my cards 3 Flashcards by me myself

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

A. The ESA immediately makes another attempt to upload the file.
B. The file upload is abandoned.
C. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
D. The file is queued for upload when connectivity is restored

B. The file upload is abandoned.

How well did you know this?

Not at all

Perfectly

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?

A. SAT
B. BAT
C. HAT
D. RAT

D. RAT

How well did you know this?

Not at all

Perfectly

Why would a user choose an on-premises ESA versus the CES solution?

A. Sensitive data must remain onsite.
B. Demand is unpredictable.
C. The server team wants to outsource this service.
D. ESA is deployed inline.

A. Sensitive data must remain onsite.

How well did you know this?

Not at all

Perfectly

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)

A. Sophos engine
B. white list
C. RAT
D. outbreak filters
E. DLP

A. Sophos engine
D. outbreak filters

How well did you know this?

Not at all

Perfectly

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

A. Modify web proxy settings.
B. Modify outbound malware scanning policies.
C. Modify identification profiles.
D. Modify an access policy.

A. Modify web proxy settings.

How well did you know this?

Not at all

Perfectly

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A. Configure Directory Harvest Attack Prevention
B. Bypass LDAP access queries in the recipient access table.
C. Use Bounce Verification.
D. Configure incoming content filters.

A. Configure Directory Harvest Attack Prevention

How well did you know this?

Not at all

Perfectly

How well did you know this?

Not at all

Perfectly

In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.)

A. use Web Cache Communication Protocol
B. configure AD Group Policies to push proxy settings
C. configure the proxy IP address in the web-browser settings
D. configure policy-based routing on the network infrastructure
E. reference a Proxy Auto Config file

A. use Web Cache Communication Protocol
D. configure policy-based routing on the network infrastructure

How well did you know this?

Not at all

Perfectly

What is the function of the Context Directory Agent?

A. reads the AD logs to map IP addresses to usernames
B. relays user authentication requests from Cisco WSA to AD
C. maintains users' group memberships
D. accepts user authentication requests on behalf of Cisco WSA for user identification

A. reads the AD logs to map IP addresses to usernames

How well did you know this?

Not at all

Perfectly

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the Chat and Instant Messaging category. Which reputation score should be selected to accomplish this goal?

A. 5
B. 10
C. 3
D. 1

D. 1

How well did you know this?

Not at all

Perfectly

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

A. The policy was created to send a message to quarantine instead of drop.
B. The file has a reputation score that is below the threshold.
C. The file has a reputation score that is above the threshold.
D. The policy was created to disable file analysis.

B. The file has a reputation score that is below the threshold.

How well did you know this?

Not at all

Perfectly

An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?

A. deliver and add disclaimer text
B. quarantine and send a DLP violation notification
C. quarantine and alter the subject header with a DLP violation
D. deliver and send copies to other recipients

B. quarantine and send a DLP violation notification

How well did you know this?

Not at all

Perfectly

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two.)

A. Deploy the Cisco ESA in the DMZ.
B. Use outbreak filters from SenderBase.
C. Configure a recipient access table.
D. Enable a message tracking service.
E. Scan quarantined emails using AntiVirus signatures.

B. Use outbreak filters from SenderBase.
E. Scan quarantined emails using AntiVirus signatures.

How well did you know this?

Not at all

Perfectly

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

A. Use destination block lists.
B. Configure application block lists.
C. Configure the intelligent proxy.
D. Set content settings to High.

C. Configure the intelligent proxy.

How well did you know this?

Not at all

Perfectly

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

A. SQL injection
B. phishing
C. buffer overflow
D. DoS

B. phishing

How well did you know this?

Not at all

Perfectly

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

A. Use security services to configure the traffic monitor.
B. Use URL categorization to prevent the application traffic.
C. Use an access policy group to configure application control settings.
D. Use web security reporting to validate engine functionality.

C. Use an access policy group to configure application control settings.

How well did you know this?

