Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.) SIP inline normalization SSL packet decoder modbus.
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging? It tracks flow-create, flow-teardown, and flow-denied events. It provides stateless IP flow tracking that exports all records of a specific flow. It tracks the flow continuously and provides updates every 10 seconds. Its events match all traffic classes in parallel.
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic? File Analysis SafeSearch SSL Decryption Destination Lists.
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two.) DDoS antispam antivirus encryption DLP.
Why would a user choose an on-premises ESA versus the CES solution? Sensitive data must remain onsite. Demand is unpredictable. The server team wants to outsource this service. ESA is deployed inline.
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose
two.) Sophos engine white list RAT outbreak filters DLP.
On which part of the IT environment does DevSecOps focus? application development wireless network data center perimeter network.
Which two mechanisms are used to control phishing attacks? (Choose two.) Enable browser alerts for fraudulent websites. Define security group memberships. Revoke expired CRL of the websites. Use antispyware software. Implement email filtering techniques.
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering
attacks? (Choose two.) Patch for cross-site scripting. Perform backups to the private cloud. Protect against input validation and character escapes in the endpoint. Install a spam and virus email filter. Protect systems with an up-to-date antimalware program.
Which option best describes RPL? RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root
border routers. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between
two root border routers. RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route
between leaves and the root border router. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best
route between leaves and the root border router.
What is a characteristic of Dynamic ARP Inspection? DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping
binding database. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted. DAI associates a trust state with each switch. DAI intercepts all ARP requests and responses on trusted ports only.
Which three statements about VRF-Aware Cisco Firewall are true? (Choose three) It supports both global and per-VRF commands and DoS parameters. It enables service providers to deploy firewalls on customer devices. It can generate syslog messages that are visible only to individual VPNs. It can support VPN networks with overlapping address ranges without NAT. It enables service providers to implement firewalls on PE devices. It can run as more than one instance.
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of
a network? SDN controller and the cloud management console and the SDN controller management console and the cloud SDN controller and the management solution.
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work? RSA SecureID Internal Database Active Directory LDAP.
drag detection, blocking, tracking, analisys, and remediation to protect against traget persistent malware attacks supeiror theat prevention and mitigation for know and unknow theats application-layer control and abilbity to enforce usage and tailor detection policies based on custom appliocations and URLs combined integrated soluction of strong defense and web protection, visibility, and controlling solutions.
Windows supplicant connected to SW2 cannot establish HTTP session using FQDN. Based on the provided outputs, what could be the potential issue?
A. Issue with the DACL pushed for the session.
B. Issue with assigned SGT to the session.
C. User is not authenticated.
D. MAB should be used for port authentication and authorization.
E. Issue with assigned VLAN to the session.
F. User is not authorized.
What are two list types within AMP for Endpoints Outbreak Control? (Choose two.) blocked ports simple custom detections command and control allowed applications URL.
Which command enables 802.1X globally on a Cisco switch? dot1x system-auth-control dot1x pae authenticator authentication port-control auto aaa new-model.
Which two endpoint measures are used to minimize the chances of falling victim to phishing and
social engineering attacks? (Choose two.) Patch for cross-site scripting. Perform backups to the private cloud. Protect against input validation and character escapes in the endpoint. Install a spam and virus email filter. Protect systems with an up-to-date antimalware program.
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection
and Response? EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter
defenses. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter
defenses. EPP focuses on network security, and EDR focuses on device security. EDR focuses on network security, and EPP focuses on device security.
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.) put options get push connect.
What provides visibility and awareness into what is currently occurring on the network? CMX WMI Prime Infrastructure Telemetry.
Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment? 1 6 31 2.
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion
Prevention System? correlation intrusion access control network discovery.
Which two capabilities does TAXII support? (Choose two.) exchange pull messaging binding correlation mitigating.
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.) data exfiltration command and control communication intelligent proxy snort URL categorization.
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity
Services Engine? (Choose two.) RADIUS TACACS+ DHCP sFlow SMTP.
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their
destinations. Which task can you perform to determine where each message was lost? Configure the trackingconfig command to enable message tracking. Generate a system report. Review the log files. Perform a trace.
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where
must the ASA be added on the Cisco UC Manager platform? Certificate Trust List Endpoint Trust List Enterprise Proxy Service Secured Collaboration Proxy.
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that
domains are blocked when they host malware, command and control, phishing, and more threats? Application Control Security Category Blocking Content Category Blocking File Analysis.
In which cloud services model is the tenant responsible for virtual machine OS patching? IaaS UCaaS PaaS SaaS.
What is a language format designed to exchange threat intelligence that can be transported over
the TAXII protocol? STIX XMPP pxGrid SMTP.
Which two characteristics of messenger protocols make data exfiltration difficult to detect and
prevent? (Choose two.) Malware infects the messenger application on the user endpoint to send company data. Outgoing traffic is allowed so users can communicate with outside organizations. An exposed API for the messaging platform is used to send large amounts of data. Traffic is encrypted, which prevents visibility on firewalls and IPS systems. Messenger applications cannot be segmented with standard network controls.
How many interfaces per bridge group does an ASA bridge group deployment support? up to 16 up to 8 up to 4 up to 2.
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP
flags, and payload length? process details variation flow insight variation interpacket variation software package variation.
In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two.) configure policy-based routing on the network infrastructure reference a Proxy Auto Config file use Web Cache Communication Protocol configure the proxy IP address in the web-browser settings configure Active Directory Group Policies to push proxy settings.
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.) Create an ACL to allow UDP traffic on port 9996. Enable NetFlow Version 9. Create a class map to match interesting traffic. Apply NetFlow Exporter to the outside interface in the inbound direction. Define a NetFlow collector by using the flow-export command.
