my cards 7 Flashcards by me myself

Refer to the exhibit. An administrator is configuring a VPN tunnel on a Cisco router. The information provided by the administrator of the remote end of the VPN tunnel was that IKEv1 is the tunnel protocol with a preshared key of C1$c0463835440!. The encryption for both phases is AES and the hash for both phases is SHA-256. The source subnet is 10.10.10.x/24 and the destination subnet is 10.10.20.x/24. The local device cannot establish a VPN tunnel and the debug message shown here is seen in the log file. What must be verified to correct the configuration?

ISAKMP: ipsec policy invlidated proposal
ISAKMP: sa not acceptable
QM rejected

A. Ensure that the IKE version is identical on both ends
B. Ensure that the ISAKMP policy configuration is identical on both ends
C. Ensure that the preshared key is identical on both ends
D. Ensure that the ACLs that define interesting traffic are symmetrical on both ends

B. Ensure that the ISAKMP policy configuration is identical on both ends

How well did you know this?

Not at all

Perfectly

Which attack gives unauthorized access to files on the web server?

A. DHCP snooping
B. path traversal
C. broadcast storm
D. distributed DoS

B. path traversal

How well did you know this?

Not at all

Perfectly

Which feature does the IaaS model provide?

A. software-defined network segmentation
B. granular control of data
C. automatic updates and patching of software
D. dedicated, restricted workstations

A. software-defined network segmentation

How well did you know this?

Not at all

Perfectly

A network administrator needs a solution to match traffic and allow or deny the traffic based on the type of application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement?

A. nextgeneration firewall
B. web application firewall
C. next generation intrusion prevention system
D. intrusion detection system

A. nextgeneration firewall

How well did you know this?

Not at all

Perfectly

What is a benefit of using Cisco CWS compared to an on-premises Cisco Secure Web Appliance?

A. CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Secure Web Appliance does not.
B. Content scanning for SAAS cloud applications is available through CWS and not available through Secure Web Appliance.
C. CWS minimizes the load on the internal network and security infrastructure as compared to Secure Web Appliance.
D. URL categories are updated more frequently on CWS than they are on Secure Web Appliance.

A. CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Secure Web Appliance does not.

How well did you know this?

Not at all

Perfectly

Which key feature of Cisco ZFW is unique among other Cisco IOS firewall solutions?

A. SSL inspection
B. security levels
C. stateless inspection
D. security zones

D. security zones

How well did you know this?

Not at all

Perfectly

Which Cisco solution secures the cloud users, data and applications with the cloud-native CASB and cloud cybersecurity platform?

A. Cisco Appdynamics
B. Cisco Umbrella
C. Cisco CloudLock
D. Cisco Secure Network Analytics

C. Cisco CloudLock

How well did you know this?

Not at all

Perfectly

What are the components of endpoint protection against social engineering attacks?

A. Cisco Secure Email Gateway
B. IPsec
C. firewall
D. IDS

A. Cisco Secure Email Gateway

How well did you know this?

Not at all

Perfectly

Which feature is used to restrict communication between interfaces on a Cisco ASA?

A. VLAN subinterfaces
B. traffic zones
C. VxLAN interfaces
D. security levels

D. security levels

How well did you know this?

Not at all

Perfectly

A network administrator is modifying a remote access VPN on an FTD managed by an FMC. The administrator wants to offload traffic to certain trusted domains. The administrator wants this traffic to go out of the client’s local internet and send other internet-bound traffic over the VPN. Which feature must the administrator configure?

A. reverse route injection
B. dynamic access policies
C. local LAN access
D. dynamic split tunneling

D. dynamic split tunneling

How well did you know this?

Not at all

Perfectly

Refer to the exhibit. Logins from internal users to a Cisco Adaptive Security Appliance firewall must be performed by using a TACACS server. The firewall is already configured. Which additional configuration must be performed to configure the TACACS+ server group with a key of Cisco4512!?

INTERFACE NAME EXERNAL, ANSWER IS

aaa-server SERVERGROUP (external) host 4.4.4.2
key Cisco 4512!

INTERFACE NAME EXERNAL, ANSWER IS

aaa-server SERVERGROUP (external) host 4.4.4.2
key Cisco 4512!

How well did you know this?

Not at all

Perfectly

A network engineer must create a workflow to detect when a device joins a network and send the onboarding configuration to the device by using the Cisco DNA Center API. Which two method and endpoint pairs must be used to implement the workflow? (Choose two.)

A. POST /dna/intent/api/v1/onboarding/pnp-device/site- claim

B. POST /dna/intent/api/v1/onboarding/pnp-device/import

C. GET /dna/intent/api/v1/discovery/{discovery_id}/network-device

D. GET /dna/intent/api/v1/topology/site-topology

E. POST /dna/intent/api/v1/discovery

A. POST /dna/intent/api/v1/onboarding/pnp-device/site- claim

B. POST /dna/intent/api/v1/onboarding/pnp-device/import

How well did you know this?