Not at all

Perfectly

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

A. to establish secure VPN connectivity to the corporate network
B. to enforce posture compliance and mandatory software
C. to ensure that assets are secure from malicious links on and off the corporate network
D. to protect the endpoint against malicious file transfers

C. to ensure that assets are secure from malicious links on and off the corporate network

How well did you know this?

Not at all

Perfectly

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?

A. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA.
B. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device.
C. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device.
D. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device.

B. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device.

How well did you know this?

Not at all

Perfectly

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

A. Configure the domain.com address in the block list.
B. Configure the *.domain.com address in the block list.
C. Configure the *.com address in the block list.
D. Configure the *domain.com address in the block list.

A. Configure the domain.com address in the block list.

How well did you know this?

Not at all

Perfectly

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement?

A. Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not.
B. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not.
C. Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not.
D. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not.

D. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not.

How well did you know this?

Not at all

Perfectly

Which component of Cisco Umbrella architecture increases reliability of the service?

A. BGP route reflector
B. anycast IP
C. AMP Threat Grid
D. Cisco Talos

B. anycast IP

How well did you know this?

Not at all

Perfectly

A customer has various external HTTP resources available including Intranet, Extranet, and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect direct or when to use proxy?

A. Bridge mode
B. Transparent mode
C. .PAC file
D. Forward file

C. .PAC file

How well did you know this?

Not at all

Perfectly

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A. Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA.
B. URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA.
C. Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.
D. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not.

D. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not.

How well did you know this?

Not at all

Perfectly

An engineer needs to add protection for data in transit and have headers in the email message. Which configuration is needed to accomplish this goal?

A. Deploy an encryption appliance.
B. Provision the email appliance.
C. Map sender IP addresses to a host interface.
D. Enable flagged message handling.

A. Deploy an encryption appliance.

How well did you know this?

Not at all

Perfectly

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection? A. Cisco Tetration B. Cisco ISE C. Cisco AnyConnect D. Cisco AMP for Network

A. Cisco Tetration

A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access. The Cisco ESA must also join a cluster machine using preshared keys. What must be configured to meet these requirements? A. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI. B. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI. C. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI. D. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.

A. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI.

Refer to the exhibit. How does Cisco Umbrella manage traffic that is directed toward risky domains? https://www.examtopics.com/assets/media/exam-media/04313/0011600001.png A. Traffic is managed by the application settings, unhandled and allowed. B. Traffic is managed by the security settings and blocked. C. Traffic is proxied through the intelligent proxy. D. Traffic is allowed but logged.

B. Traffic is managed by the security settings and blocked.

An organization wants to improve its cybersecurity processes and to add intelligence to its data. The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA. What must be done to accomplish these objectives? A. Configure the integrations with Talos intelligence to take advantage of the threat intelligence that it provides. B. Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases. C. Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies. D. Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use.

A. Configure the integrations with Talos intelligence to take advantage of the threat intelligence that it provides.

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring? A. Client computers do not have an SSL certificate deployed from an internal CA server. B. Client computers do not have the Cisco Umbrella Root CA certificate installed. C. IP-Layer Enforcement is not configured. D. Intelligent proxy and SSL decryption is disabled in the policy.

A. Client computers do not have an SSL certificate deployed from an internal CA server.

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic? A. File Analysis B. SafeSearch C. SSL Decryption D. Destination Lists

C. SSL Decryption

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats? A. Application Control B. Security Category Blocking C. Content Category Blocking D. File Analysis

B. Security Category Blocking

How is Cisco Umbrella configured to log only security events? A. per policy B. in the Reporting settings C. in the Security Settings section D. per network in the Deployments section

A. per policy

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious? A. Cisco AMP B. Cisco AnyConnect C. Cisco Dynamic DNS D. Cisco Talos

D. Cisco Talos

What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.) A. blocked ports B. simple custom detections C. command and control D. allowed applications E. URL

B. simple custom detections D. allowed applications

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.) A. computer identity B. Windows service C. user identity D. Windows firewall E. default browser

B. Windows service D. Windows firewall

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment? A. NGFW B. AMP C. WSA D. ESA

B. AMP

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.) A. Patch for cross-site scripting. B. Perform backups to the private cloud. C. Protect against input validation and character escapes in the endpoint. D. Install a spam and virus email filter. E. Protect systems with an up-to-date antimalware program.

