test2

Which system performs compliance checks and remote wiping?. MDM. Cisco ISE. OTP. Cisco AMP.

For which type of attack is multifactor authentication an effective deterrent?. ping of death. syn flood. teardrop. phishing.

Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?. Cisco ISE. Cisco ASA. Cisco ESA. Cisco WSA.

Which type of algorithm provides the highest level of protection against brute-force attacks?. PFS. SHA. HMAC. MD5.

An engineer is implementing NAC for LAN users on a segmented network. The engineer confirms that the device of each user is supported and the Cisco switch configuration is correct. Which configuration should be made next to ensure there are no authentication issucs?. Open TCP port 49. Enable TACACS+ on the switch. Disable the host firewall. Permit UDP port 1812.

A network administrator must grant a TACACS administrator access to converged access WLCs. The administrator configures the TACACS server and server groups and maps the server on the WLC. What must be configured next?. Configure authentication and authorization policies. Create and apply a policy to the VTY line. Enable accounting for TACACS connections. Create and apply a policy to HTTP.

Refer to the exhibit. Network access control is implemented on the LAN and an engineer must now configure the switch port level so that users with new corporate devices can connect to the corporate LAN without issues. What must be configured next?. errdisable recovery cause psecure violation. clear port-security dynamic. authentic action violation replace. shut and no shut.

Refer to the exhibit. An administrator must configure AAA authentication on a Cisco router with a RADIUS server for administrative access. Which command completes the configuration?. radius server attribute 32 include in access req. radius-server attribute 8 include-in-access-req. radius-server attribute 4. radius-server attribute 6 on-for-login-auth.

What is a function of the Layer 4 Traffic Monitor on a Cisco Secure Web Appliance?. monitors suspicious traffic across all the TCP/UDP ports. prevents data exfiltration by searching all the network traffic for specified sensitive information. decrypts SSL traffic to monitor for malicious content. blocks traffic from URL categories that are known to contain malicious content.

Refer to the exhibit. A company named ABC has a Cisco Secure Email Gateway and an engineer must configure the incoming mail policy so that emails containing malware files are quarantined instead of dropped and to prevent an increase in false positives causing emails to be dropped erroneously. What must be configured on the Secure Email Gateway?. Delete usera1 policy. Open usera1 policy, Messages with Malware Attachments, and then Action Applied to Message. Open Default Policy, Malware File, and then Action Applied to Message. Change the Policies Order.

Which interface mode does a Cisco Secure IPS device use to block suspicious traffic?. inline. active. passive. promiscuous.

A growing software development company recently acquired a smaller start-up social media company. The web security controls for the enterprise must now be configured to allow the new employees access to social media sites as the existing on-premises employees are blocked from accessing this type of website. An engineer must now modify an outbound policy on a Cisco Secure Web Appliance to make it less generic by applying specific policies for a group of users. Which criteria must be used as the method to deploy the new configuration?. SOCKS. users agent. application. subnet.

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall to permit TCP DNS traffic to the internet from the organization's inside network 192.168.1.0/24. Which IOS command must be used to implement the access control list?. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq domain any. access-list 102 permit tep 192 168.1.0 0.0.0.255 eq 53 any. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq domain. access-list 102 permit tep 192.168.1.0 0.0.0.255 eq 53.

What is a difference between software bugs and path traversal?. Software bugs allow an attacker to run unauthorized commands on a system, and path traversal allows access to files beyond the root folder. Software bugs embed random HTML code in a web app, and path traversal allows access to files beyond the root folder. Software bugs cause false or unpredictable results, and path traversal allows access to files beyond the root folder. Software bugs cause false or unpredictable results, and path traversal allows an attacker to run unauthorized commands on a system.

An engineer must configure URL filtering for user-defined Decryption Policy groups on a Cisco Secure Web Appliance. The engineer must block the gaming category for HTTPS requests. Which two actions must be taken? (Choose two.). Decrypt the gaming category in the Decryption Policy group. Monitor the gaming category in the Access Policy group. Block the gaming category in the Access Policy group. Pass through the gaming category in the Access Policy group. Drop the gaming category in the Decryption Policy group.

A network engineer must create an access control list on a Cisco Adaptive Secunty Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization's inside network 192.168 1 0/24 Which IOS command must be used to cmeate the access control list?. access-list HTTP ONLY extended permit tcp 192 168.1.0 255.256 255.0 any eq 80. access-list permit http 192. 188.1.0 255.255 255.0 any. access-list HTTP ONLY extended permit tcp 197 168.1.0 255.255 255,0. access-list extended permit icp 192.168.1.0 265 256.255.0 any eq 80.

