March Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

350-701 Questions and Answers

Question # 6

What is a difference between DMVPN and sVTI?

A.

DMVPN supports tunnel encryption, whereas sVTI does not.

B.

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.

DMVPN provides interoperability with other vendors, whereas sVTI does not.

Full Access
Question # 7

Which algorithm provides encryption and authentication for data plane communication?

A.

AES-GCM

B.

SHA-96

C.

AES-256

D.

SHA-384

Full Access
Question # 8

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Full Access
Question # 9

What are two functions of secret key cryptography? (Choose two)

A.

key selection without integer factorization

B.

utilization of different keys for encryption and decryption

C.

utilization of large prime number iterations

D.

provides the capability to only know the key on one side

E.

utilization of less memory

Full Access
Question # 10

What are two DDoS attack categories? (Choose two)

A.

sequential

B.

protocol

C.

database

D.

volume-based

E.

screen-based

Full Access
Question # 11

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

A.

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

B.

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

C.

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

D.

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E.

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

Full Access
Question # 12

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and

operate as a cloud-native CASB. Which solution must be used for this implementation?

A.

Cisco Cloudlock

B.

Cisco Cloud Email Security

C.

Cisco Firepower Next-Generation Firewall

D.

Cisco Umbrella

Full Access
Question # 13

What is the difference between Cross-site Scripting and SQL Injection, attacks?

A.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social

engineering attack.

C.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a

database is manipulated.

D.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Full Access
Question # 14

What is an attribute of the DevSecOps process?

A.

mandated security controls and check lists

B.

security scanning and theoretical vulnerabilities

C.

development security

D.

isolated security team

Full Access
Question # 15

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A.

file access from a different user

B.

interesting file access

C.

user login suspicious behavior

D.

privilege escalation

Full Access
Question # 16

With which components does a southbound API within a software-defined network architecture communicate?

A.

controllers within the network

B.

applications

C.

appliances

D.

devices such as routers and switches

Full Access
Question # 17

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Full Access
Question # 18

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

A.

Modify an access policy

B.

Modify identification profiles

C.

Modify outbound malware scanning policies

D.

Modify web proxy settings

Full Access
Question # 19

What is a function of 3DES in reference to cryptography?

A.

It hashes files.

B.

It creates one-time use passwords.

C.

It encrypts traffic.

D.

It generates private keys.

Full Access
Question # 20

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Full Access
Question # 21

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A.

Multiple NetFlow collectors are supported

B.

Advanced NetFlow v9 templates and legacy v5 formatting are supported

C.

Secure NetFlow connections are optimized for Cisco Prime Infrastructure

D.

Flow-create events are delayed

Full Access
Question # 22

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of the

product, whereas with a cloud-based solution, the provider is responsible for it.

Full Access
Question # 23

Drag and drop the capabilities from the left onto the correct technologies on the right.

Full Access
Question # 24

What is the purpose of the certificate signing request when adding a new certificate for a server?

A.

It is the password for the certificate that is needed to install it with.

B.

It provides the server information so a certificate can be created and signed

C.

It provides the certificate client information so the server can authenticate against it when installing

D.

It is the certificate that will be loaded onto the server

Full Access
Question # 25

What features does Cisco FTDv provide over ASAv?

A.

Cisco FTDv runs on VMWare while ASAv does not

B.

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C.

Cisco FTDv runs on AWS while ASAv does not

D.

Cisco FTDv supports URL filtering while ASAv does not

Full Access
Question # 26

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

A.

buffer overflow

B.

DoS

C.

SQL injection

D.

phishing

Full Access
Question # 27

Drag and drop the VPN functions from the left onto the description on the right.

Full Access
Question # 28

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed

devices?

A.

health policy

B.

system policy

C.

correlation policy

D.

access control policy

E.

health awareness policy

Full Access
Question # 29

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a

recipient address. Which list contains the allowed recipient addresses?

A.

SAT

B.

BAT

C.

HAT

D.

RAT

Full Access
Question # 30

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A.

consumption

B.

sharing

C.

analysis

D.

authoring

Full Access
Question # 31

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A.

multiple context mode

B.

user deployment of Layer 3 networks

C.

IPv6

D.

clustering

Full Access
Question # 32

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Full Access
Question # 33

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

A.

Adaptive Network Control Policy List

B.

Context Visibility

C.

Accounting Reports

D.

RADIUS Live Logs

Full Access
Question # 34

Which API is used for Content Security?

A.

NX-OS API

B.

