March Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Implementing and Operating Cisco Security Core Technologies (SCOR) Question and Answers

Implementing and Operating Cisco Security Core Technologies (SCOR)

Last Update Mar 29, 2024
Total Questions : 633

We are offering FREE 350-701 Cisco exam questions. All you do is to just go and sign up. Give your details, prepare 350-701 free exam questions and then go for complete pool of Implementing and Operating Cisco Security Core Technologies (SCOR) test questions that will help you more.

350-701 pdf

350-701 PDF

$38.5  $109.99
350-701 Engine

350-701 Testing Engine

$45.5  $129.99
350-701 PDF + Engine

350-701 PDF + Testing Engine

$59.5  $169.99
Questions 1

Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?

Options:

A.  

routed mode

B.  

transparent mode

C.  

single context mode

D.  

multiple context mode

Discussion 0
Questions 2

Which standard is used to automate exchanging cyber threat information?

Options:

A.  

TAXII

B.  

MITRE

C.  

IoC

D.  

STIX

Discussion 0
Questions 3

Which baseline form of telemetry is recommended for network infrastructure devices?

Options:

A.  

SDNS

B.  

NetFlow

C.  

passive taps

D.  

SNMP

Discussion 0
Questions 4

A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?

Options:

A.  

file prevalence

B.  

file discovery

C.  

file conviction

D.  

file manager

Discussion 0
Questions 5

Which Cisco Umbrella package supports selective proxy for Inspection of traffic from risky domains?

Options:

A.  

SIG Advantage

B.  

DNS Security Essentials

C.  

SIG Essentials

D.  

DNS Security Advantage

Discussion 0
Questions 6

Refer to the exhibit.

How does Cisco Umbrella manage traffic that is directed toward risky domains?

Options:

A.  

Traffic is proximed through the intelligent proxy.

B.  

Traffic is managed by the security settings and blocked.

C.  

Traffic is managed by the application settings, unhandled and allowed.

D.  

Traffic is allowed but logged.

Discussion 0
Questions 7

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

Options:

A.  

Use MAB with profiling

B.  

Use MAB with posture assessment.

C.  

Use 802.1X with posture assessment.

D.  

Use 802.1X with profiling.

Discussion 0
Questions 8

A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

Options:

A.  

Cisco NGFW

B.  

Cisco AnyConnect

C.  

Cisco AMP for Endpoints

D.  

Cisco Duo

Discussion 0
Questions 9

Which factor must be considered when choosing the on-premise solution over the cloud-based one?

Options:

A.  

With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it

B.  

With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

C.  

With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.

D.  

With an on-premise solution, the customer is responsible for the installation and maintenance of the

product, whereas with a cloud-based solution, the provider is responsible for it.

Discussion 0
Questions 10

What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

Options:

A.  

The Cisco WSA responds with its own IP address only if it is running in explicit mode.

B.  

The Cisco WSA is configured in a web browser only if it is running in transparent mode.

C.  

The Cisco WSA responds with its own IP address only if it is running in transparent mode.

D.  

The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

E.  

When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

Discussion 0
Questions 11

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

Options:

A.  

Multiple routers or VRFs are required.

B.  

Traffic is distributed statically by default.

C.  

Floating static routes are required.

D.  

HSRP is used for faliover.

Discussion 0
Questions 12

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

Options:

A.  

to prevent theft of the endpoints

B.  

because defense-in-depth stops at the network

C.  

to expose the endpoint to more threats

D.  

because human error or insider threats will still exist

Discussion 0
Questions 13

Drag and drop the threats from the left onto examples of that threat on the right

Options:

Discussion 0
Questions 14

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

Options:

A.  

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.  

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.  

Enter the shutdown and no shutdown commands on the interfaces.

D.  

Enable the snmp-server enable traps command and wait 300 seconds

E.  

Ensure that interfaces are configured with the error-disable detection and recovery feature

Discussion 0
Questions 15

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

Options:

A.  

Configure incoming content filters

B.  

Use Bounce Verification

C.  

Configure Directory Harvest Attack Prevention

D.  

Bypass LDAP access queries in the recipient access table

Discussion 0
Questions 16

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing

authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

Options:

A.  

Adaptive Network Control Policy List

B.  

Context Visibility

C.  

Accounting Reports

D.  

RADIUS Live Logs

Discussion 0
Questions 17

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

Options:

A.  

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.  

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.  

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.  

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Discussion 0
Questions 18

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

Options:

A.  

westbound AP

B.  

southbound API

C.  

northbound API

D.  

eastbound API

Discussion 0
Questions 19

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

Options:

A.  

It allows multiple security products to share information and work together to enhance security posture in the network.

B.  

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.  

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.  

It integrates with third-party products to provide better visibility throughout the network.

E.  

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Discussion 0
Questions 20

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Options:

A.  

Cisco Cloudlock

B.  

Cisco Umbrella

C.  

Cisco AMP

D.  

Cisco App Dynamics

Discussion 0
Questions 21

Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Options:

Discussion 0
Questions 22

In an IaaS cloud services model, which security function is the provider responsible for managing?

Options:

A.  

Internet proxy

B.  

firewalling virtual machines

C.  

CASB

D.  

hypervisor OS hardening

Discussion 0
Questions 23

Which Dos attack uses fragmented packets to crash a target machine?

Options:

A.  

smurf

B.  

MITM

C.  

teardrop

D.  

LAND

Discussion 0
Questions 24

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Options:

Discussion 0
Questions 25

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the

command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

Options:

A.  

The key server that is managing the keys for the connection will be at 1.2.3.4

B.  