Refer to the exhibit. An engineer must configure an incoming mail policy so that each email sent from usera1@example.com to a domain of @cisco.com is scanned for antispam and advanced malware protection. All other settings will use the default behavior. What must be configured in the incoming mail policy to meet the requirements?. Policy Name: Default Policy Sender usera1@example.com Recipient: @cisco.com. Policy Name; cisco.com policy Sender: usera1@example.com Recipient: @cisco.com. Policy Name: Anti-Malware policy Sender: usera1@example.com Recipient @cisco.com. Policy Name: usera1 policy Sender: usera1@example.com Recipient @cisco.com.

An engineer is deploying a Cisco Secure Email Gateway and must configure a sender group that decides which mail policy will process the mail. The configuration must accept incoming mails and relay the outgoing mails from the internal server. Which component must be configured to accept the connection to the listener and meet these requirements on a Cisco Secure Email Gateway?. access list. sender list. HAT. RAT.

How does a cross-site request forgery attack operate?. injecting malicious code into a browser that uses a valid HTTP request. using JavaScript to write data into the value within a cookie. submitting unauthorized commands from a user trusted by an application. injecting malicious script code into the data stored on a server.

What is a benefit of a late endpoint patching strategy?. low patching costs. meet specific deadline for patching cycle. proactive patching cycles. compatibility validation with current software.

Which policy is used to capture host information on the Cisco Secure Firewall IPS?. intrusion. access control. network discovery. correlation.

Where are individual sites specified to be block listed in Cisco Umbrella?. security settings. destination lists. application settings. content categories.

What are two Detection and Analytics Engines of Cognitive Intelligence? (Choose two.). data exfiltration. intelligent proxy. snort. command and control communication. URL categorization.

In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.). It prevents trojan horse malware using sensors. It secures all passwords that are shared in video conferences. It prevents use of compromised accounts and social engineering. It automatically removes malicious emails from users' inbox. It prevents all zero-day attacks coming from the Internet.

Refer to the exhibit. The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch sw2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?. P5, P6, and P7 only. P2 and P3 only. P2, P3, and P6 only. P1, P2, P3, and P4 only.

What is a difference between DMVPN and sVTI?. DMVPN supports static tunnel establishment, whereas sVTI does not. DMVPN provides interoperability with other vendors, whereas sVTI does not. DMVPN supports dynamic tunnel establishment, whereas sVTI does not. DMVPN supports tunnel encryption, whereas sVTI does not.

Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to the network?. profiler. Threat Centric NAC. posture. Cisco TrustSec.

Refer to the exhibit. Which task is the Python script performing by using the Cisco Umbrella API?. changing the disposition of domains that were previously malicious to clean. changing the disposition of domains that were previously clean to malicious. checking the disposition of previously identified domains in bulk. checking the disposition of potentially malicious domains in bulk.

What is considered a cloud data breach?. exploitation of cloud application access. deprivation of computing resources. cyber threats posing as authorized entities. leaked information that is private.

What is a difference between a Cisco Adaptive Security Appliance firewall and a zone-based firewall?. Cisco Adaptive Security Appliance firewalls use quality of service, and zone-based firewalls use throttling. Cisco Adaptive Security Appliance firewalls use policy-based routing, and zone-based firewalls use stateless access control lists. Cisco Adaptive Security Appliance firewalls support application monitoring, and zone-based firewalls support packet inspection. Cisco Adaptive Security Appliance firewalls support high-performance networks, and zone-based firewalls are suited for low traffic levels.

Refer to the exhibit. An engineer created a policy named usera1 on a Cisco Secure Email Gateway to enable the antispam feature for an email address of usera1@cisco.com. Which configuration step must be performed next to apply the policy only to the usera1@cisco.com email address?. Click the Policy Name usera1 Policy, and then click Add User. Specify the user in Mail Policies > Mail Policies Settings. Set the user in Mail Policies > Exception Table. Click IronPort Anti-Spam, and then click Add User.

Which two methods are available in Cisco Secure Web Appliance to process client requests when configured in Transparent mode? (Choose two.). WCCP. PBR. WPAD. PAC files. browser settings.