A mall provides security services to customers with a shared appliance. The mall wants separation
of management on the shared appliance. Which ASA deployment mode meets these needs? multiple context mode transparent mode routed mode multiple zone mode.
Which two risks is a company vulnerable to if it does not have a well-established patching solution
for endpoints? (Choose two.) eavesdropping denial-of-service attacks ARP spoofing malware exploits.
Which threat involves software being used to gain unauthorized access to a computer system? ping of death NTP amplification HTTP flood virus.
What are two rootkit types? (Choose two.) registry bootloader buffer mode user mode virtual.
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN? TLSv1.2 BJTLSvl TLSv1.1 DTLSv1.
Which type of attack is social engineering? trojan MITM phishing malware.
Which compliance status is shown when a configured posture policy requirement is not met? unknown authorized compliant noncompliant.
An engineer wants to automatically assign endpoints that have a specific OUl into a new endpoint
group. Which probe must be enabled for this type of profiling to work? NetFlow DHCP SNMP NMAP.
Which PKI enrollment method allows the user to separate authentication and enrollment actions
and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the
server? url profile terminal selfsigned.
A network engineer is configuring DMVPN and entered the crypto isakmp key cisco380739941
address 0.0.0.0 command on host A. The tunnel is not being established to host B. What action is
needed to authenticate the VPN? Enter the same command on host B. Enter the command with a different password on host B. Change isakmp to ikev2 in the command on host A. Change the password on host A to the default password.
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP
Inspection is applied, all users on that switch are unable to communicate with any destination. The
network administrator checks the interface status of all interfaces, and there is no err-disabled
interface. What is causing this problem? The ip arp inspection limit command is applied on all interfaces and is blocking the traffic
of all users. DHCP snooping has not been enabled on all VLANs. The no ip arp inspection trust command is applied on all user host interfaces. Dynamic ARP Inspection has not been enabled on all VLANs.
What is a feature of the open platform capabilities of Cisco DNA Center? domain integration application adapters intent-based APIs automation adapters.
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security
products from Cisco and other vendors to share data and interoperate with each other? Advanced Malware Protection Platform Exchange Grid Multifactor Platform Integration Firepower Threat Defense.
What is the function of the Context Directory Agent? reads the Active Directory logs to map IP addresses to usernames accepts user authentication requests on behalf of Web Security Appliance for user
identification relays user authentication requests from Web Security Appliance to Active Directory maintains users' group memberships.
What must be used to share data between multiple security products? Cisco Rapid Threat Containment Cisco Advanced Malware Protection Cisco Stealthwatch Cloud Cisco Platform Exchange Grid.
What are two reasons for implementing a multifactor authentication solution such as Duo Security
provide to an organization? (Choose two.) secure access to on-premises and cloud applications identification and correction of application vulnerabilities before allowing access to
resources single sign-on access to on-premises and cloud applications integration with 802.1x security using native Microsoft Windows supplicant flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push
notifications.
Which two characteristics of messenger protocols make data exfiltration difficult to detect and
prevent? (Choose two.) Traffic is encrypted, which prevents visibility on firewalls and IPS systems. An exposed API for the messaging platform is used to send large amounts of data. Outgoing traffic is allowed so users can communicate with outside organizations. Malware infects the messenger application on the user endpoint to send company data. Messenger applications cannot be segmented with standard network controls.
How is DNS tunneling used to exfiltrate data out of a corporate network? It redirects DNS requests to a malicious server used to steal user credentials, which allows
further damage and theft on the network. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect
information or start other attacks. It encodes the payload with random characters that are broken into short strings and the
DNS server rebuilds the exfiltrated data. It leverages the DNS server by permitting recursive lookups to spread the attack to other
DNS servers.
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP
flags, and payload length? process details variation software package variation flow insight variation interpacket variation.
Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured
in Cisco ISE? It allows the endpoint to authenticate with 802.1x or MAB. It allows CoA to be applied if the endpoint status is compliant. It adds endpoints to identity groups dynamically. It verifies that the endpoint has the latest Microsoft security patches installed.
Which compliance status is shown when a configured posture policy requirement is not met? authorized noncompliant unknown compliant.
drag stand includes NAT-1 uses six packets in main mode to establish phase 1 uses four packets to establish phase 1 and phase 2 uses three packets in aggressive mode to establish phase 1 uses EAP for authenticating remote access clients.
What is a commonality between DMVPN and FlexVPN technologies? FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes FlexVPN and DMVPN use the new key management protocol FlexVPN and DMVPN use the same hashing algorithms IOS routers run the same NHRP code for DMVPN and FlexVPN.
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two) Patch for cross-site scripting. Perform backups to the private cloud. Protect systems with an up-to-date antimalware program. Protect against input validation and character escapes in the endpoint. Install a spam and virus email filter.
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two) SSL packet decoder SIP modbus inline normalization.
Which algorithm provides encryption and authentication for data plane communication? SHA-96 SHA-384 AES-GCM AES-256.
Which two deployment modes does the Cisco ASA FirePower module support? (Choose two) routed mode active mode transparent mode inline mode passive monitor-only mode.
Which two descriptions of AES encryption are true? (Choose two) AES is more secure than 3DE AES can use a 168-bit key for encryption. AES can use a 256-bit key for encryption. AES encrypts and decrypts a key three times in sequence. AES is less secure than 3DE.
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity? DMVPN FlexVPN IPsec DVTI GET VPN.
Which VPN technology can support a multivendor environment and secure traffic between sites? SSL VPN GET VPN FlexVPN DMVPN.
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities? web page images database Linux and Windows operating systems user input validation in a web page or web application.
|
