Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
A picture containing table Description automatically generated
Drag and drop the solutions from the left onto the solution's benefits on the right.
Cisco Stealthwatch - rapidly collects and analyzes netflow and telementy data to deliver in-depth visibility and understanding of network traffic
Cisco ISE – obtains contextual identity and profiles for all users and device
Cisco TrustSec – software defined segmentation that uses SGTs
Cisco Umbrella – secure internet gateway ion the cloud that provides a security solution
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?
ExplanationWe choose “Chat and Instant Messaging” category in “URL Category”:
To block certain URLs we need to choose URL Reputation from 6 to 10.
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
Graphical user interface Description automatically generated with low confidence
Which two preventive measures are used to control cross-site scripting? (Choose two)
What is a capability of Cisco ASA Netflow?
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current
Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory, energy and bandwidth savings and is thus better suited forsmall devices.
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?
Which function is the primary function of Cisco AMP threat Grid?
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)
Which parameter is required when configuring a Netflow exporter on a Cisco Router?
ExplanationAn example of configuring a NetFlow exporter is shown below:flow exporter Exporterdestination 192.168.100.22transport udp 2055
When Cisco and other industry organizations publish and inform users of known security findings and
vulnerabilities, which name is used?
Refer to the exhibit.
Which command was used to display this output?
An administrator is trying to determine which applications are being used in the network but does not want the
network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?
ExplanationUmbrella Roaming is a cloud-delivered security service for Cisco’s next-generation firewall. It protects your employees even when they are off the VPN.
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?
How does Cisco Stealthwatch Cloud provide security for cloud environments?
ExplanationCisco Stealthwatch Cloud: Available as an SaaS product offer to provide visibility and threat detection within public cloud infrastructures such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Which portion of the network do EPP solutions solely focus on and EDR solutions do not?
What are the two types of managed Intercloud Fabric deployment models? (Choose two)
What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?
What is the difference between deceptive phishing and spear phishing?
In deceptive phishing, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.
Spear phishing is carefully designed to get a single recipient to respond. Criminals select an individual target within an organization, using social media and other public information – and craft a fake email tailored for that person.
When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the
command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 22.214.171.124?
ExplanationThe command crypto isakmp key cisco address 126.96.36.199 authenticates the IP address of the 188.8.131.52 peer by using the key cisco. The address of “0.0.0.0” will authenticate any address with this key
Which posture assessment requirement provides options to the client for remediation and requires the
remediation within a certain timeframe?
Which IPS engine detects ARP spoofing?
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)
ExplanationStateful failover for IP Security (IPsec) enables a router to continue processing and forwarding IPsec packetsafter a planned or unplanned outage occurs. Customers employ a backup (secondary) router that automaticallytakes over the tasks of the active (primary) router if the active router loses connectivity for any reason. Thisfailover process is transparent to users and does not require adjustment or reconfiguration of any remote peer.Stateful failover for IPsec requires that your network contains two identical routers that are available to be eitherthe primary or secondary device. Both routers should be the same type of device, have the same CPU andmemory, and have either no encryption accelerator or identical encryption accelerators.Prerequisites for Stateful Failover for IPsec
What is a language format designed to exchange threat intelligence that can be transported over the TAXII
TAXII (Trusted Automated Exchange of Indicator Information) is a standard that provides a transport
Drag and drop the descriptions from the left onto the encryption algorithms on the right.
ExplanationSymmetric encryption uses a single key that needs to be shared among the people who need to receive the message while asymmetric encryption uses a pair of public key and a private key to encrypt and decrypt messages when communicating.Asymmetric encryption takes relatively more time than the symmetric encryption.Diffie Hellman algorithm is an asymmetric algorithm used to establish a shared secret for a symmetric keyalgorithm. Nowadays most of the people uses hybrid crypto system i.e, combination of symmetric andasymmetric encryption. Asymmetric Encryption is used as a technique in key exchange mechanism to share secret key and after the key is shared between sender and receiver, the communication will take place using symmetric encryption. The shared secret key will be used to encrypt the communication.Triple DES (3DES), a symmetric-key algorithm for the encryption of electronic data, is the successor of DES (Data Encryption Standard) and provides more secure encryption then DES.Note: Although “requires secret keys” option in this question is a bit unclear but it can only be assigned toSymmetric algorithm.
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?
Refer to the exhibit.
When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to
utilize an external token authentication mechanism in conjunction with AAA authentication using machine
certificates. Which configuration item must be modified to allow this?
ExplanationExplanationIn order to use AAA along with an external token authentication mechanism, set the “Method” as “Both” inthe Authentication.
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?
ExplanationExplanationThe Mail Policies menu is where almost all of the controls related to email filtering happens. All the security and content filtering policies are set here, so it’s likely that, as an ESA administrator, the pages on this menu are where you are likely to spend most of your time.
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?
Which information is required when adding a device to Firepower Management Center?
Which Cisco platform ensures that machines that connect to organizational networks have the recommended
antivirus definitions and patches to help prevent an organizational malware outbreak?
ExplanationA posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File.In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware; and we can also configure ISE to update the client with this patch.
Which type of DNS abuse exchanges data between two computers even when there is no direct connection?
Refer to the exhibit.
A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?
ExplanationThe user “admin5” was configured with privilege level 5. In order to allow configuration (enter globalconfiguration mode), we must type this command:(config)#privilege exec level 5 configure terminalWithout this command, this user cannot do any configuration.Note: Cisco IOS supports privilege levels from 0 to 15, but the privilege levels which are used by default are privilege level 1 (user EXEC) and level privilege 15 (privilege EXEC)
What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a
mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
ExplanationExplanationCoA Messages are sent on two different udp ports depending on the platform. Cisco standardizes on UDP port1700, while the actual RFC calls out using UDP port 3799.
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this
requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which
vulnerability allows the attacker to see the passwords being transmitted in clear text?
Refer to the exhibit.
Which command was used to generate this output and to show which ports are
authenticating with dot1x or mab?
An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and
operate as a cloud-native CASB. Which solution must be used for this implementation?
What is a difference between an XSS attack and an SQL injection attack?
In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.
An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being
accessed via the firewall which requires that the administrator input the bad URL categories that the
organization wants blocked into the access policy. Which solution should be used to meet this requirement?
Which attack is preventable by Cisco ESA but not by the Cisco WSA?