my cards 2 Flashcards by me myself

Cisco Threat Intelligence Director

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
A. Cisco Umbrella
B. External Threat Feeds
C. Cisco Threat Grid
D. Cisco Stealthwatch

B. External Threat Feeds

How well did you know this?

Not at all

Perfectly

AAA

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
A. aaa server radius dynamic-author
B. auth-type all
C. aaa new-model
D. ip device-tracking

C. aaa new-model

How well did you know this?

Not at all

Perfectly

Firepower

What is a characteristic of Firepower NGIPS inline deployment mode?
A. ASA with Firepower module cannot be deployed
B. It cannot take actions such as blocking traffic
C. It is out-of-band from traffic
D. It must have inline interface pairs configured

D. It must have inline interface pairs configured

How well did you know this?

Not at all

Perfectly

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?
A. routed mode
B. multiple zone mode
C. multiple context mode
D. transparent mode

C. multiple context mode

How well did you know this?

Not at all

Perfectly

What is managed by Cisco Security Manager?
A. Cisco WLC
B. Cisco ESA
C. Cisco WSA
D. Cisco ASA

D. Cisco ASA

How well did you know this?

Not at all

Perfectly

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?
A. Cisco Firepower
B. Cisco Umbrella
C. Cisco ISE
D. Cisco AMP

D. Cisco AMP

How well did you know this?

Not at all

Perfectly

An engineer notices traffic interruptions on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?
A. Storm Control
B. embedded event monitoring
C. access control lists
D. Bridge Protocol Data Unit guard

A. Storm Control

How well did you know this?

Not at all

Perfectly

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?
A. Multiple NetFlow collectors are supported.
B. Advanced NetFlow v9 templates and legacy v5 formatting are supported.
C. Secure NetFlow connectors are optimized for Cisco Prime Infrastructure
D. Flow-create events are delayed.

A. Multiple NetFlow collectors are supported.

How well did you know this?

Not at all

Perfectly

What is a key difference between Cisco Firepower and Cisco ASA?
A. Cisco Firepower provides identity based access control while Cisco ASA does not.
B. Cisco ASA provides access control while Cisco Firepower does not.
C. Cisco ASA provides SSL inspection while Cisco Firepower does not.
D. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

How well did you know this?

Not at all

Perfectly

DRAG DROP -
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.
Select and Place:

Privilege escalation
user login suspicious behavior
interesting file access
file access from a different user

Tetration platform learns the normal behavior of users
Tetration platform is armed to look at sensitive files
Tetration patform watches user access failures and methods
Tetration platform watches for movement in the process lienage tee

Tetration platform learns the normal behavior of users - file access from a different user

Tetration platform is armed to look at sensitive files - interesting file access

Tetration patform watches user access failures and methods - user login suspicious behavior

Tetration platform watches for movement in the process lienage tee - Privilege escalation

How well did you know this?

Not at all

Perfectly

FMC ASDM

What is a benefit of using Cisco FMC over Cisco ASDM?
A. Cisco FMC uses Java while Cisco ASDM uses HTML5.
B. Cisco FMC provides centralized management while Cisco ASDM does not.
C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices.

B. Cisco FMC provides centralized management while Cisco ASDM does not.

How well did you know this?

Not at all

Perfectly

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
A. Threat Intelligence Director
B. Encrypted Traffic Analytics.
C. Cognitive Threat Analytics.
D. Cisco Talos Intelligence

A. Threat Intelligence Director.

How well did you know this?

Not at all

Perfectly

A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)
A. permit
B. allow
C. reset
D. trust
E. monitor

B. allow
D. trust

How well did you know this?

Not at all

Perfectly

What is a characteristic of a bridge group in a Cisco ASA Firewall running in transparent mode?
A. It has an IP address on its BVI interface and is used for management traffic.
B. It allows ARP traffic with a single access rule.
C. It includes multiple interfaces and access rules between interfaces are customizable.
D. It is a Layer 3 segment and includes one port and customizable access rules.

C. It includes multiple interfaces and access rules between interfaces are customizable.

How well did you know this?

Not at all

Perfectly

While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)
A. IP addresses
B. URLs
C. port numbers
D. protocol IDs
E. MAC addresses

A. IP addresses
B. URLs

How well did you know this?