D. Install a spam and virus email filter. E. Protect systems with an up-to-date antimalware program.

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.) A. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. B. Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network. C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

A. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response? A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses. B. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses. C. EPP focuses on network security, and EDR focuses on device security. D. EDR focuses on network security, and EPP focuses on device security.

A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task? A. device flow correlation B. simple detections C. application blocking list D. advanced custom detections

C. application blocking list

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal? A. Port Bounce B. CoA Terminate C. CoA Reauth D. CoA Session Query

C. CoA Reauth

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.) A. malware B. denial-of-service attacks C. ARP spoofing D. exploits E. eavesdropping

A. malware D. exploits

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE? A. It adds endpoints to identity groups dynamically B. It allows the endpoint to authenticate with 802.1x or MAB C. It allows CoA to be applied if the endpoint status is compliant D. It verifies that the endpoint has the latest Microsoft security patches installed

D. It verifies that the endpoint has the latest Microsoft security patches installed Most Voted

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work? A. SNMP B. NMAP C. DHCP D. NetFlow

C. DHCP

What is the benefit of installing Cisco AMP for Endpoints on a network? A. It enables behavioral analysis to be used for the endpoints B. It provides flow-based visibility for the endpoints' network connections. C. It protects endpoint systems through application control and real-time scanning. D. It provides operating system patches on the endpoints for security.

A. It enables behavioral analysis to be used for the endpoints

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them? A. because defense-in-depth stops at the network B. because human error or insider threats will still exist C. to prevent theft of the endpoints D. to expose the endpoint to more threats

B. because human error or insider threats will still exist

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group? A. SNMP probe B. CoA C. external identity source D. posture assessment

B. CoA

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform? A. when there is a need to have more advanced detection capabilities B. when there is no firewall on the network C. when there is a need for traditional anti-malware detection D. when there is no need to have the solution centrally managed

A. when there is a need to have more advanced detection capabilities

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.) A. RADIUS B. TACACS+ C. DHCP D. sFlow E. SMTP

A. RADIUS C. DHCP

What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two.) A. single sign-on access to on-premises and cloud applications B. identification and correction of application vulnerabilities before allowing access to resources C. secure access to on-premises and cloud applications D. integration with 802.1x security using native Microsoft Windows supplicant E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

C. secure access to on-premises and cloud applications E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

What are the two most commonly used authentication factors in multifactor authentication? (Choose two.) A. biometric factor B. time factor C. confidentiality factor D. knowledge factor E. encryption factor

A. biometric factor D. knowledge factor

An MDM provides which two advantages to an organization with regards to device management? (Choose two.) A. asset inventory management B. allowed application management C. AD group policy management D. network device management E. critical device management

A. asset inventory management B. allowed application management

What is the purpose of the My Devices Portal in a Cisco ISE environment? A. to register new laptops and mobile devices B. to manage and deploy antivirus definitions and patches on systems owned by the end user C. to provision userless and agentless systems D. to request a newly provisioned mobile device

A. to register new laptops and mobile devices

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak? A. Cisco Prime Infrastructure B. Cisco ESA C. Cisco WiSM D. Cisco ISE

D. Cisco ISE

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.) A. It integrates with third-party products to provide better visibility throughout the network. B. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint. C. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints. D. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID). E. It allows multiple security products to share information and work together to enhance security posture in the network.

B. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint. D. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

What does Cisco AMP for Endpoints use to help an organization detect different families of malware? A. Tetra Engine to detect malware when the endpoint is connected to the cloud B. ClamAV Engine to perform email scanning C. Spero Engine with machine learning to perform dynamic analysis D. Ethos Engine to perform fuzzy fingerprinting

D. Ethos Engine to perform fuzzy fingerprinting

What is a benefit of conducting device compliance checks? A. It validates if anti-virus software is installed. B. It scans endpoints to determine if malicious activity is taking place. C. It indicates what type of operating system is connecting to the network. D. It detects email phishing attacks.

A. It validates if anti-virus software is installed.

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details? A. Context Visibility B. Accounting Reports C. Adaptive Network Control Policy List D. RADIUS Live Logs

D. RADIUS Live Logs

What is the role of an endpoint in protecting a user from a phishing attack? A. Ensure that antivirus and antimalware software is up-to-date. B. Use machine learning models to help identify anomalies and determine expected sending behavior. C. Use Cisco Stealthwatch and Cisco ISE Integration. D. Utilize 802.1X network security to ensure unauthorized access to resources.

A. Ensure that antivirus and antimalware software is up-to-date.

Why is it important to implement MFA inside of an organization? A. To prevent brute force attacks from being successful. B. To prevent phishing attacks from being successful. C. To prevent DoS attacks from being successful. D. To prevent man-in-the-middle attacks from being successful.

A. To prevent brute force attacks from being successful.

Which posture assessment requirement provides options to the client for remediation within a certain timeframe? A. audit B. mandatory C. visibility D. optional

B. mandatory

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but sees only the requests from its public IP addresses instead of each internal IP address. What must be done to resolve this issue? A. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard. B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard. C. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains. D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.

D. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address.

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue? A. The hash being uploaded is part of a set in an incorrect format. B. The engineer is attempting to upload a file instead of a hash. C. The file being uploaded is incompatible with simple detections and must use advanced detections. D. The engineer is attempting to upload a hash created using MD5 instead of SHA-256.

D. The engineer is attempting to upload a hash created using MD5 instead of SHA-256.

What is the benefit of integrating Cisco ISE with a MDM solution? A. It provides compliance checks for access to the network. B. It provides the ability to update other applications on the mobile device. C. It provides the ability to add applications to the mobile device through Cisco ISE. D. It provides network device administration access.

A. It provides compliance checks for access to the network.

Which feature is leveraged by advanced antimalware capabilities to be an effective endpoint protection platform? A. blocklisting B. storm centers C. big data D. sandboxing

D. sandboxing

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure? A. The administrator must upload the file instead of the hash for Cisco AMP to use. B. The APK must be uploaded for the application that the detection is intended. C. The MD5 hash uploaded to the simple detection policy is in the incorrect format. D. Detections for MD5 signatures must be configured in the advanced custom detection policies.

D. Detections for MD5 signatures must be configured in the advanced custom detection policies. Most Voted

An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN? A. Change the IP address of the new Cisco ISE node to the same network as the others. B. Make the new Cisco ISE node a secondary PAN before registering it with the primary. C. Open port 8905 on the firewall between the Cisco ISE nodes. D. Add the DNS entry for the new Cisco ISE node into the DNS server.

D. Add the DNS entry for the new Cisco ISE node into the DNS server.

Which portion of the network do EPP solutions solely focus on and EDR solutions do not? A. East-West gateways B. server farm C. core D. perimeter

D. perimeter

Which benefit does endpoint security provide the overall security posture of an organization? A. It streamlines the incident response process to automatically perform digital forensics on the endpoint. B. It allows the organization to mitigate web-based attacks as long as the user is active in the domain. C. It allows the organization to detect and respond to threats at the edge of the network. D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation? A. Nexus B. Stealthwatch C. Firepower D. Tetration

D. Tetration

An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements? A. Cisco Prime Infrastructure B. Cisco Identity Services Engine C. Cisco Stealthwatch D. Cisco AMP for Endpoints

B. Cisco Identity Services Engine

How does Cisco Stealthwatch Cloud provide security for cloud environments? A. It delivers visibility and threat detection. B. It prevents exfiltration of sensitive data. C. It assigns Internet-based DNS protection for clients and servers. D. It facilitates secure connectivity between public and private networks.

