my cards 4 Flashcards by me myself

What are two things to consider when using PAC files with the Cisco WSA? (Choose two.)

A. If the WSA host port is changed, the default port redirects web traffic to the correct port automatically.
B. PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.
C. The WSA hosts PAC files on port 9001 by default.
D. The WSA hosts PAC files on port 6001 by default.
E. By default, they direct traffic through a proxy when the PC and the host are on the same subnet.

B. PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.
C. The WSA hosts PAC files on port 9001 by default.

How well did you know this?

Not at all

Perfectly

Which IETF attribute is supported for the RADIUS CoA feature?

A. 24 State
B. 30 Calling-Station-ID
C. 42 Acct-Session-ID
D. 81 Message-Authenticator

A. 24 State

How well did you know this?

Not at all

Perfectly

When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?

A. guest
B. limited Internet
C. blocked
D. full Internet

C. blocked

How well did you know this?

Not at all

Perfectly

What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)

A. Allows developers to create code once and deploy to multiple clouds
B. helps maintain source code for cloud deployments
C. manages Docker containers
D. manages Kubernetes clusters
E. Creates complex tasks for managing code

A. Allows developers to create code once and deploy to multiple clouds
E. Creates complex tasks for managing code

How well did you know this?

Not at all

Perfectly

Drag and drop the posture assessment flow actions from the left into a sequence on the right.
Select and Place: order

Validate user credentials
check device compliance with security policy
grant appropiate access with compliance device
apply updates or take other neccesary action
permit just enough for the posture assesment

Validate user credentials
permit just enough for the posture assesment
check device compliance with security policy
apply updates or take other neccesary action
grant appropiate access with compliance device

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.
What does the API key do while working with https://api.amp.cisco.com/v1/computers?

import requests
client_id = 'a1jjgñalsjfñaslkjflñajsñ'
api_key = 'sldfjñasldjkfañlsjdfñaslkjfñlasjfñakdjflñasdjf'

A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication

D. HTTP authentication

How well did you know this?

Not at all

Perfectly

Which statement describes a serverless application?

A. The application delivery controller in front of the server farm designates on which server the application runs each time.
B. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.
C. The application is installed on network equipment and not on physical servers.
D. The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

B. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

How well did you know this?

Not at all

Perfectly

What is a description of microsegmentation?

A. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.
B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.
C. Environments deploy centrally managed host-based firewall rules on each server or container.
D. Environments implement private VLAN segmentation to group servers with similar applications.

B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

How well did you know this?

Not at all

Perfectly

Which Cisco WSA feature supports access control using URL categories?

A. transparent user identification
B. SOCKS proxy services
C. web usage controls
D. user session restrictions

C. web usage controls

How well did you know this?

Not at all

Perfectly

Which technology limits communication between nodes on the same network segment to individual applications?

A. serverless infrastructure
B. microsegmentation
C. SaaS deployment
D. machine-to-machine firewalling

B. microsegmentation

How well did you know this?

Not at all

Perfectly

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?

A. Restrict access to only websites with trusted third-party signed certificates.
B. Modify the user’s browser settings to suppress errors from Cisco Umbrella.
C. Upload the organization root CA to Cisco Umbrella.
D. Install the Cisco Umbrella root CA onto the user’s device.

D. Install the Cisco Umbrella root CA onto the user’s device.

How well did you know this?

Not at all

Perfectly

What is the purpose of joining Cisco WSAs to an appliance group?

A. All WSAs in the group can view file analysis results.
B. The group supports improved redundancy
C. It supports cluster operations to expedite the malware analysis process.
D. It simplifies the task of patching multiple appliances.

B. The group supports improved redundancy

How well did you know this?

Not at all

Perfectly

Why should organizations migrate to an MFA strategy for authentication?

A. Single methods of authentication can be compromised more easily than MFA.
B. Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.
C. MFA methods of authentication are never compromised.
D. MFA does not require any piece of evidence for an authentication mechanism.

A. Single methods of authentication can be compromised more easily than MFA.

How well did you know this?

Not at all

Perfectly

Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?

A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication

C. Dynamic ARP Inspection

How well did you know this?

Not at all

Perfectly

Which type of attack is MFA an effective deterrent for?

A. ping of death
B. phishing
C. teardrop
D. syn flood

B. phishing

How well did you know this?

Not at all

Perfectly

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

A. Cisco AMP for Endpoints
B. Cisco AnyConnect
C. Cisco Umbrella
D. Cisco Duo

A. Cisco AMP for Endpoints

How well did you know this?