IOS XR API

C.

OpenVuln API

D.

AsyncOS API

Full Access
Question # 35

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

A.

Application Control

B.

Security Category Blocking

C.

Content Category Blocking

D.

File Analysis

Full Access
Question # 36

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A.

user input validation in a web page or web application

B.

Linux and Windows operating systems

C.

database

D.

web page images

Full Access
Question # 37

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current

encryption technology?

A.

3DES

B.

RSA

C.

DES

D.

AES

Full Access
Question # 38

Which two kinds of attacks are prevented by multifactor authentication? (Choose two)

A.

phishing

B.

brute force

C.

man-in-the-middle

D.

DDOS

E.

teardrop

Full Access
Question # 39

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the

IPsec configuration is copied automatically

B.

The active and standby devices can run different versions of the Cisco IOS software but must be the same

type of device.

C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

D.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;

the IKE configuration is copied automatically.

E.

The active and standby devices must run the same version of the Cisco IOS software and must be the

same type of device

Full Access
Question # 40

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

A.

RSA SecureID

B.

Internal Database

C.

Active Directory

D.

LDAP

Full Access
Question # 41

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention

System? (Choose two)

A.

packet decoder

B.

SIP

C.

modbus

D.

inline normalization

E.

SSL

Full Access
Question # 42

What are two list types within AMP for Endpoints Outbreak Control? (Choose two)

A.

blocked ports

B.

simple custom detections

C.

command and control

D.

allowed applications

E.

URL

Full Access
Question # 43

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

A.

cloud web services

B.

network AMP

C.

private cloud

D.

public cloud

Full Access
Question # 44

Refer to the exhibit.

What is a result of the configuration?

A.

Traffic from the DMZ network is redirected

B.

Traffic from the inside network is redirected

C.

All TCP traffic is redirected

D.

Traffic from the inside and DMZ networks is redirected

Full Access
Question # 45

What provides visibility and awareness into what is currently occurring on the network?

A.

CMX

B.

WMI

C.

Prime Infrastructure

D.

Telemetry

Full Access
Question # 46

Which component of Cisco umbrella architecture increases reliability of the service?

A.

Anycast IP

B.

AMP Threat grid

C.

Cisco Talos

D.

BGP route reflector

Full Access
Question # 47

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

A.

File Analysis

B.

SafeSearch

C.

SSL Decryption

D.

Destination Lists

Full Access
Question # 48

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the

corporate network. The endpoints must have the corporate antivirus application installed and be running the

latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the

network?

A.

Cisco Identity Services Engine and AnyConnect Posture module

B.

Cisco Stealthwatch and Cisco Identity Services Engine integration

C.

Cisco ASA firewall with Dynamic Access Policies configured

D.

Cisco Identity Services Engine with PxGrid services enabled

Full Access
Question # 49

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 50

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Full Access
Question # 51

How does Cisco Advanced Phishing Protection protect users?

A.

It validates the sender by using DKIM.

B.

It determines which identities are perceived by the sender

C.

It utilizes sensors that send messages securely.

D.

It uses machine learning and real-time behavior analytics.

Full Access
Question # 52

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Full Access
Question # 53

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to

prevent the session during the initial TCP communication?

A.

Configure the Cisco ESA to drop the malicious emails

B.

Configure policies to quarantine malicious emails

C.

Configure policies to stop and reject communication

D.

Configure the Cisco ESA to reset the TCP connection

Full Access
Question # 54

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A.

Configure the Cisco WSA to modify policies based on the traffic seen

B.

Configure the Cisco ESA to receive real-time updates from Talos

C.

Configure the Cisco WSA to receive real-time updates from Talos

D.

Configure the Cisco ESA to modify policies based on the traffic seen

Full Access
Question # 55

Which type of protection encrypts RSA keys when they are exported and imported?

A.

file

B.

passphrase

C.

NGE

D.

nonexportable

Full Access
Question # 56

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

A.

webadvancedconfig

B.

websecurity advancedconfig

C.

outbreakconfig

D.

websecurity config

Full Access
Question # 57

Refer to the exhibit.

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Full Access
Question # 58

What is a difference between an XSS attack and an SQL injection attack?

A.

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

B.

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

C.

SQL injection attacks are used to steal information from databases whereas XSS attacks are used to

redirect users to websites where attackers can steal data from them

D.

XSS attacks are used to steal information from databases whereas SQL injection attacks are used to

redirect users to websites where attackers can steal data from them

Full Access
Question # 59

A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish

this goal?

