Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

350-701 Questions and Answers

Question # 6

Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

A.

VMware APIC

B.

VMwarevRealize

C.

VMware fusion

D.

VMware horizons

Full Access
Question # 7

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A.

Cisco NGFW

B.

Cisco AnyConnect

C.

Cisco AMP for Endpoints

D.

Cisco Duo

Full Access
Question # 8

Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains IPs, and flies, and helps to pinpoint attackers' infrastructures and predict future threat?

A.

Cisco Secure Network Analytics

B.

Cisco Secure Cloud Analytics

C.

Cisco Umbrella Investigate

D.

Cisco pxGrid

Full Access
Question # 9

What is the purpose of CA in a PKI?

A.

To issue and revoke digital certificates

B.

To validate the authenticity of a digital certificate

C.

To create the private key for a digital certificate

D.

To certify the ownership of a public key by the named subject

Full Access
Question # 10

Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?

A.

CoA-NCL

B.

CoA-NAK

C.

СоА-МАВ

D.

CoA-ACK

Full Access
Question # 11

Refer to the exhibit. Which task is the Python script performing by using the Cisco Umbrella API?

A.

Creating a list of the latest security events

B.

Copying a list of the latest security activity

C.

Retrieving a list of the latest security events

D.

Sending a list of the latest security activity

Full Access
Question # 12

Which action configures the IEEE 802.1X Flexible Authentication feature lo support Layer 3 authentication mechanisms?

A.

Identity the devices using this feature and create a policy that allows them to pass Layer 2 authentication.

B.

Configure WebAuth so the hosts are redirected to a web page for authentication.

C.

Modify the Dot1x configuration on the VPN server lo send Layer 3 authentications to an external authentication database

D.

Add MAB into the switch to allow redirection to a Layer 3 device for authentication.

Full Access
Question # 13

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

A.

File Analysis

B.

SafeSearch

C.

SSL Decryption

D.

Destination Lists

Full Access
Question # 14

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics Which two actions must be taken to implement this requirement? (Choose two.)

A.

Configure Cisco ACI to ingest AWS information.

B.

Configure Cisco Thousand Eyes to ingest AWS information.

C.

Send syslog from AWS to Cisco Stealthwatch Cloud.

D.

Send VPC Flow Logs to Cisco Stealthwatch Cloud.

E.

Configure Cisco Stealthwatch Cloud to ingest AWS information

Full Access
Question # 15

What is the primary role of the Cisco Email Security Appliance?

A.

Mail Submission Agent

B.

Mail Transfer Agent

C.

Mail Delivery Agent

D.

Mail User Agent

Full Access
Question # 16

What are two characteristics of Cisco DNA Center APIs? (Choose two)

A.

Postman is required to utilize Cisco DNA Center API calls.

B.

They do not support Python scripts.

C.

They are Cisco proprietary.

D.

They quickly provision new devices.

E.

They view the overall health of the network

Full Access
Question # 17

An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?

A.

Platform as a Service because the customer manages the operating system

B.

Infrastructure as a Service because the customer manages the operating system

C.

Platform as a Service because the service provider manages the operating system

D.

Infrastructure as a Service because the service provider manages the operating system

Full Access
Question # 18

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

A.

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

B.

Make the priority for the new policy 5 and the primary policy 1

C.

Change the encryption to AES* to support all AES algorithms in the primary policy

D.

Make the priority for the primary policy 10 and the new policy 1

Full Access
Question # 19

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The

company needs to be able to protect sensitive data throughout the full environment. Which tool should be used

to accomplish this goal?

A.

Security Manager

B.

Cloudlock

C.

Web Security Appliance

D.

Cisco ISE

Full Access
Question # 20

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

A.

NetFlow

B.

desktop client

C.

ASDM

D.

API

Full Access
Question # 21

Refer to the exhibit. All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and all servers must communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?

A.

Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports.

B.

Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, Gigabit Ethernet0/3 and GigabitEthernet0/4 as isolated ports C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port and GigabitEthernet0/3 and GrgabitEthernet0/4 as community ports

C.

Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GrgabitEthernet0/4 as isolated ports.

Full Access
Question # 22

Which two devices support WCCP for traffic redirection? (Choose two.)

A.

Cisco Secure Web Appliance

B.

Cisco IOS

C.

proxy server

D.

Cisco ASA

E.

Cisco IPS

Full Access
Question # 23

On which part of the IT environment does DevSecOps focus?

A.

application development

B.

wireless network

C.

data center

D.

perimeter network

Full Access
Question # 24

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.

What must be configured to accomplish this?

A.

Configure the Cisco WSA to modify policies based on the traffic seen

B.

Configure the Cisco ESA to receive real-time updates from Talos

C.

Configure the Cisco WSA to receive real-time updates from Talos

D.

Configure the Cisco ESA to modify policies based on the traffic seen

Full Access
Question # 25

What is the process In DevSecOps where all changes In the central code repository are merged and synchronized?

A.

CD

B.

EP

C.

CI

D.

QA

Full Access
Question # 26

Which benefit does DMVPN provide over GETVPN?

A.

DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.

B.

DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.

C.

DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.

D.

DMVPN can be used over the public Internet, and GETVPN requires a private network.

Full Access
Question # 27

What is the difference between deceptive phishing and spear phishing?

A.

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.

A spear phishing campaign is aimed at a specific person versus a group of people.

C.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Full Access
Question # 28

An engineer is configuring guest WLAN access using Cisco ISE and the Cisco WLC. Which action temporarily gives guest endpoints access dynamically while maintaining visibility into who or what is connecting?

A.

Modify the WLC configuration to require local WLC logins for the authentication prompts.

B.

Configure ISE and the WLC for guest redirection and services using a self-registered portal.

C.

Configure ISE and the WLC for guest redirection and services using a hotspot portal.

D.

Modify the WLC configuration to allow any endpoint to access an internet-only VLAN.

Full Access
Question # 29

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?

A.

Restrict access to only websites with trusted third-party signed certificates.

B.

Modify the user’s browser settings to suppress errors from Cisco Umbrella.

C.

Upload the organization root CA to Cisco Umbrella.

D.

Install the Cisco Umbrella root CA onto the user’s device.

Full Access
Question # 30

With which components does a southbound API within a software-defined network architecture communicate?

