Exam G Flashcards
(141 cards)
1
Q
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?
A. ntp peer 1.1.1.1 key 1
B. ntp server 1.1.1.1 key 1
C. ntp server 1.1.1.2 key 1
D. ntp peer 1.1.1.2 key 1
A
ntp server 1.1.1.1 key 1
2
Q
What is the role of an endpoint in protecting a user from a phishing attack?
A. Use Cisco Stealthwatch and Cisco ISE Integration.
B. Utilize 802.1X network security to ensure unauthorized access to resources.
C. Use machine learning models to help identify anomalies and determine expected sending behavior.
D. Ensure that antivirus and anti malware software is up to date.
A
Use machine learning models to help identify anomalies and determine expected sending behavior.
3
Q
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?
A. Set content settings to High
B. Configure the intelligent proxy.
C. Use destination block lists.
D. Configure application block lists.
A
Configure the intelligent proxy.
4
Q
With which components does a southbound API within a software-defined network architecture communicate?
A. controllers within the network
B. applications
C. appliances
D. devices such as routers and switches
A
devices such as routers and switches
5
Q
A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?
A. a Network Discovery policy to receive data from the host
B. a Threat Intelligence policy to download the data from the host
C. a File Analysis policy to send file data into Cisco Firepower
D. a Network Analysis policy to receive NetFlow data from the host
A
a Network Discovery policy to receive data from the host
6
Q
When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
A. The key server that is managing the keys for the connection will be at 1.2.3.4
B. The remote connection will only be allowed from 1.2.3.4
C. The address that will be used as the crypto validation authority
D. All IP addresses other than 1.2.3.4 will be allowed
A
The remote connection will only be allowed from 1.2.3.4
7
Q
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?
A. file access from a different user
B. interesting file access
C. user login suspicious behavior
D. privilege escalation
A
file access from a different user
8
Q
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
A. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval.
B. Use EEM to have the ports return to service automatically in less than 300 seconds.
C. Enter the shutdown and no shutdown commands on the interfaces.
D. Enable the snmp-server enable traps command and wait 300 seconds
E. Ensure that interfaces are configured with the error-disable detection and recovery feature
A
Enter the shutdown and no shutdown commands on the interfaces.
Ensure that interfaces are configured with the error-disable detection and recovery feature
9
Q
What is the difference between Cross-site Scripting and SQL Injection attacks?
A. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
B. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
C. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
D. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.
A
Cross-site Scripting is an attack where code is injected into a database
10
Q
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?
A. Adaptive Network Control Policy List
B. Context Visibility
C. Accounting Reports
D. RADIUS Live Logs
A
RADIUS Live Logs
11
Q
What is a prerequisite when integrating a Cisco ISE server and an AD domain?
A. Place the Cisco ISE server and the AD server in the same subnet
B. Configure a common administrator account
C. Configure a common DNS server
D. Synchronize the clocks of the Cisco ISE server and the AD server
A
Synchronize the clocks of the Cisco ISE server and the AD server
12
Q
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
A. Use security services to configure the traffic monitor
B. Use URL categorization to prevent the application traffic.
C. Use an access policy group to configure application control settings.
D. Use web security reporting to validate engine functionality
A
Use an access policy group to configure application control settings.
13
Q
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?
A. BYOD on boarding
B. Simple Certificate Enrollment Protocol
C. Client provisioning
D. MAC authentication bypass
A
BYOD on boarding
14
Q
```Refer to the exhibit.
import requests
url = https://api.amp.cisco.com/v1/computers
headers = {
‘accept’ : application/json
‘content-type’ : application/json
‘authorization’ : Basic API Credentials
‘cache-control’ : “no cache”
}
response = requests.request (“GET”, url, headers = headers)
print (response.txt)
What will happen when this Python script is run?
A. The compromised computers and malware trajectories will be received from Cisco AMP
B. The list of computers and their current vulnerabilities will be received from Cisco AMP
C. The compromised computers and what compromised them will be received from Cisco AMP
D. The list of computers, policies, and connector statuses will be received from Cisco AMP```
A
The list of computers, policies, and connector statuses will be received from Cisco AMP
15
Q
An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?