A.

3

B.

5

C.

10

D.

1

Full Access
Question # 60

Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)

A.

NTLMSSP

B.

Kerberos

C.

CHAP

D.

TACACS+

E.

RADIUS

Full Access
Question # 61

What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)

A.

grants administrators a way to remotely wipe a lost or stolen device

B.

provides simple and streamlined login experience for multiple applications and users

C.

native integration that helps secure applications across multiple cloud platforms or on-premises environments

D.

encrypts data that is stored on endpoints

E.

allows for centralized management of endpoint device applications and configurations

Full Access
Question # 62

What is an advantage of the Cisco Umbrella roaming client?

A.

the ability to see all traffic without requiring TLS decryption

B.

visibility into IP-based threats by tunneling suspicious IP connections

C.

the ability to dynamically categorize traffic to previously uncategorized sites

D.

visibility into traffic that is destined to sites within the office environment

Full Access
Question # 63

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A.

Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not

B.

Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C.

URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA

D.

Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA

Full Access
Question # 64

What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)

A.

It is defined as a Transparent proxy deployment.

B.

In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.

C.

The PAC file, which references the proxy, is deployed to the client web browser.

D.

It is defined as an Explicit proxy deployment.

E.

It is defined as a Bridge proxy deployment.

Full Access
Question # 65

Which two actions does the Cisco identity Services Engine posture module provide that ensures endpoint security?(Choose two.)

A.

The latest antivirus updates are applied before access is allowed.

B.

Assignments to endpoint groups are made dynamically, based on endpoint attributes.

C.

Patch management remediation is performed.

D.

A centralized management solution is deployed.

E.

Endpoint supplicant configuration is deployed.

Full Access
Question # 66

What are two workload security models? (Choose two.)

A.

SaaS

B.

PaaS

C.

off-premises

D.

on-premises

E.

IaaS

Full Access
Question # 67

Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to

the network?

A.

posture

B.

profiler

C.

Cisco TrustSec

D.

Threat Centric NAC

Full Access
Question # 68

Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers

and can be stopped by Cisco Umbrella?

A.

DNS tunneling

B.

DNS flood attack

C.

cache poisoning

D.

DNS hijacking

Full Access
Question # 69

Refer to the exhibit.

The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

A.

P2 and P3 only

B.

P5, P6, and P7 only

C.

P1, P2, P3, and P4 only

D.

P2, P3, and P6 only

Full Access
Question # 70

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Full Access
Question # 71

Which solution should be leveraged for secure access of a CI/CD pipeline?

A.

Duo Network Gateway

B.

remote access client

C.

SSL WebVPN

D.

Cisco FTD network gateway

Full Access
Question # 72

Refer to the exhibit. What is the result of using this authentication protocol in the configuration?

A.

The authentication request contains only a username.

B.

The authentication request contains only a password.

C.

There are separate authentication and authorization request packets.

D.

The authentication and authorization requests are grouped in a single packet.

Full Access
Question # 73

Which statement describes a serverless application?

A.

The application delivery controller in front of the server farm designates on which server the application runs each time.

B.

The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

C.

The application is installed on network equipment and not on physical servers.

D.

The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

Full Access
Question # 74

Which VPN provides scalability for organizations with many remote sites?

A.

DMVPN

B.

site-to-site iPsec

C.

SSL VPN

D.

GRE over IPsec

Full Access
Question # 75

Which solution stops unauthorized access to the system if a user's password is compromised?

A.

VPN

B.

MFA

C.

AMP

D.

SSL

Full Access
Question # 76

What is the purpose of joining Cisco WSAs to an appliance group?

A.

All WSAs in the group can view file analysis results.

B.

The group supports improved redundancy

C.

It supports cluster operations to expedite the malware analysis process.

D.

It simplifies the task of patching multiple appliances.

Full Access
Question # 77

Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?

A.

buffer overflow

B.

browser WGET

C.

SQL injection

D.

cross-site scripting

Full Access
Question # 78

Which IETF attribute is supported for the RADIUS CoA feature?

A.

24 State

B.

30 Calling-Station-ID

C.

42 Acct-Session-ID

D.

81 Message-Authenticator

Full Access
Question # 79

Which cloud service offering allows customers to access a web application that is being hosted, managed, and maintained by a cloud service provider?

A.

IaC

B.

SaaS

C.

IaaS

D.

PaaS

Full Access
Question # 80

Which Cisco security solution provides patch management in the cloud?

A.

Cisco Umbrella

B.