Not at all

Perfectly

Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two.)

A. Assignments to endpoint groups are made dynamically, based on endpoint attributes.
B. Endpoint supplicant configuration is deployed.
C. A centralized management solution is deployed.
D. Patch management remediation is performed.
E. The latest antivirus updates are applied before access is allowed.

D. Patch management remediation is performed.
E. The latest antivirus updates are applied before access is allowed.

How well did you know this?

Not at all

Perfectly

What is an advantage of the Cisco Umbrella roaming client?

A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections
C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment

B. visibility into IP-based threats by tunneling suspicious IP connections

How well did you know this?

Not at all

Perfectly

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect

B. Cisco Stealthwatch

How well did you know this?

Not at all

Perfectly

Which two Cisco ISE components must be configured for BYOD? (Choose two.)

A. local WebAuth
B. central WebAuth
C. null WebAuth
D. guest
E. dual

B. central WebAuth
D. guest

How well did you know this?

Not at all

Perfectly

Which system performs compliance checks and remote wiping?

A. MDM
B. ISE
C. AMP
D. OTP

A. MDM

How well did you know this?

Not at all

Perfectly

An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?

A. single interface
B. multi-context
C. transparent
D. two-interface

D. two-interface

How well did you know this?

Not at all

Perfectly

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)

A. RADIUS communication must be permitted between the ISE server and the domain controller.
B. The ISE account must be a domain administrator in Active Directory to perform JOIN operations.
C. Active Directory only supports user authentication by using MSCHAPv2.
D. LDAP communication must be permitted between the ISE server and the domain controller.
E. Active Directory supports user and machine authentication by using MSCHAPv2.

D. LDAP communication must be permitted between the ISE server and the domain controller.
E. Active Directory supports user and machine authentication by using MSCHAPv2.

How well did you know this?

Not at all

Perfectly

Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?

A. inter-EPG isolation
B. inter-VLAN security
C. intra-EPG isolation
D. placement in separate EPGs

C. intra-EPG isolation

How well did you know this?

Not at all

Perfectly

What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.) A. Create an LDAP authentication realm and disable transparent user identification. B. Create NTLM or Kerberos authentication realm and enable transparent user identification. C. Deploy a separate Active Directory agent such as Cisco Context Directory Agent. D. The eDirectory client must be installed on each client workstation. E. Deploy a separate eDirectory server; the client IP address is recorded in this server.

B. Create NTLM or Kerberos authentication realm and enable transparent user identification. C. Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

Which baseline form of telemetry is recommended for network infrastructure devices? A. SDNS B. NetFlow C. passive taps D. SNMP

B. NetFlow

In which scenario is endpoint-based security the solution? A. inspecting encrypted traffic B. device profiling and authorization C. performing signature-based application control D. inspecting a password-protected archive

D. inspecting a password-protected archive

Refer to the exhibit. What is the result of the Python script? ``` import requests from requests.auth import HTTPBasicAuth def dnac_login(host, username, password): url = f"https://{host}/api/system/v1/auth/token" response = requests.request("POST",url, auth=HTTPBasicAuth(username, password), verify=False) return response.json()["Token"] ``` A. It uses the POST HTTP method to obtain a username and password to be used for authentication. B. It uses the POST HTTP method to obtain a token to be used for authentication. C. It uses the GET HTTP method to obtain a token to be used for authentication. D. It uses the GET HTTP method to obtain a username and password to be used for authentication

B. It uses the POST HTTP method to obtain a token to be used for authentication.

Why is it important to patch endpoints consistently? A. Patching reduces the attack surface of the infrastructure. B. Patching helps to mitigate vulnerabilities. C. Patching is required per the vendor contract. D. Patching allows for creating a honeypot.