The remote connection will only be allowed from 1.2.3.4

C.  

The address that will be used as the crypto validation authority

D.  

All IP addresses other than 1.2.3.4 will be allowed

Discussion 0
Questions 26

Which type of API is being used when a controller within a software-defined network architecture dynamically

makes configuration changes on switches within the network?

Options:

A.  

westbound AP

B.  

southbound API

C.  

northbound API

D.  

eastbound API

Discussion 0
Questions 27

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast

packets have been flooding the network. What must be configured, based on a predefined threshold, to

address this issue?

Options:

A.  

Bridge Protocol Data Unit guard

B.  

embedded event monitoring

C.  

storm control

D.  

access control lists

Discussion 0
Questions 28

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

Options:

A.  

Cisco Advanced Malware Protection

B.  

Cisco Stealthwatch

C.  

Cisco Identity Services Engine

D.  

Cisco AnyConnect

Discussion 0
Questions 29

What are two functions of secret key cryptography? (Choose two)

Options:

A.  

key selection without integer factorization

B.  

utilization of different keys for encryption and decryption

C.  

utilization of large prime number iterations

D.  

provides the capability to only know the key on one side

E.  

utilization of less memory

Discussion 0
Questions 30

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization

needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of

172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

Options:

A.  

crypto ca identity 172.19.20.24

B.  

crypto isakmp key Cisco0123456789 172.19.20.24

C.  

crypto enrollment peer address 172.19.20.24

D.  

crypto isakmp identity address 172.19.20.24

Discussion 0
Questions 31

Which technology enables integration between Cisco ISE and other platforms to gather and share

network and vulnerability data and SIEM and location information?

Options:

A.  

pxGrid

B.  

NetFlow

C.  

SNMP

D.  

Cisco Talos

Discussion 0
Questions 32

What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

Options:

A.  

It provides spoke-to-spoke communications without traversing the hub

B.  

It allows different routing protocols to work over the tunnel

C.  

It allows customization of access policies based on user identity

D.  

It allows multiple sites to connect to the data center

E.  

It enables VPN access for individual users from their machines

Discussion 0
Questions 33

Based on the NIST 800-145 guide, which cloud architecture may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises?

Options:

A.  

hybrid cloud

B.  

private cloud

C.  

public cloud

D.  

community cloud

Discussion 0
Questions 34

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

Options:

A.  

Hybrid

B.  

Community

C.  

Private

D.  

Public

Discussion 0
Questions 35

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is

deleted from an identity group?

Options:

A.  

posture assessment

B.  

CoA

C.  

external identity source

D.  

SNMP probe

Discussion 0
Questions 36

Which risk is created when using an Internet browser to access cloud-based service?

Options:

A.  

misconfiguration of infrastructure, which allows unauthorized access

B.  

intermittent connection to the cloud connectors

C.  

vulnerabilities within protocol

D.  

insecure implementation of API

Discussion 0
Questions 37

What is a benefit of performing device compliance?

Options:

A.  

Verification of the latest OS patches

B.  

Device classification and authorization

C.  

Providing multi-factor authentication

D.  

Providing attribute-driven policies

Discussion 0
Questions 38

Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

Options:

Discussion 0
Questions 39

A network administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants lo limit the strain on firewall resources. Which method must the administrator use to send these logs to Cisco Security Analytics and Logging?

Options:

A.  

SFTP using the FMCCLI

B.  

syslog using the Secure Event Connector

C.  

direct connection using SNMP traps

D.  

HTTP POST using the Security Analytics FMC plugin

Discussion 0
Questions 40

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

Options:

A.  

The policy was created to send a message to quarantine instead of drop

B.  

The file has a reputation score that is above the threshold

C.  

The file has a reputation score that is below the threshold

D.  

The policy was created to disable file analysis

Discussion 0
Questions 41

What is the benefit of installing Cisco AMP for Endpoints on a network?

Options:

A.  

It provides operating system patches on the endpoints for security.

B.  

It provides flow-based visibility for the endpoints network connections.

C.  

It enables behavioral analysis to be used for the endpoints.

D.  

It protects endpoint systems through application control and real-time scanning

Discussion 0
Questions 42

How does Cisco Advanced Phishing Protection protect users?

Options:

A.  

It validates the sender by using DKIM.

B.  

It determines which identities are perceived by the sender

C.  

It utilizes sensors that send messages securely.

D.  

It uses machine learning and real-time behavior analytics.

Discussion 0
Questions 43

What are two DDoS attack categories? (Choose two)

Options:

A.  

sequential

B.  

protocol

C.  

database

D.  

volume-based

E.  

screen-based

Discussion 0
Questions 44

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?

Options:

A.  

ntp peer 1.1.1.1 key 1

B.  

ntp server 1.1.1.1 key 1

C.  

ntp server 1.1.1.2 key 1

D.  

ntp peer 1.1.1.2 key 1

Discussion 0
Questions 45

Refer to the exhibit.

What will happen when the Python script is executed?

Options:

A.  

The hostname will be translated to an IP address and printed.

B.  

The hostname will be printed for the client in the client ID field.

C.  

The script will pull all computer hostnames and print them.

D.  

The script will translate the IP address to FODN and print it

Discussion 0
Questions 46

Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?

Options:

A.  

source NAT

B.  

reverse tunnel

C.  

GRE tunnel

D.  

destination NAT

Discussion 0
Questions 47

A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN

and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco

security appliance meets these requirements?

Options:

A.  

Cisco Cloud Orchestrator

B.  

Cisco ASAV

C.  