A. Cisco Umbrella
B. Cisco AMP
C. Cisco Stealthwatch
D. Cisco Tetration
A
Cisco Tetration
16
Q
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
A. With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it
B. With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.
C. With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.
D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.
A
With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.
17
Q
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
A. consumption
B. sharing
C. analysis
D. authoring
A
consumption
18
Q
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?
A. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud
B. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud
C. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud
D. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud
A
Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud
19
Q
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?
A. Ethos Engine to perform fuzzy fingerprinting
B. Tetra Engine to detect malware when me endpoint is connected to the cloud
C. Clam AV Engine to perform email scanning
D. Spero Engine with machine learning to perform dynamic analysis
A
Ethos Engine to perform fuzzy fingerprinting
20
Q
What are two characteristics of Cisco DNA Center APIs? (Choose two)
A. Postman is required to utilize Cisco DNA Center API calls.
B. They do not support Python scripts.
C. They are Cisco proprietary.
D. They quickly provision new devices.
E. They view the overall health of the network
A
They quickly provision new devices.
They view the overall health of the network
21
Q
What is a benefit of conducting device compliance checks?
A. It indicates what type of operating system is connecting to the network.
B. It validates if anti-virus software is installed.
C. It scans endpoints to determine if malicious activity is taking place.
D. It detects email phishing attacks.
A
It validates if anti-virus software is installed.
22
Q
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)
A. It allows multiple security products to share information and work together to enhance security posture in the network.
B. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.
C. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.
D. It integrates with third-party products to provide better visibility throughout the network.
E. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).
A
It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.
It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).
23
Q
What is the benefit of installing Cisco AMP for Endpoints on a network?
A. It provides operating system patches on the endpoints for security.
B. It provides flow-based visibility for the endpoints network connections.
C. It enables behavioral analysis to be used for the endpoints.
D. It protects endpoint systems through application control and real-time scanning
A
It protects endpoint systems through application control and real-time scanning
24
Q
An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
A. Set a trusted interface for the DHCP server
B. Set the DHCP snooping bit to 1
C. Add entries in the DHCP snooping database
D. Enable ARP inspection for the required VLAN
A
Set a trusted interface for the DHCP server
25
```Refer to the exhibit.
import requests
client_id = ''
api_key = ''
url = 'https://api.amp.cisco.com/v1/computers'
response = requests.get(url, auth=(client_id, api_key))
response_json = response.json()
for computer in response_json[‘data’]
hostname = computer[‘hostname’]
print(hostname)
What will happen when the Python script is executed?
A. The hostname will be translated to an IP address and printed.
B. The hostname will be printed for the client in the client ID field.
C. The script will pull all computer hostnames and print them.
D. The script will translate the IP address to FODN and print it```
The script will pull all computer hostnames and print them.
26
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity platform. What should be used to meet these requirements?
A. Cisco Umbrella
B. Cisco Cloud Email Security
C. Cisco NGFW
D. Cisco Cloudlock
Cisco Cloudlock
27
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?
A. SIEM
B. CASB
C. Adaptive MFA
D. Cisco Cloudlock
Cisco Cloudlock
28
Why is it important to implement MFA inside of an organization?
A. To prevent man-the-middle attacks from being successful.
B. To prevent DoS attacks from being successful.
C. To prevent brute force attacks from being successful.
D. To prevent phishing attacks from being successful.
To prevent brute force attacks from being successful.
29
A network administrator is configuring SNMPv3 on a new router. The users have already been created; however, an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?
A. map SNMPv3 users to SNMP views
B. set the password to be used for SNMPv3 authentication
C. define the encryption algorithm to be used by SNMPv3
D. specify the UDP port used by SNMP
set the password to be used for SNMPv3 authentication
30
An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal?
A. Cisco Defense Orchestrator
B. Cisco Secureworks
C. Cisco DNA Center
D. Cisco Configuration Professional
Cisco Defense Orchestrator
31
What is a function of 3DES in reference to cryptography?
A. It hashes files.
B. It creates one-time use passwords.
C. It encrypts traffic.
D. It generates private keys.
It encrypts traffic.
32
Which risk is created when using an Internet browser to access cloud-based service?
A. misconfiguration of infrastructure, which allows unauthorized access
B. intermittent connection to the cloud connectors
C. vulnerabilities within protocol
D. insecure implementation of API
vulnerabilities within protocol
33
An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?