Cisco ISE

C.

Cisco CloudLock

D.

Cisco Tetration

Full Access
Question # 81

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.

Full Access
Question # 82

When a next-generation endpoint security solution is selected for a company, what are two key

deliverables that help justify the implementation? (Choose two.)

A.

signature-based endpoint protection on company endpoints

B.

macro-based protection to keep connected endpoints safe

C.

continuous monitoring of all files that are located on connected endpoints

D.

email integration to protect endpoints from malicious content that is located in email

E.

real-time feeds from global threat intelligence centers

Full Access
Question # 83

An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?

A.

Configure Dynamic ARP inspection and add entries in the DHCP snooping database.

B.

Configure DHCP snooping and set trusted interfaces for all client connections.

C.

Configure Dynamic ARP inspection and antispoofing ACLs in the DHCP snooping database.

D.

Configure DHCP snooping and set a trusted interface for the DHCP server.

Full Access
Question # 84

What are two functions of IKEv1 but not IKEv2? (Choose two)

A.

NAT-T is supported in IKEv1 but rot in IKEv2.

B.

With IKEv1, when using aggressive mode, the initiator and responder identities are passed cleartext

C.

With IKEv1, mode negotiates faster than main mode

D.

IKEv1 uses EAP authentication

E.

IKEv1 conversations are initiated by the IKE_SA_INIT message

Full Access
Question # 85

Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A.

GET VPN

B.

IPsec DVTI

C.

DMVPN

D.

FlexVPN

Full Access
Question # 86

What is a benefit of using Cisco Tetration?

A.

It collects telemetry data from servers and then uses software sensors to analyze flow

information.

B.

It collects policy compliance data and process details.

C.

It collects enforcement data from servers and collects interpacket variation.

D.

It collects near-real time data from servers and inventories the software packages that exist on

servers.

Full Access
Question # 87

Refer to the exhibit.

What does the API key do while working with https://api.amp.cisco.com/v1/computers?

A.

displays client ID

B.

HTTP authorization

C.

Imports requests

D.

HTTP authentication

Full Access
Question # 88

Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?

A.

supports VMware vMotion on VMware ESXi

B.

requires an additional license

C.

performs transparent redirection

D.

supports SSL decryption

Full Access
Question # 89

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized

solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over

to Cisco FTDs. Which solution meets the needs of the organization?

A.

Cisco FMC

B.

CSM

C.

Cisco FDM

D.

CDO

Full Access
Question # 90

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?

A.

CNAME

B.

MX

C.

SPF

D.

DKIM

Full Access
Question # 91

DoS attacks are categorized as what?

A.

phishing attacks

B.

flood attacks

C.

virus attacks

D.

trojan attacks

Full Access
Question # 92

Why is it important for the organization to have an endpoint patching strategy?

A.

so the organization can identify endpoint vulnerabilities

B.

so the internal PSIRT organization is aware of the latest bugs

C.

so the network administrator is notified when an existing bug is encountered

D.

so the latest security fixes are installed on the endpoints

Full Access
Question # 93

Refer to the exhibit. What is the result of the Python script?

A.

It uses the POST HTTP method to obtain a username and password to be used for authentication.

B.

It uses the POST HTTP method to obtain a token to be used for authentication.

C.

It uses the GET HTTP method to obtain a token to be used for authentication.

D.

It uses the GET HTTP method to obtain a username and password to be used for authentication

Full Access
Question # 94

An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)

A.

Specify the NTP version

B.

Configure the NTP stratum

C.

Set the authentication key

D.

Choose the interface for syncing to the NTP server

E.

Set the NTP DNS hostname

Full Access
Question # 95

Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.

Full Access
Question # 96

Which role is a default guest type in Cisco ISE?

A.

Monthly

B.

Yearly

C.

Contractor

D.

Full-Time

Full Access
Question # 97

Which DoS attack uses fragmented packets in an attempt to crash a target machine?

A.

teardrop

B.

smurf

C.

LAND

D.

SYN flood

Full Access
Question # 98

An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway.

The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of

certificate should be presented to the end-user to accomplish this goal?

A.

third-party

B.

self-signed

C.

organization owned root

D.

SubCA

Full Access
Question # 99

Drag and drop the exploits from the left onto the type of security vulnerability on the right.

Full Access
Question # 100

Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

A.

deployment

B.

consumption

C.

authoring

D.

sharing

Full Access
Question # 101

A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

A.

Transparent mode

B.

Forward file

C.

PAC file

D.