Not at all

Perfectly

Which IPsec mode must be used when encrypting data over a public network between two servers with RFC1918 IP addresses?

A. main mode
B. aggressive mode
C. transport mode
D. tunnel mode

D. tunnel mode

How well did you know this?

Not at all

Perfectly

Which platform uses Cyber Threat Intelligence as its main source of information?

A. EPP
B. EDR
C. Cisco ASA
D. Cisco Secure Endpoint

D. Cisco Secure Endpoint

How well did you know this?

Not at all

Perfectly

Refer to the exhibit. Which task is the Python script performing by using the Umbrella Enforcement API?

import requests
from datetime import datetime import json
custkey "daw79ad8v9a7"
eventurl="https://s-platform.api.opendns.com/1.0/events"
time = datetime.now().isoformat()
domain= "maliciouswebsite.com"
UrlPost eventurl+'?customerKey='+custkey
data = {
"alertTime": time + "Z",
"deviceId": "flq802v6-1d92-1824-ba42-sf7sfk927c81",
"deviceVersion": "13.7a",
"dstDomain": domain,
"dstUrl": "http://" + domain + "/",
"eventTime": time + "Z",
"protocolVersion": "1.0a",
"providerName": "Security Platform"
}
req = requests.post (Url Post, data=json.dumps (data), headers = {'Content-type': 'application/json', 'Accept': 'application/json'})
if (req.status_code == 202):
print("SUCCESS: domain ( (domain) s) was accepted, HTTP response: 202, timestamp: (time) s" % ('domain': domain, 'time': time))
else:
print ("An error has occurred with the following code % (error)s, please consult the following link: https://enforcement-api.readme.io/"
{'error': req.status_code})

A. importing malicious domains to Cisco Umbrella Enforcement for additional processing
B. importing malicious domains to Cisco Umbrella Enforcement for blocking
C. editing malicious domains in Cisco Umbrella Enforcement that have changed status
D. editing malicious domains in Cisco Umbrella Enforcement that have changed IP address

B. importing malicious domains to Cisco Umbrella Enforcement for blocking

How well did you know this?

Not at all

Perfectly

Which security mechanism is designed to protect against “offline brute-force” attacks?

A. Token
B. MFA
C. Salt
D. CAPTCHA

C. Salt

How well did you know this?

Not at all

Perfectly

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?

A. reset
B. buffer
C. drop
D. pass

D. pass

How well did you know this?

Not at all

Perfectly

Which method is used on a Cisco IOS router to redirect traffic to the Cisco Secure Web Appliance for URL inspection?

A. WCCP
B. route map
C. PAC file
D. WPAD

A. WCCP

How well did you know this?

Not at all

Perfectly

Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.)

A. service tcp-keepalives-in
B. no service password-recovery
C. no cdp run
D. no ip http server
E. ip ssh version 2

D. no ip http server

E. ip ssh version 2

How well did you know this?

Not at all

Perfectly

Refer to the exhibit. An engineer created a policy named usera1 on a Cisco Secure Email Gateway to enable the antispam feature for an email address of usera1@cisco.com. Which configuration step must be performed next to apply the policy only to the usera1@cisco.com email address?

A. Specify the user in Mail Policies > Mail Policies Settings
B. Click the Policy Name usera1 Policy, and then click Add User.
C. Set the user in Mail Policies > Exception Table.
D. Click IronPort Anti-Spam, and then click Add User.

B. Click the Policy Name usera1 Policy, and then click Add User.

How well did you know this?

Not at all

Perfectly

Which Cisco firewall solution supports configuration via Cisco Policy Language?

A. NGFW
B. CBAC
C. IPS
D. ZFW

D. ZFW

How well did you know this?

Not at all

Perfectly

A network administrator has configured DHCP snooping on a Cisco switch to prevent unauthorized DHCP servers from assigning IP addresses. During configuration, a device with MAC address 04:66:96:79:0:AB received an IP address from an unauthorized DHCP server. Which configuration step must the network administrator take to accomplish the requirement?

A. Apply DHCP option 82 to identify the trusted DHCP server.
B. Configure each device on the network to use authorize DHCP server manually.
C. Configure an access control list to only allow DHCP traffic from trusted DHCP server.
D. Implement DHCP option 82 to relay DHCP requests to the trusted DHCP server.

D. Implement DHCP option 82 to relay DHCP requests to the trusted DHCP server.

How well did you know this?

Not at all

Perfectly

What are two examples of code injection vulnerabilities? (Choose two.)

A. XML external entity injection
B. cross-site scripting
C. session hijacking
D. SQL injection
E. arbitrary command injection

B. cross-site scripting

D. SQL injection

How well did you know this?