A network engineer must establish a site-to-site VPN between two Cisco routers using IPsec. The engineer creates an access control list to permit the traffic configures phase 1 and phase 2 of IPsec, and applies the crypto map from the routers to the public interface. Which action completes the configuration?. Ping one of the routers to verify network connectivity. Establish the IPsec VPN tunnel. Configure the routers to exclude traffic from NAT. Create an extended access control list on one of the routers to allow inbound traffic.

What is a difference between FlexVPN and DMVPN?. FlexVPN uses IKEv2 DMVPN uses IKEv1 or IKEv2. DMVPN uses IKEv1 or IKEv2 FlexVPN only uses IKEv1. DMVPN uses only IKEv1 FlexVPN uses only IKEv2. FlexVPN uses IKEv1 or IKEv2 DMVPN uses only IKEv2.

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard.

Which Secure Email Gateway implementation method segregates inbound and outbound email?. one listener on one logical IPv4 address on a single logical interface. one listener on a single physical interface. pair of logical IPv4 listeners and a pair of IIPv6 listeners on two physically separate interfaces. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address.

A Cisco Secure Cloud Analytics administrator is setting up a private network monitor sensor to monitor an on-premises environment Which two pieces of information from the sensor are used to link to the Secure Cloud Analytics portal? (Choose two.). private IP address. public IP address. NAT ID. SSL certificate. unique service key.

An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?. sharing. authoring. editing. consumption.

What is a benefit of implementing multifactor authentication for an application?. helps prevent stolen credentials from being used. allows remote access to the application. allows secure connections to the application. links devices with applications improving discovery.

An engineer is configuring Outbreak Filters for a Cisco Secure Email Gateway to protect a network from large scale virus outbreaks and phishing scams. Any URLs that match the filter must be logged with these details: 1. Category 2 Reputation score 3. Outbreak Filter rewrites Which CLI command must the engineer use?. outbreakconfig. outbreakfilters. dlpconfig. quarantineconfig.

An engineer configured a new network identity in Cisco Umbrella but must venty that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?. Browse to http://welcome.umbrella.com/ to validate that the new identity is working. Ensure that the client computers are pointing to the on-premises DNS servers. Enable the Intelligent Proxy to validate that traffic is being routed correctly. Add the public IP address that the client computers are behind to a Core identity.

Refer to the exhibit. What are two indications of the Cisco Firepower Services Module configuration? (Choose two.). Traffic is blocked if the module fails. The module fails to receive redirected traffic. The module is operating in IPS mode. The module is operating in IDS mode. Traffic continues to flow if the module fails.

An engineer configured 802.1X authentication on a switch port but cannot authenticate. Which action must the engineer take to validate if the user credentials are correct?. Check the logs of the authentication server for the username and authentication rejection logs. Check policy enforcement point for the authentication mechanism and credentials used. Check the authenticator and view the debug logs for the username and password. Check the supplicant logs for the username and password entered, then check the authentication provider.

Which common exploit method is TLS 1.3 designed to prevent?. man-in-the-middle attack. cross-site scripting. denial-of-service attack. cross-site request forgery.

What is a benefit of using Cisco AVC for application control?. retrospective application analysis. dynamic application scanning. management of application sessions. zero-trust approach.

An engineer is implementing a network access control solution for a client. The client has separate data and voice VLANs and the deployment is now entering the testing phase. Which configuration must be made next to ensure there are no user authentication issues?. Remove VRF settings from the client ports on the switch. Add TACACS+ as a failover backup solution. Change the ID of the voice VLAN. Delete the downloadable MAC access control lists.

A security administrator is designing an email protection solution for an onsite email server and must meet these requirements: 1. remove malware from email before it reaches corporate premises 2. drop emails with risky links automatically 3. block access to newly infected sites with real-time URL analysis Which solution must be used?. Cisco Secure Email Cloud. Cisco Security for Office 365. Cisco Stealth Watch Cloud. Cisco Secure Email and Web Manager Cloud.

An engineer must create a new custom URL on a Cisco Secure Web Appliance to block cisco.com and all its subdomains. The engineer performs these actions: 1. Create a new custom URL category named Blck_Domain. 2 Add a site named cisco.com. 3. Click Submit. Which additional configuration must be performed?. Change the cisco.com site to www.cisco.com, and then click Submit. Add an additional site named www.cisco.com, and then click Submit. Set the cisco.com site to *cisco.com, and then click Submit. Add an additional site named .cisco.com, and then click Submit.

Which component is included in a zero-trust architecture model?. cloud provider. multifactor authentication. interconnected infrastructure. encryption management.