A. deliver and send copies to other recipients
B. quarantine and send a DLP violation notification
C. quarantine and alter the subject header with a DLP violation
D. deliver and add disclaimer text
deliver and add disclaimer text
34
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?
A. It forwards the packet after validation by using the MAC Binding Table.
B. It drops the packet after validation by using the IP & MAC Binding Table.
C. It forwards the packet without validation.
D. It drops the packet without validation.
It forwards the packet without validation.
35
What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?
A. The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.
B. The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot
C. The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added
D. The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot
The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.
36
What is a benefit of performing device compliance?
A. verification of the latest OS patches
B. device classification and authorization
C. providing multi-factor authentication
D. providing attribute-driven policies
verification of the latest OS patches
37
Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?
A. hybrid
B. community
C. private
D. public
community
38
Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?
A. IKEv1
B. AH
C. ESP
D. IKEv2
ESP
39
An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and operate as a cloud-native CASB. Which solution must be used for this implementation?
A. Cisco Cloudlock
B. Cisco Cloud Email Security
C. Cisco Firepower Next-Generation Firewall
D. Cisco Umbrella
Cisco Cloudlock
40
What are two Trojan malware attacks? (Choose two)
A. frontdoor
B. rootkit
C. smurf
D. backdoor
E. sync
rootkit
backdoor
41
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?
A. to protect the endpoint against malicious file transfers
B. to ensure that assets are secure from malicious links on and off the corporate network
C. to establish secure VPN connectivity to the corporate network
D. to enforce posture compliance and mandatory software
to ensure that assets are secure from malicious links on and off the corporate network
42
What is a capability of Cisco ASA Netflow?
A. It filters NSEL events based on traffic.
B. It generates NSEL events even if the MPF is not configured.
C. It logs all event types only to the same collector.
D. It sends NetFlow data records from active and standby ASAs in an active standby failover pair.
It filters NSEL events based on traffic.
43
Which component of Cisco umbrella architecture increases reliability of the service?
A. Anycast IP
B. AMP Threat grid
C. Cisco Talos
D. BGP route reflector
Anycast IP
44
What is the benefit of integrating Cisco ISE with a MDM solution?
A. It provides compliance checks for access to the network
B. It provides the ability to update other applications on the mobile device
C. It provides the ability to add applications to the mobile device through Cisco ISE
D. It provides network device administration access
It provides compliance checks for access to the network
45
An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?
A. Configure the *.com address in the block list.
B. Configure the *.domain.com address in the block list
C. Configure the www.domain.com address in the block list
D. Configure the domain.com address in the block list
Configure the domain.com address in the block list
46
An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements?
A. Cisco Umbrella Cloud
B. Cisco Stealthwatch Cloud PNM
C. Cisco Stealthwatch Cloud PCM
D. Cisco Umbrella On-Premises
Cisco Stealthwatch Cloud PNM
47
An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?
A. Cisco FMC
B. CSM
C. Cisco FDM
D. CDO
Cisco FMC
48
An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?
A. virtual routing and forwarding
B. microsegmentation
C. access control policy
D. virtual LAN
microsegmentation
49
A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?
A. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy
B. Make the priority for the new policy 5 and the primary policy 1.
C. Change the encryption to AES* to support all AES algorithms in the primary policy
D. Make the priority for the primary policy 10 and the new policy 1
Make the priority for the new policy 5 and the primary policy 1.
50
Which type of encryption uses a public key and private key?
A. asymmetric
B. symmetric
C. linear
D. nonlinear
asymmetric
51
What are two features of NetFlow flow monitoring? (Choose two)
A. Can track ingress and egress information
B. Include the flow record and the flow importer
C. Copies all ingress flow information to an interface
D. Does not required packet sampling on interfaces
E. Can be used to track multicast, MPLS, or bridged traffic
Can track ingress and egress information
Can be used to track multicast, MPLS, or bridged traffic
52
A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?
A. Transport mode
B. Forward file
C. PAC file
D. Bridge mode
PAC file
53
Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?
A. IP and Domain Reputation Center
B. File Reputation Center
C. IP Slock List Center
D. AMP Reputation Center
IP and Domain Reputation Center
54
An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal?
A. AES-192
B. IKEv1
C. AES-256
D. ESP
ESP
55
An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this?
