What are two Trojan malware attacks? (Choose two)
Which Cisco platform ensures that machines that connect to organizational networks have the recommended
antivirus definitions and patches to help prevent an organizational malware outbreak?
ExplanationA posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File.In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware; and we can also configure ISE to update the client with this patch.
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the â€œChat and Instant Messagingâ€ category. Which reputation score should be selected to accomplish this goal?
ExplanationWe choose â€œChat and Instant Messagingâ€ category in â€œURL Categoryâ€:
To block certain URLs we need to choose URL Reputation from 6 to 10.
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
ExplanationExplanationYou can also bring up the port by using these commands:+ The â€œshutdownâ€ interface configuration command followed by the â€œno shutdownâ€ interface configurationcommand restarts the disabled port.+ The â€œerrdisable recovery cause â€¦â€ global configuration command enables the timer to automatically recover error-disabled state, and the â€œerrdisable recovery interval intervalâ€ global configuration command specifies the time to recover error-disabled state.
Using Cisco Firepowerâ€™s Security Intelligence policies, upon which two criteria is Firepower block based?
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a
mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
ExplanationExplanationCoA Messages are sent on two different udp ports depending on the platform. Cisco standardizes on UDP port1700, while the actual RFC calls out using UDP port 3799.
What is a key difference between Cisco Firepower and Cisco ASA?
Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?
ExplanationMaybe the â€œnewly installed serviceâ€ in this Qmentions about Advanced Malware Protection (AMP) which can be used along with ESA. AMP allows superior protection across the attack continuum.+ File Reputation â€“ captures a fingerprint of each file as it traverses the ESA and sends it to AMPâ€™s cloudbased intelligence network for a reputation verdict. Given these results, you can automatically block malicious files and apply administrator-defined policy.+ File Analysis â€“ provides the ability to analyze unknown files that are traversing the ESA. A highly secure sandbox environment enables AMP to glean precise details about the fileâ€™s behavior and to combine that data with detailed human and machine analysis to determine the fileâ€™s threat level. This disposition is then fed into AMP cloud-based intelligence network and used to dynamically update and expand the AMP cloud data set for enhanced protection
Which solution is made from a collection of secure development practices and guidelines that
developers must follow to build secure applications?
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures The configuration is created in the simple detection policy section, but it does not work What is the reason for this failure?
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the systemâ€™s applications. Which
vulnerability allows the attacker to see the passwords being transmitted in clear text?
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
ExplanationExplanationâ€¦ we will showcase Cisco Threat Intelligence Director (CTID) an exciting feature on Ciscoâ€™s FirepowerManagement Center (FMC) product offering that automates the operationalization of threat intelligence. TID has the ability to consume threat intelligence via STIX over TAXII and allows uploads/downloads of STIX and simple blacklists. Reference: https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligencedirector
Which risk is created when using an Internet browser to access cloud-based service?
An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?
Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect
from phishing attacks? (Choose two.)
What is the term for the concept of limiting communication between applications or containers on the same node?
What features does Cisco FTDv provide over ASAv?
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly
identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
ExplanationExplanationA Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using differentpermutations of common username. Its easy for attackers to get hold of a valid email address if yourorganization uses standard format for official e-mail alias (for example: firstname.lastname@example.org). We canconfigure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, hereâ€™s an LDAP search translated into plain English: â€œSearch for all people located in Chicago whoâ€™s name contains â€œFredâ€ that have an email address. Please return their full name, email, title, and description.
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.
How does the switch behave in this situation?
Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?
A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?
What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)
Refer to the exhibit.
The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?
What is the recommendation in a zero-trust model before granting access to corporate applications and
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
What are two advantages of using Cisco Any connect over DMVPN? (Choose two)
Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?
An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized
solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over
to Cisco FTDs. Which solution meets the needs of the organization?
Drag and drop the exploits from the left onto the type of security vulnerability on the right.
Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?
What is a difference between a DoS attack and a DDoS attack?
How does the Cisco WSA enforce bandwidth restrictions for web applications?
What is a difference between GETVPN and IPsec?
What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest
access, and the same guest portal is used as the BYOD portal?
What is the most common type of data exfiltration that organizations currently experience?
