testfull xd

Which standard is used to automate exchanging cyber threat information?. IoC. TAXII. STIX. MITRE.

An engineer adds a custom detection policy to a Cisco AMP Deployments and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?. The file being uploaded is incompatible with sample detections and must use advanced detections. The engineer is attempting to upload a hash created using MD5 instead of SHA-256. The engineer is attempting to upload a file instead of a hash. The hash being uploaded is part of a set in an incorrect format.

Which two services must remain as on premises equipment when a hybrid email solutions is deployed? (Choose two.). DDoS. Encryption. DLP. antivirus. antispam.

Refer to the exhibit. An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two.). Uses the FQDN with the label command. Enables SSHv1 on the router. Labels the key pairs to be used for SSH. Generates AES key pairs on the router. Generates RSA key pairs on the router.

An organization has a Cisco Secure Cloud Analytics deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue?. Deploy a FTD sensor to send events to Cisco Stealthwatch Cloud. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud.

Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.). Cisco TrustSec. Cisco Umbrella. Cisco ISE. Cisco Duo Security. Cisco DNA Center.

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.). The POST action replaces existing data at the URL path. REST codes can be compiled with any programming language. REST uses HTTP to send a request to a web service. REST is a Linux platform-based architecture. REST uses methods such as GET, PUT, POST, and DELETE.

Which feature must be configured before implementing NetFlow on a router?. SNMPv3. VRF. IP Routing. syslog.

Which capability is provided by application visibility and control?. data encryption. deep packet inspection. reputation filtering. data obfuscation.

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?. Secure Network Analytics. Secure Workload. Secure Firewall. Nexus.

An organization is using CSR 1000 routers in their private cloud infrastructure. They must upgrade their code to address vulnerabilities within their running code version. Who is responsible for these upgrades?. The CSR 1000V updates automatically, as new code becomes available. The organization must update the code for the devices they manage. The cloud vendor is responsible for updating all code hosted in the cloud. The cloud service provider must be asked to perform the upgrade.

Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?. Configure an IP Block & Allow custom detection list. Configure an application custom detection list. Configure an advanced custom detection list. Configure a simple custom detection list.

Which function is included when Cisco AMP is added to web security?. multifactor, authentication-based user identity. detailed analytics of the unknown file's behavior. threat prevention on an infected endpoint. phishing detection on emails.

Which DoS attack uses fragmented packets in an attempt to crash a target machine?. SYN flood. smurf. LAND. teardrop.

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?. CoA request. carrier-grade NAT. AV pair. AAA attributes.

Which configuration method provides the option to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with VMware VDS or Microsoft vSwitch?. intra-EPG isolation. inter-VLAN security. placement in separate EPGs. inter-EPG isolation.

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.). DLP. Sophos engine. white list. outbreak filters. RAT.

Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?. VMware horizons. VMware APIC. VMware fusion. VMware vRealize.

An organization is trying to implement micro-segregation on the network and wants to be able to gain visibility on the application within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?. Cisco Secure Workload. Cisco Secure Network Analytics. Cisco Umbrella. Cisco AMP.

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?. Configure the *domain.com address in the block list. Configure the *.com address in the block list. Configure the *.domain.com address in the block list. Configure the domain.com address in the block list.

Which two activities are performed using Cisco DNA Center? (Choose two.). DHCP. design. provision. accounting. DNS.

Refer to the exhibit. What is the result of the Python script?. It uses the POST HTTP method to obtain a token to be used for authentication. It uses the POST HTTP method to obtain a username and password to be used for authentication. It uses the GET HTTP method to obtain a token to be used for authentication. It uses the GET HTTP method to obtain a username and password to be used for authentication.

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?. Import the Umbrella root CA into the trusted root store on the user's device. Modify the user's browser settings to suppress errors from Umbrella. Restrict access to only websites with trusted third-party signed certificates. Upload the organization root CA to the Umbrella admin portal.

Which feature only implements on the Cisco ASA in the transparent mode?. stateful inspection. inspect traffic between hosts in the same subnet. inspect application layer of the traffic sent between hosts. inspect anycast traffic.

What is the term for the concept of limiting communication between applications or containers on the same node?. microsegmentation. software-defined access. microservicing. container orchestration.

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?. Configure the intelligent proxy. Configure application block lists. Set content settings to High. Use destination block lists.

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?. Encrypted Traffic Analytics. Cognitive Threat Analytics. Cisco Talos Intelligence. Threat Intelligence Director.

Why should organizations migrate to a multifactor authentication strategy?. Biometrics authentication leads to the need for multifactor authentication due to its ability to be hacked easily. Multifactor authentication methods of authentication are never compromised. Multifactor authentication does not require any piece of evidence for an authentication mechanism. Single methods of authentication can be compromised more easily than multifactor authentication.

A network engineering team wants to configure web reputation URL filtering in Cisco vManage by setting the web reputation to Moderate Risk. Which reputation score must be configured in vManage for the URL filtering?. 65. 40. 80. 60.

An engineer is onboarding a teleworker to Cisco Umbrella. After the worker’s home network identity is configured, which additional action must be taken to complete the network registration?. Change the public IP addresses from static to dynamic. Point the home modem DHCP to Cisco Umbrella DHCP. Set up a point-to-point VPN with the head office. Point the home modem DNS to Cisco Umbrella DNS.

Refer to the exhibit. All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and all servers must communicate with the default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as community ports. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GigabitEthernet0/4 as isolated ports.

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?. Linux and Windows operating systems. web page images. database. user input validation in a web page or web application.

Which two behavioral patterns characterize a ping of death attack? (Choose two.). Short synchronized bursts of traffic are used to disrupt TCP connections. The attack is fragmented into groups of 8 octets before transmission. Malformed packets are used to crash systems. The attack is fragmented into groups of 16 octets before transmission. Publicly accessible DNS servers are typically used to execute the attack.

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?. File Analysis. Anti-Virus Filtering. Intelligent Multi-Scan. IP Reputation Filtering.

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?. Telemetry uses a push method, which makes it faster than SNMP. Telemetry uses push and pull, which makes it more scalable than SNMP. Telemetry uses a pull method, which makes it more reliable than SNMP. Telemetry uses push and pull, which makes it more secure than SNMP.

Which two capabilities does TAXII support? (Choose two). mitigating. exchange. pull messaging. correlation. binding.

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.). Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE. Southbound APIs utilize CLI, SNMP, and RESTCONF. Southbound interfaces utilize device configurations such as VLANs and IP addresses. Southbound APIs are used to define how SDN controllers integrate with applications. Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?. complete no configurations. complete all configurations. set the IP address of an interface. add subinterfaces.

What is a description of microsegmentation?. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery. Environments implement private VLAN segmentation to group servers with similar applications. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate. Environments deploy centrally managed host-based firewall rules on each server or container.

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?. Implement pre-filter policies for the CIP preprocessor. Configure intrusion rules for the DNP3 preprocessor. Modify the access control policy to trust the industrial traffic. Enable traffic analysis in the Cisco FTD.

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.). Cisco FTDv with two management interfaces and one traffic interface configured. Cisco FTDv configured in routed mode and IPv6 configured. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises. Cisco FTDv with one management interface and two traffic interfaces configured.

For a given policy in Cisco Umbrella, how should a customer block websites based on a custom list?. by specifying blocked domains in the policy settings. by adding the websites to a blocked type destination list. by adding the website IP addresses to the Cisco Umbrella blocklist. by specifying the websites in a custom blocked category.

Which action adds IOCs to customize detections for a new attack?. Use the Initiate Endpoint IOC scan feature to gather the IOC information and push it to clients. Upload the IOCs into the Installed Endpoint IOC feature within Cisco AMP for Endpoints. Modify the base policy within Cisco AMP for Endpoints to include simple custom detections. Add a custom advanced detection to include the IOCs needed within Cisco AMP for Endpoints.

An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the internet and from the LAN. Which deployment mode must be used to accomplish this goal?. single interface. transparent. multi-context. two-interface.

An administrator is adding a new Cisco ISE node to an existing deployment. Open port 8905 on the firewall between the Cisco ISE nodes. Make the new Cisco ISE node a secondary PAN before registering it with the primary. Add the DNS entry for the new Cisco node into the DNS server. Change the IP address of the new Cisco ISE node to the same network.

Which two endpoint measures are used to minimize the changes of falling victim to phishing and social engineering attacks? (Choose two.). Protect against input validation and character escapes in the endpoint. Patch for cross site scripting. Protect systems with an up-to-date antimalware program. Install a spam and virus email filter. Perform backups to the private cloud.

Which two algorithms must be used when an engineer is creating a connection that will have classified data across it (Choose two.). SHA-384. RC4. RSA-3072. ECDSA-256. AES-256.

Which IETF attribute is supported for the RADIUS CoA feature?. 81 Message-Authenticator. 24 State. 42 Acct-Session-ID. 30 Calling-Station-ID.

A company identified a phishing vulnerability during a pentest. What are two ways the company can protect employees from the attack. using cisco ISE. using Cisco ESA. using Cisco Umbrella. using Cisco FTD. using an inline IPS/IDS in the network.

Which feature is supported when deploying cisco ASAv within the AWS public cloud. user deployment of layer 3 networks. clustering. multiple context mode. IPv6.

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and, control, phishing, and more threats?. File Analysis. Content Category Blocking. Application Control. Security Category Blocking.

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain sage and malicious content. Which action accomplishes these objectives?. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the request for only those categories. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and have the destination list block them. create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

An engineer needs to configure cloud logging on Cisco ASA with SAL integration. Which parameter must be considered for this configuration?. Required storage size can be allocated dynamically. Onboard Cisco ASA device to CDO is needed. Events can be viewed only from one regional cloud. ALL CSM versions are supported.

What is the difference between encrypted passwords and hardcoded passwords?. Encrypted passwords are easier to obtain, and hardcoded passwords are known only to developers. Encrypted passwords are generated by an application user, and hardcoded passwords are generated randomly. Encrypted passwords are used for frontend applications, an hardcoded passwords are used for backed applications. Encrypted passwords are stored in a database, and hardcoded passwords are embedded in the source code.

A network administrator needs a solution to match traffic and allow or deny traffic based on the type of the application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement?. intrusion detection system. next-generation firewall. web application firewall. next-generation intrusion prevention sytem.

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?. The changes are applied only after the configuration is saved in Cisco Umbrella. The changes a re applied immediately if the destination list is a part of a policy. The user role of Block Page Bypass or higher is needed to perform these changes. The destination list must be removed from the policy before changes are made to it.

What is a feature of an endpoint detection and response solution?. ensuring the security of network devices by choosing which devices are allowed to reach the network. rapidly and consistently observing and examining data to mitigate threats. capturing and clarifying data on email, endpoints, and servers to mitigate threats. preventing attacks by identifying harmful events with machine learning and conduct-based defense.

Which file type is supported when performing a bulk of upload destinations into a destination list on a Cisco Umbrella?. TXT. XLS. CSV. RTF.

What is the benefit of integrating Cisco ISE with a MDM solution?. It provides the ability to update other applications on the mobile device. It provides the ability to add applications to the mobile device through Cisco ISE. It provides network device administration access. It provides compliance checks for access to the network.

An engineer must configure Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of the emails that violate the DLP Policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet the requirements?. Secure Reply All. DLP Message Action. Secure Message Forwarding. Matched Content Logging.

An organization has a Cisco Secure Cloud Analytics in their environment Cloud Logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue. Configure security appliances to send NetFlow to Secure Cloud Analytics. Configure security appliances to send syslogs to Secure Cloud Analytics. Deploy a Cisco FTD send to send events to Secure Cloud Analytics. Deploy a Secure Cloud Analytics sensor on the network to send data to Secure Cloud Analytics.

What are the two types of managed Intercloud Fabric deployment models. (Choose two.). User managed. Hybrid Managed. Public managed. Enterprise managed. Service Provider managed.

Which telemetry data captures variations seen withing the flow, such as the TTL, IP/TCP flags, and payload length?. interpacket variation. software package variation. process details variation. flow insight variation.

Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches?. unprotected APIs. northbound APIs. southbound APIs. Rest APIs.

What is the difference between the GRE over IPsec and IPsec with crypto map. IPsec with crypto map offers better scalability. GRE over IPsec supports non-IP protocols. GRE provides its own encryption mechanism. Multicast traffic is supported by IPsec with crypto map.

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. FlexVPN. DMVPN. GET VPN. IPsec DVTI.

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements. What else must be done to accomplish this task?. Use content categories to block or allow specific addresses. Modify the application settings to allow only applications to connect to required addresses. Create a destination list for addresses to be allowed or blocked. Add the specified addresses to the identities list and create a block action.

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices. Set the sftunnel to go through the Cisco FTD. Set the sftunnel port to 8305. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?. southbound API. eastbound API. northbound API. westbound API.

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?. Active SSL decryption. Enable Intelligent Proxy. Active the Advanced Malware Protection license. Enable IP Layer enforcement.

Which feature requires a network discovery policy on the Cisco Firepower NGIPS?. security intelligence. health monitoring. URL filtering. impact flags.

Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?. source NAT. reverse tunnel. GRE tunnel. destination NAT.

Which action configures the IEEE 802.1X Flexible Authentication feature to support Layer 3 authentication mechanisms?. Modify the Dot1X configuration on the VPN server to send Layer 3 authentications to an external authentication database. Identify the devices using this feature and create a policy that allows them to pass Layer 2 authentication. Add MAB into the switch to allow redirection to a Layer 3 device for authentication. Configure WebAuth so the hosts are redirected to a web page for authentication.

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?. OpenC2. STIX. CybOX. OpenIOC.

Refer to the exhibit. Which command was used to display this output. show dot1x all summary. show dot1x. show dot1x interface gi1/0/12. show dot1x all.

Which two probes are configured to gather attributes of connected endpoints using Cisco identity Services Engine? (Choose two.). RADIUS. SMTP. DHCP. sFlow. TACACS+.

When wired 802.1X authentication is implemented, which two components are required? (Choose two.). authenticator: Cisco identity Services Engine. authenticator: Cisco Catalyst switch. supplicant: Cisco AnyConnect ISE Posture module. authentication server: Cisco Prime Infrastructure. authentication server: Cisco identity Service Engine.

What is a commonality between DMVPN and FlexVPN technologies?. IOS routers run the same NHRP code for DMVPN and FlexVPN. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes. FlexVPN and DMVPN use the new key management protocol, IKEv2. FlexVPN and DMVPN use the same hashing algorithms.

Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Secure Firewall Threat Defense appliance. What is causing this issue?. The access control policy is not allowing VPN traffic in. Site-to-site VPN peers are using different encryption algorithms. No split-tunnel policy is defined on the Firepower Threat Defense appliance. Site-to-site VPN preshared keys are mismatched.

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.How does the switch behave in this situation?. It forwards the packet without validation. It drops the packet without validation. It forwards the packet after validation by using the IP& MAC Binding Table. It drops the packet after validation by using the IP & MAC Binding Table.

An administrator has been tasked with configuring the Cisco Secure Emall Gateway to ensure there are no viruses before quarantined emails are dellvered. In addiion, dellvery of mall from known bad mall servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two.). Configure a recipient access table. Deploy the Cisco ESA in the DMZ. Use outbreak filters from SenderBase. Enable a message tracking service. Scan quarantined emails using AntiVirus signatures.

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement?. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not. Cisco ASA because it enables URL filtering and blocks malicious URLS by default, whereas Cisco FTD does not. Cisco FTD because it enables URL filtering and blocks. malicious URLs by default, whereas Cisco ASA does not. Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not.

Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this. The administrator must upload the file instead of the hash for Cisco AMP to use. The MD5 hash uploaded to the simple detection policy is in the incorrect format. Detections for MD5 signatures must be configured in the advanced custom detection policies. The APK must be uploaded for the application that the detection is intended.

An organization wants to implement a cloud-delivered and SaaS based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead Which solution meets these requirements?. Cisco Secure Cloud Analytics. Cisco Cloudlock. NetFlow collectors. Cisco Umbrella.

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?. Cisco Secure Client. Cisco Umbrella. Cisco Duo. Cisco Secure Endpoint.

Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments?. Cisco Stealthwatch Cloud. Cisco CloudLock. Cisco AppDynamics. Cisco Umbrella.

When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?. Cisco AMP Private Cloud. Cisco ASA. Cisco ISE. Cisco CloudLock.

Which action blocks specific IP addresses whenever a computer with Cisco AMP for Endpoints installed connects to the network?. Create an advanced custom detection policy and add the IP addresses. Create an application block list and add the IP addresses. Create an IP Block & Allow list and add the IP addresses. Create a simple custom detection policy and add the IP addresses.

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?. websecurityconfig. websecurityadvancedconfig. webadvancedconfig. outbreakconfig.

A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to mitigate this risk?. no service password-recovery. config-register 0x00000041. no service sw-reset-button. aaa authentication console.

Which solution provides end-to-end visibility of applications and insights about application performance?. Cisco Secure Workload. Cisco AppDynamics. Cisco Cloudlock. Cisco Secure Cloud Analytics.

