Which of the following types of authentication is represented by using a four-digit PIN to
access a mobile device? (Select the best answer.) mutual FIM multifactor single-factor. Which of the following statements is true regarding ECC? (Select the best answer.) ECC is more efficient than RSA because ECC requires a shorter key to achieve the
same level of security ECC is slower than RSA because ECC is an asymmetric encryption method ECC is stronger than RSA because ECC is a symmetric encryption method.
ECC is faster than RSA because ECC uses prime number factoring.
. Which of the following statements are true regarding TACACS+? (Select 2 choices.) It was developed as an IETF-standard protocol.
It combines authorization and authentication functions.
It uses UDP for packet delivery.
It provides router command authorization capabilities.
It encrypts the entire body of a packet. Which of the following functions can you perform with the advancedproxyconfig
command on a Cisco WSA? (Select 2 choices.) set the maximum HTTP header size or URL size for proxy requests set the URI logging style set a minimum upload request body size for Cisco Data Security Filters allow or block content-encoding types take a snapshot of the proxy set a minimum upload request body size for external DLP servers. Which of the following types of attacks can be prevented by enabling DHCP snooping on a
Cisco switch? (Select 2 choices.)
SQL injection cross-site scripting
DHCP starvation ARP poisoning
DDoS
. Which of the following is a Cisco AMP component that provides a cloud-based dynamic
analysis engine for assessing malware? (Select the best answer.)
Tetration Stealthwatch Cloud
Umbrella
Threat Grid
. Which of the following is a locally installed threat-detection appliance that requires a Flow
Rate License? (Select the best answer.)
Cisco WSA
Cisco Stealthwatch Enterprise Cisco Umbrella
Cisco ESA Cisco Stealthwatch Cloud. According to Gartner, which of the following is not a capability of an EPP? (Select the best
answer.)
remediation to pre-infection state personal firewall antimalware application control and sandboxing. Which of the following terms relate to northbound APIs? (Select 2 choices.) rest api
REST OpFlex RESTCONF intent-based APIs OpenFlow
. Which of the following statements is true regarding the registration key that is required in
order to add a Firepower device to an FMC? (Select the best answer.) It is a manually configured arbitrary hexadecimal value It is an automatically generated hexadecimal value derived from the serial number. It is a manually configured arbitrary alphanumeric value It is an automatically generated MD5 hash of the Firepower device host name and
IP address. Which of the following methods can be used to perform a Smurf attack? (Select the best
answer.) sending malformed ICMP messages that exceed the maximum message size to a
target system exploiting a software bug to cause data to be written beyond the memory buffer using alternate encoding to insert malicious code into a web form sending ICMP Echo Request messages to a broadcast address using a botnet to send a large number of ICMP Echo Request packets to a target
system. Which of the following are true about an ASA operating in transparent mode? (Select 2
choices.) Each directly connected network must be on a different subnet The ASA management IP address must be the default gateway for connected
devices Multicast traffic cannot pass through the ASA The ASA can use an inside and an outside interface but not a DMZ interface.
If the ASA is configured for multiple contexts, an IP address must be assigned to
each context. Which Cisco Cognitive Intelligence detection and analytics engine uses statistical modeling
to identify anomalous web traffic and uncover data breaches? (Select the best answer.)
exploit kit data exfiltration
C2 communication DGA tunneling through HTTP and HTTPS requests. Which of the following can be detected by the Cisco ESA? (Select 3 choices.)
MAC spoofing attacks snowshoe spam DNS poisoning attacks DDoS attacks
geolocation-based attacks phishing attacks
. Which of the following cannot be configured as a platform settings policy for managed
devices from the FMC Platform Settings page? (Select the best answer.) a custom login banner time synchronization an audit log for external streaming
email notifications. While looking through FMC intrusion events you, notice an event with a yellow impact flag.
Which of the following vulnerability classifications corresponds best to this event? (Select the best answer.) vulnerable not vulnerable potentially vulnerable unknown. Which of the following Cisco Umbrella policy settings require that the Enable Intelligent
Proxy setting be enabled? (Select 2 choices.) Enable IP-Layer Enforcement
Log Only Security Events SSL Decryption
Allow-Only Mode Enforce SafeSearch
. Which of the following statements best describes context details data that is collected by
Cisco Tetration Analytics? (Select the best answer.) It provides application visibility and generates microsegmentation policy It includes variation in TTL, IP and TCP flags, and payload length It includes variation in buffer utilization and is derived outside the packet header It contains information about endpoints, when a flow started, and the length of a
flow. It contains information about endpoints, when a flow started, and the length of a
flow device flow correlation advanced custom signatures simple custom detections application blocking lists. Which of the following can be detected by the Cisco ESA? (Select 3 choices.)