A.

controllers within the network

B.

applications

C.

appliances

D.

devices such as routers and switches

Full Access
Question # 31

Which network monitoring solution uses streams and pushes operational data to provide a near real-time view

of activity?

A.

SNMP

B.

SMTP

C.

syslog

D.

model-driven telemetry

Full Access
Question # 32

Which action configures the IEEE 802.1X Flexible Authentication feature to support Layer 3 authentication mechanisms?

A.

Add MAB into the switch to allow redirection to a Layer 3 device for authentication.

B.

Identify the devices using this feature and create a policy that allows them to pass Layer 2 authentication.

C.

Modify the Dot1x configuration on the VPN server to send Layer 3 authentications to an external authentication database.

D.

Configure WebAuth so the hosts are redirected to a web page for authentication.

Full Access
Question # 33

What is a difference between a DoS attack and a DDoS attack?

A.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

B.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

C.

A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

D.

A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

Full Access
Question # 34

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.

How does the switch behave in this situation?

A.

It forwards the packet after validation by using the MAC Binding Table.

B.

It drops the packet after validation by using the IP & MAC Binding Table.

C.

It forwards the packet without validation.

D.

It drops the packet without validation.

Full Access
Question # 35

What are two DDoS attack categories? (Choose two)

A.

sequential

B.

protocol

C.

database

D.

volume-based

E.

screen-based

Full Access
Question # 36

For a given policy in Cisco Umbrella, how should a customer block websites based on a custom list?

A.

By adding the websites to a blocked type destination list

B.

By specifying blocked domains in the policy settings

C.

By adding the website IP addresses to the Cisco Umbrella blocklist

D.

By specifying the websites in a custom blocked category

Full Access
Question # 37

An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, Cisco Stealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as well as protection against data exfiltration Which solution best meets these requirements?

A.

Cisco CloudLock

B.

Cisco AppDynamics Cloud Monitoring

C.

Cisco Umbrella

D.

Cisco Stealthwatch

Full Access
Question # 38

How does Cisco Workload Optimization portion of the network do EPP solutions solely performance issues?

A.

It deploys an AWS Lambda system

B.

It automates resource resizing

C.

It optimizes a flow path

D.

It sets up a workload forensic score

Full Access
Question # 39

Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication?

A.

single-sign on

B.

RADIUS/LDAP authentication

C.

Kerberos security solution

D.

multifactor authentication

Full Access
Question # 40

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

A.

Application Control

B.

Security Category Blocking

C.

Content Category Blocking

D.

File Analysis

Full Access
Question # 41

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

A.

RSA SecureID

B.

Internal Database

C.

Active Directory

D.

LDAP

Full Access
Question # 42

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A.

Cisco Advanced Malware Protection

B.

Cisco Stealthwatch

C.

Cisco Identity Services Engine

D.

Cisco AnyConnect

Full Access
Question # 43

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Full Access
Question # 44

A security engineer is tasked with configuring TACACS on a Cisco ASA firewall. The engineer must be able to access the firewall command line interface remotely. The authentication must fall back to the local user database of the Cisco ASA firewall. AAA server group named TACACS-GROUP is already configured with TACACS server IP address 192.168.10.10 and key C1sc0512222832!. Which configuration must be done next to meet the requirement?

A.

aaa authentication ssh console LOCAL TACACS-GROUP

B.

aaa authentication ssh console TACACS-GROUP LOCAL

C.

aaa authentication serial console LOCAL TACACS-GROUP

D.

aaa authentication http console TACACS-GROUP LOCAL

Full Access
Question # 45

Which ASA deployment mode can provide separation of management on a shared appliance?

A.

DMZ multiple zone mode

B.

transparent firewall mode

C.

multiple context mode

D.

routed mode

Full Access
Question # 46

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

A.

buffer overflow

B.

DoS

C.

SQL injection

D.

phishing

Full Access
Question # 47

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users.

A.

Upload the organization root CA to the Umbrella admin portal

B.

Modify the user's browser settings to suppress errors from Umbrella.

C.

Restrict access to only websites with trusted third-party signed certificates.

D.

Import the Umbrella root CA into the trusted root store on the user's device.

Full Access
Question # 48

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?

A.

AAA attributes

B.

CoA request

C.

AV pair

D.

carrier-grade NAT

Full Access
Question # 49

What is a difference between FlexVPN and DMVPN?

A.

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B.

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

C.

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

D.

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

Full Access
Question # 50

What is provided by the Secure Hash Algorithm in a VPN?

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Full Access
Question # 51

Which firewall mode does a Cisco Adaptive Security Appliance use to inspect Layer 2 traffic?

A.

Routed

B.

Passive

C.

Inline

D.

Transparent

Full Access
Question # 52

Which security solution uses NetFlow to provide visibility across the network, data center, branch

offices, and cloud?

A.

Cisco CTA

B.

Cisco Stealthwatch

C.

Cisco Encrypted Traffic Analytics

D.

Cisco Umbrella

Full Access
Question # 53

Refer to the exhibit.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

A.

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.

The access control policy is not allowing VPN traffic in.

C.

Site-to-site VPN peers are using different encryption algorithms.

D.

Site-to-site VPN preshared keys are mismatched.

Full Access
Question # 54

Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.

Full Access
Question # 55

What is a function of Cisco AMP for Endpoints?

A.

It detects DNS attacks

B.

It protects against web-based attacks

C.

It blocks email-based attacks

D.

It automates threat responses of an infected host

Full Access
Question # 56

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

A.

SDLC

B.

Docker

C.

Lambda

D.

Contiv

Full Access
Question # 57

Which attribute has the ability to change during the RADIUS CoA?

A.

NTP

B.

Authorization

C.

Accessibility

D.

Membership

Full Access
Question # 58

What is a description of microsegmentation?

A.

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.

B.

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

C.

Environments deploy centrally managed host-based firewall rules on each server or container.

D.

Environments implement private VLAN segmentation to group servers with similar applications.

Full Access
Question # 59

A network engineer is configuring NetFlow top talkers on a Cisco router Drag and drop the steps in the process from the left into the sequence on the right

Full Access
Question # 60

What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

A.

It tracks flow-create, flow-teardown, and flow-denied events.

B.

It provides stateless IP flow tracking that exports all records of a specific flow.

C.