Cisco WSAV

D.  

Cisco Stealthwatch Cloud

Discussion 0
Questions 48

When MAB is configured for use within the 802.1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password?

Options:

A.  

The MAB uses the IP address as username and password.

B.  

The MAB uses the call-station-ID as username and password.

C.  

Each device must be set manually by the administrator.

D.  

The MAB uses the MAC address as username and password.

Discussion 0
Questions 49

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?

Options:

A.  

Configure the default policy to redirect the requests to the correct policy

B.  

Place the policy with the most-specific configuration last in the policy order

C.  

Configure only the policy with the most recently changed timestamp

D.  

Make the correct policy first in the policy order

Discussion 0
Questions 50

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?

Options:

A.  

Cisco Content Platform

B.  

Cisco Container Controller

C.  

Cisco Container Platform

D.  

Cisco Cloud Platform

Discussion 0
Questions 51

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

Options:

A.  

webadvancedconfig

B.  

websecurity advancedconfig

C.  

outbreakconfig

D.  

websecurity config

Discussion 0
Questions 52

Refer to the exhibit.

Consider that any feature of DNS requests, such as the length off the domain name

and the number of subdomains, can be used to construct models of expected behavior to which

observed values can be compared. Which type of malicious attack are these values associated with?

Options:

A.  

Spectre Worm

B.  

Eternal Blue Windows

C.  

Heartbleed SSL Bug

D.  

W32/AutoRun worm

Discussion 0
Questions 53

What is the function of SDN southbound API protocols?

Options:

A.  

to allow for the dynamic configuration of control plane applications

B.  

to enable the controller to make changes

C.  

to enable the controller to use REST

D.  

to allow for the static configuration of control plane applications

Discussion 0
Questions 54

Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Secure Workload implementation? (Choose two.)

Options:

A.  

ADC

B.  

ERSPAN

C.  

Cisco ASA

D.  

NetFlow

E.  

Cisco Secure Workload

Discussion 0
Questions 55

Which two actions does the Cisco identity Services Engine posture module provide that ensures endpoint security?(Choose two.)

Options:

A.  

The latest antivirus updates are applied before access is allowed.

B.  

Assignments to endpoint groups are made dynamically, based on endpoint attributes.

C.  

Patch management remediation is performed.

D.  

A centralized management solution is deployed.

E.  

Endpoint supplicant configuration is deployed.

Discussion 0
Questions 56

Which technology provides a combination of endpoint protection endpoint detection, and response?

Options:

A.  

Cisco AMP

B.  

Cisco Talos

C.  

Cisco Threat Grid

D.  

Cisco Umbrella

Discussion 0
Questions 57

An engineer is configuring device-hardening on a router in order to prevent credentials from being seen

if the router configuration was compromised. Which command should be used?

Options:

A.  

service password-encryption

B.  

username privilege 15 password

C.  

service password-recovery

D.  

username < username> password

Discussion 0
Questions 58

For a given policy in Cisco Umbrella, how should a customer block website based on a custom list?

Options:

A.  

by specifying blocked domains in me policy settings

B.  

by specifying the websites in a custom blocked category

C.  

by adding the websites to a blocked type destination list

D.  

by adding the website IP addresses to the Cisco Umbrella blocklist

Discussion 0
Questions 59

Which system performs compliance checks and remote wiping?

Options:

A.  

MDM

B.  

ISE

C.  

AMP

D.  

OTP

Discussion 0
Questions 60

A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?

Options:

A.  

Create an IP block list for the website from which the file was downloaded

B.  

Block the application that the file was using to open

C.  

Upload the hash for the file into the policy

D.  

Send the file to Cisco Threat Grid for dynamic analysis

Discussion 0
Questions 61

An engineer integrates Cisco FMC and Cisco ISE using pxGrid Which role is assigned for Cisco FMC?

Options:

A.  

client

B.  

server

C.  

controller

D.  

publisher

Discussion 0
Questions 62

Which Cisco network security device supports contextual awareness?

Options:

A.  

Firepower

B.  

CISCO ASA

C.  

Cisco IOS

D.  

ISE

Discussion 0
Questions 63

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

Options:

A.  

SDLC

B.  

Docker

C.  

Lambda

D.  

Contiv

Discussion 0
Questions 64

What is a functional difference between Cisco Secure Endpoint and Cisco Umbrella Roaming Client?

Options:

A.  

Secure Endpoint authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.

B.  

Secure Endpoint stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.

C.  

The Umbrella Roaming Client authenticates users and provides segmentation, and Secure Endpoint allows only for VPN connectivity.

D.  

The Umbrella Roaming client stops and tracks malicious activity on hosts, and Secure Endpoint tracks only URL-based threats.

Discussion 0
Questions 65

How is data sent out to the attacker during a DNS tunneling attack?

Options:

A.  

as part of the UDP/53 packet payload

B.  

as part of the domain name

C.  

as part of the TCP/53 packet header

D.  

as part of the DNS response packet

Discussion 0
Questions 66

What is the purpose of the My Devices Portal in a Cisco ISE environment?

Options:

A.  

to register new laptops and mobile devices

B.  

to request a newly provisioned mobile device

C.  

to provision userless and agentless systems

D.  

to manage and deploy antivirus definitions and patches on systems owned by the end user

Discussion 0
Questions 67

Which attack type attempts to shut down a machine or network so that users are not able to access it?

Options:

A.  

smurf

B.  

bluesnarfing

C.  

MAC spoofing

D.  

IP spoofing

Discussion 0
Questions 68

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Options:

Discussion 0
Questions 69

What is a difference between DMVPN and sVTI?