B. Patching helps to mitigate vulnerabilities.

Which two parameters are used for device compliance checks? (Choose two.) A. endpoint protection software version B. Windows registry values C. DHCP snooping checks D. DNS integrity checks E. device operating system version

B. Windows registry values E. device operating system version

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS? A. Cisco Defense Orchestrator B. Cisco Configuration Professional C. Cisco Secureworks D. Cisco DNAC

A. Cisco Defense Orchestrator

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system? A. Cisco Endpoint Security Analytics B. Cisco AMP for Endpoints C. Endpoint Compliance Scanner D. Security Posture Assessment Service

D. Security Posture Assessment Service

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format? A. OpenIOC B. OpenC2 C. CybOX D. STIX

A. OpenIOC

What is a difference between Cisco AMP for Endpoints and Cisco Umbrella? A. Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not B. Cisco AMP for Endpoints automatically researches indicators of compromise and confirms threats and Cisco Umbrella does not C. Cisco AMP for Endpoints prevents, detects, and responds to attacks before damage can be done, and Cisco Umbrella provides the first line of defense against Internet threats D. Cisco AMP for Endpoints prevents connections to malicious destinations, and Cisco Umbrella works at the file level to prevent the initial execution of malware

C. Cisco AMP for Endpoints prevents, detects, and responds to attacks before damage can be done, and Cisco Umbrella provides the first line of defense against Internet threats

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.) A. Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE B. Southbound APIs utilize CLI, SNMP, and RESTCONF C. Southbound APIs are used to define how SDN controllers integrate with applications D. Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices E. Southbound interfaces utilize device configurations such as VLANs and IP addresses

A. Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE B. Southbound APIs utilize CLI, SNMP, and RESTCONF

Refer to the exhibit. What is the function of the Python script code snippet for the Cisco ASA REST API? ``` #{code snipped) api_path="/api/access/global/rules" url = server + api_path f = None post_data = { "sourceService":{ "kind" serviceKind, "value" sourceServiceValue ). "destinationAddress": { "kind": destinationAddressKind, "value" destinationAddress ). "remarks" []. "destinationService":{ "kind": serviceKind, "value" destinationServiceValue ). "permit": trueORfalse, "active" "true", "position": "1", "sourceAddress":{ "kind": sourceAddressKind, "value" sourceAddress } req= urllib2 Request(url, json.dumps(post_data), headers) base64string = base64.encodestring("%s %s' % (username, password)) replace("\n", ") req.add_header("Authorization", "Basic %s" % base6-4string) try. 1= urllib2 urlopen(req) status_code = fgetcode() print "Status code is "+str(status_code) if status_code == 201: print "Operation successful" except urllib2.HTTPError, err print "Error received from server. HTTP Status code :"+str(err.code) try. ``` A. changes the hostname of the Cisco ASA B. adds a global rule into policies C. deletes a global rule from policies D. obtains the saved configuration of the Cisco ASA firewall

B. adds a global rule into policies

DRAG DROP - Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right. Select and Place: Full Context Awareness NGIPS AMP Collective Security Intelligence detection, blocking and remediation to protect the enterprise against targeted malware attacks policy enforcement based on complete visibility of users and communication between virtual machines real-time threat intelligence and security protection threat prevention and mitigation for known and unknown threats

AMP - detection, blocking and remediation to protect the enterprise against targeted malware attacks Full Context Awareness - policy enforcement based on complete visibility of users and communication between virtual machines Collective Security Intelligence - real-time threat intelligence and security protection NGIPS - threat prevention and mitigation for known and unknown threats

What are two functions of secret key cryptography? (Choose two.) A. utilization of less memory B. utilization of large prime number iterations C. utilization of different keys for encryption and decryption D. key selection without integer factorization E. provides the capability to only know the key on one side

A. utilization of less memory D. key selection without integer factorization

Refer to the exhibit. When creating an access rule for URL filtering a network engineer adds certain categories and individual URLs to block. What is the result of the configuration? [https://www.examtopics.com/assets/media/exam-media/04313/0016900001.jpg ](http://) A. Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked. B. Only URLs for botnets with reputation scores of 1-3 will be blocked. C. Only URLs for botnets with reputation scores of 3-5 will be blocked. D. Only URLs for botnets with a reputation score of 3 will be blocked.

B. Only URLs for botnets with reputation scores of 1-3 will be blocked.

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access? A. Cisco Container Controller B. Cisco Cloud Platform C. Cisco Container Platform D. Cisco Content Platform

C. Cisco Container Platform

A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts? A. The hosts must run Cisco AsyncOS 10.0 or greater. B. The hosts must run different versions of Cisco AsyncOS. C. The hosts must have access to the same defined network. D. The hosts must use a different datastore than the virtual appliance.