A company named ABC.inc recently deployed a new website www.abc.inc to a SaaS platform. An engineer must secure the website because the company has experienced a recent increase in DoS, DDoS, cross-site scripting, and SQL injection attacks. Which security solution must be deployed?. Cisco IDS Host Sensor on the SaaS platform. Cisco Secure Firewall at ABC.inc. Secure Web Application Firewall on the SaaS platform. Cisco Intrusion Prevention System at ABC.inc.

What is a difference between a zone-based firewall and a Cisco Adaptive Security Appliance firewall?. Zone-based firewalls support virtual tunnel interfaces across different locations, and Cisco Adaptive Security Appliance firewalls support DMVPN. Zone-based firewalls are used in large deployments with multiple areas, and Adaptive Security Appliance firewalls are used in small deployments. Zone-based firewalls provide static routing based on interfaces, and Cisco Adaptive Security Appliance firewalls provide dynamic routing. Zone-based firewalls have a default allow-all policy between interfaces in the same zone, and Cisco Adaptive Security Appliance firewalls have a deny-all policy.

How is a cross-site scripting attack executed?. force a currently authenticated end user to execute unwanted actions on a web app. execute malicious client-side scripts injected to a client via a web app. inject a database query via the input data from the client to a web app. intercept communications between a client and a web server.

Refer to the exhibit. Which protocol should be used to encrypt a client connection that signs in to the router remotely to make common configuration changes?. SSH. SCP. SFTP. FTPS.

An engineer must monitor the behavior of devices on an on-premises network and send the data to the Cisco Secure Cloud Analytics platform for analysis. The engineer will perform this task on a virtual machine. What must be configured next?. Cisco Secure Firewall Threat Defense sensor to send network events to Secure Cloud Analytics. Cisco Secure Firewall Management Center to send syslog messages to Secure Cloud Analytics. Cisco Secure Firewall Management Center to send NetFlow data to Secure Cloud Analytics. Cisco Secure Cloud Analytics Cloud PIM sensor to send data to Secure Cloud Analytics.

Why is it important to implement a comprehensive endpoint patching strategy?. protects the organization by using zero-trust model metrics and analytics. protects the confidentiality and availability of information in an organization. ensures patching is performed automatically from the endpoint and at a regular cadence. ensures endpoint-to-destination encryption of any sensitive data transmitted in an organization.

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?. CSM. Cisco FMC. Cisco FMD. CDO.

What is the intent of a basic SYN flood attack?. to flush the register stack to re-initiate the buffers. to solicit DNS responses. to exceed the threshold limit of the connection queue. to cause the buffer to overflow.

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?. Use URL categorization to prevent the application traffic. Use security services to configure the traffic monitor. Use an access policy group to configure application control settings. Use web security reporting to validate engine functionality.

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.). determines if the email messages are malicious. uses a static algorithm to determine malicious. blocks malicious websites and adds them to a block list. does a real-time user web browsing behavior analysis. provides a defense for on-premises email deployments.

What is the purpose of CA in a PKI?. to create the private key for a digital certificate. to validate the authenticity of a digital certificate. to certify the ownership of a public key by the named subject. to issue and revoke digital certificates.

Which network monitoring solution uses streams and pushes operational data to provide a near real time view of activity?. SNMP. SMTP. model-driven telemetry. Syslog.

Which statement describes a serverless application?. The application is installed on network equipment and not on physical servers. The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider. The application delivery controller in front of the server farm designates on which server the application runs each time.

While using Cisco Secure Firewall's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.). port numbers. IP addresses. protocol IDs. MAC addresses. URLs.

What is the purpose of the certificate signing request when adding a new certificate for a server?. It is the password for the certificate that is needed to install it with. It provides the server information so a certificate can be created and signed. It is the certificate that will be loaded onto the server. It provides the certificate client information so the server can authenticate against it when installing.

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?. drop. reset. buffer. pass.

An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?. It is included in the license cost for the multi-org console of Cisco Umbrella. It can grant third-party SIEM integrations write access to the S3 bucket. Data can be stored offline for 30 days. No other applications except Cisco Umbrella can write to the S3 bucket.

What is a benefit of using a multifactor authentication strategy?. It provides visibility into devices to establish device trust. It provides secure remote access for applications. It provides an easy, single sign-on experience against multiple applications. It protects data by enabling the use of a second validation of identity.

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue?. Configure the device sensor feature within the switch to send the appropriate protocol information. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.