Refer to the exhibit. Which task is the Python script performing by using the Cisco Secure Firewall API?. pushing a bulk list of network hosts to Cisco Secure Firewall Management Center. adding to an existing bulk list of internal hosts on Cisco Secure Firewall Management Center. retrieving a bulk list of network hosts from Cisco Secure Firewall Management Center. removing an existing bulk list of internal hosts from Cisco Secure Firewall Management Center.

What is a capability of EPP compared to EDR?. EPP prevents attacks on an endpoint, and EDR focuses on protecting email and web servers. EPP prevents attacks made via email, and EDR prevents attacks on a web server. EPP prevents attacks on an endpoint, and EDR detects attacks that penetrate the environment. EPP prevents attacks on a website, and EDR focuses on protecting computers and servers.

How should an organization gain visibility into encrypted flows leaving the organization?. Decrypt and inspect the HTTPS traffic. Implement AAA for external users. Add Cisco Secure Firewall IPS. Enable a VPN for more sensitive data.

How does a Cisco Secure Firewall help to lower the risk of exfiltration techniques that steal customer data?. blocking TCP port 53. inspecting the DNS traffic. encrypting the DNS communication. blocking UDP port 53.

An administrator is implementing management plane protection and must configure an interface on a Cisco router to only terminate management packets that are destined for the router. Which set of IOS commands must be used to complete the implementation?. #control-plane #management-plane #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh #allow peer ssh. #control-plane #management-plane #inband #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh. #control-plane #management-plane #out-of-band #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh. #control-plane #management-plane #vrf network #interface GigabitEthernet 0/6 #allow protocol ssh.

What is an attribute of Cisco Talos?. fast and intelligent responses based on threat data. cyber threat intelligence interchange and maintenance. cyber threats posing as authorized users and devices. introduction of attributes that use objects and narrative relations.

What is the definition of phishing?. malicious email spoofing attack that targets a specific organization or individual. any kind of unwanted, unsolicited digital communication that gets sent out in bulk. sending fraudulent communications that appear to come from a reputable source. impersonation of an authorized website to deceive users into entering their credentials.

What is a capability of the Cisco ISE guest service in the web-based portal?. creates an open SSID to give Wi-Fi access to guests without authentication. provides sponsors with a portal to create and manage accounts for visitors. gives consultants a self-service platform for password resets. allows Cisco Technical Assistance Center to create a temporary root account.

A company named Org.Co plans to migrate a messaging app to a software as a service offering. A security engineer must protect data-at-rest and data in transit, and the solution must enforce policy-based security control automatically. What must be integrated with the SaaS offering to meet these requirements?. next generation firewall. Perimeter Extended Detection and Response. Cloud Access Security Broker. Cloud Workload Protection.

What are the two distribution methods available to an administrator when performing a fresh rollout of the Cisco Secure Client Secure Mobility Client? (Choose two.). web deploy. SFTP. TFTP. cloud update. predeploy.

An engineer must protect data hosted in the cloud by using Cisco CloudLock data loss protection policies. the engineer uses a predefined policy for the configuration and needs the policy to return the closest exact match for a regular expression. Which action completes the implementation?. Set the occurrence threshold of search patterns to the lowest number. Configure the policy to use specific regular expressions for the proximity. Set the tolerance to Strict in the policy. Configure exceptions to the regular expression.

What is the purpose of the Trusted Automated eXchange cyber threat intelligence industry standard?. language used to represent security information. service used to exchange security information. public collection of threat intelligence feeds. threat intelligence sharing organization.

An engineer must prevent communication with a cloud application being decrypted. The application database uses AES-256 with SHA-512, and web access to the application uses HTTPS with SSLv2 self-signed certificates. TLS 1.3 with self-signed certificates. SSLv3 with signed certificates. TLS 1.3 with signed certificates. SSLv3 with self-signed certificates.

What is a capability of a Cloud Access Security Broker?. It controls access to and usage of a cloud-based application. It secures proxy connections to a cloud-based application. It issues oAuth tokens for user-level access to cloud-based applications. It encrypts data between a cloud provider and a cloud consumer.

An engineer must implement a backup solution between a branch office and the headquarters of a company. The solution must use a protocol that meets these requirements: 1. Be connection-oriented and support authentication 2. Support encryption to protect against man-in-the-middle attacks. 3. Be able to list the remote directories for ease of management. SCP. SSH. FTP. SFTP.

A network engineer configures a site-to-site VPN with a colleague. During testing, the engineer discovers that only phase 1 is up, and application traffic cannot pass. Which configuration parameter must be checked on each device?. encryption domain. shared key. Hash algorithm. peer IP address.

What is a difference between an SQL injection and a cross-site scripting attack?. SQL injection modifies SQL queries, and XSS cloaks by encoding tags. SQL injection detects environments, and XSS cloaks by encoding tags. SQL injection modifies SQL queries, and XSS allows access to files beyond the root folder. SQL injection intercepts user information, and XSS causes false or unpredictable results.

An engineer implements Cisco CloudLock to secure a Microsoft Office 365 application in the cloud. The engineer must configure protection for corporate files in case of any incidents. Which two actions must be taken to complete the implementation? (Choose two). Remove all users as collaborators on the files. Send Cisco Webex message to specified users when an incident is triggered. Disable the ability for commenters and viewers to download and copy the files. Expire the public share URL. Transfer ownership of the files to a specified owner and folder.

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device.

How is data sent out to the attacker during a DNS tunneling attack?. as part of the domain name. as part of the UDP/53 packet payload. as part of the DNS response packet. as part of the TCP/53 packet header.

What is an advantage of network telemetry over SNMP pulls?. security. encapsulation. scalability. accuracy.

Which attack gives unauthorized access to files on the web server?. path traversal. distributed DoS. DHCP snooping. broadcast storm.

Refer to the exhibit. An engineer must configure a new Cisco ISE backend server as a RADIUS server to provide AAA for all access requests from the client to the ISE-Frontend server. Which Cisco ISE configuration must be used. Set 10.11.1.2 as the external RADIUS server in ISE-Frontend. Set ports 1812/1813 for authentication and accounting. Set 10.11.1.1 as the external RADIUS server in ISE-Frontend. Set ports 1812/1813 for authentication and accounting. Set 10.11.1.2 as a network device in ISE-Frontend. Set port 1700/2083 for RADIUS authentication. Set 10.11.1.1 as a network device in ISE-Frontend. Set ports 1700/2083 for RADIUS authentication.

A company deploys an application that contains confidential data and has a hybrid hub-and-spoke topology. The hub resides in a public cloud environment, and the spoke resides on- premises. An engineer must secure the application to ensure that confidential data in transit between the hub-and-spoke servers is accessible only to authorized users. The engineer performs these configurations: 1. Segregation of duties 2 Role-based access control 3. Privileged access management What must be implemented to protect the data in transit?. MD5. TLS-1.3. SHA-512. AES-256.

What is part of a network monitoring solution that uses streams to push operational data to the solution and provide a near real-time view of activity?. telemetry. SNMP. Syslog. SMTP.

What is a benefit of using Cisco ISE for device compliance?. zero-trust approach. device analysis. outbreak control. retrospective analysis.

In a PaaS model, which layer is the tenant responsible for maintaining and patching?. application. hypervisor. network. virtual machine.

What is the primary role of the Cisco Secure Email Gateway?. Mail Transfer Agent. Mail User Agent. Mail delivery agent. Mail Submission Agent.

How does DNS Tunneling exfiltrate data?. An attacker opens a reverse DNS shell to get into the client's system and install malware on it. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.). monitor. permit. reset. allow. trust.

What is a benefit of conducting device compliance checks?. It indicates what type of operating system is connecting to the network. It detects email phishing attacks. It scans endpoints to determine if malicious activity is taking place. It validates if anti-virus software is installed.

An organization wants to improve its cybersecurity processes and to add intelligence to its data. The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?. Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides. Download the threat ntelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases. Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use. Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to the to the dynamic access control policies.

Refer to the exhibit. What is the function of the Python script code snippet for the Cisco ASA REST API?. adds a global rule into policies. changes the hostname of the ASA. obtains the saved configuration of the ASA firewall. deletes a global rule from policies.

Which two capabilities of Integration APIs are utilized with Cisco Catalyst Center? (Choose two.). Third party reporting. Create new SSIDs on a wireless LAN controller. Upgrade software on switches and routers. Automatically deploy new virtual routers. Connect to ITSM platforms.

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against a Active Directory. What must be considered about the authentication requirements? (Choose two.). The ISE account must be a domain administrator in Active Directory to perform JOIN operations. RADIUS communication must be permitted between the ISE server and the domain controller. Active Directory supports users and machine authentication by using MSCHAPv2. Active Directory only supports user authentication by using MSCHAPv2. LDAP communication must be permitted between the ISE server and the domain controller.

What is the purpose of a NetFlow version 9 template record?. It provides a standardized set of information about an IP flow. It defines the format of data records. It serves as a unique identification number to distinguish individual data records. It specifies the data format of NetFlow processes.

Which VPN provides scalability for organizations with many remote sites?. DMVPN. site-to-site IPsec. GRE over IPsec. SSL VPN.

What are two ways that Cisco Container Platform provides value to customer who utilize cloud service providers? (Choose two.). manages Kubernetes clusters. manages Docker containers. helps maintain source code for could deployments. creates complex tasks for managing code. allows developers to create code once and deploy to multiple clouds.

An engineer wants to assign a printer to a different VLAN than what is statically configured on the switch port. Which CoA type should the engineers use?. No CoA. CoA-Terminate. Port-Bounce. CoA-Reauth.

What is the target in a phishing attack?. IPS. web server. perimeter firewall. endpoint.

What is a characteristic of traffic storm control behavior?. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. Traffic storm control cannot determine if the packet is unicast or broadcast. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

How does Cisco Umbrella archive logs to an enterprise-owned storage?. by being configured to send logs to a self-managed AWS S3 bucket. by the system administrator downloading the logs from the Cisco Umbrella web portal. by sending logs via syslog to an on-premises or cloud-based syslog server. by using the Application Programming Interface to fetch the logs.

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.). Data. Applications. Middleware. Operating Systems. Virtualization.

What features does Cisco FTDv provide over Cisco ASAv?. Cisco FTDv runs on VMWare while Cisco ASAv does not. Cisco FTDv supports URL filtering while Cisco ASAV does not. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not. Cisco FTDv runs on AWS while Cisco ASAV does not.

Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?. NTP. NetFlow. Syslog. SNMP.

Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two.). aaa authorization exec default local. tacacs-server host 10.1.1.250 key password. CoA. aaa server radius dynamic-author. posture assessment.

What is the recommendation in a zero-trust model before granting access to corporate applications and resources?. to use a wired network, not wireless. to use strong passwords. to disconnect from the network when inactive. to use multifactor authentication.

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?. Cisco Stealthwatch and Cisco ISE integration. Cisco ISE with PxGrid services enabled. Cisco ASA firewall with Dynamic Access Policies configured. Cisco ISE and AnyConnect Posture module.

An administrator wants to ensure that the organization's remote access VPN devices can connect to the VPN without the user logging into the devices. Which action accomplishes this task?. Modify the Cisco AnyConnect Client image to start before logon and use the users' cached credentials for authentication. Add the Auto Connect feature in the Cisco AnyConnect Group Policy and use the machine certificate as the authentication identity. Change the Cisco AnyConnect Connection Profile to allow for authentication prior to logon and use the user certificate for authentication. Configure the Start Before Logon feature in the Cisco AnyConnect Client profile and use certificate authentication.

Which process is used to obtain a certificate from a CA?. approval. enrollment. registration. signing.

What is a capability of Cisco AVC?. traffic filtering by using a Security Intelligence policy. Interoperates by using GET VPN on tunnel interfaces. application bandwidth enforcement on Cisco IOS platforms. deep packet inspection on IPsec encapsulated traffic.

Which form of attack is launched using botnets?. Dos. DDoS. TCP flood. virus.

Which attribute has the ability to change during the RADIUS CoA?. accessibility. authorization. NTP. membership.

A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?. need to be reestablished with both stateful and stateless failover. preserved with stateful failover and need to be reestablished with stateless failover. preserved with both stateful and stateless failover. need to be reestablished with stateful failover and preserved with stateless failover.

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?. Phishing. Pharming. Slowloris. SYN flood.

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?. public. hybrid. community. private.

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?. RTP performance. TCP performance. AVC performance. WSAv performance.

What are two benefits of Flexible NetFlow records? (Choose two.). They allow the user to configure flow information to perform customized traffic identification. They converge multiple accounting technologies into one accounting mechanism. They provide attack prevention by dropping the traffic. They provide monitoring of a wider range of IP packet information from Layer 2 to 4. They provide accounting and billing enhancements.

Which system performs compliance checks and remote wiping?. MDM. Cisco ISE. OTP. Cisco AMP.

For which type of attack is multifactor authentication an effective deterrent?. ping of death. syn flood. teardrop. phishing.

Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?. Cisco ISE. Cisco ASA. Cisco ESA. Cisco WSA.

Which type of algorithm provides the highest level of protection against brute-force attacks?. PFS. SHA. HMAC. MD5.

An engineer is implementing NAC for LAN users on a segmented network. The engineer confirms that the device of each user is supported and the Cisco switch configuration is correct. Which configuration should be made next to ensure there are no authentication issucs?. Open TCP port 49. Enable TACACS+ on the switch. Disable the host firewall. Permit UDP port 1812.

A network administrator must grant a TACACS administrator access to converged access WLCs. The administrator configures the TACACS server and server groups and maps the server on the WLC. What must be configured next?. Configure authentication and authorization policies. Create and apply a policy to the VTY line. Enable accounting for TACACS connections. Create and apply a policy to HTTP.

Refer to the exhibit. Network access control is implemented on the LAN and an engineer must now configure the switch port level so that users with new corporate devices can connect to the corporate LAN without issues. What must be configured next?. errdisable recovery cause psecure violation. clear port-security dynamic. authentic action violation replace. shut and no shut.

Refer to the exhibit. An administrator must configure AAA authentication on a Cisco router with a RADIUS server for administrative access. Which command completes the configuration?. radius server attribute 32 include in access req. radius-server attribute 8 include-in-access-req. radius-server attribute 4. radius-server attribute 6 on-for-login-auth.

What is a function of the Layer 4 Traffic Monitor on a Cisco Secure Web Appliance?. monitors suspicious traffic across all the TCP/UDP ports. prevents data exfiltration by searching all the network traffic for specified sensitive information. decrypts SSL traffic to monitor for malicious content. blocks traffic from URL categories that are known to contain malicious content.

Refer to the exhibit. A company named ABC has a Cisco Secure Email Gateway and an engineer must configure the incoming mail policy so that emails containing malware files are quarantined instead of dropped and to prevent an increase in false positives causing emails to be dropped erroneously. What must be configured on the Secure Email Gateway?. Delete usera1 policy. Open usera1 policy, Messages with Malware Attachments, and then Action Applied to Message. Open Default Policy, Malware File, and then Action Applied to Message. Change the Policies Order.

Which interface mode does a Cisco Secure IPS device use to block suspicious traffic?. inline. active. passive. promiscuous.

A growing software development company recently acquired a smaller start-up social media company. The web security controls for the enterprise must now be configured to allow the new employees access to social media sites as the existing on-premises employees are blocked from accessing this type of website. An engineer must now modify an outbound policy on a Cisco Secure Web Appliance to make it less generic by applying specific policies for a group of users. Which criteria must be used as the method to deploy the new configuration?. SOCKS. users agent. application. subnet.

A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall to permit TCP DNS traffic to the internet from the organization's inside network 192.168.1.0/24. Which IOS command must be used to implement the access control list?. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq domain any. access-list 102 permit tep 192 168.1.0 0.0.0.255 eq 53 any. access-list 102 permit tcp 192.168.1.0 0.0.0.255 eq domain. access-list 102 permit tep 192.168.1.0 0.0.0.255 eq 53.

What is a difference between software bugs and path traversal?. Software bugs allow an attacker to run unauthorized commands on a system, and path traversal allows access to files beyond the root folder. Software bugs embed random HTML code in a web app, and path traversal allows access to files beyond the root folder. Software bugs cause false or unpredictable results, and path traversal allows access to files beyond the root folder. Software bugs cause false or unpredictable results, and path traversal allows an attacker to run unauthorized commands on a system.

An engineer must configure URL filtering for user-defined Decryption Policy groups on a Cisco Secure Web Appliance. The engineer must block the gaming category for HTTPS requests. Which two actions must be taken? (Choose two.). Decrypt the gaming category in the Decryption Policy group. Monitor the gaming category in the Access Policy group. Block the gaming category in the Access Policy group. Pass through the gaming category in the Access Policy group. Drop the gaming category in the Decryption Policy group.

A network engineer must create an access control list on a Cisco Adaptive Secunty Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization's inside network 192.168 1 0/24 Which IOS command must be used to cmeate the access control list?. access-list HTTP ONLY extended permit tcp 192 168.1.0 255.256 255.0 any eq 80. access-list permit http 192. 188.1.0 255.255 255.0 any. access-list HTTP ONLY extended permit tcp 197 168.1.0 255.255 255,0. access-list extended permit icp 192.168.1.0 265 256.255.0 any eq 80.