A. crypto ca identity 172.19.20.24
B. crypto isakmp key Cisco0123456789 172.19.20.24
C. crypto enrollment peer address 172.19.20.24
D. crypto isakmp identity address 172.19.20.24
crypto isakmp key Cisco0123456789 172.19.20.24
56
What is a difference between an XSS attack and an SQL injection attack?
A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications
B. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications
C. SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them
D. XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them
SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them
57
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?
A. Implement pre-filter policies for the CIP preprocessor
B. Enable traffic analysis in the Cisco FTD
C. Configure intrusion rules for the DNP3 preprocessor
D. Modify the access control policy to trust the industrial traffic
Implement pre-filter policies for the CIP preprocessor
58
Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?
A. Audit
B. Mandatory
C. Optional
D. Visibility
Mandatory
59
Which attribute has the ability to change during the RADIUS CoA?
A. NTP
B. authorization
C. accessibility
D. membership
authorization
60
With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment?
A. prevalence
B. file analysis
C. detections
D. vulnerable software
E. threat root cause
prevalence
61
A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?
A. Create an IP block list for the website from which the file was downloaded
B. Block the application that the file was using to open
C. Upload the hash for the file into the policy
D. Send the file to Cisco Threat Grid for dynamic analysis
Upload the hash for the file into the policy
62
A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment. They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?
A. DMVPN because it supports IKEv2 and FlexVPN does not.
B. FlexVPN because it supports IKEv2 and DMVPN does not.
C. FlexVPN because it uses multiple SAs and DMVPN does not.
D. DMVPN because it uses multiple SAs and FlexVPN does not.
FlexVPN because it uses multiple SAs and DMVPN does not.
63
How does Cisco Workload Optimization Manager help mitigate application performance issues?
A. It deploys an AWS Lambda system
B. It automates resource resizing
C. It optimizes a flow path
D. It sets up a workload forensic score
It automates resource resizing
64
An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?
A. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address
B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard
C. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard
D. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains
Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address
65
What is a difference between a DoS attack and a DDoS attack?
A. A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack.
B. A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN
C. A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets
D. A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets
A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack.
66
Which two capabilities of Integration APIs are utilized with Cisco DNA center? (Choose two)
A. Automatically deploy new virtual routers
B. Upgrade software on switches and routers
C. Application monitors for power utilization of devices and IoT sensors
D. Connect to Information Technology Service Management Platforms
E. Create new SSIDs on a wireless LAN controller
Application monitors for power utilization of devices and IoT sensors
Connect to Information Technology Service Management Platforms
67
Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?
A. integration
B. intent
C. event
D. multivendor
intent
68
What is the purpose of CA in a PKI?
A. to issue and revoke digital certificates.
B. to validate the authenticity of a digital certificate
C. to create the private key for a digital certificate.
D. to certify the ownership of a public key by the named subject
to issue and revoke digital certificates.
69
Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?
A. orchestration
B. CI/CD pipeline
C. container
D. security
CI/CD pipeline
70
Which parameter is required when configuring a Netflow exporter on a Cisco Router?
A. DSCP value
B. source interface
C. exporter name
D. exporter description
exporter name
71
Which category includes Dos Attacks?
A. virus attacks
B. trojan attacks
C. flood attacks
D. phishing attacks
flood attacks
72
What are two advantages of using Cisco Any connect over DMVPN? (Choose two)
A. It provides spoke-to-spoke communications without traversing the hub
B. It allows different routing protocols to work over the tunnel
C. It allows customization of access policies based on user identity
D. It allows multiple sites to connect to the data center
E. It enables VPN access for individual users from their machines
It allows customization of access policies based on user identity
It enables VPN access for individual users from their machines
73
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key establishment?
A. RSA is an asymmetric key establishment algorithm intended to output symmetric keys.
B. RSA is a symmetric key establishment algorithm intended to output asymmetric keys.
C. DH is a symmetric key establishment algorithm intended to output asymmetric keys.
D. DH is on asymmetric key establishment algorithm intended to output symmetric keys.
DH is on asymmetric key establishment algorithm intended to output symmetric keys.
74
Which type of DNS abuse exchanges data between two computers even when there is no direct connection?