Not at all

Perfectly

What is the purpose of the certificate signing request when adding a new certificate for a server?

A. It provides the certificate client information so the server can authenticate against it when installing.

B. It provides the server information so a certificate can be created and signed.

C. It is the password for the certificate that is needed to install it with.

D. It is the certificate that will be loaded onto the server.

B. It provides the server information so a certificate can be created and signed.

How well did you know this?

Not at all

Perfectly

Which Secure Email Gateway implementation method segregates inbound and outbound email? A. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address B. pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces C. one listener on one logical IPv4 address on a single logical interface D. one listener on a single physical interface

B. pair of logical IPv4 listeners and a pair of IPv6 listeners on two physically separate interfaces

What is a feature of an endpoint detection and response solution? A. ensuring the security of network devices by choosing which devices are allowed to reach the network B. capturing and clarifying data on email, endpoints, and servers to mitigate threats C. rapidly and consistently observing and examining data to mitigate threats D. preventing attacks by identifying harmful events with machine learning and conduct-based defense

C. rapidly and consistently observing and examining data to mitigate threats

An engineer is deploying a Cisco Secure Email Gateway and must ensure it reaches the Cisco update servers to retrieve new rules. The engineer must now manually configure the Outbreak Filter rules on an AsyncOS for Cisco Secure Email Gateway. Only outdated rules must be replaced. Up-to-date rules must be retained. Which action must the engineer take next to complete the configuration? A. Use the outbreakconfig command in CLI. B. Select Outbreak Filters. C. Perform a backup/restore of the database. D. Click Update Rules Now.

A. Use the outbreakconfig command in CLI.

A website administrator wants to prevent SQL injection attacks against the company’s customer database, which is referenced by the web server. Which two methods help prevent SQL injection attacks? (Choose two.) A. using load balancers with NAT B. performing input validation C. enforcing TLS 1.3 only D. using SSL certificates E. using web application firewalls

B. performing input validation E. using web application firewalls

An engineer is configuring DHCP on a Cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition will this occur? A. A packet from a DHCP server is received from inside the network or firewall. B. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database. C. A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. D. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0.

C. A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match.

An engineer is configuring guest WLAN access using Cisco ISE and the Cisco WLC. Which action temporarily gives guest endpoints access dynamically while maintaining visibility into who or what connecting? A. Configure ISE and the WLC for quest redirection and services using a self-registered portal. B. Modify the WLC configuration to allow any endpoint to access an internet-only VLAN. C. Configure ISE and the WLC for guest redirection and services using a hotspot portal. D. Modify the WLC configuration to require local WLC logins for the authentication prompts.

A. Configure ISE and the WLC for quest redirection and services using a self-registered portal.

An engineer needs to configure cloud logging on Cisco ASA with SAL (secure analytics, stealthwatch) integration. Which parameter must be considered for this configuration? A. Events can be viewed only from one regional cloud. B. All CSM versions are supported. C. Onboard Cisco ASA device to CDO is needed. D. Required storage size can be allocated dynamically.

C. Onboard Cisco ASA device to CDO is needed.

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection? A. Cisco Secure Client B. Cisco ISE C. Cisco Secure Workload D. Cisco AMP for Network

C. Cisco Secure Workload

A network administrator has installed Secure Endpoint in the network. During setup it was noticed an endpoint has been exhibiting unusual behavior, including slow performance and unexpected network activity. Administrator discovers a suspicious file named abc0467145535.exe running in the background. Which step must the network administrator take to investigate and remediate the potential malware? A. Isolate the endpoint from the network. B. Reset the endpoint password and enable multi-factor authentication. C. Format and reinstall the operating system on the endpoint. D. Disable all non-essential processes running on the endpoint.

A. Isolate the endpoint from the network.

What are two targets in cross-site scripting attacks? (Choose two.) A. footer B. cookie C. input D. header E. image

C. input E. image

Which component performs the resolution between the tunnel address and mGRE address in DMVPN? A. GDOI B. NBMA C. NHRP D. NHS

C. NHRP

Refer to the exhibit. A network engineer must retrieve the interface configuration on a Cisco router by using the NETCONF API. The engineer uses a Python script to automate the activity. Which code snippet completes the script? ``` 1 GET/api/running/interfaces? deep HTTP/1.1 2 Host: 10.22.52.246:8008 3 Authorization: Basic YWRtaW46YWRtaw4= 4 5 Accept: application/vnd.yang.data+json 6 Cache-Control: no-cache 7 Postman-Token: 93bfbd7d-c25b-993b-2ed2-b464e7d926de ``` A. Content-Type: applications/json/vnd.yang.data B. Content-Type: application/vnd.yang.data+json C. Content-Type: application/vnd.yang.data D. Content-Type: application/vnd.yang.data+api

B. Content-Type: application/vnd.yang.data+json

What is a difference between encrypted passwords and hardcoded passwords? A. Encrypted passwords are easier to obtain, and hardcoded passwords are known only to developers. B. Encrypted passwords are generated by an application user, and hardcoded passwords are generated randomly. C. Encrypted passwords are used for frontend applications, and hardcoded passwords are used for backend applications. D. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code.

D. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code

Which action adds IOCs to customize detections for a new attack? A. Use the initiate Endpoint IOCs scan feature to gather the IOC information and push it to clients. B. Upload the IOCs into the Installed Endpoint IOC feature within Cisco Secure Endpoint. C. Add a custom advanced detection to include the IOCs needed within Cisco Secure Endpoint. D. Modify the base policy within Cisco Secure Endpoint to include simple custom detections.

B. Upload the IOCs into the Installed Endpoint IOC feature within Cisco Secure Endpoint.

A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full? A. It overwrites the oldest log files. B. It suspends logging and reporting functions. C. It deletes logs older than a configurable age. D. It archives older logs in a compressed file to free space.

B. It suspends logging and reporting functions.

What limits communication between applications or containers on the same node? A. container orchestration B. microservicing C. software-define access D. microsegmentation

D. microsegmentation

A network administrator has configured TACACS on a network device using the key Cisc0466974274 for authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is falling. Which configuration step must the administrator complete? A. Configure the TACACS key on the server to match with the network device. B. Install a compatible operating system version on the TACACS server. C. Implement synchronized system clock on TACACS server that matches the network device. D. Apply an access control list on TACACS server to allow communication with the network device.

A. Configure the TACACS key on the server to match with the network device.

How do the features of DMVPN compare to IPsec VPN? A. DMVPN supports high availability routing, and IPsec VPN supports stateless failover. B. DMVPN uses hub-and-spoke topology, and IPsec VPN uses on-demand spoke topology. C. DMVPN supports non-IP protocols, and IPsec VPN only supports IP protocols. D. DMVPN supports multiple vendors, and IPsec VPN only supports Cisco products.

A. DMVPN supports high availability routing, and IPsec VPN supports stateless failover.

Drag and drop the Cisco Secure Email Gateway benefits from the left to the corresponding deployment options on the right. lowers the cost of developing in highly distributed networks highest levels of data protection highest levels of service availability respond instantly to increasing traffic growth cloud or virtual

Cloud: highest levels of data protection highest levels of service availability Virtual respond instantly to increasing traffic growth lowers the cost of deploying in highly distributed networks

What has driven an increase in the need for endpoint-based security? A. minimal endpoint-based security manual configuration and implementation B. increased data volumes and value in data center storage C. increased number of BYOD policies and hybrid remote worker D. stricter control mechanism requirements for enterprise access

C. increased number of BYOD policies and hybrid remote worker

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation? A. man-in-the-middle B. cross-site request forgery C. SQL injection D. denial-of-service

C. SQL injection

Which problem is solved by deploying a multicontext firewall? A. overlapping IP addressing plan B. resilient high availability design C. faster inspection D. more secure policy

A. overlapping IP addressing plan

What must be configured on Cisco Secure Endpoint to create a custom detection file list to detect and quarantine future files? A. Create an advanced custom detection and upload the hash of each file. B. Add a network IP block allowed list to the configuration and add the blocked files. C. Use the simple custom detection feature and add each detection to the list. D. Configure an application control allowed applications list to block the files.

A. Create an advanced custom detection and upload the hash of each file.

Which Cisco solution provides a comprehensive view of internet domains, IP addresses, and autonomous systems to help pinpoint attackers and malicious infrastructures? A. Cisco Secure Workload Cloud B. Cisco Advanced Malware Investigate C. Cisco Threat Indication Database D. Cisco Umbrella Investigate

D. Cisco Umbrella Investigate

An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two.) A. Enter a network public IP address. B. Install the Umbrella root certificate. C. Configure the DNS security settings. D. Point DNS to Umbrella platform DNS servers. E. Point DHCP to Umbrella platform DHCP servers.

A. Enter a network public IP address. D. Point DNS to Umbrella platform DNS servers.

Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains, IPs, and files, and helps to pinpoint attackers’ infrastructures and predict future threat? A. Cisco Umbrella Investigate B. Cisco Secure Network Analytics C. Cisco pxGrid D. Cisco Secure Cloud Analytics

A. Cisco Umbrella Investigate

Which action configures the iEEE 802.1X Flexible Authentication feature to support Layer 3 authentication mechanisms? A. Modify the Dot1x configuration on the VPN server to send Layer 3 authentications to an external authentication database. B. Identify the devices using this feature and create a policy that allows them to pass Layer 2 authentication. C. Add MAB into the switch to allow redirection to a Layer 3 device for authentication. D. Configure WebAuth so the hosts are redirected to a web page for authentication.

