my cards 5 Flashcards by me myself

How does Cisco Umbrella protect clients when they operate outside of the corporate network?

A. by forcing DNS queries to the corporate name servers
B. by modifying the registry for DNS lookups
C. by using the Cisco Umbrella roaming client
D. by using Active Directory group policies to enforce Cisco Umbrella DNS servers

C. by using the Cisco Umbrella roaming client

How well did you know this?

Not at all

Perfectly

DRAG DROP -
Drag and drop the deployment models from the left onto the corresponding explanations on the right.
Select and Place:

routed
passive
passive with ERSPAN
transparent

A GRE tunnel is utilized in this solutionn

This solution allows inspection between hots on the same subnet

attacks are not prevented by this solution

this solution does not provide filtering between hots on the same subnet

passive with ERSPAN - A GRE tunnel is utilized in this solution
transparent - This solution allows inspection between hots on the same subnet
passive - attacks are not prevented by this solution
routed - this solution does not provide filtering between hots on the same subnet

How well did you know this?

Not at all

Perfectly

An administrator is configuring NTP on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source. Which two steps must be taken to accomplish this task? (Choose two.)

A. Choose the interface for syncing to the NTP server.
B. Specify the NTP version
C. Set the NTP DNS hostname
D. Set the authentication key.
E. Configure the NTP stratum

A. Choose the interface for syncing to the NTP server
D. Set the authentication key.

How well did you know this?

Not at all

Perfectly

Which two capabilities of Integration APIs are utilized with Cisco DNA Center? (Choose two.)

A. Upgrade software on switches and routers
B. Third party reporting
C. Connect to ITSM platforms
D. Create new SSIDs on a wireless LAN controller
E. Automatically deploy new virtual routers

B. Third party reporting
C. Connect to ITSM platforms

3 x subheadings:
1) IT Service Management (ITSM) Integration
2) IP Address Management (IPAM) Integration
3) Third party Reporting Integration

How well did you know this?

Not at all

Perfectly

What is the most common type of data exfiltration that organizations currently experience?

A. encrypted SMTP
B. SQL database injections
C. HTTPS file upload site
D. Microsoft Windows network shares

D. Microsoft Windows network shares

How well did you know this?

Not at all

Perfectly

Which DoS attack uses fragmented packets in an attempt to crash a target machine?

A. teardrop
B. smurf
C. LAND
D. SYN flood

A. teardrop

How well did you know this?

Not at all

Perfectly

DRAG DROP -
Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right.
Select and Place:

esp-3des
esp-aes-256
esp-md5-hmac
esp-sha-hmac

authenticatoin

encryption

HMAC -> AUTHENTICATION

authentication:
esp-md5-hmac
esp-sha-hmac

encryption:
esp-3des
esp-aes-256

How well did you know this?

Not at all

Perfectly

An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?

A. Configure Dynamic ARP inspection and add entries in the DHCP snooping database.
B. Configure DHCP snooping and set trusted interfaces for all client connections.
C. Configure Dynamic ARP inspection and antispoofing ACLs in the DHCP snooping database.
D. Configure DHCP snooping and set a trusted interface for the DHCP server.

D. Configure DHCP snooping and set a trusted interface for the DHCP server.

How well did you know this?

Not at all

Perfectly

DoS attacks are categorized as what?

A. flood attacks
B. virus attacks
C. trojan attacks
D. phishing attacks

A. flood attacks

How well did you know this?

Not at all

Perfectly

What is the process of performing automated static and dynamic analysis of files in an isolated environment against preloaded behavioral indicators for threat analysis?

A. advanced sandboxing
B. adaptive scanning
C. deep visibility scan
D. point-in-time checks

A. advanced sandboxing

How well did you know this?

Not at all

Perfectly

What are two benefits of Flexible NetFlow records? (Choose two.)

A. They provide accounting and billing enhancements.
B. They allow the user to configure flow information to perform customized traffic identification.
C. They provide monitoring of a wider range of IP packet information from Layer2 to 4.
D. They provide attack prevention by dropping the traffic.
E. They converge multiple accounting technologies into one accounting mechanism.

