetFlow

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal? A. Configure incoming content filters B. Use Bounce Verification C. Configure Directory Harvest Attack Prevention D. Bypass LDAP access queries in the recipient access table

Bypass LDAP access queries in the recipient access table

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs? A. Multiple NetFlow collectors are supported B. Advanced NetFlow v9 templates and legacy v5 formatting are supported C. Secure NetFlow connections are optimized for Cisco Prime Infrastructure D. Flow-create events are delayed

Flow-create events are delayed

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network? A. TCP 6514 B. UDP 1700 C. TCP 49 D. UDP 1812

UDP 1700

Which public cloud provider supports the Cisco Next Generation Firewall Virtual? A. Google Cloud Platform B. Red Hat Enterprise Visualization C. VMware ESXi D. Amazon Web Services

Amazon Web Services

What is the purpose of the My Devices Portal in a Cisco ISE environment? A. to register new laptops and mobile devices B. to request a newly provisioned mobile device C. to provision userless and agentless systems D. to manage and deploy antivirus definitions and patches on systems owned by the end user

to register new laptops and mobile devices

Refer to the exhibit. ip dhcp snooping ip dhcp snooping vlan 41,44 ! interface GigabitEthernet1/0/1 description Uplink_To_Distro_Switch_g1/0/11 switchport trunk native vlan 999 switchport trunk allowed vlan 40,41,44 switchport mode trunk An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity? A. ip dhcp snooping verify mac-address B. ip dhcp snooping limit 41 C. ip dhcp snooping vlan 41 D. ip dhcp snooping trust

ip dhcp snooping trust

What is the purpose of the certificate signing request when adding a new certificate for a server? A. It is the password for the certificate that is needed to install it with. B. It provides the server information so a certificate can be created and signed C. It provides the certificate client information so the server can authenticate against it when installing D. It is the certificate that will be loaded onto the server

It provides the server information so a certificate can be created and signed

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise? A. Cisco Cloudlock B. Cisco Umbrella C. Cisco AMP D. Cisco App Dynamics

Cisco Cloudlock

What is managed by Cisco Security Manager? A. access point B. WSA C. ASA D. ESA

ASA

How does Cisco Advanced Phishing Protection protect users? A. It validates the sender by using DKIM. B. It determines which identities are perceived by the sender C. It utilizes sensors that send messages securely. D. It uses machine learning and real-time behavior analytics.

It uses machine learning and real-time behavior analytics.

What is a benefit of using Cisco FMC over Cisco ASDM? A. Cisco FMC uses Java while Cisco ASDM uses HTML5. B. Cisco FMC provides centralized management while Cisco ASDM does not. C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not. D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices

What is a key difference between Cisco Firepower and Cisco ASA? A. Cisco ASA provides access control while Cisco Firepower does not. B. Cisco Firepower provides identity-based access control while Cisco ASA does not. C. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not. D. Cisco ASA provides SSL inspection while Cisco Firepower does not.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring? A. Client computers do not have the Cisco Umbrella Root CA certificate installed. B. IP-Layer Enforcement is not configured. C. Client computers do not have an SSL certificate deployed from an internal CA server. D. Intelligent proxy and SSL decryption is disabled in the policy.

Intelligent proxy and SSL decryption is disabled in the policy.

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two) A. virtualization B. middleware C. operating systems D. applications E. data

virtualization operating systems

What is an attribute of the DevSecOps process? A. mandated security controls and check lists B. security scanning and theoretical vulnerabilities C. development security D. isolated security team

development security

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue? A. Bridge Protocol Data Unit guard B. embedded event monitoring C. storm control D. access control lists

storm control

Which two cryptographic algorithms are used with IPsec? (Choose two) A. AES-BAC B. AES-ABC C. HMAC-SHA1/SHA2 D. Triple AMC-CBC E. AES-CBC

HMAC-SHA1/SHA2 AES-CBC

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other? A. LDAP injection B. man-in-the-middle C. cross-site scripting D. insecure API

man-in-the-middle

Which Dos attack uses fragmented packets to crash a target machine? A. smurf B. MITM C. teardrop D. LAND

teardrop

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them? A. to prevent theft of the endpoints B. because defense-in-depth stops at the network C. to expose the endpoint to more threats D. because human error or insider threats will still exist

because human error or insider threats will still exist

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose two) A. westbound AP B. southbound API C. northbound API D. eastbound API

southbound API northbound API

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN? A. Multiple routers or VRFs are required. B. Traffic is distributed statically by default. C. Floating static routes are required. D. HSRP is used for fallover.