D. Configure WebAuth so the hosts are redirected to a web page for authentication.

Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches? A. rest APIs B. northbound APIs C. southbound APIs D. unprotected APIs

C. southbound APIs

Which solution should a network administrator deploy to protect a webserver from SQL injection attacks? A. IDS B. Secure Web Appliance C. ISE D. IPS

D. IPS

What is a capability of Cisco AVC? A. application bandwidth enforcement on Cisco IOS platforms B. interoperates by using GET VPN on tunnel interfaces C. traffic filtering by using a Security Intelligence policy D. deep packet inspection on IPsec encapsulated traffic

A. application bandwidth enforcement on Cisco IOS platforms

Which parameter must be set for an invalid certificate handling on a Cisco Seucure Web Appliance with a policy for HTTPS traffic? A. Decrypt B. Reject C. Accept D. Scan

A. Decrypt

A networking team must harden an organization's network from VLAN hopping attacks. The team disables Dynamic Trunking Protocol and puts any unused ports in an unused VLAN. A trunk port is used as a trunk link. What must the team configure next to harden the network against VLAN hopping attacks? A. dedicated navite VLAN ID for all trunk ports B. disable STP on the network devices C. DHCP snooping on all the switches D. enable port-based network access control

A. dedicated native VLAN ID for all trunk ports

A network engineer configures a site-to-site VPN with a colleague. During testing, the engineer discovers that only phase 1 is up, and application traffic cannot pass. Which configuration parameter must be checked on each device? A. hash algorithm B. peer IP address C. encryption domain D. preshared key

C. encryption domain

An engineer is deploying a Cisco Email Security Appliance and must configure a sender group that decides which mail policy will process the mail. The configuration must accept incoming mails and relay the outgoing mails from the internal server. Which component must be configured to accept the connection to the listener and meet these requirements on a Cisco Secure Email Gateway? A. access list B. HAT C. RAT D. sender list

C. RAT

Refer to the exhibit. A network engineer wants to reduce the operational costs of SNMPv3 by using trapping instead of polling. Which code snippet completes the configuration to enable authentication for SNMPv3 trapping? ``` snmp-server enable traps snmp-server group trapgroup v3 auth ******************************** snmp-server host 10.1.1.161 traps version 3 auth trapuser ``` A.snmp-server user trapuser trapgroup version 3 auth sha AuthPass B.snmp-server user trapuser trapgroup v3 auth sha AuthPass C. snmp-server user trap trapgroup v3 auth sha AuthPass D. snmp-server user trapuser trapgroup version 3 AuthPass

B.snmp-server user trapuser trapgroup v3 auth sha AuthPass

What is the definition of phishing? A. malicious email spoofing attack that targets a specific organization or individual B. impersonation of an authorized website to deceive users into entering their credentials C. any kind of unwanted, unsolicited digital communication that gets sent out in bulk D. sending fraudulent communications that appear to come from a reputable source

D. sending fraudulent communications that appear to come from a reputable source

What is capability of EPP compared to EDR? A. EPP protects against malware that has already entered the environment, and EDR focuses on protecting against botnets. B. EDR protects against email attacks, and EPP focuses on detecting and monitoring phishing and ransomware email attacks. C. EDR protects against malicious email attacks, and EPP focuses on suspicious website attacks including DoS and DDoS attempts. D. EDR protects against malware that has already entered the environment, and EPP focuses on preventing malware from entering.

D. EDR protects against malware that has already entered the environment, and EPP focuses on preventing malware from entering.

What is considered a cloud data breach? A. cyber threats posing as authorized entities B. exploitation of cloud application access C. deprivation of computing resources D. leaked information that is private

B. exploitation of cloud application access

Which type of attack does multifactor authentication help protect against? A. cross-site scripting B. brute force C. SQL injection D. man-in-the-middle

B. brute force

An engineer must use Cisco Secure Firewall Management Center to send Cisco Secure Firewall Threat Defense events to the cloud. The engineer performed these actions already: * FTD devices were added to FMC * FTD devices were assigned licenses Which action must be taken to complete Cisco Cloud Event Configuration? A. Register with Cisco Smart Licensing. B. Enable cloud event connector. C. Create a Cisco Cloud Region. D. Assign a Cloud Event License.