B. They allow the user to configure flow information to perform customized traffic identification.
E. They converge multiple accounting technologies into one accounting mechanism.

How well did you know this?

Not at all

Perfectly

An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG.
The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?

A. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI.
B. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI.
C. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI
D. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.

C. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI

How well did you know this?

Not at all

Perfectly

Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?

A. requires an additional license
B. performs transparent redirection
C. supports SSL decryption
D. supports VMware vMotion on VMware ESXi

A. requires an additional license

How well did you know this?

Not at all

Perfectly

What are two workload security models? (Choose two.)

A. SaaS
B. PaaS
C. off-premises
D. on-premises
E. IaaS

C. off-premises
D. on-premises

How well did you know this?

Not at all

Perfectly

An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?

A. Add Dropbox to the Cloudlock Authentication and API section in the Cloudlock portal.
B. Add Cloudlock to the Dropbox admin portal.
C. Send an API request to Cloudlock from Dropbox admin portal.
D. Authorize Dropbox within the Platform settings in the Cloudlock portal.

D. Authorize Dropbox within the Platform settings in the Cloudlock portal.

How well did you know this?

Not at all

Perfectly

Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?

A. CoA-NAK
B. CoA-NCL
C. CoA-MAB
D. CoA-ACK

D. CoA-ACK

How well did you know this?

Not at all

Perfectly

DRAG DROP -
Drag and drop the security solutions from the left onto the benefits they provide on the right.
Select and Place:

Full contextual awareness
NGIPS
Cisco AMP for Endpoints
Collective Security Intelligence

detection, blocking, tracking, analysis, and remediation to protect the enterprise against targeted and persistent malware attacks

policy enforcement based on complete visibility of users, mobile devices, client-side applications, communication between virtual machines, vulnerabilities, threats, and URLs

unmatched security and web reputation intelligence provides real-time threat intelligence and security protection

superior threat prevention and mitigation for known and unknown threats

Cisco AMP for Endpoints - detection, blocking, tracking, analysis, and remediation to protect the enterprise against targeted and persistent malware attacks

Full contextual awareness - policy enforcement based on complete visibility of users, mobile devices, client-side applications, communication between virtual machines, vulnerabilities, threats, and URLs

Collective Security Intelligence - unmatched security and web reputation intelligence provides real-time threat intelligence and security protection

NGIPS - superior threat prevention and mitigation for known and unknown threats

How well did you know this?

Not at all

Perfectly

What is a benefit of using GET VPN over FlexVPN within a VPN deployment?

A. GET VPN supports Remote Access VPNs
B. GET VPN uses multiple security associations for connections
C. GET VPN natively supports MPLS and private IP networks.
D. GET VPN interoperates with non-Cisco devices.

C. GET VPN natively supports MPLS and private IP networks.

How well did you know this?

Not at all

Perfectly

Email security has become a high-priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (10.00 to 6.00) on the Cisco ESA. Which action will the system perform to desirable any links in messages that match the filter?

A. Defang
B. FilterAction
C. Quarantine
D. ScreenAction

A. Defang

How well did you know this?

Not at all

Perfectly

Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?

A. IaC
B. IaaS
C. PaaS
D. SaaS

D. SaaS

How well did you know this?

Not at all

Perfectly

What is a characteristic of an EDR solution and not of an EPP solution?

A. performs signature-based detection
B. decrypts SSL traffic for better visibility
C. stops all ransomware attacks
D. retrospective analysis

D. retrospective analysis

How well did you know this?

Not at all

Perfectly

What is a benefit of using Cisco Umbrella?

A. Files are scanned for viruses before they are allowed to run.
B. All Internet traffic is encrypted.
C. It prevents malicious inbound traffic.
D. Attacks can be mitigated before the application connection occurs.

D. Attacks can be mitigated before the application connection occurs.

How well did you know this?

Not at all

Perfectly

Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers and can be stopped by Cisco Umbrella?

A. DNS hijacking
B. cache poisoning
C. DNS tunneling
D. DNS flood attack

C. DNS tunneling

How well did you know this?