MAC spoofing attacks
DNS poisoning attacks
snowshoe spam
DDoS attacks
phishing attacks geolocation-based attacks
. Which of the following Cisco Umbrella policy settings require that the Enable Intelligent
Proxy setting be enabled? (Select 2 choices.) Enforce SafeSearch Enable IP-Layer Enforcement
Allow-Only Mode Log Only Security Events SSL Decryption
. Which of the following is not a factor that can be used for authentication in an MFA
environment? (Select the best answer.) knowledge physical encryption time. While looking through FMC intrusion events you, notice an event with a yellow impact flag.
Which of the following vulnerability classifications corresponds best to this event? (Select the best answer.)
not vulnerable potentially vulnerable
vulnerable unknown. Which of the following statements about the Cisco AMP Private Cloud Appliance is true
when the appliance is operating in cloud proxy mode? (Select the best answer.) All traffic from endpoint connectors is sent to the private cloud.
It is supported only on physical appliances.
Updates cannot be retrieved automatically from the AMP cloud to the appliance.
It does not require an Internet connection for disposition lookups. You issue the show authentication registrations command on a Cisco switch.
Which of the following are you most likely to see in the output? (Select the best answer.)
information about the authentication methods registered with Auth Manager information about the Auth Manager for a specific interface the status and number of packets sent and received from AAA RADIUS servers a list of current Auth Manager sessions, including 802.1X and MAB-authenticating
ports
. Which of the following are SCADA preprocessors that are available in Cisco Firepower
NGIPS? (Select 2 choices.) DNP3 inline normalization IP defragmentation Modbus SSL. When is a network discovery policy applied to traffic on a Cisco Firepower NGIPS that is
configured to operate in an inline deployment? (Select the best answer.)
after a file policy but before an ACL rule
after a network analysis policy but before a file policy
after an intrusion policy but before a network analysis policy after an ACL rule but before a network analysis policy. Which of the following decryption options should be enabled on a Cisco WSA to enhance
the ability of AsyncOS to detect HTTPS applications? (Select the best answer.)
Decrypt for Application Detection Decrypt for End-User Notification Decrypt for Authentication Decrypt for End-User Acknowledgment. Which of the following is a Cisco AMP for Endpoints engine that uses static heuristics to
decompile potential threats and then scans the source code for similarities to known
threats? (Select the best answer.) WSA Spero Ethos TETRA. Which of the following Cisco AVC features relies on Cisco NBAR2? (Select the best
answer.) management and reporting network traffic control application recognition
metrics collection and exporting. Which of the following statements about the TAXII cyber threat-sharing mechanism is
true? (Select the best answer.) TAXII consumers can query for content that matches specific sets of criteria. TAXII is incapable of discovering specific TAXII services or users A producer can pull structured threat information from a consumer.
A consumer can push structured threat information to a producer.
. Which of the following VPN technologies support IKEv1? (Select the best answer.) only DMVPN and FlexVPN
only GET VPN and FlexVPN
only DMVPN and GET VPN
DMVPN, GET VPN, and FlexVPN
. Which of the following are advantages of FlexVPN over GET VPN? (Select 2 choices.) FlexVPN supports IKEv2.
FlexVPN supports QoS FlexVPN works with Cisco and non-Cisco devices FlexVPN supports IKEv1. FlexVPN can be tunneled over public transport networks. Which of the following statements best describes Cisco Cloudlock? (Select the best
answer.) It detects real-time threats on the local network, across networks, and in the cloud It automatically identifies sensitive data in cloud applications.
It provides centralized management of Cisco Firepower devices on a network It provides application visibility and generates microsegmentation policy.
It provides end-to-end performance analysis of cloud-based applications in use. A Cisco ISE administrator issues a CoA Reauth command to force an endpoint to
reauthenticate a session.
Which of the following statements about the endpoint is true? (Select the best answer.)
The session will reauthenticate without applying a new or updated ISE policy.
The session will be terminated, and the port will be bounced. The session will be terminated without disabling the host port The session will return service information about the subscriber.
. You have configured a Cisco ASA to operate as TLS proxy between an IP phone and a UCM
server. However, the IP phone is unable to establish a connection the UCM server.
Which of the following is the most likely reason that the IP phone cannot communicate with the
UCM server? (Select the best answer.) The ASA has not been added to the CTL file on the UCM server The ASA has been configured to use NTP The ASA has not stored the CTL file in its flash memory. The ASA has been configured to use AES.
. You deploy a Cisco Firepower NGIPSv appliance with a Protection license.
Which of the following features are enabled? (Select 3 choices.)
file control intrusion detection and prevention
AMP for Networks
Security Intelligence filtering
user and application contro. Which of the following can mitigate data exfiltration by preventing attackers from moving
laterally throughout the network? (Select the best answer.)
network traffic encryption network segmentation
network protocol monitoring
network tunneling. Which of the following Cisco DNA Center platform capabilities are typically associated with
northbound APIs? (Select the best answer.) intent-based APIs process adapters domain adapters SDKs. Which of the following statements best describes Cisco Stealthwatch Cloud? (Select the
best answer.) It provides end-to-end performance analysis of cloud-based applications in use It detects real-time threats on the local network, across networks, and in the cloud. It automatically identifies sensitive data in cloud applications. It provides application visibility and generates microsegmentation policy.