Refer to the exhibit. An engineer must configure an incoming mail policy so that each email sent from usera1@example.com to a domain of @cisco.com is scanned for antispam and advanced malware protection. All other settings will use the default behavior. What must be configured in the incoming mail policy to meet the requirements?. Policy Name: Default Policy Sender usera1@example.com Recipient: @cisco.com. Policy Name; cisco.com policy Sender: usera1@example.com Recipient: @cisco.com. Policy Name: Anti-Malware policy Sender: usera1@example.com Recipient @cisco.com. Policy Name: usera1 policy Sender: usera1@example.com Recipient @cisco.com.

An engineer is deploying a Cisco Secure Email Gateway and must configure a sender group that decides which mail policy will process the mail. The configuration must accept incoming mails and relay the outgoing mails from the internal server. Which component must be configured to accept the connection to the listener and meet these requirements on a Cisco Secure Email Gateway?. access list. sender list. HAT. RAT.

How does a cross-site request forgery attack operate?. injecting malicious code into a browser that uses a valid HTTP request. using JavaScript to write data into the value within a cookie. submitting unauthorized commands from a user trusted by an application. injecting malicious script code into the data stored on a server.

What is a benefit of a late endpoint patching strategy?. low patching costs. meet specific deadline for patching cycle. proactive patching cycles. compatibility validation with current software.

Which policy is used to capture host information on the Cisco Secure Firewall IPS?. intrusion. access control. network discovery. correlation.

Where are individual sites specified to be block listed in Cisco Umbrella?. security settings. destination lists. application settings. content categories.

What are two Detection and Analytics Engines of Cognitive Intelligence? (Choose two.). data exfiltration. intelligent proxy. snort. command and control communication. URL categorization.

In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.). It prevents trojan horse malware using sensors. It secures all passwords that are shared in video conferences. It prevents use of compromised accounts and social engineering. It automatically removes malicious emails from users' inbox. It prevents all zero-day attacks coming from the Internet.

Refer to the exhibit. The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch sw2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?. P5, P6, and P7 only. P2 and P3 only. P2, P3, and P6 only. P1, P2, P3, and P4 only.

What is a difference between DMVPN and sVTI?. DMVPN supports static tunnel establishment, whereas sVTI does not. DMVPN provides interoperability with other vendors, whereas sVTI does not. DMVPN supports dynamic tunnel establishment, whereas sVTI does not. DMVPN supports tunnel encryption, whereas sVTI does not.

Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to the network?. profiler. Threat Centric NAC. posture. Cisco TrustSec.

Refer to the exhibit. Which task is the Python script performing by using the Cisco Umbrella API?. changing the disposition of domains that were previously malicious to clean. changing the disposition of domains that were previously clean to malicious. checking the disposition of previously identified domains in bulk. checking the disposition of potentially malicious domains in bulk.

What is considered a cloud data breach?. exploitation of cloud application access. deprivation of computing resources. cyber threats posing as authorized entities. leaked information that is private.

What is a difference between a Cisco Adaptive Security Appliance firewall and a zone-based firewall?. Cisco Adaptive Security Appliance firewalls use quality of service, and zone-based firewalls use throttling. Cisco Adaptive Security Appliance firewalls use policy-based routing, and zone-based firewalls use stateless access control lists. Cisco Adaptive Security Appliance firewalls support application monitoring, and zone-based firewalls support packet inspection. Cisco Adaptive Security Appliance firewalls support high-performance networks, and zone-based firewalls are suited for low traffic levels.

Refer to the exhibit. An engineer created a policy named usera1 on a Cisco Secure Email Gateway to enable the antispam feature for an email address of usera1@cisco.com. Which configuration step must be performed next to apply the policy only to the usera1@cisco.com email address?. Click the Policy Name usera1 Policy, and then click Add User. Specify the user in Mail Policies > Mail Policies Settings. Set the user in Mail Policies > Exception Table. Click IronPort Anti-Spam, and then click Add User.

Which two methods are available in Cisco Secure Web Appliance to process client requests when configured in Transparent mode? (Choose two.). WCCP. PBR. WPAD. PAC files. browser settings.

A network engineer must establish a site-to-site VPN between two Cisco routers using IPsec. The engineer creates an access control list to permit the traffic configures phase 1 and phase 2 of IPsec, and applies the crypto map from the routers to the public interface. Which action completes the configuration?. Ping one of the routers to verify network connectivity. Establish the IPsec VPN tunnel. Configure the routers to exclude traffic from NAT. Create an extended access control list on one of the routers to allow inbound traffic.

What is a difference between FlexVPN and DMVPN?. FlexVPN uses IKEv2 DMVPN uses IKEv1 or IKEv2. DMVPN uses IKEv1 or IKEv2 FlexVPN only uses IKEv1. DMVPN uses only IKEv1 FlexVPN uses only IKEv2. FlexVPN uses IKEv1 or IKEv2 DMVPN uses only IKEv2.

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on, but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard.

Which Secure Email Gateway implementation method segregates inbound and outbound email?. one listener on one logical IPv4 address on a single logical interface. one listener on a single physical interface. pair of logical IPv4 listeners and a pair of IIPv6 listeners on two physically separate interfaces. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address.

A Cisco Secure Cloud Analytics administrator is setting up a private network monitor sensor to monitor an on-premises environment Which two pieces of information from the sensor are used to link to the Secure Cloud Analytics portal? (Choose two.). private IP address. public IP address. NAT ID. SSL certificate. unique service key.

An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?. sharing. authoring. editing. consumption.

What is a benefit of implementing multifactor authentication for an application?. helps prevent stolen credentials from being used. allows remote access to the application. allows secure connections to the application. links devices with applications improving discovery.

An engineer is configuring Outbreak Filters for a Cisco Secure Email Gateway to protect a network from large scale virus outbreaks and phishing scams. Any URLs that match the filter must be logged with these details: 1. Category 2 Reputation score 3. Outbreak Filter rewrites Which CLI command must the engineer use?. outbreakconfig. outbreakfilters. dlpconfig. quarantineconfig.

An engineer configured a new network identity in Cisco Umbrella but must venty that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?. Browse to http://welcome.umbrella.com/ to validate that the new identity is working. Ensure that the client computers are pointing to the on-premises DNS servers. Enable the Intelligent Proxy to validate that traffic is being routed correctly. Add the public IP address that the client computers are behind to a Core identity.

Refer to the exhibit. What are two indications of the Cisco Firepower Services Module configuration? (Choose two.). Traffic is blocked if the module fails. The module fails to receive redirected traffic. The module is operating in IPS mode. The module is operating in IDS mode. Traffic continues to flow if the module fails.

An engineer configured 802.1X authentication on a switch port but cannot authenticate. Which action must the engineer take to validate if the user credentials are correct?. Check the logs of the authentication server for the username and authentication rejection logs. Check policy enforcement point for the authentication mechanism and credentials used. Check the authenticator and view the debug logs for the username and password. Check the supplicant logs for the username and password entered, then check the authentication provider.

Which common exploit method is TLS 1.3 designed to prevent?. man-in-the-middle attack. cross-site scripting. denial-of-service attack. cross-site request forgery.

What is a benefit of using Cisco AVC for application control?. retrospective application analysis. dynamic application scanning. management of application sessions. zero-trust approach.

An engineer is implementing a network access control solution for a client. The client has separate data and voice VLANs and the deployment is now entering the testing phase. Which configuration must be made next to ensure there are no user authentication issues?. Remove VRF settings from the client ports on the switch. Add TACACS+ as a failover backup solution. Change the ID of the voice VLAN. Delete the downloadable MAC access control lists.

A security administrator is designing an email protection solution for an onsite email server and must meet these requirements: 1. remove malware from email before it reaches corporate premises 2. drop emails with risky links automatically 3. block access to newly infected sites with real-time URL analysis Which solution must be used?. Cisco Secure Email Cloud. Cisco Security for Office 365. Cisco Stealth Watch Cloud. Cisco Secure Email and Web Manager Cloud.

An engineer must create a new custom URL on a Cisco Secure Web Appliance to block cisco.com and all its subdomains. The engineer performs these actions: 1. Create a new custom URL category named Blck_Domain. 2 Add a site named cisco.com. 3. Click Submit. Which additional configuration must be performed?. Change the cisco.com site to www.cisco.com, and then click Submit. Add an additional site named www.cisco.com, and then click Submit. Set the cisco.com site to *cisco.com, and then click Submit. Add an additional site named .cisco.com, and then click Submit.

Which component is included in a zero-trust architecture model?. cloud provider. multifactor authentication. interconnected infrastructure. encryption management.

A company named ABC.inc recently deployed a new website www.abc.inc to a SaaS platform. An engineer must secure the website because the company has experienced a recent increase in DoS, DDoS, cross-site scripting, and SQL injection attacks. Which security solution must be deployed?. Cisco IDS Host Sensor on the SaaS platform. Cisco Secure Firewall at ABC.inc. Secure Web Application Firewall on the SaaS platform. Cisco Intrusion Prevention System at ABC.inc.

What is a difference between a zone-based firewall and a Cisco Adaptive Security Appliance firewall?. Zone-based firewalls support virtual tunnel interfaces across different locations, and Cisco Adaptive Security Appliance firewalls support DMVPN. Zone-based firewalls are used in large deployments with multiple areas, and Adaptive Security Appliance firewalls are used in small deployments. Zone-based firewalls provide static routing based on interfaces, and Cisco Adaptive Security Appliance firewalls provide dynamic routing. Zone-based firewalls have a default allow-all policy between interfaces in the same zone, and Cisco Adaptive Security Appliance firewalls have a deny-all policy.

How is a cross-site scripting attack executed?. force a currently authenticated end user to execute unwanted actions on a web app. execute malicious client-side scripts injected to a client via a web app. inject a database query via the input data from the client to a web app. intercept communications between a client and a web server.

Refer to the exhibit. Which protocol should be used to encrypt a client connection that signs in to the router remotely to make common configuration changes?. SSH. SCP. SFTP. FTPS.

An engineer must monitor the behavior of devices on an on-premises network and send the data to the Cisco Secure Cloud Analytics platform for analysis. The engineer will perform this task on a virtual machine. What must be configured next?. Cisco Secure Firewall Threat Defense sensor to send network events to Secure Cloud Analytics. Cisco Secure Firewall Management Center to send syslog messages to Secure Cloud Analytics. Cisco Secure Firewall Management Center to send NetFlow data to Secure Cloud Analytics. Cisco Secure Cloud Analytics Cloud PIM sensor to send data to Secure Cloud Analytics.

Why is it important to implement a comprehensive endpoint patching strategy?. protects the organization by using zero-trust model metrics and analytics. protects the confidentiality and availability of information in an organization. ensures patching is performed automatically from the endpoint and at a regular cadence. ensures endpoint-to-destination encryption of any sensitive data transmitted in an organization.

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?. CSM. Cisco FMC. Cisco FMD. CDO.

What is the intent of a basic SYN flood attack?. to flush the register stack to re-initiate the buffers. to solicit DNS responses. to exceed the threshold limit of the connection queue. to cause the buffer to overflow.

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?. Use URL categorization to prevent the application traffic. Use security services to configure the traffic monitor. Use an access policy group to configure application control settings. Use web security reporting to validate engine functionality.

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.). determines if the email messages are malicious. uses a static algorithm to determine malicious. blocks malicious websites and adds them to a block list. does a real-time user web browsing behavior analysis. provides a defense for on-premises email deployments.

What is the purpose of CA in a PKI?. to create the private key for a digital certificate. to validate the authenticity of a digital certificate. to certify the ownership of a public key by the named subject. to issue and revoke digital certificates.

Which network monitoring solution uses streams and pushes operational data to provide a near real time view of activity?. SNMP. SMTP. model-driven telemetry. Syslog.

Which statement describes a serverless application?. The application is installed on network equipment and not on physical servers. The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm. The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider. The application delivery controller in front of the server farm designates on which server the application runs each time.

While using Cisco Secure Firewall's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.). port numbers. IP addresses. protocol IDs. MAC addresses. URLs.

What is the purpose of the certificate signing request when adding a new certificate for a server?. It is the password for the certificate that is needed to install it with. It provides the server information so a certificate can be created and signed. It is the certificate that will be loaded onto the server. It provides the certificate client information so the server can authenticate against it when installing.

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?. drop. reset. buffer. pass.

An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?. It is included in the license cost for the multi-org console of Cisco Umbrella. It can grant third-party SIEM integrations write access to the S3 bucket. Data can be stored offline for 30 days. No other applications except Cisco Umbrella can write to the S3 bucket.

What is a benefit of using a multifactor authentication strategy?. It provides visibility into devices to establish device trust. It provides secure remote access for applications. It provides an easy, single sign-on experience against multiple applications. It protects data by enabling the use of a second validation of identity.

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue?. Configure the device sensor feature within the switch to send the appropriate protocol information. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.

How does a cloud access security broker function?. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution. It scans other cloud solutions being used within the network and identifies vulnerabilities. It acts as a security information and event management solution and receives syslog from other cloud solutions. It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.

What are two characteristics of Cisco DNA Center APIs?. They are Cisco proprietary. They view the overall health of the network. Postman is required to utilize Cisco DNA Center API calls. They do not support Python scripts. They quickly provision new devices.

Which two components do southbound APIs use to communicate with downstream devices? (Choose two.). services running over the network. OpenFlow. applications running over the network. OpFlex. external application APIs.

A network administrator received a critical message alert from a Cisco Secure Web Appliance stating that the log partition is at 107% capacity. How does a Cisco Secure Web Appliance respond when its logging partition is full?. It overwrites the oldest log files. It archives older logs in a compressed file to free space. It deletes logs older than a configurable age. It suspends logging and reporting functions.

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?. intent. event. integration. multivendor.

Which parameter is required when configuring a NetFlow exporter on a Cisco router?. source interface. exporter description. exporter name. DSCP value.

An organization wants to reduce their attack surface for cloud applications. They want to understand application communications, detect abnormal application behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?. Implement Cisco Umbrella to control the access each application is granted. Configure Cisco Tetration to detect anomalies and vulnerabilities. Modify the Cisco Duo configuration to restrict access between applications. Use Cisco ISE to provide application visibility and restrict access to them.

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE. Modify the current policy with the condition MFA SourceSequence:DUO=true in the authorization conditions within Cisco ISE.

Which solution should a network administrator deploy to protect a webserver from SQL injection attacks?. Secure Web Appliance. IPS. IDS. ISE.

An engineer must register a fixed network on a Cisco Umbrella platform. Which two actions must be performed when adding a new public IP address? (Choose two.). Install the Umbrella root certificate. Configure the DNS security settings. Enter a network public IP address. Point DNS to Umbrella platform DNS servers. Point DHCP to Umbrella platform DHCP servers.

What is a benefit of using GETVPN over FlexVPN within a VPN deployment?. GETVPN supports Remote Access VPNs. GETVPN uses multiple security associations for connections. GETVPN natively supports MPLS and private IP networks. GETVPN interoperates with non-Cisco devices.

Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?. Cisco Umbrella. Cisco Stealthwatch. Cisco CTA. Cisco Encrypted Traffic Analytics.

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?. Cisco DNA Center. Cisco Secureworks. Cisco Defense Orchestrator. Cisco Configuration Professional.

Refer to the exhibit. An engineer is implementing a network access control solution. Users can authenticate against the RADIUS server, and now the engineer must configure a downloadable access control list switch port. Which command must be used next to complete the configuration?. ip access-group ACL-NAME out. radius-server vsa send authentication. switchport mode access. authentication order mab dot1x.

Refer to the exhibit. What will happen when this Python script is run?. The list of computers, policies, and connector statuses will be received from Cisco AMP. The compromised computers and what compromised them will be received from Cisco AMP. The compromised computers and malware trajectories will be received from Cisco AMP. The list of computers and their current vulnerabilities will be received from Cisco AMP.

Client workstations are experiencing extremely poor response time. An engineer suspects that an attacker is eavesdropping and making independent connections while relaying messages between victims to make them think they are talking to each other over a private connection. Which feature must be enabled and configured to provide relief from this type of attack?. Dynamic ARP Inspection. Link Aggregation. private VLANs. Reverse ARP.

What are two functionalities of SDN southbound APIs? (Choose two.). OpenFlow is a standardized southbound API protocol used between the SDN controller and the switch. Southbound APIs provide a programmable interface for applications to configure the network. Southbound APIs form the interface between the SDN controller and the network switches and routers. Southbound APIs form the interface between the SDN controller and business applications. Application layer programs communicate with the SDN controller through the southbound APIs.

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?. SAT. HAT. RAT. BAT.

Which endpoint solution protects a user from a phishing attack?. Cisco ISE. Cisco AnyConnect with Umbrella Roaming Security module. Cisco AnyConnect with Network Access Manager module. Cisco AnyConnect with ISE Posture module.