How does a cloud access security broker function?. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution. It scans other cloud solutions being used within the network and identifies vulnerabilities. It acts as a security information and event management solution and receives syslog from other cloud solutions. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.

What are two characteristics of Cisco DNA Center APIs?. They are Cisco proprietary. They view the overall health of the network. Postman is required to utilize Cisco DNA Center API calls. They do not support Python scripts. They quickly provision new devices.

Which two components do southbound APIs use to communicate with downstream devices? (Choose two.). services running over the network. OpenFlow. applications running over the network. OpFlex. external application APIs.

A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full?. It overwrites the oldest log files. It archives older logs in a compressed file to free space. It deletes logs older than a configurable age. It suspends logging and reporting functions.

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?. intent. event. integration. multivendor.

Which parameter is required when configuring a NetFlow exporter on a Cisco router?. source interface. exporter description. exporter name. DSCP value.

An organization wants to reduce their attack surface for cloud applications. They want to understand application communications, detect abnormal application behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?. Implement Cisco Umbrella to control the access each application is granted. Configure Cisco Tetration to detect anomalies and vulnerabilities. Modify the Cisco Duo configuration to restrict access between applications. Use Cisco ISE to provide application visibility and restrict access to them.

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE. Modify the current policy with the condition MFA SourceSequence:DUO=true in the authorization conditions within Cisco ISE.

Which solution should a network administrator deploy to protect a webserver from SQL injection attacks?. Secure Web Appliance. IPS. IDS. ISE.

An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two.). Install the Umbrella root certificate. Configure the DNS security settings. Enter a network public IP address. Point DNS to Umbrella platform DNS servers. Point DHCP to Umbrella platform DHCP servers.

What is a benefit of using GETVPN over FlexVPN within a VPN deployment?. GETVPN supports Remote Access VPNs. GETVPN uses multiple security associations for connections. GETVPN natively supports MPLS and private IP networks. GETVPN interoperates with non-Cisco devices.

Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?. Cisco Umbrella. Cisco Stealthwatch. Cisco CTA. Cisco Encrypted Traffic Analytics.

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?. Cisco DNA Center. Cisco Secureworks. Cisco Defense Orchestrator. Cisco Configuration Professional.

Refer to the exhibit. An engineer is implementing a network access control solution. Users can authenticate against the RADIUS server, and now the engineer must configure a downloadable access control list switch port. Which command must be used next to complete the configuration?. ip access-group ACL-NAME out. radius-server vsa send authentication. switchport mode access. authentication order mab dot1x.

Refer to the exhibit. What will happen when this Python script is run?. The list of computers, policies, and connector statuses will be received from Cisco AMP. The compromised computers and what compromised them will be received from Cisco AMP. The compromised computers and malware trajectories will be received from Cisco AMP. The list of computers and their current vulnerabilities will be received from Cisco AMP.

Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?. Dynamic ARP Inspection. Link Aggregation. private VLANs. Reverse ARP.

What are two functionalities of SDN southbound APIs? (Choose two.). OpenFlow is a standardized southbound API protocol used between the SDN controller and the switch. Southbound APIs provide a programmable interface for applications to configure the network. Southbound APIs form the interface between the SDN controller and the network switches and routers. Southbound APIs form the interface between the SDN controller and business applications. Application layer programs communicate with the SDN controller through the southbound APIs.

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?. SAT. HAT. RAT. BAT.

Which endpoint solution protects a user from a phishing attack?. Cisco ISE. Cisco AnyConnect with Umbrella Roaming Security module. Cisco AnyConnect with Network Access Manager module. Cisco AnyConnect with ISE Posture module.

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?. malware installation. command-and-control communication. network footprinting. data exfiltration.

Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.). no service password-recovery. ip ssh version 2. no cdp run. no ip http server. service tcp-keepalives-in.

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?. ClamAV Engine to perform email scanning. Spero Engine with machine learning to perform dynamic analysis. Ethos Engine to perform fuzzy fingerprinting. Tetra Engine to detect malware when the endpoint is connected to the cloud.

Which entity is responsible for encrypting data in transit using an IaaS model versus a SaaS model?. Cloud Application Developer for IaaS and Cloud SLA Manager for SaaS. Cloud Service Customer for IaaS and Cloud Service Provider for SaaS. Cloud Service Provider for IaaS and Cloud Service Customer for SaaS. Cloud SLA Manager for IaaS and Cloud Application Developer for SaaS.

Which feature is used to restrict communication between interfaces on a Cisco ASA?. security levels. traffic zones. VXLAN interfaces. VLAN subinterfaces.