It tracks the flow continuously and provides updates every 10 seconds.

D.

Its events match all traffic classes in parallel.

Full Access
Question # 61

A web hosting company must upgrade its older, unsupported on-premises servers. The company wants a cloud solution in which the cloud provider is responsible for:

    Server patching

    Application maintenance

    Data center security

    Disaster recovery

Which type of cloud meets the requirements?

A.

Hybrid

B.

IaaS

C.

SaaS

D.

PaaS

Full Access
Question # 62

Drag and drop the exploits from the left onto the type of security vulnerability on the right.

Full Access
Question # 63

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

A.

DDoS

B.

antispam

C.

antivirus

D.

encryption

E.

DLP

Full Access
Question # 64

Which statement describes a serverless application?

A.

The application delivery controller in front of the server farm designates on which server the application runs each time.

B.

The application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider.

C.

The application is installed on network equipment and not on physical servers.

D.

The application runs from a containerized environment that is managed by Kubernetes or Docker Swarm.

Full Access
Question # 65

How does DNS Tunneling exfiltrate data?

A.

An attacker registers a domain that a client connects to based on DNS records and sends malware throughthat connection.

B.

An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C.

An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order topoison the resolutions.

D.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a maliciousdomain.

Full Access
Question # 66

A Cisco Secure Email Gateway network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Secure Email Gateway is not dropping files that have an undetermined verdict. What is causing this issue?

A.

The file has a reputation score that is below the threshold.

B.

The file has a reputation score that is above the threshold.

C.

The policy was created to disable file analysis.

D.

The policy was created to send a message to quarantine instead of drop.

Full Access
Question # 67

Which two global commands must the network administrator implement to limit the attack surface of an internet-facing Cisco router? (Choose two.)

A.

no service password-recovery

B.

no cdp run

C.

service tcp-keepalives-in

D.

no ip http server

E.

ip ssh version 2

Full Access
Question # 68

Refer to the exhibit.

An engineer must configure a Cisco switch to perform PPP authentication via a TACACS server located at IP address 10.1.1.10. Authentication must fall back to the local database using the username LocalUser and password C1Sc0451069341l if the TACACS server is unreachable.

Drag and drop the commands from the left onto the corresponding configuration steps on the right.

Full Access
Question # 69

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

A.

Configure the trackingconfig command to enable message tracking.

B.

Generate a system report.

C.

Review the log files.

D.

Perform a trace.

Full Access
Question # 70

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

A.

Hybrid

B.

Community

C.

Private

D.

Public

Full Access
Question # 71

Which two capabilities of Integration APIs are utilized with Cisco Catalyst Center? (Choose two.)

A.

Create new SSIDs on a wireless LAN controller

B.

Connect to ITSM platforms

C.

Automatically deploy new virtual routers

D.

Upgrade software on switches and routers

E.

Third party reporting

Full Access
Question # 72

What are two functionalities of SDN Northbound APIs? (Choose two.)

A.

Northbound APIs provide a programmable interface for applications to dynamically configure the network.

B.

Northbound APIs form the interface between the SDN controller and business applications.

C.

OpenFlow is a standardized northbound API protocol.

D.

Northbound APIs use the NETCONF protocol to communicate with applications.

E.

Northbound APIs form the interface between the SDN controller and the network switches or routers.

Full Access
Question # 73

Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A.

RBAC

B.

ETHOS detection engine

C.

SPERO detection engine

D.

TETRA detection engine

Full Access
Question # 74

With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your

environment?

A.

Prevalence

B.

File analysis

C.

Detections

D.

Vulnerable software

E.

Threat root cause

Full Access
Question # 75

Refer to the exhibit. An engineer must configure an incoming mail policy so that each email sent from usera1@example.com to a domain of @cisco.com is scanned for antispam and advanced malware protection. All other settings will use the default behavior. What must be configured in the incoming mail policy to meet the requirements?

A.

Policy Name: Default Policy

  Sender: usera1@example.com

  Recipient: @cisco.com

B.

Policy Name: usera1 policy

  Sender: usera1@example.com

  Recipient: @cisco.com

C.

Policy Name: Anti-Malware policy

  Sender: usera1@example.com

  Recipient: @cisco.com

D.

Policy Name: cisco.com policy

  Sender: usera1@example.com

  Recipient: @cisco.com

Full Access
Question # 76

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is

deleted from an identity group?

A.

posture assessment

B.

CoA

C.

external identity source

D.

SNMP probe

Full Access
Question # 77

Refer to the exhibit.

Which configuration item makes it possible to have the AAA session on the network?

A.

aaa authentication login console ise

B.

aaa authentication enable default enable

C.

aaa authorization network default group ise

D.

aaa authorization exec default ise

Full Access
Question # 78

Which parameter is required when configuring a Netflow exporter on a Cisco Router?

A.

DSCP value

B.

Source interface

C.

Exporter name

D.

Exporter description

Full Access
Question # 79

Email security has become a high-priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10.00 to -6.00) on the Cisco Secure Email Gateway. Which action will the system perform to disable any links in messages that match the filter?

A.

FilterAction

B.

ScreenAction

C.

Quarantine

D.

Defang

Full Access
Question # 80

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

A.

Use MAB with profiling

B.

Use MAB with posture assessment.

C.

Use 802.1X with posture assessment.

D.

Use 802.1X with profiling.

Full Access
Question # 81

How does Cisco AMP for Endpoints provide next-generation protection?

A.

It encrypts data on user endpoints to protect against ransomware.

B.

It leverages an endpoint protection platform and endpoint detection and response.

C.

It utilizes Cisco pxGrid, which allows Cisco AMP to pull threat feeds from threat intelligence centers.

D.

It integrates with Cisco FTD devices.

Full Access
Question # 82

What are two workload security models? (Choose two.)

A.

SaaS

B.

PaaS

C.

off-premises

D.

on-premises

E.

IaaS

Full Access
Question # 83

Refer to the exhibit.

What will happen when this Python script is run?

A.

The compromised computers and malware trajectories will be received from Cisco AMP

B.

The list of computers and their current vulnerabilities will be received from Cisco AMP

C.

The compromised computers and what compromised them will be received from Cisco AMP

D.

The list of computers, policies, and connector statuses will be received from Cisco AMP

Full Access
Question # 84

Which VPN technology supports a multivendor environment and secure traffic between sites?