Options:

A.  

DMVPN supports tunnel encryption, whereas sVTI does not.

B.  

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.  

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.  

DMVPN provides interoperability with other vendors, whereas sVTI does not.

Discussion 0
Questions 70

Drag and drop the descriptions from the left onto the correct protocol versions on the right.

Options:

Discussion 0
Questions 71

Drag and drop the solutions from the left onto the solution's benefits on the right.

Options:

Discussion 0
Questions 72

Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

Options:

A.  

configure manager add DONTRESOLVE kregistration key>

B.  

configure manager add 16

C.  

configure manager add DONTRESOLVE FTD123

D.  

configure manager add

Discussion 0
Questions 73

Refer to the exhibit.

Which type of authentication is in use?

Options:

A.  

LDAP authentication for Microsoft Outlook

B.  

POP3 authentication

C.  

SMTP relay server authentication

D.  

external user and relay mail authentication

Discussion 0
Questions 74

A network administrator is configuring SNMPv3 on a new router. The users have already been created;

however, an additional configuration is needed to facilitate access to the SNMP views. What must the

administrator do to accomplish this?

Options:

A.  

map SNMPv3 users to SNMP views

B.  

set the password to be used for SNMPv3 authentication

C.  

define the encryption algorithm to be used by SNMPv3

D.  

specify the UDP port used by SNMP

Discussion 0
Questions 75

An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

Options:

A.  

Set a trusted interface for the DHCP server

B.  

Set the DHCP snooping bit to 1

C.  

Add entries in the DHCP snooping database

D.  

Enable ARP inspection for the required VLAN

Discussion 0
Questions 76

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

Options:

A.  

IKEv1

B.  

AH

C.  

ESP

D.  

IKEv2

Discussion 0
Questions 77

Refer to the exhibit.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

Options:

A.  

No split-tunnel policy is defined on the Firepower Threat Defense appliance.

B.  

The access control policy is not allowing VPN traffic in.

C.  

Site-to-site VPN peers are using different encryption algorithms.

D.  

Site-to-site VPN preshared keys are mismatched.

Discussion 0
Questions 78

What is managed by Cisco Security Manager?

Options:

A.  

access point

B.  

WSA

C.  

ASA

D.  

ESA

Discussion 0
Questions 79

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

Options:

A.  

virtualization

B.  

middleware

C.  

operating systems

D.  

applications

E.  

data

Discussion 0
Questions 80

How does DNS Tunneling exfiltrate data?

Options:

A.  

An attacker registers a domain that a client connects to based on DNS records and sends malware through

that connection.

B.  

An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C.  

An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to

poison the resolutions.

D.  

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious

domain.

Discussion 0
Questions 81

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen

on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose

two)

Options:

A.  

permit

B.  

trust

C.  

reset

D.  

allow

E.  

monitor

Discussion 0
Questions 82

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain

aware of the ongoing and most prevalent threats?

Options:

A.  

PSIRT

B.  

Talos

C.  

CSIRT

D.  

DEVNET

Discussion 0
Questions 83

What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?

Options:

A.  

The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces

B.  

The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot

C.  

The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added

D.  

The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot

Discussion 0
Questions 84

Drag and drop the VPN functions from the left onto the description on the right.

Options:

Discussion 0
Questions 85

What is a key difference between Cisco Firepower and Cisco ASA?

Options:

A.  

Cisco ASA provides access control while Cisco Firepower does not.

B.  

Cisco Firepower provides identity-based access control while Cisco ASA does not.

C.  

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D.  

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Discussion 0
Questions 86

What are two characteristics of Cisco DNA Center APIs? (Choose two)

Options:

A.  

Postman is required to utilize Cisco DNA Center API calls.

B.  

They do not support Python scripts.

C.  

They are Cisco proprietary.

D.  

They quickly provision new devices.

E.  

They view the overall health of the network

Discussion 0
Questions 87

What is an attribute of the DevSecOps process?

Options:

A.  

mandated security controls and check lists

B.  

security scanning and theoretical vulnerabilities

C.  

development security

D.  

isolated security team

Discussion 0
Questions 88

An organization has a Cisco ESA set up with policies and would like to customize the action assigned for

violations. The organization wants a copy of the message to be delivered with a message added to flag it as a

DLP violation. Which actions must be performed in order to provide this capability?

Options:

A.  

deliver and send copies to other recipients

B.  

quarantine and send a DLP violation notification

C.  

quarantine and alter the subject header with a DLP violation

D.  

deliver and add disclaimer text

Discussion 0
Questions 89

What is the role of an endpoint in protecting a user from a phishing attack?

Options:

A.  

Use Cisco Stealthwatch and Cisco ISE Integration.

B.  

Utilize 802.1X network security to ensure unauthorized access to resources.

C.  

Use machine learning models to help identify anomalies and determine expected sending behavior.

D.  

Ensure that antivirus and anti malware software is up to date

Discussion 0
Questions 90

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.

How does the switch behave in this situation?

Options:

A.  

It forwards the packet after validation by using the MAC Binding Table.

B.  

It drops the packet after validation by using the IP & MAC Binding Table.

C.  

It forwards the packet without validation.

D.  

It drops the packet without validation.

Discussion 0
Questions 91

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

Options:

A.  

weak passwords

B.  

lack of input validation

C.  

missing encryption

D.  

lack of file permission

Discussion 0
Questions 92

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)

Options:

A.  

Use outbreak filters from SenderBase

B.  

Enable a message tracking service

C.  

Configure a recipient access table

D.  