A. malware installation
B. command-and-control communication
C. network footprinting
D. data exfiltration
data exfiltration
75
What is a difference between GETVPN and IPsec?
A. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub
B. GETVPN provides key management and security association management
C. GETVPN is based on IKEv2 and does not support IKEv1
D. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices
GETVPN reduces latency and provides encryption over MPLS without the use of a central hub
76
What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?
A. Telemetry uses a pull, method which makes it more reliable than SNMP
B. Telemetry uses push and pull, which makes it more scalable than SNMP
C. Telemetry uses push and pull which makes it more secure than SNMP
D. Telemetry uses a push method which makes it faster than SNMP
Telemetry uses a push method which makes it faster than SNMP
77
An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement?
A. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not
B. Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not
C. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not
D. Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not
Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not
78
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?
A. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device
B. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device
C. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device
D. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA
Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device
79
An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue?
A. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE
B. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect
C. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE
D. Configure the device sensor feature within the switch to send the appropriate protocol information
Configure the device sensor feature within the switch to send the appropriate protocol information
80
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?
A. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud
B. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud
C. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud
D. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud
Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud
81
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?
A. Manually change the management port on Cisco FMC and all managed Cisco FTD devices
B. Set the tunnel to go through the Cisco FTD
C. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices
D. Set the tunnel port to 8305
Manually change the management port on Cisco FMC and all managed Cisco FTD devices
82
Which service allows a user export application usage and performance statistics with Cisco Application Visibility and control?
A. SNORT
B. NetFlow
C. SNMP
D. 802.1X
NetFlow
83
An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?
A. The engineer is attempting to upload a hash created using MD5 instead of SHA-256
B. The file being uploaded is incompatible with simple detections and must use advanced detections
C. The hash being uploaded is part of a set in an incorrect format
D. The engineer is attempting to upload a file instead of a hash
The engineer is attempting to upload a hash created using MD5 instead of SHA-256
84
Refer to the exhibit.
ntp authentication-key 10 md5 cisco123
ntp trusted-key 10
A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue?
A. The hashing algorithm that was used was MD5 which is unsupported.
B. The key was configured in plain text.
C. NTP authentication is not enabled.
D. The router was not rebooted after the NTP configuration updated
NTP authentication is not enabled.
85
An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?
A. Change the IP address of the new Cisco ISE node to the same network as the others
B. Make the new Cisco ISE node a secondary PAN before registering it with the primary
C. Open port 8905 on the firewall between the Cisco ISE nodes
D. Add the DNS entry for the new Cisco ISE node into the DNS server
Make the new Cisco ISE node a secondary PAN before registering it with the primary
86
Refer to the exhibit.
crypto ikev2 name-mangler MANGLER
dn organization-unit
An engineer is implementing a certificate based VPN. What is the result of the existing configuration?
A. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy
B. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully
C. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER
D. The OU of the IKEv2 peer certificate is set to MANGLER
The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy
87
An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?
A. Cisco Stealthwatch Cloud
B. Cisco Umbrella
C. NetFlow collectors
D. Cisco Cloudlock
Cisco Stealthwatch Cloud
88
How is data sent out to the attacker during a DNS tunneling attack?
A. as part of the UDP’53 packet payload
B. as part of the domain name
C. as part of the TCP/53 packet header
D. as part of the DNS response packet
as part of the domain name
89
A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access. The Cisco ESA must also join a cluster machine using preshared keys. What must be configured to meet these requirements?
A. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI
B. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI
C. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI
D. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI
Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI
90
What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?
A. trusted automated exchange
B. Indicators of Compromise
C. The Exploit Database
D. threat intelligence
threat intelligence
91
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
A. Cisco Tetration
B. Cisco ISE
C. Cisco AMP for Network
D. Cisco AnyConnect
Cisco AMP for Network
92
Which portion of the network do EPP solutions solely focus on and EDR solutions do not?
A. server farm
B. perimeter
C. core
D. East-West gateways
perimeter
93
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
A. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not
B. Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.
C. URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA
D. Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA
Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA
94
An organization wants to improve its cybersecurity processes and to add intelligence to its data. The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA. What must be done to accomplish these objectives?
A. Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use
B. Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies.
C. Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases
D. Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides
Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides
95
Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats. Which term describes this process?