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?. malware installation. command-and-control communication. network footprinting. data exfiltration.

Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.). no service password-recovery. ip ssh version 2. no cdp run. no ip http server. service tcp-keepalives-in.

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?. ClamAV Engine to perform email scanning. Spero Engine with machine learning to perform dynamic analysis. Ethos Engine to perform fuzzy fingerprinting. Tetra Engine to detect malware when the endpoint is connected to the cloud.

Which entity is responsible for encrypting data in transit using an IaaS model versus a SaaS model?. Cloud Application Developer for IaaS and Cloud SLA Manager for SaaS. Cloud Service Customer for IaaS and Cloud Service Provider for SaaS. Cloud Service Provider for IaaS and Cloud Service Customer for SaaS. Cloud SLA Manager for IaaS and Cloud Application Developer for SaaS.

Which feature is used to restrict communication between interfaces on a Cisco ASA?. security levels. traffic zones. VXLAN interfaces. VLAN subinterfaces.

Refer to the exhibit. An engineer is implementing a certificate-based VPN. What is the result of the existing configuration?. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy. The OU of the IKEv2 peer certificate is set to MANGLER. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.

What is a feature of NetFlow Secure Event Logging?. It exports only records that indicate significant events in a flow. It supports v5 and v8 templates. It filters NSEL events based on the traffic and event type through RSVP. It delivers data records to NSEL collectors through NetFlow over TCP only.

Which role is a default guest type in Cisco ISE?. Monthly. Contractor. Yearly. Full-time.

Which Cisco security solution provides patch management in the cloud?. Cisco Tetration. Cisco CloudLock. Cisco Umbrella. Cisco ISE.

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?. device management policy. group policy. access control policy. platform service policy.

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics?. multiple context. routed. cluster. transparent.

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?. SIG Advantage. DNS Security Advantage. DNS Security Essentials. SIG Essentials.

Refer to the exhibit. Which tasks is the Python script performing by calling the API?. requesting the use of basic authentication to make changes to Cisco Secure Email Gateway. requesting the use of basic authentication to make changes in Cisco DNA Center. retrieving and displaying an authentication token from Cisco Secure Email Gateway. retrieving and displaying an authentication token from Cisco DNA Center.

What is a capability of Cisco Secure Email Gateway compared to Cisco Secure Web Appliance?. Secure Email Gateway protects a web server from malware and distributed denial-of-service attacks, and Secure Web Appliance blocks malware and phishing attempts sent by email. Secure Email Gateway provides a single management interface for email security, and Secure Web Appliance acts as web application firewall. Secure Email Gateway provides a single management interface for email and web security, and Secure Web Appliance acts as web application firewall. Secure Email Gateway blocks malware and phishing attempts sent by email, and Secure Web Appliance blocks internal users from accessing inappropriate web sites.

What is an advantage of static virtual tunnel interfaces when compared to crypto map?. Static virtual tunnel interfaces provide IPsec VPN configurations without access lists, and crypto map provides IPsec VPN configurations that have access lists. Static virtual tunnel interfaces provide Extensible Authentication Protocol tunnelling, and crypto map provides XAUTH. Static virtual tunnel interfaces provide IPsec VPN configurations using access lists, and crypto map provides IPsec VPN configurations without access lists. Static virtual tunnel interfaces provide IKEv2 for VPN configurations, and crypto map provides support for IKEv1.

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?. CoA. posture assessment. SNMP probe. external identity source.

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?. Contiv. SDLC. Lambda. Docker.

What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and infrastructure automation?. continuous integration and continuous deployment. compile-time instrumentation. cloud application security broker. container orchestration.

Which attack type attempts to shut down a machine or network so that users are not able to access it?. bluesnarfing. smurf. IP spoofing. MAC spoofing.

Which service allows a user export application usage and performance statistics with Cisco Application Visibility and Control?. SNORT. 802.1X. SNMP. NetFlow.

A networking team must harden an organization's network from VLAN hopping attacks. The team disables Dynamic Trunking Protocol and puts any unused ports in an unused VLAN. A trunk port is used as a trunk link. What must the team configure next to harden the network against VLAN hopping attacks?. enable port-based network access control. dedicated VLAN ID for all trunk ports. disable STP on the network devices. DHCP snooping on all the switches.

A company named ABC.inc has an older web server that is used for its website named www.abc.inc. The company plans to move the website to the public cloud to reduce costs. The company regularly performs the security activities: 1. VA scans 2. PEN tests When the migration to the cloud is complete, which activity must be performed to scan for source code errors?. SAST scans. on-demand website scans. DAST scans. PEN tests.

Refer the exhibit. A network security engineer must enable and configure port security on a Cisco Catalyst switch. Up to 20 secure MAC addresses must be supported per port. In case of a violation, the port must be disabled immediately, and the port LED must turn off. Which command completes the configuration?. switchport port-security violation shutdown. switchport port-security violation restrict. switchport port-security violation protect. switchport port-security violation disable.

Which technology provides a combination of endpoint protection, endpoint detection, and response?. Cisco AMP. Cisco Secure Malware Analytics. Cisco Talos. Cisco Umbrella.

Refer to the exhibit. An engineer must modify the header priority to match a mail policy on a Cisco Secure Email Gateway. The From header must be set to priority P1, and Envelope Sender must be set to priority P2. Which action must be taken next to complete the configuration?. Modify the Mail Policy settings. Modify the Incoming Mail Policies default policy. Create a new Incoming Mail policy. Create a new Mail Flow policies.

Refer to the exhibit. An administrator must configure authentication, authorization, and accounting (AAA) on a Cisco router for SSH access. Which code snippet completes the configuration?. ! aaa new-model ! line vty 0 4 transport input all authorization exec author-list accounting exec account-list login authentication authen-list !. ! aaa new-model ! line vty 0 4 transport input ssh authorization exec author-list accounting exec account-list login authentication enable !. ! line vty 0 4 transport input ssh authorization exec author-list accounting exec account-list login authentication authen-list !. ! aaa new-model ! line vty 0 4 transport input ssh authorization exec author-list accounting exec account-list login authentication authen-list !.

What is a difference between an EPP and EDR?. EPP addresses firewall capabilities, and EDR can perform disk encryption. EPP addresses antimalware, and EDR addresses port control. EPP addresses security incident detection, and EDR prevents data loss. EPP addresses application sandboxing, and EDR provides threat intelligence.

A company named ABC wants to migrate to the cloud to reduce operational costs. The company requires a cloud solution where the cloud provider is responsible for: 1. Virtualization upgrades 2. Servers and storage patching 3. Network security The company must keep control of the OS, middleware, and applications. Which cloud service model must be used?. IasS. SaaS. PaaS. Hybrid.

Which type of DDoS attack masks an attacker's identity?. direct. amplification. reflection. SYN flood.

An engineer must configure a new site-to-site VPN connection using Cisco Secure Firewall Threat Defense as node A and Cisco ASA as node B. These configurations were performed already in Cisco Secure Firewall Threat Defense: 1. Configure IKE and IPsec parameters 2. Bypass access control 3. Create an access control policy Which action completes the configuration?. Create a tunnel group for the peer. Add a VPN client profile. Configure NAT exemption. Enable IKEv2 on the outside interface.

Which security mechanism is designed to protect against "offline brute-force" attacks?. Salt. Token. CAPTCHA. MFA.

Which command enabled 802.1X globally on a Cisco switch?. dot1x system-auth-control. dot1x pae authenticator. aaa new-model. authentication port-control auto.

What is the function of SDN southbound API protocols?. to allow for the static configuration of control plane applications. to allow for the dynamic configuration of control plane applications. to enable the controller to make changes. to enable the controller to use REST.

Which two mechanism are used to control phishing attacks? (Choose Two.). Enable browser alerts for fraudulent websites. Implement email filtering techniques. Revoke expired CRL of the websites. Define security group memberships. Use antispyware software.

How is Cisco Umbrella configured to log only security events?. in the Reporting settings. per network in the Deployment section. Deployment section. per policy.

What are two rootkit types (Choose two). bootloader. virtual. registry. buffer mode. user mode.

What are two list types within Cisco Secure Endpoints Outbreak Control? (Choose two.). allowed applications. simple custom detections. blocked ports. URL. command and control.

what are two trojan malware attacks? (Choose two.). rootkit. frontdoor. backdoor. sync. smurf.

A networking team must harden an organization's core switch against man-in-the-middle attacks. The team must use Dynamic ARP inspection on the switch to meet the requirement. The team enables DHCP snooping and Dynamic ARP Inspection and configures the trust state of the service. Which action must be taken next to complete the configuration of the Dynamic ARP inspection feature?. Enable Dynamic ARP inspection error-disabled recovery. Enable Dynamic ARP inspection logging for dropped packets. Only ARP access control lists for Dynamic ARP inspection filtering. Configure the ARP packet rate limiting feature.

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?. Cisco Talos. Cisco AnyConnect. Cisco AMP. Cisco Dynamic DNS.

What is a feature of Cisco Netflow Secure Event Logging for Cisco ASAs?. Multiple NetFlow collectors are supported. Secure NetFlow connections are optimized for Cisco Prime Infrastructure. Flow-create events are delayed. Advanced NetFlow V9 templates and legacy v5 formatting are supported.

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud Analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM Appliance deployed in a VMware-based hypervisor?. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

Which Cisco solution integrates Encrypted traffic analytics to perform enhanced visibility, promote compliance, shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?. Cisco DNA Center. Cisco Security Compliance Solution. Cisco SDN. Cisco ISE.

Why is it important to implement multifactor authentication inside of an organization?. To prevent brute force attacks from being successful. To prevent phishing attacks from being successful. To prevent DoS attacks from being successful. To prevent man-the-middle attacks from being successful.

Which two application layer preprocessors are used by Secure Firewall IPS? (Choose two.). inline normalization. SIP. SSL. modbus. packet decoder.

A network engineer must configure an access control policy on top of an existing Cisco Secure Firewall Threat Defense access control policy. The policy contain IP addresses and port values with no need for deeper inspection. Which type of policy must be created?. access control. prefilter. identity. SSL.

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?. It provides enhanced HTTPS application detection for AsyncOS. It decrypts HTTPS application traffic for authenticated users. It decrypts HTTPS application traffic for unauthenticated users. It alerts users when the WSA decrypts their traffic.

Email security has become a high-priority task a security engineer a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content filter with a URL reputation of (-10.00 to -6.00) on the Cisco ESA. Which action will the system perform to disable any links in messages that match the filter?. Quarantine. ScreenAction. Defang. FilterAction.

An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?. deliver and add disclaimer text. deliver and send copies to other recipients. quarantine and after the subject header with a DLP violation. quarantine and send a DLP violation notification.

Which attack is commonly associated with C and C++ programing languages?. buffer overflow. water holing. DDoS. cross site scripting.

A company named Org.Co is upgrading it's infrastructure and wants to migrate from a legacy firewall appliance to a cloud security service that will provide 1-Threat Intelligence 2-Real-time Malware blocking 3- Protection against malicious domains 4- SSL visibility Which security solution should be used?. Cisco Cloudlock. Cisco secure cloud analytics. Cisco Secure firewall threat defense. Cisco Umbrella.

When a next-generation Endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation ? (chose two). Email integration to protect endpoints from malicious content that is located in the Email. real-time feed from global threats intelligence centers. Continues monitoring of all files that are located on connected endpoints. Signature-based endpoint protection on company endpoints. Macro-based protection to keep connected endpoints safe.

Which Cisco DNA center intent API action is used to retrieve the number of devices known to a DNA center?. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device/startingindexlrecordsToReturn. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device?parameter1=value¶meter2?value&... GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-devicelcount.

An organization is using DNS services for their network and to help improve the security of the DNS infrastructure. Which action accomplishes this task ?. Modify the Cisco Umbrella configuration to pass the queries only yo non-DNSSEC capable zones. Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional. Use DNSSEC between the Endpoints and Cisco Umbrella DNS servers. Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.

Which solution combines a Cisco IOS and IOS XE components to enable administrators and recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools , and prioritize application traffic?. Cisco Application Visibility and Control. Cisco Model Driven Telemetry. Cisco Security Intelligence. Cisco DNA center.

Which two capabilities does and MDM provide? (choose two). Unified management of mobile devices , Macs , and PCs from a centralized dashboard. manual identification and classification of client devices. delivery of network malware reports to an inbox in a schedule. Unified management of Android and Apple devices from a centralized dashboard. enforcement of device security policies from centralized dashboard.

A network administrator is setting a Cisco FMC to send logs to Cisco security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants to limit the strain on the firewall resources. Which method must the administrator used to send these logs to Cisco Security Analytics and Logging?. Direct connection using SNMP traps. SFTP using FMC CLI. HTTP POST using the Security Analytics FMC plugin. syslog using the Secure Event Connector.

What are two facts about Cisco Secure Web Appliance HTTP proxy configuration with a PAC file? (choose two). The PAC file, which references the proxy, is deployed to the client web browser. it is defined as an Explicit proxy deployment. In a Dual-Nic configuration, the PAC file directs traffic through the two NICs to the proxy. It is defined as a bridged proxy deployment. It is defined as a transparent proxy deployment.

What is a capability of cross-site scripting?. supplies valid credentials by hijacking DNS queries sent by the user device. steals cookies used to obtain access as an authenticated user to a clous service. exploit vulnerable applications for attackers to pass commands to a database. intercepts traffic to take over a connection to a cloud-based service.

Which suspicious pattern enables the Cisco Secure Workload platform to learn the normal behavior of users ?. privilege escaltion. interesting file access. file access from a different user. user login suspicious behavior.

What is a benefit of multifactor authentication?. enables multiple ways to authenticate. enables the use of single sign-on. reduces the risk of a data breach. reduces the need to change passwords.

Which Cisco Secure Endpoint for Email Security capability protects users from phishing attacks?. automatic training based on user behavior. discovery of threats concealed in attachments. encryption of email messages. use of data loss prevention rules.

What is a capability of Cisco Secure Email Gateway compared to Cisco Secure Email Cloud Gateway?. Secure Email Gateway is an add-on for an email server, and Secure Email Cloud Gateway is a cloud-based solution. Secure Email Cloud Gateway is hosted by Cisco using managed services, and Secure Email Gateway is hosted on-premises. Secure Email Gateway is hosted by Cisco by using a local agent deployed onsite, and Secure Email Cloud Gateway is a software as a service. Secure Email Cloud Gateway is an add-on for a web browser, and Secure Email Gateway requires that a server be deployed on-premises.

How do the features of DMVPN compare to IPsec VPN?. DMVPN supports multiple vendors, and IPsec VPN only supports Cisco products. DMVPN uses hub-and-spoke topology, and IPsec VPN uses on-demand spoke topology. DMVPN supports non-IP protocols, and IPsec VPN only supports IP protocols. DMVPN supports high availability routing, and IPsec VPN supports stateless failover.

Which type of attack does multifactor authentication help protect against?. SQL injection. brute force. cross-site scripting. man-in-the-middle.

What is a difference between weak passwords and missing encryption?. Weak passwords cause programs to crash, and missing encryption sends data to a memory location. Weak passwords allow programs to be renamed, and missing encryption hides exe extensions. Weak passwords consume bandwidth, and missing encryption allows user information to be hijacked. Weak passwords are guessed easily, and missing encryption allows information to be decrypted.

An engineer is configuring a new destination list for Cisco Umbrella. The destination list is in Microsoft Excel format and contains many domains. Which two actions must be taken to ensure a successful implementation? (Choose two.). Keep one domain per line. Use a semicolon instead of a comma. Convert the Microsoft Excel file to .TXT. Convert the Excel file into XML format. Limit each file to 50 domains.

An engineer is configuring cloud logging on Cisco ASA and needs events to compress. Which component must be configured to accomplish this goal?. Cisco analytics. SDC event viewer. SWC service. SDC VM.

Which two fields are defined in the NetFlow flow? (Choose two). class of service bits. type of service byte. destination port. Layer 4 protocol type. output logical interface.

An engineer is configuring Cisco WSA and needs to ensure end clients are protected against DNS spoofing attacks. Which Deployment method accomplishes this goal?. explicit forward. transparent mode. Web Cache Communication Protocol. single-context mode.

Which threat intelligence standard contains malware hashes?. open command and control. advanced persistent threat. trusted automated exchange of indicator information. structured threat information expression.

What is a benefit of using Cisco FMC over Cisco ASDM?. cisco FMC supports all firewar products whereas Cisco ASDM only supports Cisco ASA devices. Cisco FMC provides centralized management while Cisco ASDM does not. Cisco FMC uses Java while Cisco ASDM uses HTML5. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

What are two security benefits of an MDM deployment? (Choose two). on-device content management. privacy control checks. distributed software upgrade. distributed dashboard. robust security policy enforcement.

An engineer is configuring DHCP snooping on a Cisco switch and wants to ensure that a DHCP packet will be dropped. Under which condition will this occur?. All packets are dropped until the administrator manually enters the approved servers into the DHCP snooping database. A DHCP relay agent forwards a DHCP packet that includes a relay-agent IP address that is 0.0.0.0. A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware does not match. A packet from a DHCP server is received from inside the network or firewall.