Not at all

Perfectly

Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?

A. Link Aggregation
B. Reverse ARP
C. private VLANs
D. Dynamic ARP Inspection

D. Dynamic ARP Inspection

How well did you know this?

Not at all

Perfectly

Which command is used to log all events to a destination collector 209.165.201.10? A. CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10 B. CiscoASA(config-cmap)# flow-export event-type flow-update destination 209.165.201.10 C. CiscoASA(config-pmap-c)# flow-export event-type flow-update destination 209.165.201.10 D. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.10

A. CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10 Inside a class-map

An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal? A. AES-256 B. IKEv1 C. ESP D. AES-192

C. ESP

An administrator is testing new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue? A. The server changed its time source to stratum 1. B. The network device is sending the wrong password to the server. C. NTP authentication has been configured on the network device. D. NTP authentication has been configured on the NTP server.

C. NTP authentication has been configured on the network device.

An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used? A. service password-encryption B. username privilege 15 password C. username password D. service password-recovery

A. service password-encryption

What is a feature of container orchestration? A. ability to deploy Kubernetes clusters in air-gapped sites B. automated daily updates C. ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane D. ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane

A. ability to deploy Kubernetes clusters in air-gapped sites

During a recent security audit, a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command. The VPN peer is a SOHO router with a dynamically assigned IP address. Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn.sohoroutercompany.com. In addition to the command crypto isakmp key Cisc123456789 hostname vpn.sohoroutercompany.com, what other two commands are now required on the Cisco IOS router far the VPN to continue to function after the wildcard command is removed? (Choose two.) A. ip host vpn.sohoroutercompany.com B. crypto isakmp identity hostname C. Add the dynamic keyword to the existing crypto map command D. fqdn vpn.sohoroutercompany.com E. ip name-server

B. crypto isakmp identity hostname E. ip name-server

What does Cisco ISE use to collect endpoint attributes that are used in profiling? A. probes B. posture assessment C. Cisco AnyConnect Secure Mobility Client D. Cisco pxGrid

A. probes

What are two functions of IKEv1 but not IKEv2? (Choose two.) A. IKEv1 conversations are initiated by the IKE_SA_INIT message. B. With IKEv1, aggressive mode negotiates faster than main mode. C. IKEv1 uses EAP for authentication. D. NAT-T is supported in IKEv1 but not in IKEv2. E. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext.

B. With IKEv1, aggressive mode negotiates faster than main mode. E. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext.

Which action controls the amount of URI text that is stored in Cisco WSA log files? A. Configure the advancedproxyconfig command with the HTTPS subcommand. B. Configure a small log-entry size. C. Configure the datasecurityconfig command. D. Configure a maximum packet size.

A. Configure the advancedproxyconfig command with the HTTPS subcommand.

Where are individual sites specified to be black listed in Cisco Umbrella? A. security settings B. content categories C. destination lists D. application settings

C. destination lists

What is the most commonly used protocol for network telemetry? A. NetFlow B. SNMP C. TFTP D. SMTP

A. NetFlow

Which two Cisco ISE components enforce security policies on noncompliant endpoints by blocking network access? (Choose two.) A. Apex licensing B. TACACS+ C. profiling D. DHCP and SNMP probes E. posture agents

C. profiling E. posture agents

What is a difference between DMVPN and sVTI? A. DMVPN provides interoperability with other vendors, whereas sVTI does not. B. DMVPN supports static tunnel establishment, whereas sVTI does not. C. DMVPN supports dynamic tunnel establishment, whereas sVTI does not. D. DMVPN supports tunnel encryption, whereas sVTI does not.

C. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains, IPs, and files, and helps to pinpoint attackers' infrastructures and predict future threat? A. Cisco Umbrella Investigate B. Cisco Stealthwatch C. Cisco pxGrid D. Cisco Stealthwatch Cloud

A. Cisco Umbrella Investigate

Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls? A. NTP B. SNMP C. syslog D. NetFlow

D. NetFlow

Which threat intelligence standard contains malware hashes? A. advanced persistent threat B. open command and control C. structured threat information expression D. trusted automated exchange of indicator information

C. structured threat information expression STIX

Which security solution is used for posture assessment of the endpoints in a BYOD solution? A. Cisco ISE B. Cisco FTD C. Cisco Umbrella D. Cisco ASA

A. Cisco ISE

Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two.) A. flow-export event-type B. policy-map C. access-list D. flow-export template timeout-rate 15 E. access-group

A. flow-export event-type B. policy-map

What are two trojan malware attacks? (Choose two.) A. frontdoor B. sync C. smurf D. rootkit E. backdoor

D. rootkit E. backdoor

What are two benefits of using an MDM solution? (Choose two.) A. enhanced DNS security for endpoint devices B. on-device content management C. remote wipe capabilities to protect information on lost or stolen devices D. antimalware and antispyware functionality E. allows for mobile endpoints to be used for authentication methods

B. on-device content management C. remote wipe capabilities to protect information on lost or stolen devices

Which VPN provides scalability for organizations with many remote sites? A. DMVPN B. SSLVPN C. GRE over IPsec D. site-to-site IPsec

A. DMVPN

For which type of attack is multifactor authentication an effective deterrent? A. syn flood B. phishing C. teardrop D. ping of death

B. phishing

Which two cryptographic algorithms are used with IPsec? (Choose two.) A. HMAC-SHA/SHA2 B. AES-BAC C. Triple AMC-CBC D. AES-CBC E. AES-ABC

A. HMAC-SHA/SHA2 D. AES-CBC

Which Cisco security solution secures public, private, hybrid, and community clouds? A. Cisco ISE B. Cisco ASAv C. Cisco Cloudlock D. Cisco pxGrid

C. Cisco Cloudlock

A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations? A. file prevalence B. file discovery C. file conviction D. file manager

A. file prevalence

Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files? A. Configure an advanced custom detection list. B. Configure an IP Block & Allow custom detection list C. Configure an application custom detection list D. Configure a simple custom detection list

A. Configure an advanced custom detection list.

What is the target in a phishing attack? A. perimeter firewall B. IPS C. web server D. endpoint

D. endpoint

An engineer is trying to decide whether to use Cisco Umbrella. Cisco CloudLock. Cisco Stealthwatch. or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as well as protection against data exfiltration. Which solution best meets these requirements? A. Cisco AppDynamics Cloud Monitoring B. Cisco CloudLock C. Cisco Stealthwatch D. Cisco Umbrella

C. Cisco Stealthwatch

Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments? A. Cisco Stealthwatch Cloud B. Cisco Umbrella C. Cisco AppDynamics D. Cisco CloudLock

A. Cisco Stealthwatch Cloud

Which solution supports high availability in routed or transparent mode as well as in northbound and southbound deployments? A. Cisco FTD with Cisco ASDM B. Cisco Firepower NGFW Virtual appliance with Cisco FMC C. Cisco Firepower NGFW physical appliance with Cisco FMC D. Cisco FTD with Cisco FMC

D. Cisco FTD with Cisco FMC

When choosing an algorithm to use. what should be considered about Diffie Heilman and RSA for key establishment? A. RSA is a symmetric key establishment algorithm intended to output asymmetric keys. B. DH is an asymmetric key establishment algorithm intended to output symmetric keys. C. DH is a symmetric key establishment algorithm intended to output asymmetric keys. D. RSA is an asymmetric key establishment algorithm intended to output symmetric keys.