Refer to the exhibit. An engineer is implementing a certificate-based VPN. What is the result of the existing configuration?. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy. The OU of the IKEv2 peer certificate is set to MANGLER. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.

What is a feature of NetFlow Secure Event Logging?. It exports only records that indicate significant events in a flow. It supports v5 and v8 templates. It filters NSEL events based on the traffic and event type through RSVP. It delivers data records to NSEL collectors through NetFlow over TCP only.

Which role is a default guest type in Cisco ISE?. Monthly. Contractor. Yearly. Full-time.

Which Cisco security solution provides patch management in the cloud?. Cisco Tetration. Cisco CloudLock. Cisco Umbrella. Cisco ISE.

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?. device management policy. group policy. access control policy. platform service policy.

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics?. multiple context. routed. cluster. transparent.

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?. SIG Advantage. DNS Security Advantage. DNS Security Essentials. SIG Essentials.

Refer to the exhibit. Which tasks is the Python script performing by calling the API?. requesting the use of basic authentication to make changes to Cisco Secure Email Gateway. requesting the use of basic authentication to make changes in Cisco DNA Center. retrieving and displaying an authentication token from Cisco Secure Email Gateway. retrieving and displaying an authentication token from Cisco DNA Center.

What is a capability of Cisco Secure Email Gateway compared to Cisco Secure Web Appliance?. Secure Email Gateway protects a web server from malware and distributed denial-of-service attacks, and Secure Web Appliance blocks malware and phishing attempts sent by email. Secure Email Gateway provides a single management interface for email security, and Secure Web Appliance acts as web application firewall. Secure Email Gateway provides a single management interface for email and web security, and Secure Web Appliance acts as web application firewall. Secure Email Gateway blocks malware and phishing attempts sent by email, and Secure Web Appliance blocks internal users from accessing inappropriate web sites.

What is an advantage of static virtual tunnel interfaces when compared to crypto map?. Static virtual tunnel interfaces provide IPsec VPN configurations without access lists, and crypto map provides IPsec VPN configurations that have access lists. Static virtual tunnel interfaces provide Extensible Authentication Protocol tunnelling, and crypto map provides XAUTH. Static virtual tunnel interfaces provide IPsec VPN configurations using access lists, and crypto map provides IPsec VPN configurations without access lists. Static virtual tunnel interfaces provide IKEv2 for VPN configurations, and crypto map provides support for IKEv1.

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?. CoA. posture assessment. SNMP probe. external identity source.

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?. Contiv. SDLC. Lambda. Docker.

What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and infrastructure automation?. continuous integration and continuous deployment. compile-time instrumentation. cloud application security broker. container orchestration.

Which attack type attempts to shut down a machine or network so that users are not able to access it?. bluesnarfing. smurf. IP spoofing. MAC spoofing.

Which service allows a user export application usage and performance statistics with Cisco Application Visibility and Control?. SNORT. 802.1X. SNMP. NetFlow.

A networking team must harden an organization's network from VLAN hopping attacks. The team disables Dynamic Trunking Protocol and puts any unused ports in an unused VLAN. A trunk port is used as a trunk link. What must the team configure next to harden the network against VLAN hopping attacks?. enable port-based network access control. dedicated VLAN ID for all trunk ports. disable STP on the network devices. DHCP snooping on all the switches.

A company named ABC.inc has an older web server that is used for its website named www.abc.inc. The company plans to move the website to the public cloud to reduce costs. The company regularly performs the security activities: 1. VA scans 2. PEN tests When the migration to the cloud is complete, which activity must be performed to scan for source code errors?. SAST scans. on-demand website scans. DAST scans. PEN tests.

Refer the exhibit. A network security engineer must enable and configure port security on a Cisco Catalyst switch. Up to 20 secure MAC addresses must be supported per port. In case of a violation, the port must be disabled immediately, and the port LED must turn off. Which command completes the configuration?. switchport port-security violation shutdown. switchport port-security violation restrict. switchport port-security violation protect. switchport port-security violation disable.

Which technology provides a combination of endpoint protection, endpoint detection, and response?. Cisco AMP. Cisco Secure Malware Analytics. Cisco Talos. Cisco Umbrella.

Refer to the exhibit. An engineer must modify the header priority to match a mail policy on a Cisco Secure Email Gateway. The From header must be set to priority P1, and Envelope Sender must be set to priority P2. Which action must be taken next to complete the configuration?. Modify the Mail Policy settings. Modify the Incoming Mail Policies default policy. Create a new Incoming Mail policy. Create a new Mail Flow policies.