Which Cisco firewall solution supports configuration via Cisco Policy Lenguage. NGIPS. NGFW. CBAC. ZFW.

Under which two circumstances is a CoA issued? (Choose two). A new identity Source Sequence is created and referenced in the authentication policy. A new authentication rule was added to the policy on the Policy Service node. An endpoint is profiled for the first time. A new identity Service Engine server is added to the deployment with the Administration persona. And endpoint is deleted on the Identity Service Engine server.

Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials; however, printers and video cameras cannot. Based on the interface configuration provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls?. Change the default policy in Cisco ISE to allow all devices not using machine authentication. Add mab to the interface configuration. Enable insecure protocols within Cisco ISE in the allowed protocols configuration. Configure authentication event fail retry 2 action authorize vlan 41 on the interface.

Which Cisco security solution stops exfiltration using HTTPS?. Cisco CTA. Cisco ASA. Cisco FTD. Cisco AnyConnect.

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two). Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval. Ensure that interfaces are configured with the error-disable detection and recovery feature. Enable the snmp-server enable traps command and wait 300 seconds. Use EEM to have the ports retum to service automatically in less than 300 seconds. Enter the shutdown and no shutdown commands on the interfaces.

An engineer is securing access to the data served by a cloud-based app. The data must be protected from being modified in transit. These security measures were implemented: 1. Governance with role-based access control based on the principle of least privilege 2. TLS 1.3 with signed certificates 3. AES-256 with MD5 What must be configured to complete the implementation that secures the data?. SSLv3 instead of MD5. DES instead of TLS 1.3. SHA-512 instead of MD5. 3DES instead of AES.

An engineer must implement a solution with these requirements: 1. cloud-delivered solution 2. SaaS-based solution 3. provide visibility and threat detection across a cloud network 4. deployed without software agents and rely on flow logs Which product must be used?. Cisco Secure Cloud Analytics. Cisco Umbrella. Cisco Cloudlock. Cisco NetFlow Collector.

What is difference between FlexVPN and DMVPN?. FlexVPN supports hub-and-spoke topology, and DMVPN supports various topologies. FlexVPN uses NHRP for registration and resolution, and DMVPN uses NHRP only for resolution. FlexVPN uses IKEv1 for VPN configuration, and DMVPN uses IKEv2. FlexVPN uses static and dynamic point-to-point interfaces, and DMVPN uses a single mGRE interface.

A network engineer must enable security on Layer 2 for the corporate switches. The management wants to drop DHCP traffic from unauthorized servers. Which configuration must be applied to meet the requirement for VLAN 2?. ip dhcp snooping trust vian 2. ip dhcp snooping vlan 2. ip dhep snooping information option vlan 2. ip dhep relay information trusted vlan 2.

A network engineer must configure IPsec tunnel on a Cisco router. The engineer already configured crypto access lists and transform sets. Which action completes the configuration?. Configure IPsec tunnel mode. Configure preshared keys. Specify the Diffie-Hellman group identifier. Create IKE policies.

The engineer must configure Cisco Umbrella to block all peer-to-peer file sharing applications except for BitTorrent. Which set of actions must the engineer take to meet the requirement?. Create an application policy in the peer-to-peer category and add BitTorrent as an exception. Assign the policy to the relevant network identities. Implement an application policy in the file sharing category. Add BitTorrent as an exception and assign the policy to the relevant network identities. Configure an application policy in the file sharing category. Add BitTorrent as an exception and enable logging for all the peer-to-peer applications. Set up an application policy in the peer-to-peer file sharing category and block all applications except BitTorrent.

Which action should the security team take after receiving an alert about the malicious file downloaded from an untrusted domain?. Immediately format the user's hard drive. Notify the user to continue using the software with caution. Investigate the reputation of the untrusted domain. Submit the file for sandboxing.

A network administrator must redirect subscriber traffic from Cisco IOS Intelligent Service Architecture using Layer 4 redirection on the FastEthernet0/0.505 interface. The administrator enables privileged EXEC mode, enters global configuration mode, and specifies the desired interface. Which action must the engineer take next meet the requirement?. Create service policy map. Define the server group for traffic redirection. Enable Intelligent Service Architecture IP subscriber configuration mode. Create an Intelligent Service Architecture IP interface session.

A network engineer is configuring SNMPv3 on a new Cisco router. The SNMPv3 users were created, but the users do not have access to the SNMP views. Which action the engineer take to allow access?. specify the UDP port used by SNMP. set the password to be used for SNMPV3 authentication. define the encryption algorithm to be used by SNMPv3. map SNMPv3 users to SNMP views.

Which two authentication schemes does Active Directory use for transparent user identification on the Cisco WSA? (Choose two). SAML. LDAP. NTLM. RADIUS. Kerberos.

Which benefit does DMVPN provide over GETVPN. DMVPN supports non-IP protocols, and GETVPN supports only IP protocols. DMVPN can be used over the public internet, and GET VPN requires a private network. DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS. DMVPN is a tunnel-less VPN, and GET VPN is tunnel-based.

An organization wants to secure data in a cloud environment Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?. virtual LAN. access control policy. microsegmentation. virtual routing and forwarding.

Which two key and block sizes are valid for AES? (Choose two). 128-bit block size, 256-bit key length. 128-bit block size, 192-bit key length. 64-bt block size,112-bit key length. 192-bit block size,256-bit key length. 64-bit block size, 168-bit key length.

An engineer must deploy a network security management solution to provide the operations team with a unified view of the security environment. The company operates a hybrid cloud with an element of on-premises hosting for critical applications and data. The operations team requires a single solution that will be used to manage and configure: 1. Firewalls 2. IPS 3. Application control 4. URL filtering 5. Advance malware protection Which Cisco solution must be deployed?. Adaptive Security Device Manager. Next-Generation Firewall. Secure Firewall Threat Defense. Secure Firewall Management Center.

Which technology will an engineer recommend to improve security during data transmission fro the internal accounting application using URL http://internalaccount.com?. configure endpoint antivirus scanning. enable port security on switches. implement DoD key management. implement X.509 certificates.

A networkg engineer must configure an access control policy on top of an existing policy in a Cisco Secure firewall Threat Defense. The policy must contain IP addresses and port values without needing deepet inspection. Which tye of policy must be created?. access control. SSL. identity. prefilter.

A network engineer must monitor the logs from multiple Cisco routers by using a syslog to forward the logs to a syslog server. TLS must be used when transmitting the logs. The engineer configures the TLS trustpoint and the details for the remote syslog server. What must the engineer configure next on the Cisco router to meet the requirement?. Configure the routers' logging severity. Map the IP address and hostname of the remote syslog server. Verify the details of the Certificate Authority certificate. Add TLS on port 6514 associated with the IP address of the syslog server.

what are two components of Cisco Umbrella? (Choose two). real-time algorithm monitoring. secure web gateway. Web Application Firewall. zero-trust policies. DNS-layer security.

An organization needs a cloud solution that meets these requirements: 1. must be provisioned for exclusive use 2. must be owned and managed by a third party partner 3. partner organization must be able to leverage the cloud solution Which cloud model must be used?. public cloud. community cloud. private cloud. hybrid cloud.

Which RADIUS Change of Authorization action is configurable in Cisco ISE after the initial authentication. initiate a firewall rule update. initiate a VPN session. reset the network adapter. bounce port.

Which AWS platform does Cisco Container Platform integrates with for cluster provisioning on-premises and on the cloud through a single management user interface?. Amazon EKS. Amazon IAM. Amazon K8s Client. Amazon STS.

How many iterations do meet-in-the-middle attacks require when using 3DES keying option?. 2*56. 2^2*56. 2^2*64. 2*64.

What is the difference betwee out-of-band SQL injection attacks and blind SQL injection attacks?. Out-of-band SQL injection attacks use a different channel to inject the SQL code and retrieve data and blind SQL injection attacks only inject the code. Out-of-band SQL injection attacks rely on error messages from a database serve pausing before sending the results. Out-of-band SQL injection attacks use an application to dump retrieved data, and blind SQL injection attacks observe an application's behavior to reconstruct the database structure. Out-of-band SQL injection attacks use the same channel to inject the SQL code and retrieve data, and blind SQL injection attacks use a different channel.

What is the intent of DevSecOps?. to get developers to participate in the operation of security solutions. to have security engineers maintain the continuous integration/continuous delivery pipeline. to build security into the continous delivery part of the DevOps process. to get security engineers to participate in the development cycle.

What does an IPS use to receive network traffic without modifying the traffic?. port pair. transparent mode. bridge mode. SPAN port.

A security team receives a notification about the abnormal activity initiating unidentified connections to external domains using malicious file execution from an external USB drive. Which action must the security team perform next?. Analyze network traffic of affected workstation. Disconnect the infected host from the network. Remove the USB drive and continue using the workstation. Restart the workstation to clear any temporary malware processes.

Refer to the exhibit. An engineer must configure a switch to capture traffic from interfaces Eth1/1 and Eth1/2 and then send the traffic to interface Eth/3 for further analysis. Which interface must be configured before running the switchport monitor command?. Eth1/2. Eth1/3. Eth1/1. source VSANs.

Refer to the exhibit. An engineer must configure a Cisco switch to sync with an NTP server at IP address 192.168.10.10. The athentication key must be Cisco 123! Which command completes the configuration?. Switch(config)#ntp server 192.168.10.10 password Cisco123!. Switch(config)#ntp server 192.168.10.10 key 10. Switch(config)#ntp server 192 168.10.10 enable secret Cisco123!. Switch(config)#ntp server authentication-key 10 server 192.168.10.10.

What is the benefit of an endpoint patch management strategy?. Fewer staff is required to manage the endpoints. Patches do not need to be tested before being deployed. Endpoint lifecycle management costs are lower. Patching deployment is fully automated.

An engineer is configuring syslog messages from Cisco Secure Firewall Management Center and must now set the appropriate severity level. Where is the Syslog Severity Level set in Cisco Secure Firewall Management Center?. Logging Settings under Access Control section. Syslog Settings under Platform Settings. Syslog Alerting under Advance Settings. Configuration Settings under System.

Which type of attack uses malicious code to interact with a backend database and manipulate date?. cross-site scripting. man-in-the-middle. phishing. SQL Injection.

A network engineer must add a device to the Cisco SD-Access fabric and assign an access point to the device using the Cisco Catalyst Center API. Which two endpoint and method pairs are needed to make the API calls? (Choose two). POST /dna/intent/api/v1/network-device/file. POST /dna/intent/api/v1/business/sda/hostonboarding/user-device. POST /dna/intent/api/v1/business/sda/hostonboarding/access-point. POST /dna/intent/api/v1/wireless/floormap. POST /dna/intent/api/v1/business/sda/edge-device.

A network engineer must configure a Cisco Router to use RADIUS server for AAA. The engineer establishes a network connection between the router and the RADIUS server and configures secret keys. Wht must the engineer configure next to meet the requirement?. AAA attributes. RADIUS server monitoring. transmission retry count. RADIUS server groups.

What is the primary function of northbound APIs in a SDN environment. communication between the data plane and the control plane. communication within network devices. communication between the SDN controller and the application plane. secure data communication across the network.

What is a capability of a Cisco Secure IPS?. endpoint isolation. internal network segmentation. retrospective file analysis. elastic search.

A security engineer must create a policy based on the reputation veredict of a file from a Cisco Secure Email Gateway. The file with an undetermined veredict must be dropped. Which action must the security engineer take to meet the requirement?. Configure threshold settings for files with no score to be allowed. Create a policy to send a file to quarantine. Set up a policy to automatically drop files with no reputation. Implement a policy to disable file analysis.

What is a capability of Cisco Umbrella?. cloud-based multifactor authentication. Secure Web Gateway. on-premises DNS security. on-premises IDS and IPS.

Which type of protection ecrypts RSA keys when they are exported and imported?. passphrase. nonexportable. NGE. file.

What is a traffic flow capability of an out-of-band deployed Intrusion Detection System?. quality of service-based shaping. blacking. blocking and monitoring. monitoring.

An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action action meets this configuration requirement?. Identify the network IPs and place them in a blocked list. Modify the advanced custom detection list to include these files. Create an application control blocked application list. Add a list for simple custom detection.

A website administrator wants to prevent SQL injection attacks against the company's cusotmer database, which is referenced by the web server. Which two methods help prevent SQL injection attacks? (Choose two). performing input validation. using SSL certificates. enforcing TLS 1.3 only. using load balancers with NAT. using web application firewalls.

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?. ESP. IKEv1. IKEv2. AH.

How does Cisco AMP for Endpoints provide next-generation protection?. It integrates with Cisco FTD devices. It encrypts data on user endpoints to protect against ransomware. It leverages an endpoint protection platform and endpoint detection and response. It utilizes Cisco pxGrid, which allows AMP for Endpoints to pull threat feeds from threat intelligence centers.

Refer to the exhibit. When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZ_inside zone once the configuration is deployed?. No traffic will be allowed through to the DMZ_inside zone unless it's already trusted. No traffic will be allowed through to the DMZ_inside zone regardless of if it's trusted or not. All traffic from any zone will be allowed to the DMZ_inside zone only after inspection. All traffic from any zone to the DMZ_Inside will be permitted with no further inspection.

Which solution detects threats across a private network, public clouds, and encrypted traffic?. Cisco Umbrella. Cisco Encrypted Traffic Analytics. Cisco Secure Network Analytics. Cisco CTA.

Which posture assesment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?. mandatory. optional. visibility. audit.

A hacket initiated a social engineering attack and stol username and passwords of some users within a company. Which product should be used as a solution to this problem?. Cisco Secure Endpoint. Cisco Duo. Cisco NGFW. Cisco Secure Client.

Which security category does Cisco Umbrella block to secure a network against websites that appear to be malicious and have a low confidence level?. Potentially Harmful Domains. Malware. Dynamic DNS. Newly Seen Domains.

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?. cross-site request forgery. denial-of-service. SQL Injection. man-in-the-middle.

Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?. east-west. north-south. outbound. inbound.

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?. Endpoint Compliance Scanner. Cisco Secure Endpoint. Security Posture Assessment Service. Cisco Endpoint Security Analytics.

Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?. displays client ID. HTTP authentication. HTTP authorization. imports requests.

How does Cisco Advance Phishing Protection protect users?. It utilizes sensors that send messages securely. It determines which identities are perceived by the sender. It validates the sender by using DKIM. It uses machine learning and real-time behavior analytics.

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?. Secure Web Appliance. Cisco ISE. Security Manager. Cloudlock.

What must be used to share data between multiple security products?. Cisco Rapid Threat Containment. Cisco Platform Exchange Grid. Cisco Stealthwatch Cloud. Cisco Advanced Malware Protection.

Which compliance status is shown when a configured posture policy requirement is not met?. Noncompliant. Compliant. Authonzed. Unknown.

In which cloud services model is the tenant responsible for virtual machine OS patching?. IaaS. UCaas. SaaS. PaaS.

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed>. cross-site scripting. distributed denial of service. rootkit exploit. smurf.

Which VPN technology can support a multivendor environment and secure traffic between sites?. FlexVPN. DMVPN. GET VPN. SSL VPN.

Which Information is required when adding a device to Firepower Management Center?. registration key. username and password. encryption method. device serial number.

What is the purpose of Structured Threat Information eXpression cyber threat intelligence industry standard?. threat intelligence sharing organization. language used to represent security information. public collection of threat intelligence feeds. service used to exchange security information.

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?. indication of compromise. elastic search. file trajectory. retrospective detection.

Which technology enables integration between Cisco ISE and other platforms to gather and share network and vulnerability data and SIEM and location information?. Cisco Talos. NetFlow. pxGrid. SNMP.

Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?. Splunk. SNMP. InfluxDB. Grafana.

What is a characteristic of an EDR solution and not of an EPP solution?. retrospesctive analysis. performs signature-based detection. stops all ransomware attacks. decrypts SSL traffic for better visibility.

And administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?. Network Discovery. Packet Tracer. NetFlow. Access Control.

For which two conditions is an endpoint checked using ISE posture assessment (Choose two). default browser. Windows service. computer identity. Windows firewall. user identity.

A security team using Cisco Rapid Threat Containment, Cisco Secure Network Analytics, and Cisco ISE. A threat is detected with malware-infected 802.1X authenticated endpoint that places the endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which two telemetry data were correlated with Cisco Secure Network Analytics to identify the malware? (Choose two). Events. RADIUS. DHCP. NetFlow. SNMP.

Refer to the exhibit. Which task is the Python script performing by using the Cisco Secure Firewall Management Center REST API?. logging a new network object. changing the type of an existing network object. assigning an IP address to an existing network object. creating a new network project.