A. It delivers visibility and threat detection.

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN? A. Cisco Umbrella B. Cisco Firepower NGIPS C. Cisco Stealthwatch D. Cisco Firepower

A. Cisco Umbrella

What must be used to share data between multiple security products? A. Cisco Platform Exchange Grid B. Cisco Rapid Threat Containment C. Cisco Stealthwatch Cloud D. Cisco Advanced Malware Protection

A. Cisco Platform Exchange Grid

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.) A. Messenger applications cannot be segmented with standard network controls B. Malware infects the messenger application on the user endpoint to send company data C. Traffic is encrypted, which prevents visibility on firewalls and IPS systems D. An exposed API for the messaging platform is used to send large amounts of data E. Outgoing traffic is allowed so users can communicate with outside organizations

C. Traffic is encrypted, which prevents visibility on firewalls and IPS systems E. Outgoing traffic is allowed so users can communicate with outside organizations

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic? A. Cisco Security Intelligence B. Cisco Application Visibility and Control C. Cisco Model Driven Telemetry D. Cisco DNA Center

B. Cisco Application Visibility and Control

What provides visibility and awareness into what is currently occurring on the network? A. CMX B. WMI C. Cisco Prime Infrastructure D. Telemetry

D. Telemetry

How is ICMP used as an exfiltration technique? A. by flooding the destination host with unreachable packets B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host D. by overwhelming a targeted host with ICMP echo-request packets

C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing? https://www.examtopics.com/assets/media/exam-media/04313/0013800001.png A. dot1x reauthentication B. cisp enable C. dot1x pae authenticator D. authentication open

C. dot1x pae authenticator

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network? A. UDP 1700 B. TCP 6514 C. UDP 1812 D. TCP 49

A. UDP 1700

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.) A. data exfiltration B. command and control communication C. intelligent proxy D. snort E. URL categorization

A. data exfiltration B. command and control communication

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other? A. Platform Exchange Grid B. Multifactor Platform Integration C. Firepower Threat Defense D. Advanced Malware Protection

A. Platform Exchange Grid

Which compliance status is shown when a configured posture policy requirement is not met? A. authorized B. compliant C. unknown D. noncompliant

D. noncompliant

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements? A. Cisco Stealthwatch B. Cisco Tetration C. Cisco AMP D. Cisco Umbrella

B. Cisco Tetration

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue? A. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud. B. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud. C. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud. D. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud.

B. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud.

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network? A. Use 802.1X with posture assessment. B. Use MAB with profiling. C. Use 802.1X with profiling. D. Use MAB with posture assessment.

B. Use MAB with profiling.

Drag and drop the solutions from the left onto the solution's benefits on the right. Select and Place: CIsco Stealwatch CIsco ISE Cisco TrustSec Cisco Umbrella --- Obtains contesxtual identity and profiles for all the users and devices connected on a network software-devines segmentations that uses SGTs and allows administrator sto quicly scale and enforce policies across the network rapodly collects and analyzes NetFlow and telemetry data to deliver in-depth visibility and understanding of network traffic secure internet gateway in the cloud that provies a security solution that protects endpoints on and off the network against threats on the internet by using DNS

Obtains contesxtual identity and profiles for all the users and devices connected on a network - CIsco ISE software-devines segmentations that uses SGTs and allows administrator sto quicly scale and enforce policies across the network - Cisco TrustSec rapodly collects and analyzes NetFlow and telemetry data to deliver in-depth visibility and understanding of network traffic - CIsco Stealwatch secure internet gateway in the cloud that provies a security solution that protects endpoints on and off the network against threats on the internet by using DNS - Cisco Umbrella

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor? A. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud. B. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud. C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. D. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud.