A.

FlexVPN

B.

DMVPN

C.

SSL VPN

D.

GET VPN

Full Access
Question # 85

An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?

A.

Provision the email appliance

B.

Deploy an encryption appliance.

C.

Map sender !P addresses to a host interface.

D.

Enable flagged message handling

Full Access
Question # 86

Which two capabilities of Integration APIs are utilized with Cisco DNA center? (Choose two)

A.

Upgrade software on switches and routers

B.

Third party reporting

C.

Connect to ITSM platforms

D.

Create new SSIDs on a wireless LAN controller

E.

Automatically deploy new virtual routers

Full Access
Question # 87

Which technology must be used to implement secure VPN connectivity among company branches over a

private IP cloud with any-to-any scalable connectivity?

A.

DMVPN

B.

FlexVPN

C.

IPsec DVTI

D.

GET VPN

Full Access
Question # 88

Which service allows a user export application usage and performance statistics with Cisco Application Visibility

and control?

A.

SNORT

B.

NetFlow

C.

SNMP

D.

802.1X

Full Access
Question # 89

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A.

application settings

B.

content categories

C.

security settings

D.

destination lists

Full Access
Question # 90

Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

A.

put

B.

options

C.

get

D.

push

E.

connect

Full Access
Question # 91

Which solution allows an administrator to provision, monitor, and secure mobile devices on Windows and Mac computers from a centralized dashboard?

A.

Cisco Umbrella

B.

Cisco AMP for Endpoints

C.

Cisco ISE

D.

Cisco Stealthwatch

Full Access
Question # 92

What is a capability of Cisco ASA Netflow?

A.

It filters NSEL events based on traffic

B.

It generates NSEL events even if the MPF is not configured

C.

It logs all event types only to the same collector

D.

It sends NetFlow data records from active and standby ASAs in an active standby failover pair

Full Access
Question # 93

An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?

A.

Identity the network IPs and place them in a blocked list.

B.

Modify the advanced custom detection list to include these files.

C.

Create an application control blocked applications list.

D.

Add a list for simple custom detection.

Full Access
Question # 94

Which type of API is being used when a controller within a software-defined network architecture dynamically

makes configuration changes on switches within the network?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 95

How does a cloud access security broker function?

A.

It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution

B.

lt integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution

C.

It acts as a security information and event management solution and receives syslog from other cloud solutions.

D.

It scans other cloud solutions being used within the network and identifies vulnerabilities

Full Access
Question # 96

Which two products are used to forecast capacity needs accurately in real time? (Choose two.)

A.

Cisco Secure Workload

B.

Cisco Umbrella

C.

Cisco Workload Optimization Manager

D.

Cisco AppDynamics

E.

Cisco Cloudlock

Full Access
Question # 97

In which two customer environments is the Cisco Secure Web Appliance Virtual connector traffic direction method selected? (Choose two.)

A.

Customer needs to support roaming users.

B.

Customer does not own Cisco hardware and needs Transparent Redirection (WCCP).

C.

Customer owns ASA Appliance and Virtual Form Factor is required.

D.

Customer does not own Cisco hardware and needs Explicit Proxy.

E.

Customer owns ASA Appliance and SSL Tunneling is required.

Full Access
Question # 98

An engineer integrates Cisco FMC and Cisco ISE using pxGrid Which role is assigned for Cisco FMC?

A.

client

B.

server

C.

controller

D.

publisher

Full Access
Question # 99

How is ICMP used an exfiltration technique?

A.

by flooding the destination host with unreachable packets

B.

by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

C.

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

D.

by overwhelming a targeted host with ICMP echo-request packets

Full Access
Question # 100

What provides total management for mobile and PC including managing inventory and device tracking, remote view, and live troubleshooting using the included native remote desktop support?

A.

mobile device management

B.

mobile content management

C.

mobile application management

D.

mobile access management

Full Access
Question # 101

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

A.

WSAv performance

B.

AVC performance

C.

OTCP performance

D.

RTP performance

Full Access
Question # 102

Refer to the exhibit.

What is the result of this Python script of the Cisco DNA Center API?

A.

adds authentication to a switch

B.

adds a switch to Cisco DNA Center

C.

receives information about a switch

D.

deletes a switch from Cisco DNA Center

Full Access
Question # 103

What is the purpose of joining Cisco WSAs to an appliance group?

A.

All WSAs in the group can view file analysis results.

B.

The group supports improved redundancy

C.

It supports cluster operations to expedite the malware analysis process.

D.

It simplifies the task of patching multiple appliances.

Full Access
Question # 104

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization

needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of

172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

A.

crypto ca identity 172.19.20.24

B.

crypto isakmp key Cisco0123456789 172.19.20.24

C.

crypto enrollment peer address 172.19.20.24

D.

crypto isakmp identity address 172.19.20.24

Full Access
Question # 105

Refer to the exhibit. The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

A.

P2 and P3 only

B.

P2, P3, and P6 only

C.

P5, P6, and P7 only

D.

P1, P2, P3, and P4 only

Full Access
Question # 106

Which posture assessment requirement provides options to the client for remediation and requires the

remediation within a certain timeframe?

A.

Audit

B.

Mandatory

C.

Optional

D.

Visibility

Full Access
Question # 107

Which Cisco ASA Platform mode disables the threat detection features except for Advanced Threat Statistics?

A.

cluster

B.

transparent

C.

routed

D.

multiple context

Full Access
Question # 108

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

A.

Windows service

B.

computer identity

C.

user identity

D.

Windows firewall

E.

default browser

Full Access
Question # 109

Which command is used to log all events to a destination colector 209.165.201.107?

A.

CiscoASA(config-pmap-c)#flow-export event-type flow-update destination 209.165.201.10

B.

CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.

C.

CiscoASA(config-pmap-c)#flow-export event-type all destination 209.165.201.10

D.

CiscoASA(config-cmap)#flow-export event-type flow-update destination 209.165.201.10

Full Access
Question # 110

What are two benefits of Flexible NetFlow records? (Choose two)

A.

They allow the user to configure flow information to perform customized traffic identification

B.

They provide attack prevention by dropping the traffic

C.

They provide accounting and billing enhancements

D.

They converge multiple accounting technologies into one accounting mechanism

E.