A. deployment
B. consumption
C. authoring
D. sharing
deployment
96
An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two)
A. Configure Cisco ACI to ingest AWS information
B. Configure Cisco Thousand Eyes to ingest AWS information
C. Send syslog from AWS to Cisco Stealthwatch Cloud
D. Send VPC Flow Logs to Cisco Stealthwatch Cloud
E. Configure Cisco Stealthwatch Cloud to ingest AWS information
Send VPC Flow Logs to Cisco Stealthwatch Cloud
Configure Cisco Stealthwatch Cloud to ingest AWS information
97
An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Steathwatch406397954 command. Which additional command is required to complete the flow record?
A. transport udp 2055
B. match ipv4 ttl
C. cache timeout active 60
D. destination 1.1.1.1
match ipv4 ttl
98
An engineer needs to add protection for data in transit and have headers in the email message. Which configuration is needed to accomplish this goal?
A. Provision the email appliance
B. Deploy an encryption appliance
C. Map sender IP addresses to a host interface
D. Enable flagged message handling
Deploy an encryption appliance
99
An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?
A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server
B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface
C. RADIUS requests are generated only by a router if a RADIUS source interface is defined
D. Encrypted RADIUS authentication requires the RADIUS source interface be defined
The RADIUS authentication key is transmitted only from the defined RADIUS source interface
100
Refer to the exhibit.
interface GigabitEthernet1/0/18
switchport access vlan 41
switchport mode access
switchport voice vlan 44
device-tracking attach-policy IPDT_MAX_10
authentication periodic
authentication timer reauthenticate server
access-session host-mode multi-domain
access-session port-control auto
dot1x pae authenticator
dot1x timeout tx-period 7
dot1x max-reauth-req 3
spanning-tree portfast
service-policy type control subscriber POLICY_Gi1/0/18
A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials. However printer and video cameras cannot based on the interface configuration provided. What must be to get these devices on to the network using Cisco ISE for authentication and authorization while maintaining security controls?
A. Change the default policy in Cisco ISE to allow all devices not using machine authentication
B. Enable insecure protocols within Cisco ISE in the allowed protocols configuration
C. Configure authentication event fail retry 2 action authorize vlan 41 on the interface
D. Add mab to the interface configuration
Change the default policy in Cisco ISE to allow all devices not using machine authentication
101
What is the function of the crypto isakmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?
A. It defines what data is going to be encrypted via the VPN
B. It configures the pre-shared authentication key
C. It prevents all IP addresses from connecting to the VPN server.
D. It configures the local address for the VPN server.
It configures the pre-shared authentication key
102
An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?
A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE
B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE
C. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO
D. Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE
Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE
103
An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?
A. Platform as a Service because the customer manages the operating system
B. Infrastructure as a Service because the customer manages the operating system
C. Platform as a Service because the service provider manages the operating system
D. Infrastructure as a Service because the service provider manages the operating system
Platform as a Service because the service provider manages the operating system
104
How does a cloud access security broker function?
A. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution
B. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution
C. It acts as a security information and event management solution and receives syslog from other cloud solutions
D. It scans other cloud solutions being used within the network and identifies vulnerabilities
It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution
105
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?
A. The administrator must upload the file instead of the hash for Cisco AMP to use
B. The MD5 hash uploaded to the simple detection policy is in the incorrect format
C. The APK must be uploaded for the application that the detection is intended
D. Detections for MD5 signatures must be configured in the advanced custom detection policies
Detections for MD5 signatures must be configured in the advanced custom detection policies
106
What is the difference between a vulnerability and an exploit?
A. A vulnerability is a hypothetical event for an attacker to exploit
B. A vulnerability is a weakness that can be exploited by an attacker
C. An exploit is a weakness that can cause a vulnerability in the network
D. An exploit is a hypothetical event that causes a vulnerability in the network
A vulnerability is a weakness that can be exploited by an attacker
107
Which feature is leveraged by advanced antimalware capabilities to be an effective endpoint protection platform?
A. big data
B. storm centers
C. sandboxing
D. blocklisting
sandboxing
108
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?
A. SDLC
B. Docker
C. Lambda
D. Contiv
Contiv
109
An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?
A. client
B. server
C. publisher
D. controller
publisher
110
```A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:///capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?