Refer to the exhibit. An engineer must configure a Cisco switch to communicate with an SNMP server at IP address 10.10.10.10 by using SNMPv3. The username must be test123, and the password must be Cisco123!. Which two commands complete the configuration? (Choose two). Switch(config)#snmp-server user test123 authgroup v3 auth md5 Cisco123!. Switch(config)#snmp-server username test123 enable secret Cisco123!. Switch(config)#snmp-server username test123 auth md5 Cisco123! version 3. Switch(config)#snmp-server user test123 authgroup remote 10.10.10.10 v3 auth md5 Cisco123!. Switch(config)#snmp-server user test123 remote snmp v3 server 10.10.10.10 password Cisco123!.

Which mode must be used in Cisco Secure Firewall Threat Defense to receive network traffic withou modifying the traffic?. tap. passive. transparent. routed.

What must be used to detect malicious activity by leveraging global threat intelligence and correlating known attack patterns and malware behaviors with local threats by using machine learning?. Cisco Secure Firewall. Cisco Endpoint Security. Cisco Cognitive Threat Analytics. Cisco Stealthwatch.

An engineer must configure a Cisco Secure Web Appliance to receive redirected FTP traffic for a company. The company requires that the core Cisco network switch be configured to send the traffic to the Secure Web Appliance to proxy requests and increase visibility without impacting users. What must be configured on the Secure Web Appliance and on the Cisco network switch?. Use PAC keys to allow only the required network switches to send the traffic to the Secure Web Appliance. Configure transparent traffic redirection by using WCCP on the Secure Web Appliance and the network switch. Use the Layer 3 settings on the Secure Web Appliance and the network switch to receive explicit forward requests from the switch. Configure active traffic redirection by using WPAD on the Secure Web Appliance and the network switch.

A security engineer observes that an employee logged in at 8:00 AM from United Kingdom, and then logged in again from United States at 8:30 AM on the same day. The security engineer verifies that the distance between the locations is more than 1,000 miles. The engineer confirms that the employee is using a direct connection and has remained in the same country. What must be added to Cisco Cloud Lock security policy to block these types of requests and notify the security team?. Activate IP filtering and permit all the potential IP addresses used by the employee. Activate velocity monitoring and specify the maximum velocity and distance. Include the country of the second login in the list of risky countries library. Implement a predefined policy based on location.

What is a benefit of an endpoint patch management strategy?. Productivity Increases. Patches need less testing time. It enables endpoint real time threat intelligence. Patches can be deployed without testing.

Refer to the exhibit. A network engineer is implementing a new security solution and is configuring the existing infraestructure for device management. The engineer must retrieve information from a Cisco router about the traffic gathered between devices that use CDP from a specified node. Which Cisco IOS command must be used?. show traffic. cdp traffic. show cdp traffic. show cdp all traffic.

Refer to the exhibit. What does the access control rule that the Python script created by using the Cisco Secure Firewall Management Center REST API do?. blocks connections from internal hosts with a malware detection policy. monitors connections from internal hosts with a malware detection policy. blocks connections from extemal hosts with a malware detection policy. monitors connections from external hosts with a malware detection policy.

What is a difference between Cisco Group Encrypted Transport VPN and Cisco FlexVPN?. Cisco Group Encrypted Transport VPN establishes group-based security associations, and FlexVPN establishes point-to-point security associations. Cisco Group Encrypted Transport VPN is a tunnel-based VPN, and FlexVPN is a tunnel-less VPN. Cisco Group Encrypted Transport VPN supports IKEv2, and FlexVPN supports IKEv1. Cisco Group Encrypted Transport VPN is used with site-to-site and remote access deployments, and FlexVPN is used for site-to-site deployments.

What are two benefits of micro-segmentation? (Choose two). provides near real-time on-premises threat prevention. defense against an advanced persistent threat. provides more security than traditional firewalls. cloud workload protection. smaller apps that are easy to maintain.

What is a characteristic of a man-in-the-middel attack?. sends an overwhelming amount of traffic to render a target unavailable. hides malicious activities and maintains root-level access on a host. gains the permissions for the scripts from a targeted website. intercepts and manipulates communicated data.

An engineer must implement Cisco Umbrella in a customer's corporate network for the first time. The engineer must configure the deployment to process traffic from a specific set of users to a destintion list on a virtual cloud-based browser. What configuration aaction must be performed on the ruleset?. Warn. Block. Allow. Isolate.

What is Cisco Talos Intelligence?. part of the Cisco Smart Business Architecture. security threat intelligence application. security threat intelligence organization. part of Security Information and Event Management.

What is required when deploying Cisco Secure Firewall Next-Generation IDS in passive mode?. port in Listening mode. port in Learning mode. router trunk port. switch mirror port.

An engineer must deploy 802.1X to a network device. MAB requests must be filtered. Which RADIUS attribute must be configured to filter the MAB requests?. 3. 33. 6. 5.

A manufacturing company must establish a cloud-based infraestructure to handle compute and storage for IoT devices in its plant. The company is concerned about latency and security because it makes ASIC chips that are classified. Which cloud model must be used?. community. public. private. hybrid.

An engineer must configure 802.1X on a network device. A downloadable access control list must be applied to each port. The downloadable access control list operates on the RADIUS server already and the network device has a functional 802.1X configuration. Which command must be run on the switch to apply a downloadable access control list to each port?. aaa authorization network default group radius. radius-server vsa send accounting. radius-server vsa send authentication. aaa authorization exec default group radius.

An engineer must deploy a security solution to protect on-premises devices. The solution must be able to block an alert against threats and vulnerabilities by analyzing their digital signature. What must be implemented to meet the requirement?. anomaly-based antivirus. IDS. behavior-based antivirus. IPS.

An analyst is alerted for a malicious file. The analyst determined that an internal workastation is communicating over port 80 with an external server and the file hash is associated with known malware. Which attack technique corresponds to the analysis?. Command and Control communication. Data Exfiltration via Encrypted Tunnel. Privilege Escalation through Local Exploit. Man-in-the-Middle Attack.

How does network telemetry contribute to network security in Cisco Security solutions?. by proactively identifying threats through network understanding. by minimizing the need for a dedicated security team. by eliminating the need for manual testing procedures. by accelerating the software development process.

Refer to the exhibit. A network engineer must implement a new multidevice management solution and must retrieve information about all the Cisco devices that are directly attached to a Cisco IOS router. Which IOS command must the engineer use to display detailed information about the attached devices?. show cdp. show neighbors. show cdp neighbors. cdp neighbors.

Refer to the exhibit. A network engineer must update the SNMPv3 user configuration on a Cisco IOS router located at the network perimeter. Which IOS command must be used to retrieve the current SNMPv3 configuration?. show snmp user status. show snmp engineid. show snmp user user1. show snmp group group1.

Which Cisco Secure Endpoint feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?. endpoint isolation. advanced investigation. advanced search. retrospective security.

What is a feature of container orchestration?. ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane. ability to deploy Kubernetes clusters in air-gapped sites. automated daily updates. ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane.

A network engineer must configure Cisco ESA to prompt users to enter two forms of information before gaining access. The Cisco ESA must also join a cluster machine using preshared keys. What must be configured to meet these requirements?. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI.

When a site-to-site VPN is configured in Cisco FMC, which topology is supported when crypto ACLs are used intead of protected networks to define interesting traffic?. DMVPN. poitn-to-point. hub-and-spoke. full mesh.

What is provided by the Secure Hash Algorithm in a VPN?. encryption. integrity. authentication. key exchange.

An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Services or Infrastructre as a Service for this environment?. Platform as a Service because the customer manages the operating system. Infrastructure as a Service because the customer manages the operating system. Platform as a Service because the service provider manages the operating system. Infrastructure as a Service because the service provider manages the operating system.

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?. to ensure that assets are secure from malicious links on and off the corporate network. to enforce posture compliance and mandatory software. to establish secure VPN connectivity to the corporate network. to protect the endpoint against malicious file transfers.

Which cloud service offering allows customer to access a web-application that is being hosted, managed and maintained by a cloud service provider?. PaaS. SaaS. IaC. IaaS.

What does Cisco ISE use to collect endpoint attributes that are used in profiling?. Cisco AnyConnect Secure Mobility Client. posture assessment. probes. Cisco pxGrid.

Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?. Dynamic ARP Inspection. multifactor authentication. fingerprinting. RADIUS-based PEAP.

Which attack is preventable by Cisco Secure Email Gateway but not by the Cisco Secure Web Appliance?. SQL injection. buffer overflow. phishing. DoS.

Which Cisco security solution gives the most complete view of the relationships and evolution of internet domains IPs and files and helps to pinpoint attackers infrastructures and predict future threat?. Cisco Umbrella investigate. Cisco pxGrid. Cisco Secure Network Analytics. Cisco Secure Cloud Analytics.

Refer to the exhibit. An engineer must configure a port to use web authentication as a fallback method if a client fails to support 802.1X authetication. The RADIUS server is configured already. Which additional configuration is required?. authentication dot1x webauth. authentication fallback dot1x webauth. authentic ation order mab webauth. authentication order dot1x webauth.

Which two Cisco Umbrella security categories are used to prevent command-and-control callbacks on port 53 and protect users from bein tricked into providing confidential information? (Choose two). Phishing Attacks. DNS Tunneling VPN. Dynamic DNS. Potentially Harmful Domains. Newly Seen Domains.

A network engineer must configure the AAA authentication proxy service of the Cisco IOS router. The engineer enables AAA commands and configures TACACS+ server on the router. What must the engineer configure to mee the requirement?. Define the list of login authentication methods. Enforce AAA authentication on terminal lines. Activate authentication proxy accounting. Enable an authorization proxy for AAA.

A network administrator must configure SaaS access control on a Cisco Secure Web Appliance. The administrator configures the Secure Web Appliance as an identity provider and creates an authentication policy for the SaaS application. The application allows users to authenticate once and gives them access to various cloud applications. What must the administrator configure next to meet the requirement?. Enable multifactor authentication. Configure single sign-on for the SaaS application. Apply an authentication-based policy. Configure transparent user identification.

A company discovered an attack propagating through their network via a file. A custom file detection policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the policy created is functioning as it should?. Upload the hash for the file into the policy. Block the application that the file was using to open,. Send the file to Cisco Secure Malware Analytics for dynamic analysis. Create an IP block list for the website from which the file was downloaded.

What is a capability of the Cloud Access Security Broker feature in Cisco Umbrella?. It secures web requests by using DNSSEC. It secures web requests by using OpenDNS. It enforces web requests through a cloud-delivered firewall. It enforces security policies on cloud providers.

Which component performs the resolution between the tunnel address and mGRE address in DMVPN?. GDOI. NHRP. NBMA. NHS.

Which method is used on a Cisco IOS router to redirect traffic to the Cisco Secure Web Appliance for URL inspection?. PAC file. WCCP. WPAD. route map.

Which solution supports high availability in routed or transparent mode as well as in northbound and southbound deployments?. Cisco Secure Firewall NGFW Virtual appliance with Cisco FMC. Cisco Secure Firewall NGFW physical appliance with Cisco FMC,. Cisco FTD with Cisco ASDM. Cisco FTD with Cisco FMC.

Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the network?. pxGrid. Profiling. Posture. MAB.

Which two Cisco ISE components must be configured for BYOD? (Choose two). guest. local WebAuth. null WebAuth. dual. central WebAuth.

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements?. Cisco Cloudblock. Cisco Cloud Email Security. Cisco NGFW. Cisco Umbrella.

Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?. Group Policy. AAA Server Group. SAML Server. Method.

Refer to the exhibit. An engineer configured 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?. cisp enable. dot1x reauthentication. authentication open. dot1x pae authenticator.

What is the primary diference between and Endpoint Protection Platform and and Endpoint Detection and Response?. EPP focuses on network security, and EDR focuses on device security. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses. EDR focuses on network security, and EPP focuses on device security.

What is a capability of Cisco Talos?. correlates files with malware samples for the Cisco Secure Firewall System. provides possible security alerts for the Cisco Secure Firewall System. stores detection signatures for the Cisco Secure Firewall System. provides intrusion policies for the Cisco Secure Firewall System.

What is the purpose of joinin Cisco Secure Web Appliances to an appliance group?. All Secure Web Appliances in the group can view file analysis results. It simplifies the task of patching multiple appliances. The group supports improved redundancy. It supports cluster operations to expedite the malware analysis process.

A network security engineer must block malicious URLs from being accessed on a corporate network. The engineer installed a Cisco Secure Web Appliance and must redirect HTTP traffic to the Secure Web Appliance for filtering by using WCCP. Which action configures a traffic redirect?. Configure WCCP service groups. Configure WCCP packet redirection. Create a separate interface for inbound traffic. Create an access control list to allow inbound traffic to the Secure Web Appliance.

What is a capability of Trusted Automated eXchange of Indicator Information?. enables the secure sharing of threat intelligence. matches generic file signatures with threat varlants. provides a client-side antivirus solution. performs in-depth file sample analysis.

What is a characteristic of Trusted Automated eXchange of Indicator Information?. cyber threats posing as authorized entities. transfer protocol for cyber threat information. template for identifying harmful cyber activity. attributes that use narrative relations.

Which capability of Cisco Secure Endpoint for Email Security protects users from sophisticated phishing attacks?. continuous file analysis. automated training. email domain blocking. vulnerability analysis.

An engineer must deploy web authentication to a guest wireless network that is managed by using a Cisco wireless LAN controller. Users must have full access to the network after authentication. What must be configured in the Cisco Secure Web Appliance to enable web authentication?. web authentication. web passthrough. conditional web redirect. splash page web redirect.

What are two targets in cross-site scripting attacks? (Choose two). input. cookie. header. image. footer.

When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources?. syslog. DNS. NTP. CDP.

An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action mut be taken before granting API access in the Dropbox admin console?. Authorize Dropbox within the Platform settings in the Cloudlock portal. Send an API request to Cloudlock from Dropbox admin portal. Add Cloudlock to the Dropbox admin portal. Add Dropbox to the Cloudlock Authentication and API section in the Cloudlock portal.

Which Cisco Secure Firewall Threat Defense 4100 Series deployment and instance is used to deploy Cisco ASA software to a Cisco Secure Firewall Threat Defense appliance?. routed. multiple. integrated. container.

What is an attribute of Structured Threat Information eXpression?. proactively identifies threats. excludes traffic without inspection. shows the trajectory of a malicious file. describes cyber threat information.

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA Which Cisco ASA command must be used?. ip flow-export destination 1.1.1.1 2055. flow exporter <name>. flow-export destination inside 1.1.1.1 2055. ip flow monitor <name> input.

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?. CI/CD pipeline. orchestration. container. security.

What is the difference between a buffer overflow vulnerability and a race condition?. Buffer overflow is caused when multiple processes are all depending on the shared state, and a race condition is caused by coding errors. Buffer overflow occurs after a system performs a security control on a resource, and a race condition occurs before a system performs an action on a resource. Buffer overflow occurs when a process writes more date than the buffer holds, and a race condition occurs when an application performs multiple operations simultaneously. Buffer overflow causes complete corruption of all data on the shared state, and a race condition causes the entire system to crash.

An email containing a URL passes through the Cisco Secure Email Gateway. Content filtering is disabled for all mail policies. The sender of the mail is admin@test.com while the recipient is user1@test.com. The subject of the email is Important Document. An administrator must configure a policy to ensure that the web reputation score is evaluated before permitting the email. Which criteria must be configured to meet the requirement?. mail recipient is user1@test.com. email body contains a URL. sender matches domain test.com. subject contains Important Document.

A web hosting company must upgrade its older, unsupported on-premises servers. The company wants a cloud solution in which the provider is responsible for: 1. Server patching 2. Application maintenance 3. Data center security 4. Disaster recovery Which type of cloud meets the requirements?. hybrid. IaaS. SaaS. PaaS.

What is the purpose of the Structured Threat information expresssion?. stealing sensitive information. fast and intelligent responses. sharing of cyber threat information. cyber threat intelligence maintenance.

Which deployment approach must be used to prevent harmful traffic spreading at branch sites?. intrusion detection system at the branch. antimalware module of the firewall. intrusion prevention system at the branch. antivirus module of the firewall.

What is an advantage of FlexVPN when compared to DMVPN. FlexVPN provides one static multipoint GRE interface, and DMVPN provides static and dynamic point-to-point interfaces. FlexVPN provides NHRP for communication and DMVPN provides IPsec to announce routing information. FlexVPN provides NHRP for communication, and DMVPN provides NHRP for registration and communication. FlexVPN provides IPsec to announce routing information, and DMVPN provides NHRP for communication.

A company is planning to deploy an application to a secure cloud environment. The solution must meet these requirements: 1. A third-party must control the underlying cloud infrastructure 2. The company must control the deployed applications 3. A third-party must control networking components Which cloud service model must be used?. IaaS. SaaS. private cloud. PaaS.

A network administrator is setting up a site to site VPN from a Cisco FTD to a cloud environment. After the administrator configures the VPN on both sides, they still cannot reach the cloud environment. Which command must the administrator run on the FTD to verify that the VPN is encrypting traffic in both directions?. show crypto ipsec sa. show crypto isakmp sa. show vpn-sessiondb detail |2|. show crypto ipsec stats.

Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Tetration Implementation? (Choose two). NetFlow. ERSPAN. Cisco Secure Workload. ADC. Cisco ASA.

An organization is implementing ASA for their users. They need to ensure that authorization is verified for every command that is being entered by the netowork administrator. Which protocol must be configured in order to provide this capability?. RADIUS. EAPOL. SSH. TACACS+.

Which API method and required attribute are used to add a device into Cisco DNA Center with the native API. POST and name. lastSync Time and pid. GET and serialNumber. userSudiSerialNos and devicelnfo.

What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?. The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats. The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity. Secure Endpoint authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity. Secure Endpoint stops and tracks malicius activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

A large organization wants to deploy a security appliance in the public cloud to form a site-site VPN and link the public cloud environment to the prive cloud in the headquearters data center. Which Cisco security appliance meets these requirements?. Cisco Cloud Orchestrator. Cisco Stealthwatch Cloud. Cisco ASAv. Cisco WSAv.

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

What are two functionalities of SDN Northbound APIs? (Choose two). Northbound APIs provide programmable interface for applications to dynamically configure the network. Northbound APIs form the interface between the SDN controller and the business applications. OpenFlow is a standardized northbound API protocol,. Northbound APIs form the interface between the SDN controller and the network switches or routers. Northbound APIs use the NETCONF protocol to communicate with applications.

A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?. The hosts must run different versions of Cisco AsyncOS. The hosts must use a different datastore than the virtual appliance. The hosts must have access to the same defined network. The hosts must run Cisco AsyncOS 10.0 or greater.

What is an attribute of the DevSecOps process?. mandated security controls and check lists. development security. security scanning and theoretical vulnerabilities. isolated security team.

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?. Configure the Cisco ESA to drop the malicious emails. Configure policies to quarantine malicious emails. Configure policies to stop and reject communication. Configure the Cisco ESA to reset the TCP connection.

Which type of dashboard does Cisco DNA Center provide for complete control of the network?. distributed management. centralized management. service management. application management.

What is the benefit of installing Cisco AMP for Endpoints on a Network?. It protects endpoint systems through application control and real-time scanning. It enables behavioral analysis to be used for the endpoints. It provides flow-based visibility for the endpoints' network connections. It provides operating system patches on the endpoints for security.

What provides visibility and awareness into what is currently occuring on the network?. CMX. Cisco Prime Infrastructure. WMI. Telemetry.

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?. CoA Reauth. Port Bounce. CoA Session Query. CoA Terminate.

Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue?. The router was not rebooted after the NTP configuration updated. The key was configured in plain text. NTP authentication is not enabled. The hashing algorithm that was used was MD5, which is unsupported.

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?. intrusion policy. time synchronization. quality of service. network address translations.

What is the ideal deployment mode to use when you need to manage separate security policies for multiple customers on a Cisco ASA device?. IRB mode. multiple context mode. VRF mode. spanned cluster mode.

Which algorithm provides encryption and authentication for data plane communication?. AES-GCM. SHA-96. SHA-384. AES-256.

Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two). Seed IP. Cisco Prime Infrastructure. Cisco Cloud Director. PowerOn Auto Provisioning. CDP AutoDiscovery.

An administrator needs to configure Cisco ASA via ASDM such that the network mangeent system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two). Add an SNMP host access entry. Specily a community string. Specify the SNMP manager and UDP port. Specify an SNMP user group. Add an SNMP USM entry.

Which key feature of Cisco ZFW is unique among other Cisco IOS firewall solutions?. stateless inspection. security zones. security levels. SSL inspection.

What is a characteristic of the zero-trust security model?. User access keys are time limited for application usage. Access is granted once then persists across applications. Access for all devices must be verified. Access is distributed across multiple cloud providers.

A security engineer has recently deployes Cisco Secure Endpoint in an organization. The engineer needs to prevent an endpoint from potential unknown malware tih real-time analysis of the endpoint activities. Which feature must be configured to meet the requirement?. Orbital Advanced Search. Continous Behavioral Monitoring. Dynamic File Analysis. Cisco Application Visibility and Control.

What is offered by an EPP solution but not an EDR solution?. sandboxing. containment. detection. investigation.

Which two VPN tunneling protocols support the use of IPsec to provide data integrety, authentication, and data encryption? (Choose two). Point-to-Point Tunneling Protocol. Layer 2 Tunneling Protocol. Secure Socket Tunneling Protocol. Generic Routing Encapsulation Protocol. OpenVPN.

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectvity?. DMVPN. FlexVPN. IPsec DVTI. GET VPN.

A network administrator must create SaaS application authentication policies on a Cisco Secure Web Appliance. The administrator creates the associated identities and configures an identity provided. Which action completes the configuration?. Create an authentication realm. Select Enable Saas Single Sign-on Service. Create authentication sequences. Upload the certificate for the SaaS application.

What is a capability of the westbound API in Cisco Catalyst Center?. creates policies on multiple devices by using HTTP requests. B.enables management of Cisco devices. integrates into third-party systems, such as IPAM and ITSM. enables management of non-Cisco devices.

Which third-party vendor platform integrates with Cisco Secure Client endpoint clients to provide deep endpoint insights and telemetry data?. Cisco AMP. BURP Suite. Security Onion. Splunk.

What must be disabled on a Cisco Secure Web Appliance to ensure HTTPS traffic with a good reputation score bypasses decryption?. Decrypt for End-User Acknowledgment. Decrypt for End-User Notification. Decrypt ACL. Decrypt Policies.

What is the component of endpoint protection against social engineering attacks?. firewall. IDS. Cisco Secure Email Gateway. IPsec.

What is the advantage of a Dynamic Multipoint VPN over an IPsec VPN?. Dynamic Multipoint VPN offers secure mobile connectivity, and an IPsec VPN secures private internet communications. Dynamic Multipoint VPN supports IP multicast traffic and an IPsec VPN supports IP unicast traffic. Dynamic Multipoint VPN provides full mesh connectivity, and an IPsec VPN offers secure mobile connectivity. Dynamic Multipoint VPN offers secure communication between endpoints, and an IPsec VPN secures private internet communications.

Refer to the exhibit. A network administrator must enable the storm control service on a Cisco Catalyst switch. The service must monitor for a threshold of 50% and notify the administrator via SNMP if a storm is detected. Which command completes the configuration?. storm-control action msg-notification. storm-control action trap. storm-control action snmp. storm-control action snmp-trap.

An engineer must deploy 802.1X to a Cisco network switch. Ports must be configured to allow a host and an IP phone. Which CLI command must be run on the switch to configure 802.1X?. access session host-mode single-host. access-session host-mode mult-domain. access session host-mode mult-auth. access session host-mode mult-host.

Which platform must be used to seamlessly integrate Cisco and third-party security monitoring, network policy, and asset management platforms without using product-specific APIs. Cisco ISE. Cisco pxGrid. Cisco SecureX. Cisco Stealthwatch.

Which logs the security team must analyze, after noticing malware-infected file on an endpoint, that attempts to beacon to an external site after IPS and SIEM logs are unable to identify the file's behavior?. DNS Server. Email Server. Antivirus. DHCP Server.

What is a security capability of Cisco Umbrella?. domain-based web filtering. mobile device root detection. host-based antivirus protection. static code analysis.

Which endpoint security solution capability reduces the effectiveness of spear phishing attacks?. antivirus scanning. data loss prevention. behavioral analytics. file retrospection.

Which two methods support transparent user identification on the Cisco Secure web Appliance? (Chose two). RSA SecurID. Active Directory. RADIUS. TACACS+. LDAP.

A security engineer is configuring an access control policy rule on a Cisco Secure Email device. The engineer must block certain URLs and select the Chat and Instant Messaging catefory. Which reputation score must the engineer configure to meet the requirement?. -3. -10. -5.9. -1.

Refer to the exhibit. Which task is Python script performing by using the Cisco Secure Firewall Management Center REST API?. deleting an access control rule that blocks suspicious URLs. deleting an access control rule that monitors suspicious URLs. creating an access control rule that blocks suspicious URLs. creating an access control rule that monitors suspicious URLs.

A security engineer configures a Cisco Secure Email Gateway to ensure that quarentined email messages are virus-free before the messages are delivered. In addition, the delivery of emails from known bad senders must be denied. which two actions must be performed to meet the requirements? (Choose two). Deploy the Secure Email Gateway to the DMZ. Scan quarentined email by using antivirus signatures. Enable a message tracking service. Configure Sender Base Reputation Score on the sender group. Configure a recipient access table.

A user received an email with an attachment named Critical_Patch.exe but did not run it. Which category of the cyber kill chain describe this type of event based on the delivery of the malicious payload?. Delivery. Command and Control. Lateral Movement. Weaponization.

What is a security capability of Cisco Umbrella?. clickjacking protection. category-based web filtering. host-based antivirus protection. on-demand antivirus endpoint scans.

What is a capability of a Next-Generation Cisco Secure Firewall?. device trajectory. IPS. patch management. endpoint malware removal.

What is the difference between cross-site scripting and cross-site request forgery?. Cross-site scripting injects malicious scripts into a victim's browser and executes them, and cross-site request forgery exploits a user's authenticated session to perform unauthorized actions on a trusted website. Cross-site scripting injects malicious scripts into a victim's browser and executes them, and cross-site request forgery exploits a user's unauthenticated session to perform unauthorized actions on a trusted website. Cross-site scripting interferes with the queries that an application makes to its database, and cross-site request forgery exploits a user's authenticated session to perform unauthorized actions on a trusted website. Cross-site scripting exploits a user's authenticated session to perform unauthorized actions on a trusted website, and cross-site request forgery interferes with the queries that an application makes to its database.

Which endpoint security solution capability helps recognize sources of phishing attacks?. threat intelligence feeds. file retrospection. application security. data loss prevention.

What is a capability of EPP compared to EDR?. EDR protects against malware that has already entered the environment and EPP focuses on preventing malware from entering. EDR protects against malicious email attacks, and EPP focuses on suspicious website attacks including DoS and DDoS attempts. EPP protects against malware that has already entered the environment, and EDR focuses on protecting against botnets. EDR protects against email attacks, and EPP focuses on detecting and monitoring phishing and ransomware email attacks.

A security engineer obtains a list of malicious executables. The engineer must import the list in bulk to a custom detection rule in a Cisco Secure Endpoint. The detection rule will be used to detect potentially infected corporate Android mobile devices. If the rule matches, the executable must be stopped from executing automatically on the device. Which type of custom detection must the engineer configure?. Android custom detection. advanced custom detections. blocked applications. IP blocked lists.

A network administrator must configure a Cisco ASA firewall for Cisco ASDM access. The administrator uploads the Cisco ASDM image to the firewll and configures the ASA management interface. Which action must the administrator take next to complete the configuration?. Enable AAA. Enable HTTP access. Configure the SSH service. Run Cisco ASDM on a Windows machine.

Refer to the exhibit. An engineer must forward all web traffic sent from Client-SiteA to the monitoring server to build a baseline of expected traffic once a new Cisco Secure Web Appliance is deployed. What must be configured on the switch to meet the requirement?. WCCP. SPAN. RSPAN. ERSPAN.

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?. Cisco AMP. Cisco Secure Client. Cisco Secure Network Analytics. Cisco ISE.

What is a difference between an XSS attack and an SQL injection attack?. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them. SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

How many interfaces per bridge group does an ASA bridge group deployment support?. Up to 8. Up to 4. Up to 2. Up to 16.

What are two examples of code injection vulnerabilities? (Choose two). cross-site scripting. arbitrary command injection. XML external entity injection. SQL injection. session hijacking.

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CES addresses. Which DNS record must be modified to accomplish this task?. SPF. MX. DKIM. CNAME.

Which Cisco Firewall solution requires zone definition?. Cisco AMP. CBAC. Cisco ASA. ZBFW.

How is ICMP used as an exfiltration technique?. by flooding the destination host with unreachable packets. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host. by overwhelming a targeted host with ICMP echo-request packets. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address.

An engineer must configure an email policy to create an incident every time an outbound email that contains financial records is sent. Which Cisco Secure Email Gateway feature must be configured?. verification profile. mail flow policy. data loss prevention policy. exception table.

A security engineer deploying Cisco Secure Client on ednpoints so that remote users can access corporate resources. A Cisco router is used as VPN Concentrator and configured as Flex VPN server. VPN uses a local authentication for the IKEv2 profile. Which configuration profile to allow a succesful Secure Client connection to the router?. Configure IPsec Authentication method to EAP-Secure Client. Enable Split Tunnelling in the VPN profile. Add router IP address as trusted in the Policy. Set DNS server address to internal corporate DNS.

For Cisco IOS PKI, which two types of servers are used as a distribution point for CRLs? (Choose two). SCP. HTTP. LDAP. subordinate CA. SDP.

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an erorr. Why is the error occurring?. Client computers do not have an SSL certificate deployed from an intemnal CA server. Client computers do not have the Cisco Umbrella Root CA certificate installed. Intelligent proxy and SSL decryption is disabled in the policy. IP-Layer Enforcement is not configured.

Which two products are used to forecast capacity needs accurately in real tiime? (Choose two). Cisco AppDynamics. Cisco Tetration. Cisco Umbrella. Cisco Cloudlock. Cisco Workload Optimization Manager.

Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two). NTLMSSP. TACACS+. RADIUS. CHAP. Kerberos.

Refer to the exhibit. A network engineer wants to reduce operational costs of SNMPv3 by using trapping instead of polling. Which code snippet completes the configuration to enable authentication for SNMPv3 trapping?. snmp-server user trapuser trapgroup version 3 AuthPass. snmp-server user trapuser trapgroup version 3 auth sha AuthPass. snmp-server user trapuser trapgroup v3 auth sha AuthPass. snmp-server user trap trapgroup v3 auth sha AuthPass.

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?. Cisco Cloudlock. Cisco Umbrella. Cisco App Dynamics. Cisco AMP.

What are two components of the Cisco ISE posture service? (Choose two). client services. administration services. run-time services. deployment services. real-time services.

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two). central web auth. single sign-on. multiple factor auth. TACACS+. local web auth.

An engineer must establish and maintain the redirection of selected types of traffic flowing through a group of routers for a new deployment of Secure Web Appliance by using WCCP. The selected traffic must be redirected to a group of web-caches with the aim of optimizing resource usage and lowering response times. Which proxy mode must be configured for Secure Web Appliance to meet this requirement?. transparent. hybrid. WCCP redirect. explicit.

What is a difference between a DoS attack and a DDoS attack?. A DoS attack is where a computer is used to flood a server with UDP packets, whereas a DDoS attack is where a computer is used to flood a server with TCP packets. A DoS attack is where a computer is used to flood a server with TCP packets, whereas a DDoS attack is where a computer is used to flood a server with UDP packets. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN. A DoS attack is where a computer is used to flood a server with TCP and UDp packets, whereas a DDoS attack is where multiple systems targe a single system with a DoS attack.

Which baseline form of telemetry is recommended for network infrastructure devices?. passive taps. SNMP. NetFlow. DNS.

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities which name is used?. Common Vulnerabilities and Exposures. Common Vulnerabilities, Exploits and Threats. Common Security Exploits. Common Exploits and Vulnerabilities.

What is the goal of an endpoint patching strategy?. to test and review all patches before deploying to production systems. to ensure that lack of expertise is not a consideration in security. to ensure consistent and reliable patching for important application or devices. to maintain an accurate register of all applications and devices.

A network administrator wants to deploy a Secure Web Appliance to protect users even when they are outside of the corporate environment. The destination IP and port of all packets sent from the user devices must be that of the proxy. Which proxy method must be used to meet this requirement?. transparent. explicit. anonymity. reverse.

Which risk is created when using an internet browser to access cloud-based service?. misconfiguration of Infra, which allows unauthorized access. vulnerabilities within protocol. intermittent connection to the cloud connectors. insecure implemantation of API.

Which term describes when the Cisco Firewpower downloads threat intelligence updates from Cisco Talos?. authoring. consumption. analysis. sharing.

An engineer must add a device to a network that uses Cisco ISE as a network access control server. The new device has no supplicant available. What must be configured in Cisco ISE to connect the device to the network security?. MAB with profiling. 802.1X with profiling. 802 1X with posture assessment. MAB with posture assesment.

How does Cisco Umbrella protect clients when they operate outside of the corporate network?. by forcing DNS queries to the corporate name servers. by modifying the registry for DNS lookups. by using Active Directory group policies to enforce Umbrella DNS servers. by using the Umbrella roaming client.

On which part of the IT environment does DevSecOps focus?. application development. data center. perimeter network. wireless network.

After a malware infection, a security engineer must create a new rule by using the Cisco Secure Endpoint API to block USB storage devices on all endpoints. Which relative URL path must be used to create the rule?. /organizations/{organizationldentifier}/policies/{policyGuidy/exclusion_sets. /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}/rules. Torganizations/{organizationldentifier}/device_control/configurations. Jorganizations/{organizationldentifier}/policies/{policyGuid)/device_control_configuration.