Refer to the exhibit. An administrator must configure authentication, authorization, and accounting (AAA) on a Cisco router for SSH access. Which code snippet completes the configuration?. ! aaa new-model ! line vty 0 4 transport input all authorization exec author-list accounting exec account-list login authentication authen-list !. ! aaa new-model ! line vty 0 4 transport input ssh authorization exec author-list accounting exec account-list login authentication enable !. ! line vty 0 4 transport input ssh authorization exec author-list accounting exec account-list login authentication authen-list !. ! aaa new-model ! line vty 0 4 transport input ssh authorization exec author-list accounting exec account-list login authentication authen-list !.

What is a difference between an EPP and EDR?. EPP addresses firewall capabilities, and EDR can perform disk encryption. EPP addresses antimalware, and EDR addresses port control. EPP addresses security incident detection, and EDR prevents data loss. EPP addresses application sandboxing, and EDR provides threat intelligence.

A company named ABC wants to migrate to the cloud to reduce operational costs. The company requires a cloud solution where the cloud provider is responsible for: 1. Virtualization upgrades 2. Servers and storage patching 3. Network security The company must keep control of the OS, middleware, and applications. Which cloud service model must be used?. IasS. SaaS. PaaS. Hybrid.

Which type of DDoS attack masks an attacker's identity?. direct. amplification. reflection. SYN flood.

An engineer must configure a new site-to-site VPN connection using Cisco Secure Firewall Threat Defense as node A and Cisco ASA as node B. These configurations were performed already in Cisco Secure Firewall Threat Defense: 1. Configure IKE and IPsec parameters 2. Bypass access control 3. Create an access control policy Which action completes the configuration?. Create a tunnel group for the peer. Add a VPN client profile. Configure NAT exemption. Enable IKEv2 on the outside interface.

Which security mechanism is designed to protect against "offline brute-force" attacks?. Salt. Token. CAPTCHA. MFA.

Which command enabled 802.1X globally on a Cisco switch?. dot1x system-auth-control. dot1x pae authenticator. aaa new-model. authentication port-control auto.

What is the function of SDN southbound API protocols?. to allow for the static configuration of control plane applications. to allow for the dynamic configuration of control plane applications. to enable the controller to make changes. to enable the controller to use REST.

Which two mechanism are used to control phishing attacks? (Choose Two.). Enable browser alerts for fraudulent websites. Implement email filtering techniques. Revoke expired CRL of the websites. Define security group memberships. Use antispyware software.

How is Cisco Umbrella configured to log only security events?. in the Reporting settings. per network in the Deployment section. Deployment section. per policy.

What are two rootkit types (Choose two). bootloader. virtual. registry. buffer mode. user mode.

What are two list types within Cisco Secure Endpoints Outbreak Control? (Choose two.). allowed applications. simple custom detections. blocked ports. URL. command and control.

what are two trojan malware attacks? (Choose two.). rootkit. frontdoor. backdoor. sync. smurf.

A networking team must harden an organization's core switch against man-in-the-middle attacks. The team must use Dynamic ARP inspection on the switch to meet the requirement. The team enables DHCP snooping and Dynamic ARP Inspection and configures the trust state of the service. Which action must be taken next to complete the configuration of the Dynamic ARP inspection feature?. Enable Dynamic ARP inspection error-disabled recovery. Enable Dynamic ARP inspection logging for dropped packets. Only ARP access control lists for Dynamic ARP inspection filtering. Configure the ARP packet rate limiting feature.

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?. Cisco Talos. Cisco AnyConnect. Cisco AMP. Cisco Dynamic DNS.

What is a feature of Cisco Netflow Secure Event Logging for Cisco ASAs?. Multiple NetFlow collectors are supported. Secure NetFlow connections are optimized for Cisco Prime Infrastructure. Flow-create events are delayed. Advanced NetFlow V9 templates and legacy v5 formatting are supported.

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud Analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM Appliance deployed in a VMware-based hypervisor?. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

Which Cisco solution integrates Encrypted traffic analytics to perform enhanced visibility, promote compliance, shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?. Cisco DNA Center. Cisco Security Compliance Solution. Cisco SDN. Cisco ISE.

Why is it important to implement multifactor authentication inside of an organization?. To prevent brute force attacks from being successful. To prevent phishing attacks from being successful. To prevent DoS attacks from being successful. To prevent man-the-middle attacks from being successful.