How is data sent out to the attacker during a DNS tunneling attack?
What are two security benefits of an MDM deployment? (Choose two.)
An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?
An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK
and sequence. Which protocol accomplishes this goal?
What is a benefit of using GET VPN over FlexVPN within a VPN deployment?
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)
ExplanationStateful failover for IP Security (IPsec) enables a router to continue processing and forwarding IPsec packetsafter a planned or unplanned outage occurs. Customers employ a backup (secondary) router that automaticallytakes over the tasks of the active (primary) router if the active router loses connectivity for any reason. Thisfailover process is transparent to users and does not require adjustment or reconfiguration of any remote peer.Stateful failover for IPsec requires that your network contains two identical routers that are available to be eitherthe primary or secondary device. Both routers should be the same type of device, have the same CPU andmemory, and have either no encryption accelerator or identical encryption accelerators.Prerequisites for Stateful Failover for IPsec
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?
What is a commonality between DMVPN and FlexVPN technologies?
What is a difference between an XSS attack and an SQL injection attack?
In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.
What is a difference between DMVPN and sVTI?
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
Which algorithm provides encryption and authentication for data plane communication?
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)
Which type of attack is social engineering?
ExplanationPhishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal,often financial, information. Attackers may send email seemingly from a reputable credit card company orfinancial institution that requests account information, often suggesting that there is a problem.
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?
ExplanationDynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports.
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion
Which Cisco security solution protects remote users against phishing attacks when they are not connected to
ExplanationCisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations â€“ before a connection is ever made. Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent. Cisco Umbrella roaming protects your employees even when they are off the VPN.
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
What is a characteristic of traffic storm control behavior?
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)
ExplanationThe ASA REST API gives you programmatic access to managing individual ASAs through a Representational State Transfer (REST) API. The API allows external clients to perform CRUD (Create, Read, Update, Delete) operations on ASA resources; it is based on the HTTPS protocol and REST methodology.All API requests are sent over HTTPS to the ASA, and a response is returned.Request StructureAvailable request methods are:GET â€“ Retrieves data from the specified object.PUT â€“ Adds the supplied information to the specified object; returns a 404 Resource Not Found error if the object does not exist.POST â€“ Creates the object with the supplied information.DELETE â€“ Deletes the specified object
How does Cisco Umbrella archive logs to an enterprise owned storage?
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to
use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data
within a network perimeter?
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
Which threat involves software being used to gain unauthorized access to a computer system?
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
Configure a Crypto ISAKMP Key
In order to configure aÂ presharedÂ authentication key, enter theÂ crypto isakmp keyÂ command in global configuration mode:
crypto isakmp key cisco123 address 172.16.1.1
It is a bad practice but it is valid. 172.16.0.0/16 the full range will be accepted as possible PEER
Testing without a netmask shows that command interpretation has a preference for /16 and /24. CSR-1(config)#crypto isakmp key cisco123 address 172.16.0.0
CSR-1(config)#do show crypto isakmp key | i cisco
default 172.16.0.0 [255.255.0.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.0.0
CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.0
CSR-1(config)#do show crypto isakmp key | i cisco
default 172.16.1.0 [255.255.255.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.1.0
CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.128
CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.1.128 cisco123
Which compliance status is shown when a configured posture policy requirement is not met?
Refer to the exhibit.
What is a result of the configuration?
When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN
configuration as opposed to DMVPN?
Which two mechanisms are used to control phishing attacks? (Choose two)
Which two cryptographic algorithms are used with IPsec? (Choose two)
ExplanationExplanationCryptographic algorithms defined for use with IPsec include:+ HMAC-SHA1/SHA2 for integrity protection and authenticity.+ TripleDES-CBC for confidentiality+ AES-CBC and AES-CTR for confidentiality.+ AES-GCM and ChaCha20-Poly1305 providing confidentiality and authentication together efficiently.
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
ExplanationExplanationThe Application Visibility and Control (AVC) engine lets you create policies to control application activity on the network without having to fully understand the underlying technology of each application. You can configure application control settings in Access Policy groups. You can block or allow applications individually or according to application type. You can also apply controls to particular application types.
How does DNS Tunneling exfiltrate data?