Deploy the Cisco ESA in the DMZ

E.  

Scan quarantined emails using AntiVirus signatures

Discussion 0
Questions 93

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Options:

Discussion 0
Questions 94

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with

other cloud solutions via an API. Which solution should be used to accomplish this goal?

Options:

A.  

SIEM

B.  

CASB

C.  

Adaptive MFA

D.  

Cisco Cloudlock

Discussion 0
Questions 95

What are two benefits of Flexible NetFlow records? (Choose two)

Options:

A.  

They allow the user to configure flow information to perform customized traffic identification

B.  

They provide attack prevention by dropping the traffic

C.  

They provide accounting and billing enhancements

D.  

They converge multiple accounting technologies into one accounting mechanism

E.  

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

Discussion 0
Questions 96

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

Options:

A.  

Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.

B.  

Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.

C.  

Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.

D.  

Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

Discussion 0
Questions 97

What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?

Options:

A.  

Cisco AMP for Endpoints is a cloud-based service, and Cisco Umbrella is not.

B.  

Cisco AMP for Endpoints prevents connections to malicious destinations, and C malware.

C.  

Cisco AMP for Endpoints automatically researches indicators of compromise ..

D.  

Cisco AMP for Endpoints prevents, detects, and responds to attacks before and against Internet threats.

Discussion 0
Questions 98

What is a feature of NetFlow Secure Event Logging?

Options:

A.  

It exports only records that indicate significant events in a flow.

B.  

It filters NSEL events based on the traffic and event type through RSVP.

C.  

It delivers data records to NSEL collectors through NetFlow over TCP only.

D.  

It supports v5 and v8 templates.

Discussion 0
Questions 99

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

Options:

A.  

OpenC2

B.  

OpenlOC

C.  

CybOX

D.  

STIX

Discussion 0
Questions 100

What is a characteristic of an EDR solution and not of an EPP solution?

Options:

A.  

stops all ransomware attacks

B.  

retrospective analysis

C.  

decrypts SSL traffic for better visibility

D.  

performs signature-based detection

Discussion 0
Questions 101

Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other

interoperable security platforms?

Options:

A.  

IEEE

B.  

IETF

C.  

NIST

D.  

ANSI

Discussion 0
Questions 102

An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?

Options:

A.  

Authorize Dropbox within the Platform settings in the Cisco Cloudlock portal.

B.  

Add Dropbox to the Cisco Cloudlock Authentication and API section in the Cisco Cloudlock portal.

C.  

Send an API request to Cisco Cloudlock from Dropbox admin portal.

D.  

Add Cisco Cloudlock to the Dropbox admin portal.

Discussion 0
Questions 103

What is the most commonly used protocol for network telemetry?

Options:

A.  

SMTP

B.  

SNMP

C.  

TFTP

D.  

NctFlow

Discussion 0
Questions 104

Drag and drop the concepts from the left onto the correct descriptions on the right

Options:

Discussion 0
Questions 105

A network engineer is configuring NetFlow top talkers on a Cisco router Drag and drop the steps in the process from the left into the sequence on the right

Options:

Discussion 0
Questions 106

An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?

Options:

A.  

consumption

B.  

sharing

C.  

editing

D.  

authoring

Discussion 0
Questions 107

Which command is used to log all events to a destination colector 209.165.201.107?

Options:

A.  

CiscoASA(config-pmap-c)#flow-export event-type flow-update destination 209.165.201.10

B.  

CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.

C.  

CiscoASA(config-pmap-c)#flow-export event-type all destination 209.165.201.10

D.  

CiscoASA(config-cmap)#flow-export event-type flow-update destination 209.165.201.10

Discussion 0
Questions 108

A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?

Options:

A.  

Implement synchronized system clock on TACACS server that matches the network device.

B.  

Install a compatible operating system version on the TACACS server.

C.  

Configure the TACACS key on the server to match with the network device.

D.  

Apply an access control list on TACACS server to allow communication with the network device.

Discussion 0
Questions 109

Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

Options:

A.  

Orchestration

B.  

CI/CD pipeline

C.  

Container

D.  

Security

Discussion 0
Questions 110

Drag and drop the security solutions from the left onto the benefits they provide on the right.

Options:

Discussion 0
Questions 111

Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.

Options:

Discussion 0
Questions 112

Which solution supports high availability in routed or transparent mode as well as in northbound and

southbound deployments?

Options:

A.  

Cisco FTD with Cisco ASDM

B.  

Cisco FTD with Cisco FMC

C.  

Cisco Firepower NGFW physical appliance with Cisco. FMC

D.  

Cisco Firepower NGFW Virtual appliance with Cisco FMC

Discussion 0
Questions 113

II

An engineer musí set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration Which switch port MAC address security setting must be used?

Options:

A.  

sticky

B.  

static

C.  

aging

D.  

maximum

Discussion 0
Questions 114

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?

Options:

A.  

The changes are applied immediately it the destination list is part or a policy.

B.  

The destination list must be removed from the policy before changes are made to It.

C.  

The changes are applied only after the configuration is saved in Cisco Umbrella.

D.  

The user role of Block Page Bypass or higher is needed to perform these changes.

Discussion 0
Questions 115

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?

Options:

A.  

AAA attributes

B.  

CoA request

C.  

AV pair

D.  

carrier-grade NAT

Discussion 0
Questions 116

When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key

establishment?

Options:

A.  

RSA is an asymmetric key establishment algorithm intended to output symmetric keys

B.  

RSA is a symmetric key establishment algorithm intended to output asymmetric keys

C.  