B. Enable cloud event connector.

What is a benefit of using Cisco AVC for application control? A. dynamic application scanning B. management of application sessions C. retrospective application analysis D. zero-trust approach

B. management of application sessions

What is the purpose of CA in a PKI? A. to generate a pkcs12 certificate from certificate key-pair B. to issue and revoke digital certificates C. to certify the ownership of a public key by the named subject D. to create the private key for a digital certificate

B. to issue and revoke digital certificates

An engineer is onboarding a teleworker to Cisco Umbrella. After the worker’s home network identity is configured, which additional action must be taken to complete the network registration? A. Change the public IP addresses from static to dynamic. B. Point the home modem DHCP to Cisco Umbrella DHCP. C. Set up a point-to-point VPN with the head-office. D. Point the home modem DNS to Cisco Umbrella DNS.

D. Point the home modem DNS to Cisco Umbrella DNS.

What must be disabled on a Cisco Secure Web Appliance to ensure HTTPS traffic with a good reputation score bypasses decryption? A. Decrypt ACL B. Decrypt Policies C. Decrypt for End-User Acknowledgment D. Decrypt for End-User Notification

B. Decrypt Policies

A network engineer must use the Cisco DNA Center API to create a configuration template to provision a device. Which two method and endpoint pairs must be used to create the template? (Choose two.) A- POST /dna/intent/api/v1/discovery B. POST /dna/intent/api/v1/template-programmer/project/{project_id}/template C. GET /dna/intent/api/v1/global-pool D. POST /dna/intent/api/v1/template-programmer/template/ version E. GET /dna/intent/api/v1/global-credential/{credential_id}

B. POST /dna/intent/api/v1/template-programmer/project/{project_id}/template D. POST /dna/intent/api/v1/template-programmer/template/ version

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization’s inside network 192.168.1.0/24. Which IOS command must be used to create the access control list? A. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 B. access-list extended permit tcp 192.168.1.0 255.255.255.0 any eq 80. C. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 any eq 80 D. access-list permit http 192.168.1.0 255.255.255.0 any

C. access-list HTTP-ONLY extended permit tcp 192.168.1.0 255.255.255.0 any eq 80

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right. customer responsible for application patching customer responsible for operating system patching provider responsible for operating system patching privider responsible for applicaton patching

IaaS customer responsible for application patching customer responsible for operating system patching SaaS provider responsible for operating system patching privider responsible for applicaton patching

An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generated by the user is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goal? A. NAT exemption B. encryption domain C. routing table D. group policy

D. group policy

An engineer must configure a Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of emails that violate the DLP policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet the requirements? A. DLP Message Action B. Matched Content Logging C. Secure Reply All D. Secure Message Forwarding

B. Matched Content Logging

Which email security feature protects users from phishing attempts? A. anti-malware file scanning B. intrusion prevention C. reputation-based filtering D. malicious signature detection

C. reputation-based filtering

Refer to the exhibit. Which protocol should be used to encrypt a client connection that signs in to the router remotely to make common configuration changes? remote management to a router A. SSH B. FTPS C. SCP D. SFTP

A. SSH

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements? A. Cisco Secure Workload B. Cisco Secure Network Analytics C. Cisco AMP D. Cisco Umbrella

A. Cisco Secure Workload

How does a Cisco Secure Firewall help to lower the risk of exfiltration techniques that steal customer data? A. blocking UDP port 53 B. blocking TCP port 53 C. inspecting the DNS traffic D. encrypting the DNS communication

C. inspecting the DNS traffic

Refer to the exhibit. Which task is the Python script performing by using the Cisco Umbrella API? ``` import requests import json from datetime import datetime API key = "" investigateUrl = "https://investigate.api.umbrella.com/domains/categorization/" domains = ["internetbadguys.com", "cnn.com", "cisco.com"] values = str(json.dumps (domains)) headers = { } 'Authorization': 'Bearer' + API key req = requests.post (investigateUrl, data=values, headers=headers) time = datetime.now().isoformat() if (req.status_code == 200): print ("SUCCESS: request has the following code: 200\n") output = req.json() for domain in domains: domainOutput = output [domain] domainStatus = domainOutput ["status"] if (domainStatus == -1): print ("The domain (domain) s is found MALICIOUS at % (time) s\n"% {'domain': domain, 'time': time}} elif (domainStatus == 1): else: print ("The domain % (domain) s is found CLEAN at % (time) s\n"% {'domain': domain, 'time': time}} print ("The domain % (domain) s is found UNDEFINED RISKY at % (time) s\n"% {'domain': domain, 'time': time}} ``` A. changing the disposition of domains that were previously malicious to clean B. checking the disposition of previously identified domains in bulk C. changing the disposition of domains that were previously clean to malicious D. checking the disposition of potentially malicious domains in bulk

B. checking the disposition of previously identified domains in bulk number of times in the script is the key

Refer to the exhibit. A network engineer must implement a new multidevice management solution and must retrieve information about all the Cisco devices that are directly attached to a Cisco IOS router. Which IOS command must the engineer use to display detailed information about the attached devices? screenshot of neighbors A. show cdp neighbors B. show cdp C. show neighbors D. cdp neigbors