Not at all

Perfectly

What features does Cisco FTDv provide over Cisco ASAv?
A. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not.
B. Cisco FTDv runs on VMware while Cisco ASAv does not.
C. Cisco FTDv runs on AWS while Cisco ASAv does not.
D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

How well did you know this?

Not at all

Perfectly

A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?
A. need to be reestablished with stateful failover and preserved with stateless failover
B. preserved with both stateful and stateless failover
C. need to be reestablished with both stateful and stateless failover
D. preserved with stateful failover and need to be reestablished with stateless failover

D. preserved with stateful failover and need to be reestablished with stateless failover

How well did you know this?

Not at all

Perfectly

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
A. authoring
B. consumption
C. sharing
D. analysis

B. consumption

How well did you know this?

Not at all

Perfectly

An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
A. Set a trusted interface for the DHCP server.
B. Set the DHCP snooping bit to 1.
C. Enable ARP inspection for the required VLAN.
D. Add entries in the DHCP snooping database.

A. Set a trusted interface for the DHCP server.

How well did you know this?

Not at all

Perfectly

What is a prerequisite when integrating a Cisco ISE server and an AD domain?
A. Configure a common administrator account.
B. Place the Cisco ISE server and the AD server in the same subnet.
C. Synchronize the clocks of the Cisco ISE server and the AD server.
D. Configure a common DNS server.

C. Synchronize the clocks of the Cisco ISE server and the AD server.

How well did you know this?

Not at all

Perfectly

When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0.
The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
A. The key server that is managing the keys for the connection will be at 1.2.3.4.
B. The address that will be used as the crypto validation authority.
C. All IP addresses other than 1.2.3.4 will be allowed.
D. The remote connection will only be allowed from 1.2.3.4.

D. The remote connection will only be allowed from 1.2.3.4.

How well did you know this?

Not at all

Perfectly

A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?
A. define the encryption algorithm to be used by SNMPv3
B. set the password to be used for SNMPv3 authentication
C. map SNMPv3 users to SNMP views
D. specify the UDP port used by SNMP

C. map SNMPv3 users to SNMP views

How well did you know this?

Not at all

Perfectly

DRAG DROP -
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
Select and Place:

Version 1
Version 5
Version 8
Version 9

introduced extensibility
appropiate only for legacy systems
introduced support for aggregation caches
appropiate only for the main cache

appropiate only for legacy systems - version 1
appropiate only for the main cache - version 5
introduced extensibility - version 8
introduced support for aggregation caches - version 9

How well did you know this?

Not at all

Perfectly

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco
Firepower. Which feature should be used to accomplish this?
A. Network Discovery
B. Access Control
C. Packet Tracer
D. NetFlow

A. Network Discovery

How well did you know this?

Not at all

Perfectly

Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this? Anyconnect connection profile screenshot A. Method B. SAML Server C. AAA Server Group D. Group Policy

A. Method

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392481137. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however is unable to do so. Which command is required to enable the client to accept the server's authentication key? A. ntp server 1.1.1.2 key 1 B. ntp peer 1.1.1.2 key 1 C. ntp server 1.1.1.1 key 1 D. ntp peer 1.1.1.1 key 1

C. ntp server 1.1.1.1 key 1

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.) A. Enable the snmp-server enable traps command and wait 300 seconds. B. Use EEM to have the ports return to service automatically in less than 300 seconds C. Ensure that interfaces are configured with the error-disable detection and recovery feature. D. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval. E. Enter the shutdown and no shutdown commands on the interfaces.

C. Ensure that interfaces are configured with the error-disable detection and recovery feature. E. Enter the shutdown and no shutdown commands on the interfaces.

Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD uses a registration key of Cisc392481137 and is not behind a NAT device. Which command is needed to enable this on the Cisco FTD? Screenshot firepower add device host 1.1.2 display name ftd123 registration key group FTD_Group access contro policy FTD Policy A. configure manager add 16 B. configure manager add DONTRESOLVE FTD123 C. configure manager add D. configure manager add DONTRESOLVE

C. configure manager add

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this? A. a Network Analysis policy to receive NetFlow data from the host B. a File Analysis policy to send file data into Cisco Firepower C. a Network Discovery policy to receive data from the host D. a Threat Intelligence policy to download the data from the host

C. a Network Discovery policy to receive data from the host

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users? A. file access from a different user B. user login suspicious behavior C. privilege escalation D. interesting file access

A. file access from a different user

Which attribute has the ability to change during the RADIUS CoA? A. authorization B. NTP C. accessibility D. membership

A. authorization

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue? A. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE. B. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE. C. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect. D. Configure the device sensor feature within the switch to send the appropriate protocol information.

D. Configure the device sensor feature within the switch to send the appropriate protocol information.

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASA that must migrate over to Cisco FTDs. Which solution meets the needs of the organization? A. Cisco FMC B. CDO C. CSM D. Cisco FDM

B. CDO

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes? A. Telemetry uses push and pull, which makes it more secure than SNMP. B. Telemetry uses push and pull, which makes it more scalable than SNMP. C. Telemetry uses a push method, which makes it faster than SNMP. D. Telemetry uses a pull method, which makes it more reliable than SNMP.

C. Telemetry uses a push method, which makes it faster than SNMP.

Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue? ``` ntp authentication-key 10 md5 cisco123 ntp trusted-key 10 ``` A. The hashing algorithm that was used was MD5, which is unsupported. B. The key was configured in plain text. C. NTP authentication is not enabled. D. The router was not rebooted after the NTP configuration updated

C. NTP authentication is not enabled.

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements? A. Enable traffic analysis in the Cisco FTD. B. Implement pre-filter policies for the CIP preprocessor. C. Configure intrusion rules for the DNP3 preprocessor. D. Modify the access control policy to trust the industrial traffic.

C. Configure intrusion rules for the DNP3 preprocessor.

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together? A. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices. B. Set the sftunnel port to 8305. C. Manually change the management port on Cisco FMC and all managed Cisco FTD devices. D. Set the sftunnel to go through the Cisco FTD.

C. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.

# VPN ikev1 An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this? A. crypto isakmp identity address 172.19.20.24 B. crypto ca identity 172.19.20.24 C. crypto enrollment peer address 172.19.20.24 D. crypto isakmp key Cisco0123456789 172.19.20.24

D. crypto isakmp key Cisco0123456789 172.19.20.24

# VPN ikev2 A Cisco FTD engineer is creating a newIKEv2 policy called s2s00123456789 for their organization to allow additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this? A. Change the encryption to AES* to support all AES algorithms in the primary policy. B. Make the priority for the primary policy 10 and the new policy 1. C. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy. D. Make the priority for the new policy 5 and the primary policy 1.

D. Make the priority for the new policy 5 and the primary policy 1.

What is a functional difference between a Cisco ASA and Cisco IOS router with Zone-Based Policy Firewall? A. The Cisco ASA can be configured for high availability, whereas the Cisco IOS router with Zone-Based Policy Firewall cannot. B. The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot. C. The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces. D. The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas Cisco ASA starts out by allowing traffic until rules are added.

C. The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealthwatch406143794 command. Which additional command is required to complete the flow record? A. cache timeout active 60 B. destination 1.1.1.1 C. match ipv4 ttl D. transport udp 2055

C. match ipv4 ttl

# DUO An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task? A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE. B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE. C. Modify the current policy with the condition MFA: SourceSequence:DUO=true in the authorization conditions within Cisco ISE. D. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE.

What is the function of the crypto isakmp key cisc406143794 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel? A. It prevents all IP addresses from connecting to the VPN server. B. It configures the pre-shared authentication key. C. It configures the local address for the VPN server. D. It defines what data is going to be encrypted via the VPN.

B. It configures the pre-shared authentication key.

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration? A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server. B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface. C. RADIUS requests are generated only by a router if a RADIUS source interface is defined. D. Encrypted RADIUS authentication requires the RADIUS source interface be defined.

A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true? A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled. B. A sysopt command can be used to enable NSEL on a specific interface. C. NSEL can be used without a collector configured. D. A flow-export event type must be defined under a policy.

