What are two list types within AMP for Endpoints Outbreak Control? (Choose two)
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion
Prevention System?
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
Which technology reduces data loss by identifying sensitive information stored in public computing
environments?
Refer to the exhibit.
A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention
System? (Choose two)
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)
Which SNMPv3 configuration must be used to support the strongest security possible?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?
(Choose two)
Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two.)
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?
Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?
A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization's inside network 192.168.1.0/24. Which IOS command must oe used to create the access control list?
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management
port conflicts with other communications on the network and must be changed. What must be done to ensure
that all devices can communicate together?
What is the process In DevSecOps where all changes In the central code repository are merged and synchronized?
Refer to the exhibit.
Consider that any feature of DNS requests, such as the length off the domain name
and the number of subdomains, can be used to construct models of expected behavior to which
observed values can be compared. Which type of malicious attack are these values associated with?
A network engineer has configured a NTP server on a Cisco ASA. The Cisco ASA has IP reachability to the
NTP server and is not filtering any traffic. The show ntp association detail command indicates that the
configured NTP server is unsynchronized and has a stratum of 16. What is the cause of this issue?
With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your
environment?
Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Secure Workload implementation? (Choose two.)
An engineer recently completed the system setup on a Cisco WSA Which URL information does the system send to SensorBase Network servers?
Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?
An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?
Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process
activity on an endpoint?
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices The default management port conflicts with other communications on the network and must be changed What must be done to ensure that all devices can communicate together?
What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)
An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?
Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusive use by a specific group of consumers from different organizations and may be owned, managed, and operated by one or more of those organizations?
Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?
A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256
cisc0xxxxxxxxx command and needs to send SNMP information to a host at 10.255.255.1. Which
command achieves this goal?
Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?
An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Clsc427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?
An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which
vulnerability allows the attacker to see the passwords being transmitted in clear text?
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the
organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which
mechanism should the engineer configure to accomplish this goal?
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging†category. Which reputation score should be selected to accomplish this goal?
Drag and drop the threats from the left onto examples of that threat on the right
Which solution is more secure than the traditional use of a username and password and encompasses at least two of the methods of authentication?
Which two components do southbound APIs use to communicate with downstream devices? (Choose two.)
Which Cisco security solution gives the most complete view of the relationships and evolution of Internet domains IPs, and flies, and helps to pinpoint attackers' infrastructures and predict future threat?
An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue?
Which technology limits communication between nodes on the same network segment to individual applications?
An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?
Which feature is leveraged by advanced antimalware capabilities to be an effective endpomt protection platform?
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?
A company recently discovered an attack propagating throughout their Windows network via a file named abc428565580xyz exe The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise What must be performed to ensure detection of the malicious file?
Refer to the exhibit. What is the result of using this authentication protocol in the configuration?
What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures The configuration is created in the simple detection policy section, but it does not work What is the reason for this failure?
Which two authentication protocols are supported by the Cisco WSA? (Choose two.)
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?
Drag and drop the features of Cisco ASA with Firepower from the left onto the benefits on the right.
When a next-generation endpoint security solution is selected for a company, what are two key
deliverables that help justify the implementation? (Choose two.)
Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?
When NetFlow is applied to an interface, which component creates the flow monitor cache that is used
to collect traffic based on the key and nonkey fields in the configured record?
A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?
Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?
v
Refer to the exhibit When configuring this access control rule in Cisco FMC, what happens with the traffic destined to the DMZjnside zone once the configuration is deployed?
Which security solution is used for posture assessment of the endpoints in a BYOD solution?
What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?
What is a functional difference between Cisco Secure Endpoint and Cisco Umbrella Roaming Client?
Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)
Which deployment model is the most secure when considering risks to cloud adoption?
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current
encryption technology?
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data
within a network perimeter?
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
What provides visibility and awareness into what is currently occurring on the network?
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA
command must be used?
An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a
connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from
Cisco and other vendors to share data and interoperate with each other?
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a
recipient address. Which list contains the allowed recipient addresses?
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the
deployment?
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline
posture node?
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to
use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?
Which feature is configured for managed devices in the device platform settings of the Firepower Management
Center?
Which two behavioral patterns characterize a ping of death attack? (Choose two)
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
Which Cisco security solution protects remote users against phishing attacks when they are not connected to
the VPN?
What is a language format designed to exchange threat intelligence that can be transported over the TAXII
protocol?
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak
control method is used to accomplish this task?
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
Which attack type attempts to shut down a machine or network so that users are not able to access it?
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?
Refer to the exhibit.
An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is
complaining that an IP address is not being obtained. Which command should be configured on the switch
interface in order to provide the user with network connectivity?
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
Refer to the exhibit.
What will happen when the Python script is executed?
Which risk is created when using an Internet browser to access cloud-based service?
Drag and drop the descriptions from the left onto the encryption algorithms on the right.
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with
other cloud solutions via an API. Which solution should be used to accomplish this goal?
In an IaaS cloud services model, which security function is the provider responsible for managing?
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)
When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the
command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
Drag and drop the common security threats from the left onto the definitions on the right.
When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN
configuration as opposed to DMVPN?
Which type of protection encrypts RSA keys when they are exported and imported?
Which component of Cisco umbrella architecture increases reliability of the service?
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?
(Choose two)
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast
packets have been flooding the network. What must be configured, based on a predefined threshold, to
address this issue?
Refer to the exhibit.
An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.
The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?
Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?
An organization has a Cisco ESA set up with policies and would like to customize the action assigned for
violations. The organization wants a copy of the message to be delivered with a message added to flag it as a
DLP violation. Which actions must be performed in order to provide this capability?
An organization has two systems in their DMZ that have an unencrypted link between them for communication.
The organization does not have a defined password policy and uses several default accounts on the systems.
The application used on those systems also have not gone through stringent code reviews. Which vulnerability
would help an attacker brute force their way into the systems?
Which public cloud provider supports the Cisco Next Generation Firewall Virtual?
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain
aware of the ongoing and most prevalent threats?
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is
deleted from an identity group?
What are the two types of managed Intercloud Fabric deployment models? (Choose two.)
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly
identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
An administrator is trying to determine which applications are being used in the network but does not want the
network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?