Bridge mode

Full Access
Question # 102

Drag and drop the posture assessment flow actions from the left into a sequence on the right.

Full Access
Question # 103

Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?

A.

AFL

B.

Fuzzing Framework

C.

Radamsa

D.

OWASP

Full Access
Question # 104

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion

events that are flagged as possible active breaches?

A.

retrospective detection

B.

indication of compromise

C.

file trajectory

D.

elastic search

Full Access
Question # 105

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

A.

Cisco Endpoint Security Analytics

B.

Cisco AMP for Endpoints

C.

Endpoint Compliance Scanner

D.

Security Posture Assessment Service

Full Access
Question # 106

Which threat intelligence standard contains malware hashes?

A.

advanced persistent threat

B.

open command and control

C.

structured threat information expression

D.

trusted automated exchange of indicator information

Full Access
Question # 107

Based on the NIST 800-145 guide, which cloud architecture may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises?

A.

hybrid cloud

B.

private cloud

C.

public cloud

D.

community cloud

Full Access
Question # 108

What is a feature of NetFlow Secure Event Logging?

A.

It exports only records that indicate significant events in a flow.

B.

It filters NSEL events based on the traffic and event type through RSVP.

C.

It delivers data records to NSEL collectors through NetFlow over TCP only.

D.

It supports v5 and v8 templates.

Full Access
Question # 109

Which endpoint solution protects a user from a phishing attack?

A.

Cisco Identity Services Engine

B.

Cisco AnyConnect with ISE Posture module

C.

Cisco AnyConnect with Network Access Manager module

D.

Cisco AnyConnect with Umbrella Roaming Security module

Full Access
Question # 110

Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is

authenticated?

A.

Authorization

B.

Accounting

C.

Authentication

D.

CoA

Full Access
Question # 111

Which two Cisco ISE components must be configured for BYOD? (Choose two.)

A.

local WebAuth

B.

central WebAuth

C.

null WebAuth

D.

guest

E.

dual

Full Access
Question # 112

What are two workloaded security models? (Choose two)

A.

SaaS

B.

IaaS

C.

on-premises

D.

off-premises

E.

PaaS

Full Access
Question # 113

Which solution supports high availability in routed or transparent mode as well as in northbound and

southbound deployments?

A.

Cisco FTD with Cisco ASDM

B.

Cisco FTD with Cisco FMC

C.

Cisco Firepower NGFW physical appliance with Cisco. FMC

D.

Cisco Firepower NGFW Virtual appliance with Cisco FMC

Full Access
Question # 114

Which security solution is used for posture assessment of the endpoints in a BYOD solution?

A.

Cisco FTD

B.

Cisco ASA

C.

Cisco Umbrella

D.

Cisco ISE

Full Access
Question # 115

Which Cisco security solution stops exfiltration using HTTPS?

A.

Cisco FTD

B.

Cisco AnyConnect

C.

Cisco CTA

D.

Cisco ASA

Full Access
Question # 116

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?

A.

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

B.

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

C.

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

D.

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

Full Access
Question # 117

Refer to the exhibit. When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block. What is the result of the configuration?

A.

Only URLs for botnets with reputation scores of 1-3 will be blocked.

B.

Only URLs for botnets with a reputation score of 3 will be blocked.

C.

Only URLs for botnets with reputation scores of 3-5 will be blocked.

D.

Only URLs for botnets with a reputation score of 3 will be allowed while the rest will be blocked.

Full Access
Question # 118

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the

configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

A.

The engineer is attempting to upload a hash created using MD5 instead of SHA-256

B.

The file being uploaded is incompatible with simple detections and must use advanced detections

C.

The hash being uploaded is part of a set in an incorrect format

D.

The engineer is attempting to upload a file instead of a hash

Full Access
Question # 119

Which threat intelligence standard contains malware hashes?

A.

structured threat information expression

B.

advanced persistent threat

C.

trusted automated exchange or indicator information

D.

open command and control

Full Access
Question # 120

An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?

A.

Authorize Dropbox within the Platform settings in the Cisco Cloudlock portal.

B.

Add Dropbox to the Cisco Cloudlock Authentication and API section in the Cisco Cloudlock portal.

C.

Send an API request to Cisco Cloudlock from Dropbox admin portal.

D.

Add Cisco Cloudlock to the Dropbox admin portal.

Full Access
Question # 121

What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

A.

To protect the endpoint against malicious file transfers

B.

To ensure that assets are secure from malicious links on and off the corporate network

C.

