Which algorithm provides encryption and authentication for data plane communication?
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?
(Choose two)
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and
operate as a cloud-native CASB. Which solution must be used for this implementation?
What is the difference between Cross-site Scripting and SQL Injection, attacks?
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?
With which components does a southbound API within a software-defined network architecture communicate?
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to
network resources?
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
Drag and drop the capabilities from the left onto the correct technologies on the right.
What is the purpose of the certificate signing request when adding a new certificate for a server?
Drag and drop the VPN functions from the left onto the description on the right.
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed
devices?
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a
recipient address. Which list contains the allowed recipient addresses?
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
Which feature is supported when deploying Cisco ASAv within AWS public cloud?
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing
authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current
encryption technology?
Which two kinds of attacks are prevented by multifactor authentication? (Choose two)
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention
System? (Choose two)
What are two list types within AMP for Endpoints Outbreak Control? (Choose two)
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data
within a network perimeter?
What provides visibility and awareness into what is currently occurring on the network?
Which component of Cisco umbrella architecture increases reliability of the service?
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the
corporate network. The endpoints must have the corporate antivirus application installed and be running the
latest build of Windows 10.
What must the administrator implement to ensure that all devices are compliant before they are allowed on the
network?
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly
identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to
prevent the session during the initial TCP communication?
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?
Which type of protection encrypts RSA keys when they are exported and imported?
Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?
Refer to the exhibit.
When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine
certificates. Which configuration item must be modified to allow this?
A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish
this goal?
Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)
What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)
Which two actions does the Cisco identity Services Engine posture module provide that ensures endpoint security?(Choose two.)
Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to
the network?
Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers
and can be stopped by Cisco Umbrella?
Refer to the exhibit.
The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
Refer to the exhibit. What is the result of using this authentication protocol in the configuration?
Which solution stops unauthorized access to the system if a user's password is compromised?
Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?
Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?
Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.
When a next-generation endpoint security solution is selected for a company, what are two key
deliverables that help justify the implementation? (Choose two.)
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?
Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?
Refer to the exhibit.
What does the API key do while working with https://api.amp.cisco.com/v1/computers?
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized
solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over
to Cisco FTDs. Which solution meets the needs of the organization?
An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?
Why is it important for the organization to have an endpoint patching strategy?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.
Which DoS attack uses fragmented packets in an attempt to crash a target machine?
An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway.
The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of
certificate should be presented to the end-user to accomplish this goal?
Drag and drop the exploits from the left onto the type of security vulnerability on the right.
Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?
A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?
Drag and drop the posture assessment flow actions from the left into a sequence on the right.
Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion
events that are flagged as possible active breaches?
Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?
Based on the NIST 800-145 guide, which cloud architecture may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises?
Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is
authenticated?
Which two Cisco ISE components must be configured for BYOD? (Choose two.)
Which solution supports high availability in routed or transparent mode as well as in northbound and
southbound deployments?
Which security solution is used for posture assessment of the endpoints in a BYOD solution?
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?
Refer to the exhibit. When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block. What is the result of the configuration?
An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the
configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)
Drag and drop the threats from the left onto examples of that threat on the right
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is
deleted from an identity group?
A network administrator is configuring SNMPv3 on a new router. The users have already been created;
however, an additional configuration is needed to facilitate access to the SNMP views. What must the
administrator do to accomplish this?
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,
data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity
platform. What should be used to meet these requirements?
Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the
organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which
mechanism should the engineer configure to accomplish this goal?
When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the
command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?
An organization has two systems in their DMZ that have an unencrypted link between them for communication.
The organization does not have a defined password policy and uses several default accounts on the systems.
The application used on those systems also have not gone through stringent code reviews. Which vulnerability
would help an attacker brute force their way into the systems?
Which attack type attempts to shut down a machine or network so that users are not able to access it?
An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally
manage cloud policies across these platforms. Which software should be used to accomplish this goal?
An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?
Which public cloud provider supports the Cisco Next Generation Firewall Virtual?
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain
aware of the ongoing and most prevalent threats?
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
What is a language format designed to exchange threat intelligence that can be transported over the TAXII
protocol?
Which Cisco security solution protects remote users against phishing attacks when they are not connected to
the VPN?
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
Which functions of an SDN architecture require southbound APIs to enable communication?
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
How does Cisco Stealthwatch Cloud provide security for cloud environments?
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the
ASA be added on the Cisco UC Manager platform?
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?
(Choose two)
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an
organization? (Choose two)
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,
which allows the SOC to proactively automate responses to those threats?
Refer to the exhibit.
What is the result of this Python script of the Cisco DNA Center API?
Which technology is used to improve web traffic performance by proxy caching?
Which two behavioral patterns characterize a ping of death attack? (Choose two)
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
Which attack is commonly associated with C and C++ programming languages?
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view
of activity?
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256
cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?
Which technology must be used to implement secure VPN connectivity among company branches over a
private IP cloud with any-to-any scalable connectivity?
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the
deployment?
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the
endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?
Which SNMPv3 configuration must be used to support the strongest security possible?
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social
engineering attacks? (Choose two)
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion
Prevention System?
Which ASA deployment mode can provide separation of management on a shared appliance?
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to
use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?