DH is a symmetric key establishment algorithm intended to output asymmetric keys

D.  

DH is an asymmetric key establishment algorithm intended to output symmetric keys

Discussion 0
Questions 117

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being

accessed via the firewall which requires that the administrator input the bad URL categories that the

organization wants blocked into the access policy. Which solution should be used to meet this requirement?

Options:

A.  

Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD

does not

B.  

Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not

C.  

Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not

D.  

Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

Discussion 0
Questions 118

An organization is using DNS services for their network and want to help improve the security of the DNS infrastructure. Which action accomplishes this task?

Options:

A.  

Use DNSSEC between the endpoints and Cisco Umbrella DNS servers.

B.  

Modify the Cisco Umbrella configuration to pass queries only to non-DNSSEC capable zones.

C.  

Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional.

D.  

Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.

Discussion 0
Questions 119

Which posture assessment requirement provides options to the client for remediation and requires the

remediation within a certain timeframe?

Options:

A.  

Audit

B.  

Mandatory

C.  

Optional

D.  

Visibility

Discussion 0
Questions 120

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)

Options:

A.  

RADIUS communication must be permitted between the ISE server and the domain controller.

B.  

The ISE account must be a domain administrator in Active Directory to perform JOIN operations.

C.  

Active Directory only supports user authentication by using MSCHAPv2.

D.  

LDAP communication must be permitted between the ISE server and the domain controller.

E.  

Active Directory supports user and machine authentication by using MSCHAPv2.

Discussion 0
Questions 121

An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?

Options:

A.  

Configure Cisco Secure Workload to detect anomalies and vulnerabilities.

B.  

Use Cisco ISE to provide application visibility and restrict access to them.

C.  

Implement Cisco Umbrella lo control the access each application is granted.

D.  

Modify the Cisco Duo configuration to restrict access between applications.

Discussion 0
Questions 122

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?

Options:

A.  

CNAME

B.  

MX

C.  

SPF

D.  

DKIM

Discussion 0
Questions 123

A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

Options:

A.  

Transparent mode

B.  

Forward file

C.  

PAC file

D.  

Bridge mode

Discussion 0
Questions 124

Refer to the exhibit.

What will occur when this device tries to connect to the port?

Options:

A.  

802.1X will not work, but MAB will start and allow the device on the network.

B.  

802.1X will not work and the device will not be allowed network access

C.  

802 1X will work and the device will be allowed on the network

D.  

802 1X and MAB will both be used and ISE can use policy to determine the access level

Discussion 0
Questions 125

Which capability is provided by application visibility and control?

Options:

A.  

reputation filtering

B.  

data obfuscation

C.  

data encryption

D.  

deep packet inspection

Discussion 0
Questions 126

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

Options:

A.  

Implement pre-filter policies for the CIP preprocessor

B.  

Enable traffic analysis in the Cisco FTD

C.  

Configure intrusion rules for the DNP3 preprocessor

D.  

Modify the access control policy to trust the industrial traffic

Discussion 0
Questions 127

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

Options:

A.  

IP Blacklist Center

B.  

File Reputation Center

C.  

AMP Reputation Center

D.  

IP and Domain Reputation Center

Discussion 0
Questions 128

Which Cisco AMP file disposition valid?

Options:

A.  

pristine

B.  

malware

C.  

dirty

D.  

non malicious

Discussion 0
Questions 129

Which API is used for Content Security?

Options:

A.  

NX-OS API

B.  

IOS XR API

C.  

OpenVuln API

D.  

AsyncOS API

Discussion 0
Questions 130

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

Options:

A.  

It allows the administrator to quarantine malicious files so that the application can function, just not

maliciously.

B.  

It discovers and controls cloud apps that are connected to a company’s corporate environment.

C.  

It deletes any application that does not belong in the network.

D.  

It sends the application information to an administrator to act on.

Discussion 0
Questions 131

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

Options:

A.  

RSA SecureID

B.  

Internal Database

C.  

Active Directory

D.  

LDAP

Discussion 0
Questions 132

Which attack is commonly associated with C and C++ programming languages?

Options:

A.  

cross-site scripting

B.  

water holing

C.  

DDoS

D.  

buffer overflow

Discussion 0
Questions 133

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from

Cisco and other vendors to share data and interoperate with each other?

Options:

A.  

Advanced Malware Protection

B.  

Platform Exchange Grid

C.  

Multifactor Platform Integration

D.  

Firepower Threat Defense

Discussion 0
Questions 134

What Cisco command shows you the status of an 802.1X connection on interface gi0/1?

Options:

A.  

show authorization status

B.  

show authen sess int gi0/1

C.  

show connection status gi0/1

D.  

show ver gi0/1

Discussion 0
Questions 135

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

Options:

A.  

authentication server: Cisco Identity Service Engine

B.  

supplicant: Cisco AnyConnect ISE Posture module

C.  

authenticator: Cisco Catalyst switch

D.  

authenticator: Cisco Identity Services Engine

E.  

authentication server: Cisco Prime Infrastructure

Discussion 0
Questions 136

What is a difference between FlexVPN and DMVPN?

Options:

A.  

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B.  

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

C.  

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

D.  

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

Discussion 0
Questions 137

Which IPS engine detects ARP spoofing?

Options:

A.  

Atomic ARP Engine

B.  

Service Generic Engine

C.  

ARP Inspection Engine

D.  

AIC Engine

Discussion 0
Questions 138

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

Options:

A.  

interpacket variation

B.  

software package variation

C.  

flow insight variation

D.  

process details variation

Discussion 0
Questions 139

Which network monitoring solution uses streams and pushes operational data to provide a near real-time view

of activity?