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

Full Access
Question # 111

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?

A.

ntp peer 1.1.1.1 key 1

B.

ntp server 1.1.1.1 key 1

C.

ntp server 1.1.1.2 key 1

D.

ntp peer 1.1.1.2 key 1

Full Access
Question # 112

Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organization’s cloud environment?

A.

Cisco CSR1000v

B.

Cisco Secure Workload

C.

Cisco DNA

D.

Cisco FTD

Full Access
Question # 113

What is a benefit of using a multifactor authentication strategy?

A.

It provides visibility into devices to establish device trust.

B.

It provides secure remote access for applications.

C.

It provides an easy, single sign-on experience against multiple applications

D.

lt protects data by enabling the use of a second validation of identity.

Full Access
Question # 114

Which solution supports high availability in routed or transparent mode as well as in northbound and

southbound deployments?

A.

Cisco FTD with Cisco ASDM

B.

Cisco FTD with Cisco FMC

C.

Cisco Firepower NGFW physical appliance with Cisco. FMC

D.

Cisco Firepower NGFW Virtual appliance with Cisco FMC

Full Access
Question # 115

Refer to the exhibit.

What will happen when the Python script is executed?

A.

The hostname will be translated to an IP address and printed.

B.

The hostname will be printed for the client in the client ID field.

C.

The script will pull all computer hostnames and print them.

D.

The script will translate the IP address to FODN and print it

Full Access
Question # 116

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively u: of the default policy elements. What else must be done to accomplish this task?

A.

Add the specified addresses to the identities list and create a block action.

B.

Create a destination list for addresses to be allowed or blocked.

C.

Use content categories to block or allow specific addresses.

D.

Modify the application settings to allow only applications to connect to required addresses.

Full Access
Question # 117

How does Cisco Stealthwatch Cloud provide security for cloud environments?

A.

It delivers visibility and threat detection.

B.

It prevents exfiltration of sensitive data.

C.

It assigns Internet-based DNS protection for clients and servers.

D.

It facilitates secure connectivity between public and private networks.

Full Access
Question # 118

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

A.

Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.

B.

Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.

C.

Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.

D.

Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

Full Access
Question # 119

When a next-generation endpoint security solution is selected for a company, what are two key

deliverables that help justify the implementation? (Choose two.)

A.

signature-based endpoint protection on company endpoints

B.

macro-based protection to keep connected endpoints safe

C.

continuous monitoring of all files that are located on connected endpoints

D.

email integration to protect endpoints from malicious content that is located in email

E.

real-time feeds from global threat intelligence centers

Full Access
Question # 120

Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches?

A.

REST APIs

B.

Northbound APIs

C.

Unprotected APIs

D.

Southbound APIs

Full Access
Question # 121

Refer to the exhibit.

What does the API key do while working with https://api.amp.cisco.com/v1/computers?

A.

displays client ID

B.

HTTP authorization

C.

Imports requests

D.

HTTP authentication

Full Access
Question # 122

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)

A.

GET

B.

CONNECT

C.

PUSH

D.

OPTIONS

E.

PUT

Full Access
Question # 123

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A.

consumption

B.

sharing

C.

analysis

D.

authoring

Full Access
Question # 124

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a

connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

A.

Cisco Firepower

B.

Cisco Umbrella

C.

ISE

D.

AMP

Full Access
Question # 125

Which key feature of Cisco ZFW is unique among other Cisco IOS firewall solutions?

A.

Security levels

B.

Stateless inspection

C.

Security zones

D.

SSL inspection

Full Access
Question # 126

Which technology must De used to Implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A.

GET VPN

B.

IPsec DVTI

C.

DMVPN

D.

FlexVPN

Full Access
Question # 127

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management

port conflicts with other communications on the network and must be changed. What must be done to ensure

that all devices can communicate together?

A.

Manually change the management port on Cisco FMC and all managed Cisco FTD devices

B.

Set the tunnel to go through the Cisco FTD

C.

Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTDdevices

D.

Set the tunnel port to 8305

Full Access
Question # 128

Which two kinds of attacks are prevented by multifactor authentication? (Choose two)

A.

phishing

B.

brute force

C.

man-in-the-middle

D.

DDOS

E.

teardrop

Full Access
Question # 129

Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?

A.

imports requests

B.

HTTP authorization

C.

HTTP authentication

D.

plays dent ID

Full Access
Question # 130

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Full Access
Question # 131

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Full Access
Question # 132

Which two Cisco ISE components must be configured for BYOD? (Choose two.)

A.

local WebAuth

B.

central WebAuth

C.

null WebAuth

D.

guest

E.

dual

Full Access
Question # 133

A company identified a phishing vulnerability during a pentest. What are two ways the company can protect employees from the attack? (Choose two.)

A.

using Cisco Umbrella

B.

using Cisco FTD

C.

using Cisco ISE

D.

using Cisco Secure Email Gateway

E.

using an inline IPS/IDS in the network

Full Access
Question # 134

Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two.)

A.

It must include the current date.

B.

It must reside in the trusted store of the WSA.

C.

It must reside in the trusted store of the endpoint.

D.

It must have been signed by an internal CA.

E.

it must contain a SAN.

Full Access
Question # 135

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Full Access
Question # 136

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco Secure Email Gateway?

A.

outbreakconfig

B.

websecurityconfig

C.

webadvancedconfig

D.

websecurityadvancedconfig

Full Access
Question # 137

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

A.

It allows traffic if it does not meet the profile.

B.

It defines a traffic baseline for traffic anomaly deduction.

C.

It inspects hosts that meet the profile with more intrusion rules.

D.

It blocks traffic if it does not meet the profile.

Full Access
Question # 138

What is a benefit of flexible NetFlow records?

A.

They are used for security

B.

They are used for accounting

C.

They monitor a packet from Layer 2 to Layer 5

D.

They have customized traffic identification

Full Access
Question # 139

Which endpoint solution protects a user from a phishing attack?

A.

Cisco Identity Services Engine

B.

Cisco AnyConnect with ISE Posture module

C.

Cisco AnyConnect with Network Access Manager module

D.

Cisco AnyConnect with Umbrella Roaming Security module

Full Access
Question # 140

What is the most commonly used protocol for network telemetry?

A.

SMTP

B.

SNMP

C.

TFTP

D.