Which Cisco product provides proactive endpoint protection and allows administrator to centrally manage the deployment?. NGFW. AMP. Secure Web Appliance. Secure Email Gateway.

An engineer must configure a new remote access VPN connection using a Cisco Secure Firewall Threat Defense device as the VPN gateway and a Cisco Secure Client as the VPN client. These configurations were performed already in the Cisco Management Interface of Cisco Secure Firewall Threat Defense: 1. Create a new remote access VPN policy using the Remote Access VPN Policy wizard 2. Update the access control policy deployed to the Cisco Secure Firewall Threat Defense 3. Configure DNS Which two actions must the engineer take next to complete the configuration? (Choose two). Add a VPN client profile. Deploy the Site-to-site VPN policy. Create an encryption key for the remote site. Add a Secure Client client profile. Deploy the remote access VPN policy.

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two). Secure the connection between the web and the app tier. Use prepared statements and parameterized queries. Check integer, float, or Boolean string parameters to ensure accurate values. Block SQL code execution in the web application database login. Write SQL code instead of using object-relational mapping libraries.

Which statement about the configuration of Cisco ASA NetFlow v9 Event Logging is true?. A flow-export event type must be defined under a policy. NSEL can be used without a collector configured. To view bandwidth usage for Net-low records, the QoS feature must be enabled. A sysopt command can be used to enable NSEL on a specific interface.

What are two benefits of using an MDM solution? (Choose two). on-device content management. remote wipe capabilities to protect information on lost or stolen devices. enhanced DNS security for endpoint devices. allows for mobile endpoints to be used for authentication methods. antimalware and antispyware functionality.

What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?. If four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt. If four failures occur in 60 seconds, the router goes quiet mode for 100 seconds. After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL 60. After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL 100.

Refer to the exhibit. What is the result of this Python script of the Cisco DNA Center API?. receives information about a switch. adds authentication to a switch. adds a switch to Cisco DNA Center. deletes a switch from Cisco DNA Center.

An engineer must configure a destination list on Cisco Umbrella. The destination list must allow request to test.domain.com and block any other URLs to .domain.com. Which configuration must be performed?. Block list: !"test".domain.com Allow List *. domain.com. Block list: domain.com Allow List *. domain.com. Block list: test.domain.com Allow List: test.domain.com Block list: .domain.com. Block list: !"test".domain.com Allow list: test.domain.com Block list: .domain.com.

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two). ARP spoofing. eavesdropping. malware. exploits. denial-of-service attacks.

Which firewall mode does a Cisco Adaptive Security Appliance use to inspect Layer 2 traffic?. routed. inline. passive. transparent.

How is an amplification DDoS attack performed?. turning small DNS queries into DNS responses that are much larger in packet size to flood the target device. sending instructions to a collection of compromised devices to launch a large-scale network attack. generating and sending the packets directly to the target device from the source of the attack to overwhelm the device. triggering a memory buffer overflow that causes a device to consume all the available recourses.

what is a difference between SQL injection and buffer overflow attacks?. SQL injection reads data from memory, and buffer overflow inserts data into memory. SQL injection requires only remote access, and buffer overflow needs local access. SQL injection targets databases, and buffer overflow targets applications. SQL injection targets websites, and buffer overflow targets software.

An organization has had some malware infections recently and the management team wants to use Cisco Secure Firewall to enforce file policies to prevent malicious files from being downloaded. The SHA-256 hash value of all files traversing the firewall must be calculated and compared to the hash values of known malware code. Which file rule action is used to block only the files that are confirmed to be malware?. Malware Cloud Lookup. Detect Files. Block Files. Block Malware.

Which Cisco command enables authentication, authorization and accounting globally so that CoA is supported on the device?. aaa server radius dynamic-author. aaa new-model. auth-type all. ip device-tracking.

Which platform uses Cyber Threat Intelligence as its main source of information?. EPP. EDR. Cisco Secure Endpoint. Cisco ASA.

Which IPsec mode must be used when encrypting data over a public network between two servers with RFC1918 IP addresses?. tunnel mode. transport mode. aggressive mode. main mode.

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?. SDN controller and the management solution. management console and the SDN controller. management console and the cloud. SDN controller and the cloud.

What is a characteristic of Cisco ASA NetFlow v9 Secure Event logging?. Its events match all traffic classes in parallel. It tracks the flow continuously and provides updates every 10 seconds. It provides stateless IP flow tracking that exports all records of a specific flow. It tracks flow-create, flow-teardown and flow-denied events.

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?. Radamsa. Fuzzing Framework. AFL. OWASP.

What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?. AMP for Endpoints prevents connections to malicious destinations, and Umbrella works at the file level to prevent the initial execution of malware,. AMP for Endpoints is a cloud-based service, and Umbrella is not. AMP for Endpoints prevents, detects and responds to attacks before damage can be done, and Umbrella provides first line of defense againts internet threats. AMP for Endpoints automatically researches indicators of compromise and confirms threats, and Umbrella does not.

Which two Cisco technologies enable transparent user identification on a Cisco Secure Web Appliance? (Choose two). Cisco Prime Infrastructure. Cisco ISE. Cisco CSM. Cisco CDA. Cisco ACS.

Refer to the exhibit. An engineer must configure a prefix list on a Cisco router to permit outgoing advertisements from network 22.100.0.0/16 to neighbor 199.10.10.10 only. Which command completes the configuration. ip prefix-list listA permit 199.10.0.0/16. ip prefix-list listA deny 199.10.0.0/16. neighbor 199.10.10.10 prefix-list listA in. neighbor 199.10.10.10 prefix-list listA out.

Refer to the exhibit. Which command results in these messages when attempting to troubleshoot an IPsec VPN connection?. debug crypto ipsec endpoint. debug crypto isakmp connection. debug crypto isakmp. debug crypto ipsec.

An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?. PBR on Cisco WSA. WCCP on switch. MDA on the router. DNS resolution on Cisco WSA.

Which Cisco Security platform is integrated into an organization's cloud environment on AWS, Google Cloud, or Azure to provide agentless visibility across the network by using advanced machine learning and behavioral analytics. Cisco ASAv. Cisco Stealwatch Cloud. Cisco ISE Cloud. Cisco AMP Cloud.

Which Cisco security solution integrates with cloud applications like Dropbox and Office 365 while protecting data from being exfiltrated?. Cisco Stealthwatch Cloud. Cisco Umbrella Investigate. Cisco Talos. Cisco Cloudlock.

Which Cisco ISE feature helps to detect missing patches and helps with remediation?. enabling probes. profiling policy. posture assessment. authentication policy.

Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations?. hybrid cloud. private cloud. public cloud. community cloud.

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest access, and the same guest portal is used as the BYOD portal?. single-SSID BYOD. multichannel GUI. dual-SSID BYOD. streamlined access.

An engineer needs to configure an access control policy rule to always send traffic for inspection without using the default action. Which action should be configured this rule?. monitor. trust. allow. block.

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing internet access?. Cisco Content Platform. Cisco Container Controller. Cisco Container Platform. Cisco Cloud Platform.

Which two tasks allow Net=low on a Cisco ASA 5500 Series firewall? (Choose two). Define a NetFlow collector by using the flow-export command. Enable NetFlow version 9. Apply NetFlow Exporter to the outside interface in the inbound direction. Create a class map to match interesting traffic. Create an ACL to allow UDP traffic on port 9996.

Which benefit does endpoint security provide to the overall security posture of an organization?. It allows the organization to detect and respond to threats at the edge of the network. It allows the organization to mitigate web-based attacks as long as the user is active in the domain. It streamlines the incident response process to automatically perform digital forensics on the endpoint. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Which statement about IOS zone-based firewall is true?. An interface can be assigned to multiple zones. An unassigned interface can communicate with assigned interfaces. Only one interface can be assigned to a zone. An interface can be assigned only to one zone.

What is a benefit of an early endpoint patching strategy?. Patches are tested extensively after deploying. Patching cycles have specific deadlines. Disruptions from patching are controllable. An attacker has less time to exploit a vulnerability.

What is the purpose of RADIUS CoA in a network access control implementation?. Change the RADIUS server credentials. Apply new TACACS+ settings. Push a new policy for authenticated users. Reinforce the policy for unauthenticated users.

Which type of APIs is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?. northbound API. eastbound API. westbound API. southbound API.

Refer to the exhibit. An engineer must configure a remote access VPN connection between a teleworker and SiteB. The engineer already performed some configurations on the Cisco Adaptive Security appliance ASA_B firewall. Which address pool must be assigned to the tunnel group to complete the configurations?. 192.168.11.0/24. 40.40.40.0/24. 30.30.30.0/24. 20.20.20.0/24.

Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?. Cisco ISE. Cisco NAC. Cisco TACACS+. Cisco Secure Web Appliance.

After a security incident, an engineer must propose a solution to secure management traffic better. The engineer must ensure that remote access is maintained in case the internet fails. Which action must be taken?. Change the local accounts to AAA. Configure an IPsec VPN. Add out-of-band access. Modify the existing ACL.

Which function is performed by certificate authorities but is a limitation of registration authorities?. CRL publishing. certificate re-enrollment. accepts enrollment requests. verifying user identity.

Which algorithm does ISAKMP use to securely derive encryption and integrity keys?. RSA. Diffie-Hellman. AES. 3DES.

Which two feature of Cisco DNA Center are used in a Software Defined Network solution? (Choose two). accounting. automation. assurance. authentication. encryption.

How is DNS tunneling used to exfiltrate data out of a corporate network?. It computes DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two). Only the IKE configuration that is set up on the active device must be duplicated on the standby device, the IPsec configuration is copied automatically. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device, the IKE configuration is copied automatically. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device. The IPsec configuration that is set up on the active device must be duplicated on the standby device.

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?. application blocking list. simple detections. advanced custom detections. device flow correlation.

Refer to the exhibit. A security engineer must collect usera1's activity from a Cisco Secure Endpoint device for an investigation. The engineer plans to use a Python script to automate the activity. Which code snippet completes the script?. request = requests.get(url, auth=(amp_client_id, amp_api_key), params ={'q':user}). request = requests.post (url, auth=(ampclient_id, amp_api_key), params=('q':user)). request = requests.get (url, auth=(amp_client_id, amp_api_key), params=['q':user_activity)). request = requests.get (url, auth=(amp client id, amp_api_key), params={'q': usera1}).

What are two advantages of using Cisco Secure Client over DMVPN? (Choose two). It enables VPN access for individual users from their machines. It allows customization of access policies based on user identity. It allows multiple sites to connect to the data center. It allows different routing protocols to work over the tunnel. It provides spoke-to-spoke communications without traversing the hub.

Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?. api/v1/onboarding/pnp-device/import. api/v1/onboarding/pnp-device. api/v1/file/config. api/v1/onboarding/workflow.

How does Cisco Workload Optimization Manager help mitigate application performance issues?. It deploys an AWS Lambda system. It optimizes a flow path. It automates resource resizing. It sets up a workload forensic score.

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation veredict duting testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined veredict. What is causing this issue?. The policy was created to send a message to quarantine instead of drop. The file has a reputation score that is above the threshold. The policy was created to disable file analysis. The file has a reputation score that is below the threshold.

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?. Use MAB with posture assessment. Use MAB with profiling. Use 802 1X with posture assessment. Use 802.1X with profiling.

Which Cisco Umbrella security category prevents attackers from exploiting UDP port 53 to send malware to a victim within a company's headquearters?. Newly Seen Domains. DNSSEG. DNS tunneling VPN. Malware.

What is the function of Cisco Cloudlock for data security?. detects anomalies. controls malicious cloud apps. data loss prevention. user and entity behavior analytics.

What are two DDoS attack categorites? (Choose two). protocol. database. volume-based. source-based. sequential.

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?. TCP 6514. UDP 1812. TCP 49. UDP 1700.

Refer to the exhibit. An engineer deploys a Cisco Secure Web Appliance using the explicit proxy deployment method. The engineer must block Client-Site from accessing www.facebook.com. Which two configurations must be created to meet the requirement? (Choose two). extended access list on the Cisco Secure Web Appliance. extended access list on the Cisco Adaptive Security Appliance firewall. policy to block the social media category. custom URL category for .facebook.com and facebook.com. block URL under URL filtering policies.

What capability of the Trusted Automated eXchange of Indicator Information standar for security intelligence?. integrates threat intelligence with Security Information and Event Management systems. enables the consumption of threats from Security Information and Event Management systems. defines which threats will be reported to Security Information and Event Management systems. manages the flow of threats through Security Information and Event Management systems.

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want this information for behavioral analytics and statistics Which two actions must be taken to implement this requirement? (Choose two). Configure Cisco StealthWatch Cloud to ingest AWS information. Configure Cisco ACI to ingest AWS information. Configure Cisco Thousand Eyes to ingest AWS information. Send VPC Flow Logs to Cisco StealthWatch Cloud. Send syslog from AWS to Cisco Stealthwatch Cloud.

Which email security feature protects users from phishing attempts?. anti-malware file scanning. reputation-based filtering. malicious signature detection. intrusion prevention.

What is Cisco Talos. public collection of threat intelligence feeds. public collection of IP address and URL reputations. threat intelligence that powers Cisco Secure products and services. service used to exchange security information between Cisco devices.

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right. provider responsible for operating system patching. customer responsible for operating system patching. customer responsible for application patching. provider responsible for application patching.

Drag and drop the VPN functions from the left onto the descriptions on the right. RSA. AES. SHA-1. ISAKMP.

Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right. Cisco AnyConnect client. ISR with CWS connector. NGFW with CWS connector. WSAv with CWS connector.

Drag and drop the common security threats from the left onto the definitions on the right. phishing. botnet. spam. worm.

Drag and drop the security solutions from the left onto the benefits they provide on the right. Full contextual awareness. NGPS. Cisco AMP for Endpoints. Collective Security Intelligence.

Drag and drop the cloud security assessment components from the left onto the definitions on the right. user entity behavior assessment. cloud data protection assessment. cloud security strategy workshop. cloud security architecture assessment.

Drag and drop the features of Cisco ASA with Cisco Firepower from the left onto the benefits on the right. Full Context Awareness. NGIPS. AMP. Collective Security Intelligence.

Drag and drop the concepts from the left onto the descriptions on the right. guest services. profiling. posture assessment. BYOD.

Drag and drop the firewall scenarios from the left onto the corresponding firewall deployment modes on the right. segregates student networks from faculty networks to improve security by using a single appliance. a few firewall engine checks are applied along with full Snort-engine checks to a copy of the actual traffic. most traditional firewall features, such as NAT. routing, and access control lists, are unavailable. provide firewall services to customers as a service provider without purchasing additional physical firewalls for each client.

Drag and drop the cloud types from the left onto the corresponding descriptions on the right. public cloud. private cloud. community cloud. hybrid cloud.

Drag and drop the posture assessment flow actions from the left into their sequence on the right. Validate user credentials. Check device compliance with security policy. Grant appropriate access with compliant device. Apply updates or take other necessary action. Permit just enough for the posture assessment.

Drag and drop the exploits from the left onto the type of security vulnerability on the right. Causes memory access errors. makes the client the target of attack. gives unauthorized access to web server files. accesses or modifies application data.

Drag and drop the capabilities from the left onto the correct technologies on the right. detection, blocking, tracking, analysis, and remediation to protect against targeted persistent malware attacks. superior threat prevention and mitigation for known and unknown threats. application-layer control and ability to enforce usage and tailor detection policies based on customo applications and URLs. combined integrated solution of strong defense and web protection, visibility, and controlling solutions.

Drag and drop the capabilities of Cisco Secure Firewall versus Cisco Secure Endpoint from the left into the appropriate category on the right. provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks. provides superior threat prevention and mitigation for known and unknown threats. provides outbreak control through custom detections. provides the root cause of a threat based on the indicators of compromise seen. provides the ability to perform network discovery. provides intrusion prevention before malware comprises the host.

Drag and drop the steps from the left into the correct order on the right to enable Cisco AppDynamics to monitor anEC2 instance in AWS. Install monitoring extension for AWS EC2. Restart the Machine Agent. Update config.yaml. Configure a Machine Agent or SIM Agent.

Drag and drop the descriptions from the left onto the encryption algorithms on the right. requires secret keys. requires more time. Diffie-Hellman exchange. 3DES.

Drag and drop the solutions from the left onto the solution's benefits on the right. Cisco Stealthwatch. Cisco ISE. Cisco TrustSec. Cisco Umbrella.

Drag and drop the NetFlow export formats from the left onto the descriptions on the right. Version 1. Version 5. Version 8. Version 9.

A network engineer must configure a RADIUS profile for user1 on a Cisco IOS router. Drag and drop the code snippets from the bottom onto the boxes in the Cisco IOS CLI command to configure the RADIUS profile. Not all options are used. Call-Framed. Callback-Framed. PPP. PPoE. preauth:send-secret=cisco. preauth:send-secret=cisco1.

Drag and drop the code snippets from the bottom onto the boxes in the Python script to configure the IP address of an interface on a Cisco IOS router by using the RESTCONF API. Not all options are used. user. PATCH. password. USER, PASS. data=payload. GET.