B. DH is an asymmetric key establishment algorithm intended to output symmetric keys.

What provides total management for mobile and PC including managing inventory and device tracking, remote view, and live troubleshooting using the included native remote desktop support? A. mobile access management B. mobile content management C. mobile application management D. mobile device management

D. mobile device management

With regard to RFC 5176 compliance, how many IETF attributes are supported by the RADIUS CoA feature? A. 3 B. 5 C. 10 D. 12

B. 5

Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.) A. TACACS+ B. CHAP C. NTLMSSP D. RADIUS E. Kerberos

C. NTLMSSP E. Kerberos

Which feature must be configured before implementing NetFlow on a router? A. syslog B. IP routing C. VRF D. SNMPv3

B. IP routing

An engineer needs to detect and quarantine a file named abc123456789.zip based on the MD5 signature of the file using the Outbreak Control list feature within Cisco Advanced Malware Protection (AMP) for Endpoints. The configured detection method must work on files of unknown disposition. Which Outbreak Control list must be configured to provide this? A. Simple Custom Detection B. Blocked Application C. Advanced Custom Detection D. Android Custom Detection

C. Advanced Custom Detection

Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic? A. IP Block List Center B. IP and Domain Reputation Center C. Cisco AMP Reputation Center D. File Reputation Center

B. IP and Domain Reputation Center

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation? A. It drops the packet after validation by using the IP & MAC Binding Table. B. It forwards the packet without validation. C. It forwards the packet after validation by using the IP & MAC Binding Table. D. It drops the packet without validation.

B. It forwards the packet without validation.

A network engineer is configuring NetFlow top talkers on a Cisco router. Drag and drop the steps in the process from the left into the sequence on the right. configure the ip flow-top-talkers command configure the ip flow command on an interface configure ip routing and enable cef set the top talkers sorting criterion specify the maximun numbers of top talkers

From routing, flow config and then the interface configure ip routing and enable cef configure the ip flow-top-talkers command specify the maximun numbers of top talkers set the top talkers sorting criterion configure the ip flow command on an interface

Refer to the exhibit. Which command results in these messages when attempting to troubleshoot an IPsec VPN connection? ``` *Jul 1 15:33:50.027: ISAKMP: (0):Enqueued KEY_MGR SESSION_CLOSED for Tunnelo deletion *Jul 1 15:33:50.027: ISAKMP: (0):Deleting peer node by peer reap for 2.2.2.2: D1250B0 *Jul 1 15:33:50.029: ISAKMP: (1001) peer does not do paranoid keepalives. *Jul 1 15:33:54.781: ISAKMP-PAK: (0):received packet from 2.2.2.2 dport 500 sport 500 Global (N) NEW SA *Jul 1 15:33:54.781: ISAKMP: (0):Created a peer struct for 2.2.2.2, peer port 500 *Jul 1 15:33:54.781: ISAKMP: (0):New peer created peer = 0x11026528 peer_handle = 0x80000004 *Jul 1 15:33:54.781: ISAKMP: (0):Locking peer struct 0x11026528, refcount 1 for crypto_isakmp_process_block *Jul 1 15:33:54.782: ISAKMP: (0):local port 500, remote port 500 *Jul 1 15:33:54.782: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 104E3C68 *Jul 1 15:33:54.782: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Jul 1 15:33:54.782: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1 ``` A. debug crypto isakmp connection B. debug crypto ipsec C. debug crypto ipsec endpoint D. debug crypto isakmp

D. debug crypto isakmp

Which technology provides a combination of endpoint protection, endpoint detection, and response? A. Cisco Threat Grid B. Cisco Umbrella C. Cisco Talos D. Cisco AMP

D. Cisco AMP

Drag and drop the concepts from the left onto the descriptions on the right. Left: guest services profiling posture assessment BYOD Right: requires probes to collect attributes of connected endpoints sponsor portal that is used to gain access to network resources My Devices portal that allows users to register their device results have a status of compliant or noncompliant

profiling - requires probes to collect attributes of connected endpoints guest services - sponsor portal that is used to gain access to network resources posture assessment - My Devices portal that allows users to register their device BYOD - results have a status of compliant or noncompliant

Which industry standard is used to integrate Cisco ISE and Cisco pxGrid to each other and with other interoperable security platforms? A. NIST B. ANSI C. IETF D. IEEE

C. IETF

What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client? A. AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity. B. AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats. C. The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity. D. The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.

B. AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

Which Cisco ISE feature helps to detect missing patches and helps with remediation? A. enabling probes B. profiling policy C. authentication policy D. posture assessment

D. posture assessment

Which feature requires that network telemetry be enabled? A. Layer 2 device discovery B. per-interface stats C. central syslog system D. SNMP trap notification

B. per-interface stats

What is provided by the Secure Hash Algorithm in a VPN? A. authentication B. encryption C. integrity D. key exchange

C. integrity

Refer to the exhibit. When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZ_inside zone once the configuration is deployed? [https://img.examtopics.com/350-701/image6.png](http://) A. No traffic will be allowed through to the DMZ_inside zone regardless of if it’s trusted or not. B. All traffic from any zone will be allowed to the DMZ_inside zone only after inspection. C. All traffic from any zone to the DMZ_inside zone will be permitted with no further inspection. D. No traffic will be allowed through to the DMZ_inside zone unless it's already trusted.

C. All traffic from any zone to the DMZ_inside zone will be permitted with no further inspection.

A company identified a phishing vulnerability during a pentest. What are two ways the company can protect employees from the attack? (Choose two.) A. using an inline IPS/IDS in the network B. using Cisco Umbrella C. using Cisco ESA D. using Cisco ISE E. using Cisco FTD

B. using Cisco Umbrella C. using Cisco ESA

What is the process in DevSecOps where all changes in the central code repository are merged and synchronized? A. EP B. CD C. CI D. QA

C. CI

What is a function of Cisco AMP for Endpoints? A. It protects against web-based attacks. B. It automates threat responses of an infected host. C. It detects DNS attacks. D. It blocks email-based attacks.

B. It automates threat responses of an infected host.

What does endpoint isolation in Cisco AMP for Endpoints security protect from? A. an infection spreading across the LDAP or Active Directory domain from a user account B. a malware spreading across the user device C. an infection spreading across the network D. a malware spreading across the LDAP or Active Directory domain from a user account

C. an infection spreading across the network device already infected

An engineer recently completed the system setup on a Cisco WSA. Which URL information does the system send to SensorBase Network servers? A. complete URL, without obfuscating the path segments B. URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnect C. none because SensorBase Network Participation is disabled by default D. summarized server-name information and MD5-hashed path information

A. complete URL, without obfuscating the path segments

Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow? A. api/v1/onboarding/workflow B. api/v1/onboarding/pnp-device/import C. api/v1/onboarding/pnp-device D. api/v1/file/config

B. api/v1/onboarding/pnp-device/import

Which solution should be leveraged for secure access of a CI/CD pipeline? A. Duo Network Gateway B. Cisco FTD network gateway C. SSL WebVPN D. remote access client

A. Duo Network Gateway

What is the purpose of CA in a PKI? A. to validate the authenticity of a digital certificate B. to issue and revoke digital certificates C. to certify the ownership of a public key by the named subject D. to create the private key for a digital certificate

B. to issue and revoke digital certificates

Which solution detects threats across a private network, public clouds, and encrypted traffic? A. Cisco Encrypted Traffic Analytics B. Cisco Stealthwatch C. Cisco CTA D. Cisco Umbrella

B. Cisco Stealthwatch

What is a benefit of using Cisco Tetration? A. It collects policy compliance data and process details. B. It collects near-real time data from servers and inventories the software packages that exist on servers. C. It collects enforcement data from servers and collects interpacket variation. D. It collects telemetry data from servers and then uses software sensors to analyze flow information.

D. It collects telemetry data from servers and then uses software sensors to analyze flow information.

Which attack type attempts to shut down a machine or network so that users are not able to access it? A. bluesnarfing B. MAC spoofing C. smurf D. IP spoofing

C. smurf

Which Cisco solution integrates Encrypted Traffic Analytics to perform enhanced visibility, promote compliance, shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment? A. Cisco ISE B. Cisco SDN C. Cisco Security Compliance Solution D. Cisco DNA Center

D. Cisco DNA Center

Which two components do southbound APIs use to communicate with downstream devices? (Choose two.) A. OpFlex B. applications running over the network C. OpenFlow D. services running over the network E. external application APIs

A. OpFlex C. OpenFlow

A network engineer has configured a NTP server on a Cisco ASA. The ASA has IP reachability to the NTP server and is not filtering any traffic. The show ntp association detail command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the cause of this issue? A. An access list entry for UDP port 123 on the outside interface is missing. B. Resynchronization of NTP is not forced. C. NTP is not configured to use a working server. D. An access list entry for UDP port 123 on the inside interface is missing.