NctFlow

Full Access
Question # 141

Which function is performed by certificate authorities but is a limitation of registration authorities?

A.

accepts enrollment requests

B.

certificate re-enrollment

C.

verifying user identity

D.

CRL publishing

Full Access
Question # 142

What are the components of endpoint protection against social engineering attacks?

A.

IPsec

B.

IDS

C.

Firewall

D.

Cisco Secure Email Gateway

Full Access
Question # 143

What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and

infrastructure automation?

A.

continuous integration and continuous deployment

B.

cloud application security broker

C.

compile-time instrumentation

D.

container orchestration

Full Access
Question # 144

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

A.

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B.

Cisco FTDv with one management interface and two traffic interfaces configured

C.

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D.

Cisco FTDv with two management interfaces and one traffic interface configured

E.

Cisco FTDv configured in routed mode and IPv6 configured

Full Access
Question # 145

How does the Cisco WSA enforce bandwidth restrictions for web applications?

A.

It implements a policy route to redirect application traffic to a lower-bandwidth link.

B.

It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA.

C.

It sends commands to the uplink router to apply traffic policing to the application traffic.

D.

It simulates a slower link by introducing latency into application traffic.

Full Access
Question # 146

Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?

A.

buffer overflow

B.

browser WGET

C.

SQL injection

D.

cross-site scripting

Full Access
Question # 147

What is the benefit of integrating Cisco ISE with a MDM solution?

A.

It provides compliance checks for access to the network

B.

It provides the ability to update other applications on the mobile device

C.

It provides the ability to add applications to the mobile device through Cisco ISE

D.

It provides network device administration access

Full Access
Question # 148

A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish

this goal?

A.

3

B.

5

C.

10

D.

1

Full Access
Question # 149

What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

A.

It defines what data is going to be encrypted via the VPN

B.

lt configures the pre-shared authentication key

C.

It prevents all IP addresses from connecting to the VPN server.

D.

It configures the local address for the VPN server.

Full Access
Question # 150

Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.)

A.

TACACS+

B.

CHAP

C.

NTLMSSP

D.

RADIUS

E.

Kerberos

Full Access
Question # 151

While using Cisco Secure Firewall's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)

A.

URLs

B.

MAC addresses

C.

Port numbers

D.

IP addresses

E.

Protocol IDs

Full Access
Question # 152

Which capability is provided by application visibility and control?

A.

reputation filtering

B.

data obfuscation

C.

data encryption

D.

deep packet inspection

Full Access
Question # 153

How does Cisco Umbrella protect clients when they operate outside of the corporate network?

A.

by modifying the registry for DNS lookups

B.

by using Active Directory group policies to enforce Cisco Umbrella DNS servers

C.

by using the Cisco Umbrella roaming client

D.

by forcing DNS queries to the corporate name servers

Full Access
Question # 154

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Full Access
Question # 155

What is a commonality between DMVPN and FlexVPN technologies?

A.

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

B.

FlexVPN and DMVPN use the new key management protocol

C.

FlexVPN and DMVPN use the same hashing algorithms

D.

IOS routers run the same NHRP code for DMVPN and FlexVPN

Full Access
Question # 156

Which option is the main function of Cisco Firepower impact flags?

A.

They alert administrators when critical events occur.

B.

They highlight known and suspected malicious IP addresses in reports.

C.

They correlate data about intrusions and vulnerability.

D.

They identify data that the ASA sends to the Firepower module.

Full Access
Question # 157

Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?

A.

Configure an advanced custom detection list.

B.

Configure an IP Block & Allow custom detection list

C.

Configure an application custom detection list

D.

Configure a simple custom detection list

Full Access
Question # 158

Refer to the exhibit.

What does the number 15 represent in this configuration?

A.

privilege level for an authorized user to this router

B.

access list that identifies the SNMP devices that can access the router

C.

interval in seconds between SNMPv3 authentication attempts

D.

number of possible failed attempts until the SNMPv3 user is locked out

Full Access
Question # 159

What is a benefit of using GET VPN over FlexVPN within a VPN deployment?

A.

GET VPN supports Remote Access VPNs

B.

GET VPN natively supports MPLS and private IP networks

C.

GET VPN uses multiple security associations for connections

D.

GET VPN interoperates with non-Cisco devices

Full Access
Question # 160

Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

A.

Port

B.

Rule

C.

Source

D.

Application

E.

Protocol

Full Access
Question # 161

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?

(Choose two)

A.

Outgoing traffic is allowed so users can communicate with outside organizations.

B.

Malware infects the messenger application on the user endpoint to send company data.

C.

Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

D.

An exposed API for the messaging platform is used to send large amounts of data.

E.

Messenger applications cannot be segmented with standard network controls

Full Access
Question # 162

Which security solution is used for posture assessment of the endpoints in a BYOD solution?

A.

Cisco FTD

B.

Cisco ASA

C.

Cisco Umbrella

D.

Cisco ISE

Full Access
Question # 163

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

A.

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.

With an on-premise solution, the customer is responsible for the installation and maintenance of theproduct, whereas with a cloud-based solution, the provider is responsible for it.

Full Access
Question # 164

What are two Trojan malware attacks? (Choose two)

A.

Frontdoor

B.

Rootkit

C.

Smurf

D.

Backdoor

E.

Sync

Full Access
Question # 165

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements.

What else must be done to accomplish this task?

A.

Modify the application settings to allow only applications to connect to required addresses.

B.

Create a destination list for addresses to be allowed or blocked.

C.

Add the specified addresses to the identities list and create a block action.

D.

Use content categories to block or allow specific addresses.

Full Access
Question # 166

Refer to the exhibit.

What are two indications of the Cisco Firepower Services Module configuration?

(Choose two.)

A.

The module is operating in IDS mode.

B.

Traffic is blocked if the module fails.

C.

The module fails to receive redirected traffic.

D.

The module is operating in IPS mode.

E.

Traffic continues to flow if the module fails.

Full Access
Question # 167

A network engineer must configure a Cisco Secure Email Gateway to prompt users to enter two forms of information before gaining access. The Secure Email Gateway must also join a cluster machine using preshared keys. What must be configured to meet these requirements?

A.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Secure Email Gateway CLI.

B.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Secure Email Gateway CLI.

C.