C. The hosts must have access to the same defined network.

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements. What else must be done to accomplish this task? A. Create a destination list for addresses to be allowed or blocked B. Use content categories to block or allow specific addresses C. Add the specified addresses to the identities list and create a block action D. Modify the application settings to allow only applications to connect to required addresses

A. Create a destination list for addresses to be allowed or blocked

What must be enabled to secure SaaS-based applications? A. two-factor authentication B. end-to-end encryption C. application security gateway D. modular policy framework

A. two-factor authentication

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives? A. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them B. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below C. Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device D. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories

D. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one? A. Place the policy with the most-specific configuration last in the policy order B. Configure the default policy to redirect the requests to the correct policy C. Make the correct policy first in the policy order D. Configure only the policy with the most recently changed timestamp

C. Make the correct policy first in the policy order

a Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work? A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit. B. Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit. C. Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit. D. Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.

A. Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.

What is the intent of a basic SYN flood attack? A. to solicit DNS responses B. to flush the register stack to re-initiate the buffers C. to exceed the threshold limit of the connection queue D. to cause the buffer to overflow

C. to exceed the threshold limit of the connection queue

What is an advantage of network telemetry over SNMP pulls? A. security B. scalability C. accuracy D. encapsulation

C. accuracy

Which security solution protects users leveraging DNS-layer security? A. Cisco ISE B. Cisco Umbrella C. Cisco ASA D. Cisco FTD

B. Cisco Umbrella

# ** What are two functions of TAXII in threat intelligence sharing? (Choose two.) A. allows users to describe threat motivations and abilities B. determines how threat intelligence information is relayed C. determines the "what" of threat intelligence D. exchanges trusted anomaly intelligence information E. supports STIX information

B. determines how threat intelligence information is relayed E. supports STIX information

What are two functionalities of SDN Northbound APIs? (Choose two.) A. OpenFlow is a standardized northbound API protocol B. Northbound APIs form the interface between the SDN controller and business applications C. Northbound APIs provide a programmable interface for applications to dynamically configure the network D. Northbound APIs form the interface between the SDN controller and the network switches or routers E. Northbound APIs use the NETCONF protocol to communicate with applications.

B. Northbound APIs form the interface between the SDN controller and business applications C. Northbound APIs provide a programmable interface for applications to dynamically configure the network

What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router? A. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds B. After four unsuccessful log in attempts the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL 60 C. After four unsuccessful log in attempts the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL 100 D. If four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt

A. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds

What is a benefit of using a multifactor authentication strategy? A. It provides an easy, single sign-on experience against multiple applications B. It provides secure remote access for applications C. It protects data by enabling the use of a second validation of identity D. It provides visibility into devices to establish device trust

C. It protects data by enabling the use of a second validation of identity

Which endpoint solution protects a user from a phishing attack? A. Cisco AnyConnect with Network Access Manager module B. Cisco AnyConnect with Umbrella Roaming Security module C. Cisco Identity Services Engine D. Cisco AnyConnect with ISE Posture module

B. Cisco AnyConnect with Umbrella Roaming Security module

Which role is a default guest type in Cisco ISE? A. Contractor B. Full-Time C. Monthly D. Yearly

A. Contractor

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be understood before choosing a solution? A. L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol B. GRE over IPsec cannot be used as a standalone protocol, and L2TP can C. L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701 D. GRE over IPsec adds its own header, and L2TP does not

A. L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol

An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists? A. editing B. sharing C. authoring D. consumption

D. consumption

Why is it important to have a patching strategy for endpoints? A. so that patching strategies can assist with disabling nonsecure protocols in applications B. so that known vulnerabilities are targeted and having a regular patch cycle reduces risks C. so that functionality is increased on a faster scale when it is used D. to take advantage of new features released with patches

B. so that known vulnerabilities are targeted and having a regular patch cycle reduces risks

Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.) A. Cisco Prime Infrastructure B. CDP AutoDiscovery C. Seed IP D. PowerOn Auto Provisioning E. Cisco Cloud Director

C. Seed IP D. PowerOn Auto Provisioning

Refer to the exhibit. All servers are in the same VLAN/Subnet DNS Server-1 and DNS Server-2 must communicate with each other and all servers must communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server? [https://www.examtopics.com/assets/media/exam-media/04313/0017800001.jpg](http://) A. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, GigabitEthernet0/3 and GigabrtEthernet0/4 as isolated ports B. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports D. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports

D. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports File server Isolated Gateway Promiscuos Dns1 community Dns2 community

Refer to the exhibit. Which configuration item makes it possible to have the AAA session on the network? Gi1/0/18 [https://www.examtopics.com/assets/media/exam-media/04313/0017900001.jpg](http://) A. aaa authentication enable default enable B. aaa authorization network default group ise C. aaa authentication login console ise D. aaa authorization exec default ise