D. A flow-export event type must be defined under a policy.

# Firepower NGIPS Which feature requires a network discovery policy on the Cisco Firepower NGIPS? A. security intelligence B. impact flags C. health monitoring D. URL filtering

B. impact flags

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System? A. correlation B. intrusion C. access control D. network discovery

D. network discovery

What is a characteristic of traffic storm control behavior? A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. B. Traffic storm control cannot determine if the packet is unicast or broadcast. C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

DRAG DROP - Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right. Select and Place: Portscan detection Port sweep decoy portscan distributed protscan many-to-one Portscan in witch mutiple host query a single host for open ports one-to-one portscan, attacker mixes spoofed source ip address with the actual scanning ip address one-to-many port sweep, and attacker against one or a few host to scan a single port or multiple target hosts one-to-one portscan, an attacker against one or a few host to scan one or multiple hosts

many-to-one Portscan in witch mutiple host query a single host for open ports - distributed protscan one-to-one portscan, attacker mixes spoofed source ip address with the actual scanning ip address - decoy portscan one-to-many port sweep, and attacker against one or a few host to scan a single port or multiple target hosts - Port sweep one-to-one portscan, an attacker against one or a few host to scan one or multiple hosts - Portscan detection

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true? ``` aaa new-model radius-server host 10.0.0.12 key secret12 ``` A. The authentication request contains only a password B. The authentication request contains only a username C. The authentication and authorization requests are grouped in a single packet. D. There are separate authentication and authorization request packets.

C. The authentication and authorization requests are grouped in a single packet.

Which deployment model is the most secure when considering risks to cloud adoption? A. public cloud B. hybrid cloud C. community cloud D. private cloud

D. private cloud

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective? A. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously. B. It discovers and controls cloud apps that are connected to a company's corporate environment. C. It deletes any application that does not belong in the network. D. It sends the application information to an administrator to act on.

B. It discovers and controls cloud apps that are connected to a company's corporate environment.

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries? A. DNS tunneling B. DNSCrypt C. DNS security D. DNSSEC

A. DNS tunneling

Which technology reduces data loss by identifying sensitive information stored in public computing environments? A. Cisco SDA B. Cisco Firepower C. Cisco HyperFlex D. Cisco Cloudlock

D. Cisco Cloudlock

In which cloud services model is the tenant responsible for virtual machine OS patching? A. IaaS B. UCaaS C. PaaS D. SaaS

A. IaaS

What is the function of Cisco Cloudlock for data security? A. data loss prevention B. controls malicious cloud apps C. detects anomalies D. user and entity behavior analytics

A. data loss prevention

Which feature is supported when deploying Cisco ASAv within AWS public cloud? A. multiple context mode B. user deployment of Layer 3 networks C. IPv6 D. clustering

B. user deployment of Layer 3 networks

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure? A. PaaS B. XaaS C. IaaS D. SaaS

A. PaaS

Which risk is created when using an Internet browser to access cloud-based service? A. misconfiguration of Infra, which allows unauthorized access B. intermittent connection to the cloud connectors C. vulnerabilities within protocol D. insecure implementation of API

D. insecure implementation of API

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise? A. Cisco AppDynamics B. Cisco Cloudlock C. Cisco Umbrella D. Cisco AMP

B. Cisco Cloudlock

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.) A. middleware B. applications C. virtualization D. operating systems E. data

B. applications E. data

Which public cloud provider supports the Cisco Next Generation Firewall Virtual? A. Google Cloud Platform B. Red Hat Enterprise Virtualization C. Amazon Web Services D. VMware ESXi

C. Amazon Web Services

What is an attribute of the DevSecOps process? A. security scanning and theoretical vulnerabilities B. development security C. isolated security team D. mandated security controls and check lists

B. development security

On which part of the IT environment does DevSecOps focus? A. application development B. wireless network C. data center D. perimeter network

A. application development

In a PaaS model, which layer is the tenant responsible for maintaining and patching? A. hypervisor B. virtual machine C. network D. application

D. application

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.) A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS B. Cisco FTDv with one management interface and two traffic interfaces configured C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises D. Cisco FTDv with two management interfaces and one traffic interface configured E. Cisco FTDv configured in routed mode and IPv6 configured

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

DRAG DROP - Drag and drop the steps from the left into the correct order on the right to enable Cisco AppDynamics to monitor an EC2 instance in AWS. Select and Place: Install monitoring extension for AWS EC2 Restart the Machine Agent Update config yaml Configure a Machine Agent or SIM Agent

Configure a Machine Agent or SIM Agent Install monitoring extension for AWS EC2 Update config yaml Restart the Machine Agent

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway? A. Enable IP Layer enforcement. B. Activate the Cisco AMP license. C. Activate SSL decryption. D. Enable Intelligent Proxy.