C. NTP is not configured to use a working server.

# ``` Which API method and required attribute are used to add a device into Cisco DNA Center with the native API? A. GET and serialNumber B. userSudiSerlalNos and deviceInfo C. POST and name D. lastSyncTime and pid

C. POST and name

An engineer must deploy a network security management solution to provide the operations team with a unified view of the security environment. The company operates a hybrid cloud with an element of on-premises private hosting for critical applications and data. The operations team requires a single solution that will be used to manage and configure: * Firewalls * Intrusion Prevention System * Application control * URL filtering * Advanced malware protection Which Cisco solution must be deployed? A. Secure Firewall Threat Defense B. Adaptive Security Device Manager C. Next-Generation Firewall D. Secure Firewall Management Center

D. Secure Firewall Management Center

What is the purpose of the Cisco Endpoint IoC feature? A. It is an incident response tool. B. It provides stealth threat prevention. C. It is a signature-based engine. D. It provides precompromise detection.

A. It is an incident response tool.

What is a benefit of flexible NetFlow records? A. They have customized traffic identification. B. They are used for accounting. C. They are used for security. D. They monitor a packet from Layer 2 to Layer 5.

A. They have customized traffic identification.

Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right. left: Cisco Anyconnect client ISR with CWS connector NGPW with CWS conector WSAv with CWS connector right: location-independent, bandwidth-efficient option extends identity information and on-premises features to the cloud provides user-group granularity and supports cloud-based scanning supports cached credentials and makes directory information available off-premises

ISR with CWS connector - location-independent, bandwidth-efficient option WSAv with CWS connector - extends identity information and on-premises features to the cloud NGPW with CWS conector - provides user-group granularity and supports cloud-based scanning Cisco Anyconnect client - supports cached credentials and makes directory information available off-premises

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets? A. AH B. IKEv1 C. IKEv2 D. ESP

D. ESP

What are two security benefits of an MDM deployment? (Choose two.) A. distributed dashboard B. distributed software upgrade C. privacy control checks D. on-device content management E. robust security policy enforcement

D. on-device content management E. robust security policy enforcement

Which Cisco security solution stops exfiltration using HTTPS? A. Cisco CTA B. Cisco FTD C. Cisco AnyConnect D. Cisco ASA

A. Cisco CTA Cisco Cognitive Threat Analytics

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications? A. Radamsa B. Fuzzing Framework C. AFL D. OWASP

D. OWASP Open Web Application Security Project

An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing a file named abc123456789.exe without quarantining that file. What type of Outbreak Control list must the SHA-256 hash value for the file be added to in order to accomplish this? A. Advanced Custom Detection B. Simple Custom Detection C. Isolation D. Blocked Application

D. Blocked Application

What is the purpose of a NetFlow version 9 template record? A. It serves as a unique identification number to distinguish individual data records B. It defines the format of data records. C. It specifies the data format of NetFlow processes. D. It provides a standardized set of Information about an IP row.

B. It defines the format of data records.

An organization is using DNS services for their network and want to help improve the security of the DNS infrastructure. Which action accomplishes this task? A. Use DNSSEC between the endpoints and Cisco Umbrella DNS servers. B. Modify the Cisco Umbrella configuration to pass queries only to non-DNSSEC capable zones. C. Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional. D. Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.

D. Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.

Which Cisco security solution provides patch management in the cloud? A. Cisco Umbrella B. Cisco ISE C. Cisco CloudLock D. Cisco Tetration

C. Cisco CloudLock

Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication? A. RADIUS/LDAP authentication B. single-sign on C. Kerberos security solution D. multifactor authentication

D. multifactor authentication

my cards 5 Flashcards

my cards 5 (100 cards)