B. aaa authorization network default group ise

Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code? A. cross-site scripting B. browser WGET C. buffer overflow D. SQL injection

A. cross-site scripting

Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.) A. Cisco ISE B. Cisco Duo Security C. Cisco DNA Center D. Cisco Umbrella E. Cisco TrustSec

B. Cisco Duo Security D. Cisco Umbrella

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CES addresses. Which DNS record must be modified to accomplish this task? A. CNAME B. DKIM C. MX D. SPF

C. MX

A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements? A. Cisco Stealthwatch Cloud B. Cisco WSAv C. Cisco Cloud Orchestrator D. Cisco ASAv

D. Cisco ASAv

Refer to the exhibit. What are two indications of the Cisco Firepower Services Module configuration? (Choose two.) ``` ASA# show service-policy sfr Global policy: Service-policy: global_policy Class-map: SFR SFR: card status Up, mode fail-open monitor-only packet input 0, packet output 44715478687, drop 0, reset-drop 0 ``` A. The module is operating in IDS mode. B. Traffic is blocked if the module fails. C. The module fails to receive redirected traffic. D. The module is operating in IPS mode. E. Traffic continues to flow if the module fails.

A. The module is operating in IDS mode. E. Traffic continues to flow if the module fails.

Which two parameters are used to prevent a data breach in the cloud? (Choose two.) A. DLP solutions B. complex cloud-based web proxies C. strong user authentication D. antispoofing programs E. encryption

C. strong user authentication E. encryption

What is the concept of continuous integration/continuous delivery pipelining? A. The project code is centrally maintained, and each code change should trigger an automated build and test sequence. B. The project is split into time-limited cycles, and focuses on pair programming for continuous code review. C. The project is split into several phases where one phase cannot start before the previous phase finishes successfully. D. Each project phase is independent from other phases to maintain adaptiveness and continual improvement.

A. The project code is centrally maintained, and each code change should trigger an automated build and test sequence.

Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud? A. Cisco Stealthwatch B. Cisco Encrypted Traffic Analytics C. Cisco Umbrella D. Cisco CTA

A. Cisco Stealthwatch

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.) A. uses a static algorithm to determine malicious B. determines if the email messages are malicious C. provides a defense for on-premises email deployments D. blocks malicious websites and adds them to a block list E. does a real-time user web browsing behavior analysis

B. determines if the email messages are malicious Most Voted C. provides a defense for on-premises email deployments

Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection, enabling the platform to identify and output various applications within the network traffic flows? A. Cisco ASAv B. Account on Resolution C. Cisco NBAR2 D. Cisco Prime Infrastructure

C. Cisco NBAR2

Which Cisco DNA Center Intent API action is used to retrieve the number of devices known to a DNA Center? A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device?parameter1=value¶meter2=vale&... C. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/startIndex/recordsToReturn D. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device

A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/count

Which function is performed by certificate authorities but is a limitation of registration authorities? A. CRL publishing B. certificate re-enrollment C. verifying user identity D. accepts enrollment requests

A. CRL publishing

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem? A. Cisco Duo B. Cisco NGFW C. Cisco AnyConnect D. Cisco AMP for Endpoints

A. Cisco Duo

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose? A. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not. B. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not. C. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas FTD does not. D. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not.

A. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not.

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first? A. Intelligent Multi-Scan B. Anti-Virus Filtering C. IP Reputation Filtering D. File Analysis

A. Intelligent Multi-Scan

Why is it important for the organization to have an endpoint patching strategy? A. so the organization can identify endpoint vulnerabilities B. so the internal PSIRT organization is aware of the latest bugs C. so the network administrator is notified when an existing bug is encountered D. so the latest security fixes are installed on the endpoints

D. so the latest security fixes are installed on the endpoints

Which technology enables integration between Cisco ISE and other platforms to gather and share network and vulnerability data and SIEM and location information? A. Cisco Talos B. SNMP C. pxGrid D. NetFlow

C. pxGrid

An administrator needs to configure the Cisco ASA via ASDM such that the network management system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two.) A. Add an SNMP USM entry. B. Specify an SNMP user group. C. Add an SNMP host access entry. D. Specify the SNMP manager and UDP port. E. Specify a community string.