D. Enable Intelligent Proxy.

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal? A. Cisco ISE B. Web Security Appliance C. Security Manager D. Cloudlock

D. Cloudlock The trick is not on premise

What are the two types of managed Intercloud Fabric deployment models? (Choose two.) A. Service Provider managed B. User managed C. Public managed D. Hybrid managed E. Enterprise managed

A. Service Provider managed E. Enterprise managed

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal? A. CASB B. Cisco Cloudlock C. Adaptive MFA D. SIEM

B. Cisco Cloudlock

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal? A. Cisco Defense Orchestrator B. Cisco Configuration Professional C. Cisco Secureworks D. Cisco DNA Center

A. Cisco Defense Orchestrator

Which factor must be considered when choosing the on-premise solution over the cloud-based one? A. With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it. B. With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product. C. With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product. D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

D. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements? A. Cisco NGFW B. Cisco Cloudlock C. Cisco Cloud Email Security D. Cisco Umbrella

B. Cisco Cloudlock

In an IaaS cloud services model, which security function is the provider responsible for managing? A. firewalling virtual machines B. Internet proxy C. hypervisor OS hardening D. CASB

A. firewalling virtual machines

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based on operate as a cloud-native CASB. Which solution must be used for this implementation? A. Cisco Cloud Email Security B. Cisco Cloudlock C. Cisco Umbrella D. Cisco Firepower Nest-Generation Firewall

B. Cisco Cloudlock

DRAG DROP - Drag and drop the cloud security assessment components from the left onto the definitions on the right. Select and Place: -user entity behavior assesment -cloud data protection assessment -cloud security strategy workshop -cloud security architecture assessment ---- develop a cloud security strategy and roadmap aligned to business priorities identify strengths and areas for improvement in the current security architecture during onboarding understand the security posture of the data or activity taking place in public cloud deployments detect potential anomalies in user behavior that suggest malicious behavior in a software-as-a-service application

develop a cloud security strategy and roadmap aligned to business priorities - cloud security strategy workshop identify strengths and areas for improvement in the current security architecture during onboarding - cloud security architecture assessment understand the security posture of the data or activity taking place in public cloud deployments - cloud data protection assessment detect potential anomalies in user behavior that suggest malicious behavior in a software-as-a-service application - user entity behavior assesment

An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements? A. virtual routing and forwarding B. access control policy C. virtual LAN D. microsegmentation

B. access control policy

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group? A. community B. private C. public D. hybrid

A. community

How does Cisco Workload Optimization Manager help mitigate application performance issues? A. It automates resource resizing. B. It sets up a workload forensic score. C. It optimizes a flow path. D. It deploys an AWS Lambda system.

A. It automates resource resizing.

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications? A. CI/CD pipeline B. container C. orchestration D. security

A. CI/CD pipeline

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container? A. SDLC B. Lambda C. Contiv D. Docker

C. Contiv

An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment? A. Infrastructure as a Service because the customer manages the operating system. B. Platform as a Service because the service provider manages the operating system. C. Infrastructure as a Service because the service provider manages the operating system. D. Platform as a Service because the customer manages the operating system.

B. Platform as a Service because the service provider manages the operating system.

How does a cloud access security broker function? A. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution. B. It scans other cloud solutions being used within the network and identifies vulnerabilities. C. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution. D. It acts as a security information and event management solution and receives syslog from other cloud solutions.

C. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two.) A. Send syslog from AWS to Cisco Stealthwatch Cloud. B. Configure Cisco Stealthwatch Cloud to ingest AWS information. C. Send VPC Flow Logs to Cisco Stealthwatch Cloud. D. Configure Cisco Thousand Eyes to ingest AWS information. E. Configure Cisco ACI to ingest AWS information.