To establish secure VPN connectivity to the corporate network

D.

To enforce posture compliance and mandatory software

Full Access
Question # 122

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

A.

Use outbreak filters from SenderBase

B.

Enable a message tracking service

C.

Configure a recipient access table

D.

Deploy the Cisco ESA in the DMZ

E.

Scan quarantined emails using AntiVirus signatures

Full Access
Question # 123

Drag and drop the threats from the left onto examples of that threat on the right

Full Access
Question # 124

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A.

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Full Access
Question # 125

Why is it important to implement MFA inside of an organization?

A.

To prevent man-the-middle attacks from being successful.

B.

To prevent DoS attacks from being successful.

C.

To prevent brute force attacks from being successful.

D.

To prevent phishing attacks from being successful.

Full Access
Question # 126

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

A.

Encrypted Traffic Analytics

B.

Threat Intelligence Director

C.

Cognitive Threat Analytics

D.

Cisco Talos Intelligence

Full Access
Question # 127

What is a key difference between Cisco Firepower and Cisco ASA?

A.

Cisco ASA provides access control while Cisco Firepower does not.

B.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

C.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Full Access
Question # 128

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is

deleted from an identity group?

A.

posture assessment

B.

CoA

C.

external identity source

D.

SNMP probe

Full Access
Question # 129

A network administrator is configuring SNMPv3 on a new router. The users have already been created;

however, an additional configuration is needed to facilitate access to the SNMP views. What must the

administrator do to accomplish this?

A.

map SNMPv3 users to SNMP views

B.

set the password to be used for SNMPv3 authentication

C.

define the encryption algorithm to be used by SNMPv3

D.

specify the UDP port used by SNMP

Full Access
Question # 130

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,

data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity

platform. What should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco Cloud Email Security

C.

Cisco NGFW

D.

Cisco Cloudlock

Full Access
Question # 131

What are two Trojan malware attacks? (Choose two)

A.

Frontdoor

B.

Rootkit

C.

Smurf

D.

Backdoor

E.

Sync

Full Access
Question # 132

What is the benefit of installing Cisco AMP for Endpoints on a network?

A.

It provides operating system patches on the endpoints for security.

B.

It provides flow-based visibility for the endpoints network connections.

C.

It enables behavioral analysis to be used for the endpoints.

D.

It protects endpoint systems through application control and real-time scanning

Full Access
Question # 133

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

A.

Hybrid

B.

Community

C.

Private

D.

Public

Full Access
Question # 134

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the

organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which

mechanism should the engineer configure to accomplish this goal?

A.

mirror port

B.

Flow

C.

NetFlow

D.

VPC flow logs

Full Access
Question # 135

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the

command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

A.

The key server that is managing the keys for the connection will be at 1.2.3.4

B.

The remote connection will only be allowed from 1.2.3.4

C.

The address that will be used as the crypto validation authority

D.

All IP addresses other than 1.2.3.4 will be allowed

Full Access
Question # 136

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

A.

1

B.

3

C.

5

D.

10

Full Access
Question # 137

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

A.

weak passwords

B.

lack of input validation

C.

missing encryption

D.

lack of file permission

Full Access
Question # 138

Which attack type attempts to shut down a machine or network so that users are not able to access it?

A.

smurf

B.

bluesnarfing

C.

MAC spoofing

D.

IP spoofing

Full Access
Question # 139

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally

manage cloud policies across these platforms. Which software should be used to accomplish this goal?

A.

Cisco Defense Orchestrator

B.

Cisco Secureworks

C.

Cisco DNA Center

D.

Cisco Configuration Professional

Full Access
Question # 140

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco AMP

C.

Cisco Stealthwatch

D.

Cisco Tetration

Full Access
Question # 141

Which two cryptographic algorithms are used with IPsec? (Choose two)

A.

AES-BAC

B.

AES-ABC

C.

HMAC-SHA1/SHA2

D.

Triple AMC-CBC

E.

AES-CBC

Full Access
Question # 142

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A.

Google Cloud Platform

B.

Red Hat Enterprise Visualization

C.

VMware ESXi

D.

Amazon Web Services

Full Access
Question # 143

What is a capability of Cisco ASA Netflow?

A.

It filters NSEL events based on traffic

B.

It generates NSEL events even if the MPF is not configured

C.

It logs all event types only to the same collector

D.

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

Full Access
Question # 144

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

A.

PSIRT

B.

Talos

C.

CSIRT

D.