A. show cdp neighbors

Refer to the exhibit. Network access control is implemented on the LAN and an engineer must now configure the switch port level so that users with new corporate devices can connect to the corporate LAN without issues. What must be configured next? ``` interface gig1/0/1 switchport mode access authentication violation restrict ``` A. clear port-security dynamic B. shut and no shut C. errdisable recovery cause psesecure-violation D. authentication violation replace

D. authentication violation replace "without issues"

What is a difference between an EPP solution and an EDR solution? A. EPP detects malicious activity on endpoints, and EDR only detects file-based malware on endpoints. B. EDR provides endpoint data loss prevention, and EPP remediates hosts to a preinfection state. C. EDR focuses on detecting network-level threats, and EPP focuses on detecting host-level threats. D. EPP contains a security incident at the network traffic level, and EDR contains a security incident at the endpoint.

D. EPP contains a security incident at the network traffic level, and EDR contains a security incident at the endpoint.

A company is planning to deploy an application to a secure cloud environment. The solution must meet these requirements: * A third-party must control the underlying cloud infrastructure. * The company must control the deployed applications. * A third-party must control networking components. Which cloud service model must be used? A. SaaS B. IaaS C. PaaS D. private cloud

C. PaaS

An organization plans to upgrade its current email security solutions, and an engineer must deploy Cisco Secure Email. The requirements for the upgrade are: * Implement Data Loss Prevention * Implement mail encryption * Integrate with an existing Cisco IronPort Secure Email Gateway solution Which Cisco Secure Email license needed to accomplish this task? A. Cisco Secure Email Domain Protection B. Cisco Secure Email Inbound Essentials C. Cisco Secure Email Outbound Essentials D. Cisco Secure Email Phishing Defense

C. Cisco Secure Email Outbound Essentials

Which Cisco ISE service checks the state of all the endpoints connecting to a network for compliance with corporate security policies? A. Threat Centric NAC service B. posture service C. Cisco TrustSec D. compliance module

B. posture service

What is a difference between an SQL injection and a cross-site scripting attack? A. SQL injection intercepts user information, and XSS causes false or unpredictable results. B. SQL injection modifies SQL queries, and XSS cloaks by encoding tags. C. SQL injection detects environments, and XSS cloaks by encoding tags. D. SQL injection modifies SQL queries, and XSS allows access to files beyond the root folder.

B. SQL injection modifies SQL queries, and XSS cloaks by encoding tags.

Drag and drop the firewall capabilities from the left onto the corresponding firewall deployment modes on the right. Routed firewalls / Transparent firewalls A. The device acts as a secured bridge that switches traffic from one interface to another. B. The firewall does not provide a way to filter packets that traverse from one host to another in the same LAN segment. C. The firewall requires a new network segment to be created when they are inserted into a network. D. The firewall can optionally inspect Layer 2 traffic and filter unwanted traffic.

Routed firewalls: B. The firewall does not provide a way to filter packets that traverse from one host to another in the same LAN segment. C. The firewall requires a new network segment to be created when they are inserted into a network. Transparent firewalls: A. The device acts as a secured bridge that switches traffic from one interface to another. D. The firewall can optionally inspect Layer 2 traffic and filter unwanted traffic.

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall to permit TCP DNS traffic to the internet from the organization’s inside network 192.168.1.0/24. Which IOS command must be used to implement the access control list? A. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq 53 any B. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq domain C. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq 53 D. access-list 102 permit tcp 192.168.1.0 0.0.0.255 any eq 53

D. access-list 102 permit tcp 192.168.1.0 0.0.0.255 any eq 53

What is a capability of Cisco Secure Email Cloud Gateway compared to Cisco Secure Email Gateway? A. Secure Email Cloud Gateway is an add-on that is deployed to a web browser by using a group policy, and Secure Email Gateway requires a server infrastructure. B. Secure Email Cloud Gateway requires that a proxy be deployed to a web browser, and Secure Email Gateway requires a network reconfiguration. C. Secure Email Cloud Gateway protects email without having to deploy an infrastructure, and Secure Email Gateway requires a server infrastructure. D. Secure Email Cloud Gateway requires an ASA to redirect email by using WCCP, and Secure Email Gateway requires that the ASA be inline.

C. Secure Email Cloud Gateway protects email without having to deploy an infrastructure, and Secure Email Gateway requires a server infrastructure.