It provides centralized management of Cisco Firepower devices on a network.
. Which Cisco AMP for Endpoints engine is a complete client-side antivirus solution? (Select
the best answer.)
WSA Ethos Spero TETRA. Which of the following best describes interpacket variation data that is collected by Cisco
Tetration Analytics? (Select the best answer.)
It includes variation in TTL, IP and TCP flags, and payload length. It includes variation in buffer utilization and is derived outside the packet header It provides application visibility and generates microsegmentation policy It contains information about endpoints, when a flow started, and the length of a
flow. Which of the following methods can be used to perform an XSS attack? (Select the best
answer.)
using a botnet to send a large number of ICMP Echo Request packets to a target
system
using alternate encoding to insert malicious code into a web form sending ICMP Echo Request messages to a broadcast address
sending malformed ICMP messages that exceed the maximum message size to a
target system exploiting a software bug to cause data to be written beyond the memory buffer. You want to discover and control access to cloud-based applications on your company's
network.
Which of the following will you most likely deploy? (Select the best answer.)
Cisco Umbrella
Cisco Cloudlock
Cisco Stealthwatch Cloud
AppDynamics Cloud Monitoring. You issue the show authentication sessions command on a Cisco switch.
Which of the following are you most likely to see in the output? (Select the best answer.) information about the authentication methods registered with Auth Manager the status and number of packets sent and received from AAA RADIUS servers a list of current Auth Manager sessions, including 802.1X and MAB-authenticating
ports information about the Auth Manager for a specific interface. Which of the following statements is true regarding NSEL on a Cisco ASA? (Select the best
answer.) You cannot configure NSEL if the ASA is operating in multiple context mode. You cannot configure NSEL if the ASA is operating in transparent firewall mode. You must have at least one collector configured before you can use NSEL. IP address and host name assignments are not required to be unique throughout
the NetFlow configuration. A critical security patch is missing from a Microsoft Windows endpoint that is attempting to
authenticate to the network. A Cisco ISE posture assessment fails to detect the missing
security patch because no administrator has configured a policy that checks for the patch.
Which of the following statements about the endpoint is true? (Select the best answer.) It will require the user to click a remediation link It will authenticate to the network without alerts or remediation.
It will be quarantined and not allowed to authenticate. It will be automatically configured to enable Automatic Updates. Which of the following Cisco DNA Center open platform capabilities enable integration with
data center, WAN, and security infrastructures? (Select the best answer.)
SDKs process adapters intent-based APIs domain adapters. Which of the following is a Cisco AMP for Endpoints engine that uses static heuristics to
decompile potential threats and then scans the source code for similarities to known
threats? (Select the best answer.)
Ethos TETRA Spero WSA. Which Cisco AMP for Endpoints engine is a machine learning–based engine that identifies
previously unknown threats? (Select the best answer.)
Ethos WSA Spero TETRA. Which of the following Cisco Cloudlock custom policy categories monitors how widely assets
are shared? (Select the best answer.)
Context-Only Salesforce Report Export Activity
Custom Regex Event Analysis. You want to register a Cisco Firepower device with an FMC. The FMC is behind a NAT
device.
Which of the following parameters will not be required with the configure manager add
command to register the Firepower device? (Select 2 choices.) h - i
nat-id
reg-key DONTRESOLVE host-name ipv4-address. Which of the following statements is true regarding the authentication port-control
command? (Select the best answer.) It is used to prepare a single port to accept traffic from multiple hosts It restores the default 802.1X parameters on the device It enables 802.1X authentication globally.
It enables 802.1X authentication on a single interface.
. Which of the following suppression types should you select in order to suppress all events
for a selected rule in an intrusion policy? (Select the best answer.) You cannot suppress all events for a selected rule. source rule destination. Which of the following statements are correct regarding Outbreak Filters on the Cisco
ESA? (Select 3 choices.)
Outbreak Filters require that the Sophos engine be enabled on the ESA.
Outbreak Filters can modify messages.
Outbreak Filter rules are published by Sophos.
Outbreak Filters require that the McAfee engine be enabled on the ESA Outbreak Filters can delay messages Outbreak Filters can redirect URLs.
. Which of the following statements is correct regarding PBR? (Select the best answer.)
It is a protocol that configures clients with web proxy settings It requires that the WSA be configured to use a Layer 4 switch.
It is a method of configuring a web proxy to perform explicit forwarding.
It is a protocol that transparently redirects traffic to a WSA. You have configured an ASA to accept SSL VPN connections. DTLS is configured on the
ASA. DPD is not configured on the ASA.
Which of the following is most likely to occur if a Cisco AnyConnect client that is not
configured for DTLS attempts to connect to the ASA? (Select the best answer.) The client will be able to establish a connection to the ASA but will be unable to
communicate on the remote network The client will still be able to connect by using DTLS and will be able to
communicate on the remote network.
The client will be unable to establish a connection to the ASA.
The client will be able to connect by using TLS and will be able to communicate on
the remote network.
|