Which two application layer preprocessors are used by Secure Firewall IPS? (Choose two.). inline normalization. SIP. SSL. modbus. packet decoder.

A network engineer must configure an access control policy on top of an existing Cisco Secure Firewall Threat Defense access control policy. The policy contain IP addresses and port values with no need for deeper inspection. Which type of policy must be created?. access control. prefilter. identity. SSL.

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?. It provides enhanced HTTPS application detection for AsyncOS. It decrypts HTTPS application traffic for authenticated users. It decrypts HTTPS application traffic for unauthenticated users. It alerts users when the WSA decrypts their traffic.

Email security has become a high-priority task a security engineer a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content filter with a URL reputation of (-10.00 to -6.00) on the Cisco ESA. Which action will the system perform to disable any links in messages that match the filter?. Quarantine. ScreenAction. Defang. FilterAction.

An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?. deliver and add disclaimer text. deliver and send copies to other recipients. quarantine and after the subject header with a DLP violation. quarantine and send a DLP violation notification.

Which attack is commonly associated with C and C++ programing languages?. buffer overflow. water holing. DDoS. cross site scripting.

A company named Org.Co is upgrading it's infrastructure and wants to migrate from a legacy firewall appliance to a cloud security service that will provide 1-Threat Intelligence 2-Real-time Malware blocking 3- Protection against malicious domains 4- SSL visibility Which security solution should be used?. Cisco Cloudlock. Cisco secure cloud analytics. Cisco Secure firewall threat defense. Cisco Umbrella.

When a next-generation Endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation ? (chose two). Email integration to protect endpoints from malicious content that is located in the Email. real-time feed from global threats intelligence centers. Continues monitoring of all files that are located on connected endpoints. Signature-based endpoint protection on company endpoints. Macro-based protection to keep connected endpoints safe.

Which Cisco DNA center intent API action is used to retrieve the number of devices known to a DNA center?. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/startingindexlrecordsToReturn. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device?parameter1=value¶meter2?value&... GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-devicelcount.

An organization is using DNS services for their network and to help improve the security of the DNS infrastructure. Which action accomplishes this task ?. Modify the Cisco Umbrella configuration to pass the queries only yo non-DNSSEC capable zones. Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional. Use DNSSEC between the Endpoints and Cisco Umbrella DNS servers. Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.

Which solution combines a Cisco IOS and IOS XE components to enable administrators and recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools , and prioritize application traffic?. Cisco Application Visibility and Control. Cisco Model Driven Telemetry. Cisco Security Intelligence. Cisco DNA center.

Which two capabilities does and MDM provide? (choose two). Unified management of mobile devices , Macs , and PCs from a centralized dashboard. manual identification and classification of client devices. delivery of network malware reports to an inbox in a schedule. Unified management of Android and Apple devices from a centralized dashboard. enforcement of device security policies from centralized dashboard.

A network administrator is setting a Cisco FMC to send logs to Cisco security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants to limit the strain on the firewall resources. Which method must the administrator used to send these logs to Cisco Security Analytics and Logging?. Direct connection using SNMP traps. SFTP using FMC CLI. HTTP POST using the Security Analytics FMC plugin. syslog using the Secure Event Connector.

What are two facts about Cisco Secure Web Appliance HTTP proxy configuration with a PAC file? (choose two). The PAC file, which references the proxy, is deployed to the client web browser. it is defined as an Explicit proxy deployment. In a Dual-Nic configuration, the PAC file directs traffic through the two NICs to the proxy. It is defined as a bridged proxy deployment. It is defined as a transparent proxy deployment.

What is a capability of cross-site scripting?. supplies valid credentials by hijacking DNS queries sent by the user device. steals cookies used to obtain access as an authenticated user to a clous service. exploit vulnerable applications for attackers to pass commands to a database. intercepts traffic to take over a connection to a cloud-based service.

Which suspicious pattern enables the Cisco Secure Workload platform to learn the normal behavior of users ?. privilege escaltion. interesting file access. file access from a different user. user login suspicious behavior.

What is a benefit of multifactor authentication?. enables multiple ways to authenticate. enables the use of single sign-on. reduces the risk of a data breach. reduces the need to change passwords.

Which Cisco Secure Endpoint for Email Security capability protects users from phishing attacks?. automatic training based on user behavior. discovery of threats concealed in attachments. encryption of email messages. use of data loss prevention rules.