An administrator is trying to determine which applications are being used in the network but does not want the
network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?
A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen
on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose
ExplanationExplanationEach rule also has an action, which determines whether you monitor, trust, block, or allow matching traffic.Note: With action “trust”, Firepower does not do any more inspection on the traffic. There will be no intrusion protection and also no file-policy on this traffic.
Which public cloud provider supports the Cisco Next Generation Firewall Virtual?
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.
How does the switch behave in this situation?
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast
packets have been flooding the network. What must be configured, based on a predefined threshold, to
address this issue?
Which type of protection encrypts RSA keys when they are exported and imported?
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with
other cloud solutions via an API. Which solution should be used to accomplish this goal?
What is a capability of Cisco ASA Netflow?
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
What is the role of an endpoint in protecting a user from a phishing attack?
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
Which two cryptographic algorithms are used with IPsec? (Choose two)
ExplanationExplanationCryptographic algorithms defined for use with IPsec include:+ HMAC-SHA1/SHA2 for integrity protection and authenticity.+ TripleDES-CBC for confidentiality+ AES-CBC and AES-CTR for confidentiality.+ AES-GCM and ChaCha20-Poly1305 providing confidentiality and authentication together efficiently.
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the
organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which
mechanism should the engineer configure to accomplish this goal?
Which component of Cisco umbrella architecture increases reliability of the service?
What is a function of 3DES in reference to cryptography?
What is a key difference between Cisco Firepower and Cisco ASA?
What are two functions of secret key cryptography? (Choose two)
What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
Refer to the exhibit.
What will happen when this Python script is run?
What are two DDoS attack categories? (Choose two)
ExplanationExplanationThere are three basic categories of attack:+ volume-based attacks, which use high traffic to inundate the network bandwidth+ protocol attacks, which focus on exploiting server resources+ application attacks, which focus on web applications and are considered the most sophisticated and serious type of attacks Reference: https://www.esecurityplanet.com/networks/types-of-ddos-attacks/
Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)
ExplanationExplanationCustomers must manage applications and data in PaaS.
What is the benefit of installing Cisco AMP for Endpoints on a network?
What are two Trojan malware attacks? (Choose two)
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 220.127.116.11 is attempting to authenticate to the client at 18.104.22.168, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?
Which statement about IOS zone-based firewalls is true?
Which API is used for Content Security?
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
Refer to the exhibit.
What does the number 15 represent in this configuration?
Which technology is used to improve web traffic performance by proxy caching?
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
Refer to the exhibit.
Which command was used to display this output?
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,
which allows the SOC to proactively automate responses to those threats?
Which functions of an SDN architecture require southbound APIs to enable communication?
What are two rootkit types? (Choose two)
ExplanationThe term ‘rootkit’ originally comes from the Unix world, where the word ‘root’ is used to describe a user with thehighest possible level of access privileges, similar to an ‘Administrator’ in Windows. The word ‘kit’ refers to thesoftware that grants root-level access to the machine. Put the two together and you get ‘rootkit’, a program thatgives someone – with legitimate or malicious intentions – privileged access to a computer.There are four main types of rootkits: Kernel rootkits, User mode rootkits, Bootloader rootkits, Memory rootkits
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed
through the Cisco Umbrella network. Which action tests the routing?
In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?
Which two descriptions of AES encryption are true? (Choose two)
Refer to the exhibit.
What does the API do when connected to a Cisco security appliance?
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to
use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?
Which VPN technology can support a multivendor environment and secure traffic between sites?
Refer to the exhibit.
What is a result of the configuration?
How is Cisco Umbrella configured to log only security events?
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
A malicious user gained network access by spoofing printer connections that were authorized using MAB on
four different switch ports at the same time. What two catalyst switch security features will prevent further
violations? (Choose two)
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services
Engine? (Choose two)
What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
Which Cisco AMP file disposition valid?
What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?
An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway.
The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of
certificate should be presented to the end-user to accomplish this goal?
An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?
Which type of attack is social engineering?
An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?
Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two.)
Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?
Why is it important to patch endpoints consistently?
An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?
Which service allows a user export application usage and performance statistics with Cisco Application Visibility
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this
requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?
What is the difference between EPP and EDR?
Which feature does the laaS model provide?
What are two functionalities of SDN Northbound APIs? (Choose two.)
How does a cloud access security broker function?
An organization wants to improve its cybersecurity processes and to add intelligence to its data The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?
Which metric is used by the monitoring agent to collect and output packet loss and jitter information?
What are two advantages of using Cisco Any connect over DMVPN? (Choose two)
What are two security benefits of an MDM deployment? (Choose two.)
An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?
An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?
When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?
An organization is implementing AAA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?
Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?
What are two benefits of using an MDM solution? (Choose two.)
In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD.
The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?