Options:

A.  

SNMP

B.  

SMTP

C.  

syslog

D.  

model-driven telemetry

Discussion 0
Questions 140

Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

Options:

A.  

AMP

B.  

AnyConnect

C.  

DynDNS

D.  

Talos

Discussion 0
Questions 141

Which option is the main function of Cisco Firepower impact flags?

Options:

A.  

They alert administrators when critical events occur.

B.  

They highlight known and suspected malicious IP addresses in reports.

C.  

They correlate data about intrusions and vulnerability.

D.  

They identify data that the ASA sends to the Firepower module.

Discussion 0
Questions 142

Which function is the primary function of Cisco AMP threat Grid?

Options:

A.  

automated email encryption

B.  

applying a real-time URI blacklist

C.  

automated malware analysis

D.  

monitoring network traffic

Discussion 0
Questions 143

Which technology is used to improve web traffic performance by proxy caching?

Options:

A.  

WSA

B.  

Firepower

C.  

FireSIGHT

D.  

ASA

Discussion 0
Questions 144

What is a commonality between DMVPN and FlexVPN technologies?

Options:

A.  

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

B.  

FlexVPN and DMVPN use the new key management protocol

C.  

FlexVPN and DMVPN use the same hashing algorithms

D.  

IOS routers run the same NHRP code for DMVPN and FlexVPN

Discussion 0
Questions 145

Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true?

Options:

A.  

The authentication request contains only a password

B.  

The authentication request contains only a username

C.  

The authentication and authorization requests are grouped in a single packet

D.  

There are separate authentication and authorization request packets

Discussion 0
Questions 146

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed

devices?

Options:

A.  

health policy

B.  

system policy

C.  

correlation policy

D.  

access control policy

E.  

health awareness policy

Discussion 0
Questions 147

Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

Options:

A.  

PaaS

B.  

XaaS

C.  

IaaS

D.  

SaaS

Discussion 0
Questions 148

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

Options:

A.  

aaa server radius dynamic-author

B.  

aaa new-model

C.  

auth-type all

D.  

ip device-tracking

Discussion 0
Questions 149

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

Options:

A.  

user input validation in a web page or web application

B.  

Linux and Windows operating systems

C.  

database

D.  

web page images

Discussion 0
Questions 150

How is ICMP used an exfiltration technique?

Options:

A.  

by flooding the destination host with unreachable packets

B.  

by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

C.  

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

D.  

by overwhelming a targeted host with ICMP echo-request packets

Discussion 0
Questions 151

Which form of attack is launched using botnets?

Options:

A.  

EIDDOS

B.  

virus

C.  

DDOS

D.  

TCP flood

Discussion 0
Questions 152

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?

(Choose two)

Options:

A.  

Sophos engine

B.  

white list

C.  

RAT

D.  

outbreak filters

E.  

DLP

Discussion 0
Questions 153

What is a language format designed to exchange threat intelligence that can be transported over the TAXII

protocol?

Options:

A.  

STIX

B.  

XMPP

C.  

pxGrid

D.  

SMTP

Discussion 0
Questions 154

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention

System?

Options:

A.  

Security Intelligence

B.  

Impact Flags

C.  

Health Monitoring

D.  

URL Filtering

Discussion 0
Questions 155

Refer to the exhibit.

A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?

Options:

A.  

hashing algorithm mismatch

B.  

encryption algorithm mismatch

C.  

authentication key mismatch

D.  

interesting traffic was not applied

Discussion 0
Questions 156

Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

Options:

A.  

It can handle explicit HTTP requests.

B.  

It requires a PAC file for the client web browser.

C.  

It requires a proxy for the client web browser.

D.  

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

E.  

Layer 4 switches can automatically redirect traffic destined to port 80.

Discussion 0
Questions 157

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

Options:

A.  

Group Policy

B.  

Access Control Policy

C.  

Device Management Policy

D.  

Platform Service Policy

Discussion 0
Questions 158

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the

corporate network. The endpoints must have the corporate antivirus application installed and be running the

latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the

network?

Options:

A.  

Cisco Identity Services Engine and AnyConnect Posture module

B.  

Cisco Stealthwatch and Cisco Identity Services Engine integration

C.  

Cisco ASA firewall with Dynamic Access Policies configured

D.  

Cisco Identity Services Engine with PxGrid services enabled

Discussion 0
Questions 159

Where are individual sites specified to be blacklisted in Cisco Umbrella?

Options:

A.  

application settings

B.  

content categories

C.  

security settings

D.  

destination lists

Discussion 0
Questions 160

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The

company needs to be able to protect sensitive data throughout the full environment. Which tool should be used

to accomplish this goal?

Options:

A.  

Security Manager

B.  

Cloudlock

C.  

Web Security Appliance

D.  

Cisco ISE

Discussion 0
Questions 161

What is a feature of the open platform capabilities of Cisco DNA Center?

Options:

A.  

intent-based APIs

B.  

automation adapters

C.  

domain integration

D.  

application adapters

Discussion 0
Questions 162

Which feature is configured for managed devices in the device platform settings of the Firepower Management

Center?

Options:

A.  

quality of service

B.  

time synchronization

C.  

network address translations

D.  

intrusion policy

Discussion 0
Questions 163

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.

However, the connection is failing. Which action should be taken to accomplish this goal?

Options:

A.  

Disable telnet using the no ip telnet command.

B.  

Enable the SSH server using the ip ssh server command.

C.  

Configure the port using the ip ssh port 22 command.

D.  

Generate the RSA key using the crypto key generate rsa command.