Enable two-factor authentication through a RADIUS server and then join the cluster by using the Secure Email Gateway GUI.

D.

Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Secure Email Gateway GUI.

Full Access
Question # 168

Which attack gives unauthorized access to files on the web server?

A.

Distributed DoS

B.

Broadcast storm

C.

DHCP snooping

D.

Path traversal

Full Access
Question # 169

During a recent security audit a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command The VPN peer is a SOHO router with a dynamically assigned IP address Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn sohoroutercompany.com In addition to the command crypto isakmp key Cisc425007536 hostname vpn.sohoroutercompany.com what other two commands are now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two)

A.

ip host vpn.sohoroutercompany.eom

B.

crypto isakmp identity hostname

C.

Add the dynamic keyword to the existing crypto map command

D.

fqdn vpn.sohoroutercompany.com

E.

ip name-server

Full Access
Question # 170

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Full Access
Question # 171

Refer to the exhibit. An engineer must configure a new Cisco ISE backend server as a RADIUS server to provide AAA for all access requests from the client to the ISE-Frontend server.

Which Cisco ISE configuration must be used?

A.

Set 10.11.1.2 as a network device in ISE-Frontend. Set port 1700/2083 for RADIUS authentication.

B.

Set 10.11.1.1 as the external RADIUS server in ISE-Frontend. Set ports 1812/1813 for authentication and accounting.

C.

Set 10.11.1.2 as the external RADIUS server in ISE-Frontend. Set ports 1812/1813 for authentication and accounting.

D.

Set 10.11.1.1 as a network device in ISE-Frontend. Set ports 1700/2083 for RADIUS authentication.

Full Access
Question # 172

Which two activities can be done using Cisco DNA Center? (Choose two)

A.

DHCP

B.

Design

C.

Accounting

D.

DNS

E.

Provision

Full Access
Question # 173

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

A.

Configure the *.com address in the block list.

B.

Configure the *.domain.com address in the block list

C.

Configure the *.domain.com address in the block list

D.

Configure the domain.com address in the block list

Full Access
Question # 174

A security engineer must create a policy based on the reputation verdict of a file from a Cisco Secure Email Gateway. The file with an undetermined verdict must be dropped. Which action must the security engineer take to meet the requirement?

A.

Configure threshold settings for files with no score to be allowed.

B.

Set up a policy to automatically drop files with no reputation score.

C.

Implement a policy to disable file analysis.

D.

Create a policy to send a file to quarantine.

Full Access
Question # 175

Refer to the exhibit.

Consider that any feature of DNS requests, such as the length off the domain name

and the number of subdomains, can be used to construct models of expected behavior to which

observed values can be compared. Which type of malicious attack are these values associated with?

A.

Spectre Worm

B.

Eternal Blue Windows

C.

Heartbleed SSL Bug

D.

W32/AutoRun worm

Full Access
Question # 176

Which baseline form of telemetry is recommended for network infrastructure devices?

A.

SDNS

B.

NetFlow

C.

passive taps

D.

SNMP

Full Access
Question # 177

An engineer must deploy a Cisco Secure Web Appliance. Antimalware scanning must use the Outbreak Heuristics antimalware category on files identified as malware before performing any other processes. What must be configured on the Secure Web Appliance to meet the requirements?

A.

Sophos scanning engine

B.

Webroot scanning engine

C.

McAfee scanning engine

D.

Adaptive Scanning

Full Access
Question # 178

How does Cisco Advanced Phishing Protection protect users?

A.

It validates the sender by using DKIM.

B.

It determines which identities are perceived by the sender

C.

It utilizes sensors that send messages securely.

D.

It uses machine learning and real-time behavior analytics.

Full Access
Question # 179

An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?

A.

Configure Dynamic ARP inspection and add entries in the DHCP snooping database.

B.

Configure DHCP snooping and set trusted interfaces for all client connections.

C.

Configure Dynamic ARP inspection and antispoofing ACLs in the DHCP snooping database.

D.

Configure DHCP snooping and set a trusted interface for the DHCP server.

Full Access
Question # 180

Drag and drop the posture assessment flow actions from the left into a sequence on the right.

Full Access
Question # 181

A network administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants lo limit the strain on firewall resources. Which method must the administrator use to send these logs to Cisco Security Analytics and Logging?

A.

SFTP using the FMCCLI

B.

syslog using the Secure Event Connector

C.

direct connection using SNMP traps

D.

HTTP POST using the Security Analytics FMC plugin

Full Access
Question # 182

An engineer is configuring Cisco Secure Endpoint to enhance security by preventing the execution of certain files by users. The engineer needs to ensure that the specific executable file name Cisco_Software_0505446151.exe is blocked from running while never being quarantined. What must the engineer configure to meet the requirement?

A.

Create advanced custom detection list.

B.

Configure application control blocked applications list.

C.

Implement simple custom detection list.

D.

Enable scheduled scans to detect and block the executable files.

Full Access
Question # 183

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention

System?

A.

Correlation

B.

Intrusion

C.

Access Control

D.

Network Discovery

Full Access
Question # 184

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A.

multiple context mode

B.

user deployment of Layer 3 networks

C.

IPv6

D.

clustering

Full Access
Question # 185

A network administrator needs a solution to match traffic and allow or deny the traffic based on the type of application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to meet this requirement?

A.

Next-generation Intrusion Prevention System

B.

Next-generation Firewall

C.

Web Application Firewall

D.

Intrusion Detection System

Full Access
Question # 186

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

A.

Multiple routers or VRFs are required.

B.

Traffic is distributed statically by default.

C.

Floating static routes are required.

D.

HSRP is used for faliover.

Full Access
Question # 187

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?

A.

CNAME

B.

MX

C.

SPF

D.

DKIM

Full Access
Question # 188

Refer to the exhibit.

Which command was used to generate this output and to show which ports are

authenticating with dot1x or mab?

A.

show authentication registrations

B.

show authentication method

C.

show dot1x all

D.

show authentication sessions

Full Access
Question # 189

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

A.

Change isakmp to ikev2 in the command on hostA.

B.

Enter the command with a different password on hostB.

C.

Enter the same command on hostB.

D.

Change the password on hostA to the default password.

Full Access
Question # 190

Which type of DNS abuse exchanges data between two computers even when there is no direct connection?

A.

Malware installation

B.