Traffic is distributed statically by default.

Which algorithm provides asymmetric encryption? A. RC4 B. AES C. RSA D. 3DES

RSA

What are two functions of secret key cryptography? (Choose two) A. key selection without integer factorization B. utilization of different keys for encryption and decryption C. utilization of large prime number iterations D. provides the capability to only know the key on one side E. utilization of less memory

utilization of different keys for encryption and decryption provides the capability to only know the key on one side

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two) A. SDP B. LDAP C. subordinate CA D. SCP E. HTTP

LDAP HTTP

Which attack type attempts to shut down a machine or network so that users are not able to access it? A. smurf B. bluesnarfing C. MAC spoofing D. IP spoofing

smurf

What is a difference between DMVPN and sVTI? A. DMVPN supports tunnel encryption, whereas sVTI does not. B. DMVPN supports dynamic tunnel establishment, whereas sVTI does not. C. DMVPN supports static tunnel establishment, whereas sVTI does not. D. DMVPN provides interoperability with other vendors, whereas sVTI does not.

DMVPN supports dynamic tunnel establishment

What features does Cisco FTDv provide over ASAv? A. Cisco FTDv runs on VMWare while ASAv does not B. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not C. Cisco FTDv runs on AWS while ASAv does not D. Cisco FTDv supports URL filtering while ASAv does not

Cisco FTDv supports URL filtering while ASAv does not

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform? A. when there is a need for traditional anti-malware detection B. when there is no need to have the solution centrally managed C. when there is no firewall on the network D. when there is a need to have more advanced detection capabilities

when there is a need to have more advanced detection capabilities

Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network? A. westbound AP B. southbound API C. northbound API D. eastbound API

southbound API

An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems? A. weak passwords B. lack of input validation C. missing encryption D. lack of file permission

weak passwords

What is the purpose of a Netflow version 9 template record? A. It specifies the data format of NetFlow processes. B. It provides a standardized set of information about an IP flow. C. It defines the format of data records. D. It serves as a unique identification number to distinguish individual data records

It defines the format of data records.

What is provided by the Secure Hash Algorithm in a VPN? A. integrity B. key exchange C. encryption D. authentication

key exchange

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases? A. need to be reestablished with stateful failover and preserved with stateless failover B. preserved with stateful failover and need to be reestablished with stateless failover C. preserved with both stateful and stateless failover D. need to be reestablished with both stateful and stateless failover

preserved with stateful failover and need to be reestablished with stateless failover

Which type of protection encrypts RSA keys when they are exported and imported? A. file B. passphrase C. NGE D. nonexportable

passphrase

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue? A. The policy was created to send a message to quarantine instead of drop B. The file has a reputation score that is above the threshold C. The file has a reputation score that is below the threshold D. The policy was created to disable file analysis

The file has a reputation score that is below the threshold

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this? A. NetFlow B. Packet Tracer C. Network Discovery D. Access Control

Network Discovery

Which attack is preventable by Cisco ESA but not by the Cisco WSA? A. buffer overflow B. DoS C. SQL injection D. phishing

phishing

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two) A. Use outbreak filters from SenderBase B. Enable a message tracking service C. Configure a recipient access table D. Deploy the Cisco ESA in the DMZ E. Scan quarantined emails using AntiVirus signatures.

Use outbreak filters from SenderBase Scan quarantined emails using AntiVirus signatures.

Which type of dashboard does Cisco DNA Center provide for complete control of the network? A. service management B. centralized management C. application management D. distributed management

centralized management

In an IaaS cloud services model, which security function is the provider responsible for managing? A. Internet proxy B. firewalling virtual machines C. CASB D. hypervisor OS hardening

firewalling virtual machines

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network? A. Use MAB with profiling B. Use MAB with posture assessment. C. Use 802.1X with posture assessment. D. Use 802.1X with profiling.

Use MAB with profiling

Exam F Flashcards

(221 cards)