DEVNET

Full Access
Question # 145

What is the purpose of the My Devices Portal in a Cisco ISE environment?

A.

to register new laptops and mobile devices

B.

to request a newly provisioned mobile device

C.

to provision userless and agentless systems

D.

to manage and deploy antivirus definitions and patches on systems owned by the end user

Full Access
Question # 146

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

A.

transparent

B.

redirection

C.

forward

D.

proxy gateway

Full Access
Question # 147

What is a language format designed to exchange threat intelligence that can be transported over the TAXII

protocol?

A.

STIX

B.

XMPP

C.

pxGrid

D.

SMTP

Full Access
Question # 148

Which Cisco security solution protects remote users against phishing attacks when they are not connected to

the VPN?

A.

Cisco Stealthwatch

B.

Cisco Umbrella

C.

Cisco Firepower

D.

NGIPS

Full Access
Question # 149

Which two fields are defined in the NetFlow flow? (Choose two)

A.

type of service byte

B.

class of service bits

C.

Layer 4 protocol type

D.

destination port

E.

output logical interface

Full Access
Question # 150

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

A.

Port

B.

Rule

C.

Source

D.

Application

E.

Protocol

Full Access
Question # 151

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A.

To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

B.

A sysopt command can be used to enable NSEL on a specific interface.

C.

NSEL can be used without a collector configured.

D.

A flow-export event type must be defined under a policy

Full Access
Question # 152

Which IPS engine detects ARP spoofing?

A.

Atomic ARP Engine

B.

Service Generic Engine

C.

ARP Inspection Engine

D.

AIC Engine

Full Access
Question # 153

How is DNS tunneling used to exfiltrate data out of a corporate network?

A.

It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

B.

It encodes the payload with random characters that are broken into short strings and the DNS server

rebuilds the exfiltrated data.

C.

It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage

and theft on the network.

D.

It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Full Access
Question # 154

Which functions of an SDN architecture require southbound APIs to enable communication?

A.

SDN controller and the network elements

B.

management console and the SDN controller

C.

management console and the cloud

D.

SDN controller and the cloud

Full Access
Question # 155

Why would a user choose an on-premises ESA versus the CES solution?

A.

Sensitive data must remain onsite.

B.

Demand is unpredictable.

C.

The server team wants to outsource this service.

D.

ESA is deployed inline.

Full Access
Question # 156

Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

A.

PaaS

B.

XaaS

C.

IaaS

D.

SaaS

Full Access
Question # 157

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A.

It delivers visibility and threat detection.

B.

It prevents exfiltration of sensitive data.

C.

It assigns Internet-based DNS protection for clients and servers.

D.

It facilitates secure connectivity between public and private networks.

Full Access
Question # 158

What is a characteristic of traffic storm control behavior?

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within

the interval.

B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is

unicast or broadcast.

Full Access
Question # 159

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the

ASA be added on the Cisco UC Manager platform?

A.

Certificate Trust List

B.

Endpoint Trust List

C.

Enterprise Proxy Service

D.

Secured Collaboration Proxy

Full Access
Question # 160

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?

(Choose two)

A.

Outgoing traffic is allowed so users can communicate with outside organizations.

B.

Malware infects the messenger application on the user endpoint to send company data.

C.

Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

D.

An exposed API for the messaging platform is used to send large amounts of data.

E.

Messenger applications cannot be segmented with standard network controls

Full Access
Question # 161

What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an

organization? (Choose two)

A.

flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

B.

single sign-on access to on-premises and cloud applications

C.

integration with 802.1x security using native Microsoft Windows supplicant

D.

secure access to on-premises and cloud applications

E.

identification and correction of application vulnerabilities before allowing access to resources

Full Access
Question # 162

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Full Access
Question # 163

Refer to the exhibit.

What is the result of this Python script of the Cisco DNA Center API?

A.

adds authentication to a switch

B.

adds a switch to Cisco DNA Center

C.

receives information about a switch

D.

deletes a switch from Cisco DNA Center

Full Access
Question # 164

Which technology is used to improve web traffic performance by proxy caching?

A.

WSA

B.

Firepower

C.

FireSIGHT

D.

ASA

Full Access
Question # 165

Which Cisco AMP file disposition valid?

A.

pristine

B.

malware

C.

dirty

D.

non malicious

Full Access
Question # 166

Which two behavioral patterns characterize a ping of death attack? (Choose two)

A.

The attack is fragmented into groups of 16 octets before transmission.

B.

The attack is fragmented into groups of 8 octets before transmission.