A. Send syslog from AWS to Cisco Stealthwatch Cloud. C. Send VPC Flow Logs to Cisco Stealthwatch Cloud.

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements? A. NetFlow collectors B. Cisco Cloudlock C. Cisco Stealthwatch Cloud D. Cisco Umbrella

C. Cisco Stealthwatch Cloud

# Umbrella Where are individual sites specified to be blacklisted in Cisco Umbrella? A. application settings B. content categories C. security settings D. destination lists

D. destination lists

# Umbrella An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing? A. Ensure that the client computers are pointing to the on-premises DNS servers. B. Enable the Intelligent Proxy to validate that traffic is being routed correctly. C. Add the public IP address that the client computers are behind to a Core Identity. D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

# Umbrella How does Cisco Umbrella archive logs to an enterprise-owned storage? A. by using the Application Programming Interface to fetch the logs B. by sending logs via syslog to an on-premises or cloud-based syslog server C. by the system administrator downloading the logs from the Cisco Umbrella web portal D. by being configured to send logs to a self-managed AWS S3 bucket

D. by being configured to send logs to a self-managed AWS S3 bucket

Which API is used for Content Security? A. NX-OS API B. IOS XR API C. OpenVuln API D. AsyncOS API

D. AsyncOS API

# talos Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic? A. IP Block List Center B. File Reputation Center C. AMP Reputation Center D. IP and Domain Reputation Center

D. IP and Domain Reputation Center

# ESA What is the primary role of the Cisco Email Security Appliance? A. Mail Submission Agent B. Mail Transfer Agent C. Mail Delivery Agent D. Mail User Agent

B. Mail Transfer Agent

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.) A. DDoS B. antispam C. antivirus D. encryption E. DLP

D. encryption E. DLP

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication? A. Configure the Cisco ESA to reset the TCP connection. B. Configure policies to stop and reject communication. C. Configure the Cisco ESA to drop the malicious emails. D. Configure policies to quarantine malicious emails.

A. Configure the Cisco ESA to reset the TCP connection.

``` Gateway of last resort is 1.1.1.1 to network 0.0.0.0 S* 0.0.0.0 0.0.0.0 [1/0] via 1.1.1.1, outside C 172.16.10.10 is directly connected, outside S 192168100 [255/255] via 192168100, inside C 17216 is directly connected, inside S 10-10-10-10 [110/2] via direct connect, dmz access-list redirect-acl permit ip 192.168.10002552550 any access-list redirect-acl permit ip 172.16.0.0. 255.255.0.0 any class-map redirect-class match access-list redirect-acl policy-map redirect-policy class redirect-class set connection advanced-options tcp-state-bypass service-policy inside-policy global sfr fail-open ``` Refer to the exhibit. What is a result of the configuration? A. Traffic from the DMZ network is redirected. B. Traffic from the inside network is redirected. C. All TCP traffic is redirected. D. Traffic from the inside and DMZ networks is redirected.

D. Traffic from the inside and DMZ networks is redirected.

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this? A. Configure the Cisco WSA to modify policies based on the traffic seen. B. Configure the Cisco ESA to modify policies based on the traffic seen. C. Configure the Cisco WSA to receive real-time updates from Cisco Talos. D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.

D. Configure the Cisco ESA to receive real-time updates from Cisco Talos.

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.) A. The Cisco WSA responds with its own IP address only if it is running in explicit mode. B. The Cisco WSA is configured in a web browser only if it is running in transparent mode. C. The Cisco WSA responds with its own IP address only if it is running in transparent mode. D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode. E. When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

A. The Cisco WSA responds with its own IP address only if it is running in explicit mode. D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

Which technology is used to improve web traffic performance by proxy caching? A. WSA B. Firepower C. FireSIGHT D. ASA

A. WSA

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP? A. transparent B. redirection C. forward D. proxy gateway

A. transparent

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options? A. It decrypts HTTPS application traffic for unauthenticated users. B. It alerts users when the WSA decrypts their traffic. C. It decrypts HTTPS application traffic for authenticated users. D. It provides enhanced HTTPS application detection for AsyncOS.

D. It provides enhanced HTTPS application detection for AsyncOS.

my cards 2 Flashcards

my cards 2 (100 cards)