An engineer must prevent communication with a cloud application being decrypted. The application database uses AES-256 with SHA-512 and web access to the application uses HTTPS with SSLv2 self-signed certificates. What must the engineer implement next? A. SSLV3 with self-signed certificates B. TLS 1.3 with signed certificates C. SSLv3 with signed certificates D. TLS 1.3 with self-signed certificates

B. TLS 1.3 with signed certificates

Which action blocks specific IP addresses whenever a computer with Cisco Secure Endpoint installed connects to the network? A. Create an application block list and add the IP addresses. B. Create an IP Block & Allow list and add the IP addresses. C. Create an advanced custom detection policy and add the IP addresses. D. Create a simple custom detection policy and add the IP addresses

B. Create an IP Block & Allow list and add the IP addresses.

An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware? A. Block Malware B. Detect Files C. Malware Cloud Lookup D. Block Files

A. Block Malware

Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organizations cloud environment? A. Cisco Secure Workload B. Cisco CSR1000v C. Cisco DNA D. Cisco FTD

A. Cisco Secure Workload

An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal? A. Cisco analytics B. CDO event viewer C. SWC service D. SDC VM

D. SDC VM (secure device connector)

When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications? A. Cisco ASA B. Cisco CloudLock C. Cisco ISE D. Cisco AMP Private Cloud

B. Cisco CloudLock

An engineer implements Cisco CloudLock to secure a Microsoft Office 365 application in the cloud. The engineer must configure protection for corporate files in case of any incidents. Which two actions must be taken to complete the implementation? (Choose two.) A. Remove all users as collaborators on the files. B. Transfer ownership of the files to a specified owner and folder. C. Expire the public share URL. D. Disable the ability for commenters and viewers to download and copy the files. E. Send Cisco Webex message to specified users when an incident is triggered.

A. Remove all users as collaborators on the files. C. Expire the public share URL.

Which common exploit method is TLS 1.3 designed to prevent? A. man-in-the-middle attack B. denial-of-service attack C. cross-site request forgery D. cross-site scripting

A. man-in-the-middle attack

Refer to the exhibit. A company named ABC has a Cisco Secure Email Gateway and an engineer must configure the incoming mail policy so that emails containing malware files are quarantined instead of dropped and to prevent an increase in false positives causing emails to be dropped erroneously. What must be configured on the Secure Email Gateway? [https://img.examtopics.com/350-701/image70.png](http://) A. Change the Policies Order. B. Open Default Policy, Malware File, and then Action Applied to Message. C. Delete usera1 policy. D. Open usera1 policy, Messages with Malware Attachments, and then Action Applied to Message.

D. Open usera1 policy, Messages with Malware Attachments, and then Action Applied to Message.

How does a Cisco Secure Web Appliance integrated with LDAP handle the permissions of a currently logged in Active Directory group member when the Active Directory administrator changes the permissions of the user's group mid session? A. If the Cisco Secure Client Mobility Client is configured on the endpoint to provide Active Directory updates, the Cisco Secure Web Appliance changes the user's permissions immediately when alerted by the client. B. If the Cisco Secure Web Appliance is configured to receive real-time updates from the Active Directory user agent, it changes the user's permissions immediately when the agent sends the update. C. The Cisco Secure Web Appliance terminates the current session and prompts the user to re-authenticate in order to update the effective permissions. D. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user's session.

D. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user's sessio

Refer to the exhibit. An engineer must forward all web traffic sent from Client-SiteA to the monitoring server to build a baseline of expected traffic once a new Cisco Secure Web Appliance is deployed. What must be configured on the switch to meet the requirement? A. ERSPAN B. RSPAN C. WCCP D. SPAN

D. SPAN

What is the difference between EPP and EDR? A. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior. B. EPP focuses primarily on threats that have evaded front-line defenses that entered the environment. C. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats. D. EDR focuses solely on prevention at the perimeter.

A. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

What are two benefits of adaptive multifactor authentication? (Choose two.) A. no need to remember passwords B. secure remote access C. contextual factor-based authentication D. improved access management E. managed encryption policies

B. secure remote access C. contextual factor-based authentication

The security team has installed a Cisco Secure Email Gateway. During setup, a large number of email messages containing the string "abcde1111111111" are being blocked. The security team wants to investigate and determine if the emails are part of a phishing or malware attack. Which configuration step must the security team apply? A. Implement a policy to only allow email from trusted to the network senders. B. Apply a policy to route all blocked emails to a separate quarantine folder. C. Configure sender domain reputation policy to check if sender email domain is known to be malicious. D. Configure a policy to disable spam filtering in order to expedite email delivery.

B. Apply a policy to route all blocked emails to a separate quarantine folder. They need to study the emails

Which two facts must be considered when deciding whether to deploy the Cisco Secure Web Appliance in Standard mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two.) A. External DLP is available only in Standard mode and Hybrid Web Security mode. B. The onsite web proxy is not supported in Cloud Web Security Connector mode. C. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy. D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring. E. ISE integration is available only in Standard mode and Hybrid Web Security mode.

B. The onsite web proxy is not supported in Cloud Web Security Connector mode. D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring.

my cards 7 Flashcards

my cards 7 (103 cards)