A. Add an SNMP USM entry. B. Specify an SNMP user group.

How does a WCCP-configured router identify if the Cisco WSA is functional? A. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router. B. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the WSA. C. The WSA-sends a Here-I-Am message every 10 seconds, and the router acknowledges with an I-See-You message. D. The router sends a Here-I-Am message every 10 seconds, and the WSA acknowledges with an I-See-You message.

C. The WSA-sends a Here-I-Am message every 10 seconds, and the router acknowledges with an I-See-You message. Most Voted

What is the recommendation in a zero-trust model before granting access to corporate applications and resources? A. to disconnect from the network when inactive B. to use multifactor authentication C. to use a wired network, not wireless D. to use strong passwords

B. to use multifactor authentication

Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices? A. InfluxDB B. SNMP C. Grafana D. Splunk

C. Grafana

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA? A. websecurityadvancedconfig B. webadvancedconfig C. websecurityconfig D. outbreakconfig

A. web security advanced config

What is a feature of NetFlow Secure Event Logging? A. It exports only records that indicate significant events in a flow. B. It supports v5 and v8 templates. C. It delivers data records to NSEL collectors through NetFlow over TCP only. D. It filters NSEL events based on the traffic and event type through RSVP.

A. It exports only records that indicate significant events in a flow.

A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256 cisc0123456789 command and needs to send SNMP information to a host at 10.255.255.1. Which command achieves this goal? A. snmp-server host inside 10.255.255.1 version 3 myv7 B. snmp-server host inside 10.255.255.1 snmpv3 myv7 C. snmp-server host inside 10.255.255.1 version 3 asmith D. snmp-server host inside 10.255.255.1 snmpv3 asmith

C. snmp-server host inside 10.255.255.1 version 3 asmith

Which standard is used to automate exchanging cyber threat information? A. MITRE B. TAXII C. IoC D. STIX

B. TAXII

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches? A. elastic search B. file trajectory C. indication of compromise D. retrospective detection

C. indication of compromise

When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources? A. CDP B. syslog C. NTP D. DNS

B. syslog

Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network? A. multiple context mode B. single context mode C. routed mode D. transparent mode

D. transparent mode

Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is authenticated? A. Accounting B. Authorization C. Authentication D. CoA

D. CoA

When NetFlow is applied to an interface, which component creates the flow monitor cache that is used to collect traffic based on the key and nonkey fields in the configured record? A. flow exporter B. records C. flow sampler D. flow monitor

D. flow monitor

Which encryption algorithm provides highly secure VPN communications? A. AES 256 B. AES 128 C. 3DES D. DES

A. AES 256

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest access, and the same guest portal is used as the BYOD portal? A. single-SSID BYOD B. dual-SSID BYOD C. streamlined access D. multichannel GUI

B. dual-SSID BYOD

DRAG DROP - Drag and drop the exploits from the left onto the type of security vulnerability on the right. Select and Place: causes memory access errors makes the client the target of attack gives unaothirzed access to web server files accesses or modifies application data path traversal cross-stie request forgery SQL injection buffer overflow

gives unaothirzed access to web server files - path traversal makes the client the target of attack - cross-stie request forgery accesses or modifies application data - SQL injection causes memory access errors - buffer overflow

What is the function of the crypto isakmp key cisc123456789 address 192.168.50.1 255.255.255.255 command when establishing an IPsec VPN tunnel? A. It configures the pre-shared authentication key for host 192.168.50.1. B. It prevents 192.168.50.1 from connecting to the VPN server. C. It configures the local address for the VPN server 192.168.50.1. D. It defines the data destined to 192.168.50.1 is going to be encrypted.

A. It configures the pre-shared authentication key for host 192.168.50.1.

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics? A. cluster B. multiple context C. routed D. transparent

B. multiple context

An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal? A. SubCA B. organization owned root C. self-signed D. third-party

B. organization owned root

Which solution stops unauthorized access to the system if a user's password is compromised? A. MFA B. AMP C. VPN D. SSL

A. MFA

An engineer needs to configure an access control policy rule to always send traffic for inspection without using the default action. Which action should be configured for this rule? A. monitor B. trust C. allow D. block

C. allow

Which benefit does DMVPN provide over GETVPN? A. DMVPN can be used over the public Internet, and GETVPN requires a private network. B. DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based. C. DMVPN supports non-IP protocols, and GETVPN supports only IP protocols. D. DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.

A. DMVPN can be used over the public Internet, and GETVPN requires a private network.

my cards 4 Flashcards

my cards 4 (100 cards)