A. Disable the proxy setting on the browser
B. Disable the HTTPS server and use HTTP instead
C. Use the Cisco FTD IP address as the proxy server setting on the browser
D. Enable the HTTPS server for the device platform policy```
Enable the HTTPS server for the device platform policy
111
Which security solution protects users leveraging DNS-layer security?
A. Cisco Umbrella
B. Cisco ISE
C. Cisco ASA
D. Cisco FTD
Cisco Umbrella
112
What is the result of the
ACME-Router(config)#login block-for 100 attempts 4 within 60
command on a Cisco IOS router?
A. After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses A are permitted in ACL 60
B. After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses C are permitted in ACL 100
C. If four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt
D. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds
If four failures occur in 60 seconds
113
What is an advantage of network telemetry over SNMP pulls?
A. scalability
B. security
C. encapsulation
D. accuracy
scalability
114
What is a benefit of using a multifactor authentication strategy?
A. It provides secure remote access for applications
B. It provides an easy, single sign-on experience against multiple applications
C. It protects data by enabling the use of a second validation of identity
D. It provides visibility into devices to establish device trust
It protects data by enabling the use of a second validation of identity
115
An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be understood before choosing a solution?
A. L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701.
B. GRE over IPsec cannot be used as a standalone protocol, and L2TP can.
C. GRE over IPsec adds its own header, and L2TP does not
D. L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol.
GRE over IPsec adds its own header
116
What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)
A. Southbound APIs are used to define how SDN controllers integrate with applications.
B. Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.
C. Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.
D. Southbound interfaces utilize device configurations such as VLANs and IP addresses.
E. Southbound APIs utilize CLI, SNMP, and RESTCONF.
Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.
Southbound APIs utilize CLI, SNMP, and RESTCONF.
117
Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two)
A. Cisco ISEN
B. Cisco Umbrella
C. Cisco DNA Center
D. Cisco TrustSec
E. Cisco Duo Security
Cisco Umbrella
Cisco Duo Security
118
A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware Motion. What is a requirement for both physical hosts?
A. The hosts must run different versions of Cisco Asyncos
B. The hosts must run Cisco AsyncOS 10.0 or greater
C. The hosts must have access to the same defined network
D. The hosts must use a different datastore than the virtual appliance
The hosts must have access to the same defined network
119
An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CES addresses. Which DNS record must be modified to accomplish this task?
A. CNAME
B. A Record
C. DKIM
D. SPF
A Record
120
Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victims web browser executes the code?
A. buffer overflow
B. SQL injection
C. browser WGET
D. cross-site scripting
cross-site scripting
121
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two)
A. Create an LDAP authentication realm and disable transparent user identification
B. Deploy a separate eDirectory server, the client IP address is recorded in this server.
C. Create NTLM or Kerberos authentication realm and enable transparent user identification.
D. The eDirectory client must be installed on each client workstation
E. Deploy a separate Active Directory agent such as Cisco Context Directory Agent.
Create NTLM or Kerberos authentication realm and enable transparent user identification.
Deploy a separate Active Directory agent such as Cisco Context Directory Agent.
122
Which endpoint solution protects a user from a phishing attack?
A. Cisco AnyConnect with Umbrella Roaming Security module
B. Cisco AnyConnect with Network Access Manager module
C. Cisco Identity Services Engine
D. Cisco AnyConnect with ISE Posture module
Cisco AnyConnect with Umbrella Roaming Security module
123
An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?
A. Configure only the policy with the most recently changed timestamp.
B. Make the correct policy first in the policy order.
C. Configure the default policy to redirect the requests to the correct policy.
D. Place the policy with the most-specific configuration last in the policy order.
Make the correct policy first in the policy order.
124
Refer to the exhibit.
exhibit missing
Which configuration item makes it possible to have the AAA session on the network?
Note: This question is missing the exhibit so we cannot say which answer is correct.
A. aaa authorization network default group ise
B. aaa authorization exec default ise
C. aaa authentication login console ise
D. aaa authentication enable default enable
?
125
Refer to the exhibit.
exhibit missing
What is the function of the Python script code snippet for the Cisco ASA REST API?
Note: This question is missing the exhibit so we cannot say which answer is correct.