An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements? A. Cisco Umbrella Cloud B. Cisco Stealthwatch Cloud PNM C. Cisco Stealthwatch Cloud PCM D. Cisco Umbrella On-Premises

B. Cisco Stealthwatch Cloud PNM

What is a benefit of performing device compliance? A. providing multi-factor authentication B. verification of the latest OS patches C. providing attribute-driven policies D. device classification and authorization

B. verification of the latest OS patches

Which type of DNS abuse exchanges data between two computers even when there is no direct connection? A. malware installation B. network footprinting C. command-and-control communication D. data exfiltration

C. command-and-control communication

How is data sent out to the attacker during a DNS tunneling attack? A. as part of the domain name B. as part of the UDP/53 packet payload C. as part of the TCP/53 packet header D. as part of the DNS response packet

B. as part of the UDP/53 packet payload

Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802. 1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials; however, printers and video cameras cannot. Based on the interface configuration provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls? ``` interface Ethernet0/0 description Link to ISP ip address 192.168.1.1 255.255.255.0 no shutdown ! interface Ethernet0/1 description Internal Network switchport mode access switchport access vlan 10 spanning-tree portfast ! interface Ethernet0/2 description Guest Network switchport mode access switchport access vlan 20 spanning-tree portfast ! interface Ethernet0/3 description Management Network switchport mode access switchport access vlan 30 spanning-tree portfast ! ``` A. Configure authentication event fail retry 2 action authorize vlan 41 on the interface. B. Add mab to the interface configuration. C. Enable insecure protocols within Cisco ISE in the allowed protocols configuration. D. Change the default policy in Cisco ISE to allow all devices not using machine authentication.

B. Add mab to the interface configuration.

Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find pattern on threats. Which term describes this process? A. authoring B. consumption C. deployment D. sharing

D. sharing

Refer to the exhibit. What will occur when this device tries to connect to the port? ``` interface GigabitEthernet0/0/18 description ISE dot1x Port switchport access vlan 41 switchport mode access switchport voice vlan 44 device tracking attach-policy IPDT_MAX_10 authentication periodic authentication timer reauthenticate server access-session host-mode multi-domain access-session port-control auto snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 3 dot1x max-req 3 spanning-tree portfast service policy type control subscriber POLICY_Gi1/0/18 ``` A. 802. 1X will not work, but MAB will start and allow the device on the network. B. 802. 1X will work and the device will be allowed on the network. C. 802. 1X will not work and the device will not be allowed network access. D. 802. 1X and MAB will both be used and ISE can use policy to determine the access level.

B. 802. 1X will work and the device will be allowed on the network.

# telemetry Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length? A. flow insight variation B. software package variation C. interpacket variation D. process details variation

C. interpacket variation

# telemetry Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity? A. SNMP B. SMTP C. syslog D. model-driven telemetry

D. model-driven telemetry

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.) A. TACACS+ B. central web auth C. single sign-on D. multiple factor auth E. local web auth

B. central web auth E. local web auth

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work? A. RSA SecureID B. Internal Database C. Active Directory D. LDAP

A. RSA SecureID

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant before they are allowed on the network? A. Cisco Identity Services Engine and AnyConnect Posture module B. Cisco Stealthwatch and Cisco Identity Services Engine integration C. Cisco ASA firewall with Dynamic Access Policies configured D. Cisco Identity Services Engine with PxGrid services enabled

A. Cisco Identity Services Engine and AnyConnect Posture module

Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them? A. Cisco Identity Services Engine B. Cisco Enterprise Security Appliance C. Cisco Web Security Appliance D. Cisco Advanced Stealthwatch Appliance

C. Cisco Web Security Appliance

my cards 3 Flashcards

(101 cards)