C.

Short synchronized bursts of traffic are used to disrupt TCP connections.

D.

Malformed packets are used to crash systems.

E.

Publicly accessible DNS servers are typically used to execute the attack.

Full Access
Question # 167

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Full Access
Question # 168

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

A.

hypervisor

B.

virtual machine

C.

network

D.

application

Full Access
Question # 169

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A.

It decrypts HTTPS application traffic for unauthenticated users.

B.

It alerts users when the WSA decrypts their traffic.

C.

It decrypts HTTPS application traffic for authenticated users.

D.

It provides enhanced HTTPS application detection for AsyncOS.

Full Access
Question # 170

What is the difference between deceptive phishing and spear phishing?

A.

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.

A spear phishing campaign is aimed at a specific person versus a group of people.

C.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Full Access
Question # 171

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

A.

AMP

B.

AnyConnect

C.

DynDNS

D.

Talos

Full Access
Question # 172

Which attack is commonly associated with C and C++ programming languages?

A.

cross-site scripting

B.

water holing

C.

DDoS

D.

buffer overflow

Full Access
Question # 173

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

A.

sniffing the packets between the two hosts

B.

sending continuous pings

C.

overflowing the buffer’s memory

D.

inserting malicious commands into the database

Full Access
Question # 174

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

A.

biometric factor

B.

time factor

C.

confidentiality factor

D.

knowledge factor

E.

encryption factor

Full Access
Question # 175

Which network monitoring solution uses streams and pushes operational data to provide a near real-time view

of activity?

A.

SNMP

B.

SMTP

C.

syslog

D.

model-driven telemetry

Full Access
Question # 176

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256

cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

A.

snmp-server host inside 10.255.254.1 version 3 andy

B.

snmp-server host inside 10.255.254.1 version 3 myv3

C.

snmp-server host inside 10.255.254.1 snmpv3 andy

D.

snmp-server host inside 10.255.254.1 snmpv3 myv3

Full Access
Question # 177

What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

A.

It tracks flow-create, flow-teardown, and flow-denied events.

B.

It provides stateless IP flow tracking that exports all records of a specific flow.

C.

It tracks the flow continuously and provides updates every 10 seconds.

D.

Its events match all traffic classes in parallel.

Full Access
Question # 178

Which two activities can be done using Cisco DNA Center? (Choose two)

A.

DHCP

B.

Design

C.

Accounting

D.

DNS

E.

Provision

Full Access
Question # 179

Which technology must be used to implement secure VPN connectivity among company branches over a

private IP cloud with any-to-any scalable connectivity?

A.

DMVPN

B.

FlexVPN

C.

IPsec DVTI

D.

GET VPN

Full Access
Question # 180

Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the

deployment?

A.

NGFW

B.

AMP

C.

WSA

D.

ESA

Full Access
Question # 181

What is a feature of the open platform capabilities of Cisco DNA Center?

A.

intent-based APIs

B.

automation adapters

C.

domain integration

D.

application adapters

Full Access
Question # 182

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the

endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

A.

Port Bounce

B.

CoA Terminate

C.

CoA Reauth

D.

CoA Session Query

Full Access
Question # 183

Which SNMPv3 configuration must be used to support the strongest security possible?

A.

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

B.

asa-host(config)#snmp-server group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

C.

asa-host(config)#snmpserver group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D.

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Full Access
Question # 184

What are two rootkit types? (Choose two)

A.

registry

B.

virtual

C.

bootloader

D.

user mode

E.

buffer mode

Full Access
Question # 185

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social

engineering attacks? (Choose two)

A.

Patch for cross-site scripting.

B.

Perform backups to the private cloud.

C.

Protect against input validation and character escapes in the endpoint.

D.

Install a spam and virus email filter.

E.

Protect systems with an up-to-date antimalware program

Full Access
Question # 186

Which option is the main function of Cisco Firepower impact flags?

A.

They alert administrators when critical events occur.

B.

They highlight known and suspected malicious IP addresses in reports.

C.

They correlate data about intrusions and vulnerability.

D.

They identify data that the ASA sends to the Firepower module.

Full Access
Question # 187

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion

Prevention System?

A.

control

B.

malware

C.

URL filtering

D.

protect

Full Access
Question # 188

Which ASA deployment mode can provide separation of management on a shared appliance?

A.

DMZ multiple zone mode

B.

transparent firewall mode

C.

multiple context mode

D.

routed mode

Full Access
Question # 189

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Full Access