A. deletes a global rule from policies
B. obtains the saved configuration of the Cisco ASA firewall
C. changes the hostname of the Cisco ASA
D. adds a global rule into policies
?
126
Refer to the exhibit.
exhibit missing
When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block. What is the result of the
configuration?
A. Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked
B. Only URLs for botnets with reputation scores of 1-3 will be blocked
C. Only URLs for botnets with reputation scores of 3-5 will be blocked
D. Only URLs for botnets with a reputation score of 3 will be blocked
Only URLs for botnets with reputation scores of 1-3 will be blocked
(not sure as the exhibit is missing)
127
What are two functionalities of SDN Northbound APIs? (Choose two)
A. Northbound APIs provide a programmable interface for applications to dynamically configure the network.
B. Northbound APIs form the interface between the SDN controller and business applications.
C. Northbound APIs use the NETCONF protocol to communicate with applications.
D. Northbound APIs form the interface between the SDN controller and the network switches or routers.
E. OpenFlow is a standardized northbound API protocol.
Northbound APIs provide a programmable interface for applications to dynamically configure the network.
Northbound APIs form the interface between the SDN controller and business applications.
128
What must be enabled to secure SaaS-based applications?
A. two-factor authentication
B. end-to-end encryption
C. application security gateway
D. modular policy framework
two-factor authentication
129
A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?
A. Create an advanced attribute setting of Cisco.cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.
B. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
C. Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit
D. Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit
Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.
130
What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?
A. Cisco AMP for Endpoints prevents, detects, and responds to attacks before damage can be done, and Cisco Umbrella provides the first line of defense against Internet threats.
B. Cisco AMP for Endpoints prevents connections to malicious destinations, and Cisco Umbrella works at the file level to prevent the initial execution of malware.
C. Cisco AMP for Endpoints automatically researches indicators of compromise and confirms threats, and Cisco Umbrella does not
D. Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not
Cisco AMP for Endpoints prevents
131
What is the intent of a basic SYN flood attack?
A. to flush the register stack to re-initiate the buffers
B. to solicit DNS responses
C. to exceed the threshold limit of the connection queue
D. to cause the buffer to overflow
to exceed the threshold limit of the connection queue
132
Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?
A. OpenC2
B. OpenIoC
C. STIX
D. Cybox
OpenIoC
133
Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two)
A. PowerOn Auto Provisioning
B. Cisco Cloud Director
C. Seed IP
D. CDP AutoDiscovery
E. Cisco Prime Infrastructure
PowerOn Auto Provisioning
Seed IP
134
Which role is a default guest type in Cisco ISE?
A. Full-Time
B. Contractor
C. Yearly
D. Monthly
Contractor
135
An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?
A. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories
B. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.
C. Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.
D. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.
Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories
136
An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?
A. consumption
B. editing
C. sharing
D. authoring
consumption
137
Why is it important to have a patching strategy for endpoints?
A. so that functionality is increased on a faster scale when it is used
B. so that known vulnerabilities are targeted and having a regular patch cycle reduces risks
C. so that patching strategies can assist with disabling nonsecure protocols in applications
D. to take advantage of new features released with patches
so that known vulnerabilities are targeted and having a regular patch cycle reduces risks
138
What is a description of microsegmentation?
A. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery
B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate
C. Environments implement private VLAN segmentation to group servers with similar applications
D. Environments deploy centrally managed host-based firewall rules on each server or container
Environments apply a zero-trust model and specify how applications on different servers or containers can communicate
139
Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?
A. Cisco Container Controller
B. Cisco Container Platform
C. Cisco Cloud Platform
D. Cisco Content Platform
Cisco Container Platform
140
What are two functions of TAXII in threat intelligence sharing? (Choose two)
A. exchanges trusted anomaly intelligence information
B. determines how threat intelligence information is relayed
C. determines the "what" of threat intelligence
D. supports STIX information and allows users to describe threat motivations and abilities
exchanges trusted anomaly intelligence information
determines how threat intelligence information is relayed
141
An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements. What else must be done to accomplish this task?
A. Create a destination list for addresses to be allowed or blocked
B. Use content categories to block or allow specific addresses
C. Add the specified addresses to the identities list and create a block action
D. Modify the application settings to allow only applications to connect to required addresses
Create a destination list for addresses to be allowed or blocked