Command-and-control communication

C.

Network footprinting

D.

Data exfiltration

Full Access
Question # 191

What is the role of an endpoint in protecting a user from a phishing attack?

A.

Use Cisco Stealthwatch and Cisco ISE Integration.

B.

Utilize 802.1X network security to ensure unauthorized access to resources.

C.

Use machine learning models to help identify anomalies and determine expected sending behavior.

D.

Ensure that antivirus and anti malware software is up to date

Full Access
Question # 192

What are two benefits of workload security? (Choose two.)

A.

Tracked application security

B.

Automated patching

C.

Reduced attack surface

D.

Scalable security policies

E.

Workload modeling

Full Access
Question # 193

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?

A.

reset

B.

buffer

C.

pass

D.

drop

Full Access
Question # 194

An engineer implements Cisco CloudLock to secure a Microsoft Office 365 application in the cloud. The engineer must configure protection for corporate files in case of any incidents. Which two actions must be taken to complete the implementation? (Choose two.)

A.

Expire the public share URL

B.

Send Cisco Webex message to specified users when an incident is triggered

C.

Transfer ownership of the files to a specified owner and folder

D.

Remove all users as collaborators on the files

E.

Disable the ability for commenters and viewers to download and copy the files

Full Access
Question # 195

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A.

file access from a different user

B.

interesting file access

C.

user login suspicious behavior

D.

privilege escalation

Full Access
Question # 196

Which Cisco Umbrella package supports selective proxy for Inspection of traffic from risky domains?

A.

SIG Advantage

B.

DNS Security Essentials

C.

SIG Essentials

D.

DNS Security Advantage

Full Access
Question # 197

Drag and drop the VPN functions from the left onto the description on the right.

Full Access
Question # 198

Refer to the exhibit. Which configuration item makes it possible to have the AAA session on the network?

A.

aaa authorization exec default ise

B.

aaa authentication enable default enable

C.

aaa authorization network default group ise

D.

aaa authorization login console ise

Full Access
Question # 199

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?

A.

When there is a need to have more advanced detection capabilities

B.

When there is a need for traditional anti-malware detection

C.

When there is no need to have the solution centrally managed

D.

When there is no firewall on the network

Full Access
Question # 200

A company identified a phishing vulnerability during a pentest What are two ways the company can protect employees from the attack? (Choose two.)

A.

using Cisco Umbrella

B.

using Cisco ESA

C.

using Cisco FTD

D.

using an inline IPS/IDS in the network

E.

using Cisco ISE

Full Access
Question # 201

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

A.

Encrypted Traffic Analytics

B.

Threat Intelligence Director

C.

Cognitive Threat Analytics

D.

Cisco Talos Intelligence

Full Access
Question # 202

Why is it important to have a patching strategy for endpoints?

A.

to take advantage of new features released with patches

B.

so that functionality is increased on a faster scale when it is used

C.

so that known vulnerabilities are targeted and having a regular patch cycle reduces risks

D.

so that patching strategies can assist with disabling nonsecure protocols in applications

Full Access
Question # 203

A Cisco Secure Cloud Analytics administrator is setting up a private network monitor sensor to monitor an on-premises environment. Which two pieces of information from the sensor are used to link to the Secure Cloud Analytics portal? (Choose two.)

A.

Unique service key

B.

NAT ID

C.

SSL certificate

D.

Public IP address

E.

Private IP address

Full Access
Question # 204

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures The configuration is created in the simple detection policy section, but it does not work What is the reason for this failure?

A.

The administrator must upload the file instead of the hash for Cisco AMP to use.

B.

The MD5 hash uploaded to the simple detection policy is in the incorrect format

C.

The APK must be uploaded for the application that the detection is intended

D.

Detections for MD5 signatures must be configured in the advanced custom detection policies

Full Access
Question # 205

When network telemetry is implemented, what is important to be enabled across all network infrastructure devices to correlate different sources?

A.

CDP

B.

NTP

C.

syslog

D.

DNS

Full Access
Question # 206

What is a description of microsegmentation?

A.

Environments apply a zero-trust model and specify how applications on different servers or containers can communicate

B.

Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery

C.

Environments implement private VLAN segmentation to group servers with similar applications.

D.

Environments deploy centrally managed host-based firewall rules on each server or container

Full Access
Question # 207

Which process is used to obtain a certificate from a CA?

A.

Registration

B.

Enrollment

C.

Signing

D.

Approval

Full Access
Question # 208

What is a difference between DMVPN and sVTI?

A.

DMVPN supports tunnel encryption, whereas sVTI does not.

B.

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.

DMVPN provides interoperability with other vendors, whereas sVTI does not.

Full Access
Question # 209

What is a characteristic of Firepower NGIPS inline deployment mode?

A.

ASA with Firepower module cannot be deployed.

B.

It cannot take actions such as blocking traffic.

C.

It is out-of-band from traffic.

D.

It must have inline interface pairs configured.

Full Access
Question # 210

Which feature requires that network telemetry be enabled?

A.

per-interface stats

B.

SNMP trap notification

C.

Layer 2 device discovery

D.

central syslog system

Full Access
Question # 211

An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?

A.

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

B.

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

C.

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

D.

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

Full Access
Question # 212

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Full Access
Question # 213

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

A.

webadvancedconfig

B.

websecurity advancedconfig

C.

outbreakconfig

D.

websecurity config

Full Access
Question # 214

Which Cisco AMP file disposition valid?

A.

pristine

B.

malware

C.

dirty

D.

non malicious

Full Access
Question # 215

Why is it important to implement MFA inside of an organization?

A.

To prevent man-the-middle attacks from being successful.

B.

To prevent DoS attacks from being successful.

C.

To prevent brute force attacks from being successful.

D.

To prevent phishing attacks from being successful.

Full Access
Question # 216

Which type of attack is social engineering?

A.

trojan

B.

phishing

C.

malware

D.

MITM

Full Access
Question # 217

How does Cisco Secure Endpoint provide next-generation protection?

A.

It integrates with Cisco FTD devices.

B.

It encrypts data on user endpoints to protect against ransomware.

C.

It leverages an endpoint protection platform and endpoint detection and response.

D.

It utilizes Cisco pxGrid, which allows Secure Endpoint to pull threat feeds from threat intelligence centers.

Full Access