Discussion 0
Questions 164

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

Options:

A.  

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

B.  

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

C.  

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

D.  

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Discussion 0
Questions 165

Which SNMPv3 configuration must be used to support the strongest security possible?

Options:

A.  

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

B.  

asa-host(config)#snmp-server group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

C.  

asa-host(config)#snmpserver group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D.  

asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Discussion 0
Questions 166

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services

Engine? (Choose two)

Options:

A.  

RADIUS

B.  

TACACS+

C.  

DHCP

D.  

sFlow

E.  

SMTP

Discussion 0
Questions 167

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

Options:

A.  

Nexus

B.  

Stealthwatch

C.  

Firepower

D.  

Tetration

Discussion 0
Questions 168

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

Options:

A.  

Change isakmp to ikev2 in the command on host

A.  

B.  

Enter the command with a different password on host

B.  

C.  

Enter the same command on hostB.

D.  

Change the password on hostA to the default password.

Discussion 0
Questions 169

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

Options:

A.  

Application Control

B.  

Security Category Blocking

C.  

Content Category Blocking

D.  

File Analysis

Discussion 0
Questions 170

Which benefit does endpoint security provide the overall security posture of an organization?

Options:

A.  

It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B.  

It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C.  

It allows the organization to detect and respond to threats at the edge of the network.

D.  

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Discussion 0
Questions 171

A mall provides security services to customers with a shared appliance. The mall wants separation of

management on the shared appliance. Which ASA deployment mode meets these needs?

Options:

A.  

routed mode

B.  

transparent mode

C.  

multiple context mode

D.  

multiple zone mode

Discussion 0
Questions 172

What is a characteristic of traffic storm control behavior?

Options:

A.  

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within

the interval.

B.  

Traffic storm control cannot determine if the packet is unicast or broadcast.

C.  

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D.  

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is

unicast or broadcast.

Discussion 0
Questions 173

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a

recipient address. Which list contains the allowed recipient addresses?

Options:

A.  

SAT

B.  

BAT

C.  

HAT

D.  

RAT

Discussion 0
Questions 174

What is the primary role of the Cisco Email Security Appliance?

Options:

A.  

Mail Submission Agent

B.  

Mail Transfer Agent

C.  

Mail Delivery Agent

D.  

Mail User Agent

Discussion 0
Questions 175

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

Options:

A.  

data exfiltration

B.  

command and control communication

C.  

intelligent proxy

D.  

snort

E.  

URL categorization

Discussion 0
Questions 176

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

Options:

A.  

accounting

B.  

assurance

C.  

automation

D.  

authentication

E.  

encryption

Discussion 0
Questions 177

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

Options:

A.  

hypervisor

B.  

virtual machine

C.  

network

D.  

application

Discussion 0
Questions 178

Which two risks is a company vulnerable to if it does not have a well-established patching solution for

endpoints? (Choose two)

Options:

A.  

exploits

B.  

ARP spoofing

C.  

denial-of-service attacks

D.  

malware

E.  

eavesdropping

Discussion 0
Questions 179

What is the difference between deceptive phishing and spear phishing?

Options:

A.  

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.  

A spear phishing campaign is aimed at a specific person versus a group of people.

C.  

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.  

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Discussion 0
Questions 180

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

Options:

A.  

sniffing the packets between the two hosts

B.  

sending continuous pings

C.  

overflowing the buffer’s memory

D.  

inserting malicious commands into the database

Discussion 0
Questions 181

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

Options:

A.  

DDoS

B.  

antispam

C.  

antivirus

D.  

encryption

E.  

DLP

Discussion 0
Questions 182

Which two mechanisms are used to control phishing attacks? (Choose two)

Options:

A.  

Enable browser alerts for fraudulent websites.

B.  

Define security group memberships.

C.  

Revoke expired CRL of the websites.

D.  

Use antispyware software.

E.  

Implement email filtering techniques.

Discussion 0
Questions 183

How does Cisco Stealthwatch Cloud provide security for cloud environments?

Options:

A.  

It delivers visibility and threat detection.

B.  

It prevents exfiltration of sensitive data.

C.  

It assigns Internet-based DNS protection for clients and servers.

D.  

It facilitates secure connectivity between public and private networks.

Discussion 0
Questions 184

What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

Options:

A.  

biometric factor

B.  

time factor

C.  

confidentiality factor

D.  

knowledge factor

E.  

encryption factor

Discussion 0
Questions 185

Which type of attack is social engineering?

Options:

A.  

trojan

B.  

phishing

C.  

malware

D.  

MITM

Discussion 0
Questions 186

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

Options:

A.  

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B.  

Cisco FTDv with one management interface and two traffic interfaces configured

C.  

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D.  

Cisco FTDv with two management interfaces and one traffic interface configured

E.  

Cisco FTDv configured in routed mode and IPv6 configured

Discussion 0
Questions 187

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

Options:

A.  

RADIUS Change of Authorization

B.  

device tracking

C.  

DHCP snooping

D.  

VLAN hopping

Discussion 0
Questions 188

Refer to the exhibit.

A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?

Options:

A.  

set the IP address of an interface

B.  

complete no configurations

C.  

complete all configurations

D.  

add subinterfaces

Discussion 0
Questions 189

What is the function of the Context Directory Agent?

Options:

A.  

maintains users’ group memberships

B.  

relays user authentication requests from Web Security Appliance to Active Directory

C.  

reads the Active Directory logs to map IP addresses to usernames

D.  

accepts user authentication requests on behalf of Web Security Appliance for user identification

Discussion 0