An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
Explanation CoA Messages are sent on two different udp ports depending on the platform. Cisco standardizes on UDP port1700, while the actual RFC calls out using UDP port 3799.
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,
data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity
platform. What should be used to meet these requirements?
What is a capability of Cisco ASA Netflow?
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_01101.html Policy Order The order in which policies are listed in a policy table determines the priority with which they are applied to Web requests. Web requests are checked against policies beginning at the top of the table and ending at the first policy matched. Any policies below that point in the table are not processed. If no user-defined policy is matched against a Web request, then the global policy for that policy type is applied. Global policies are always positioned last in Policy tables and cannot be re-ordered.
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network
is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?
Drag and drop the common security threats from the left onto the definitions on the right.
A picture containing application Description automatically generated
What is the purpose of the My Devices Portal in a Cisco ISE environment?
Drag and drop the VPN functions from the left onto the description on the right.
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast
packets have been flooding the network. What must be configured, based on a predefined threshold, to
address this issue?
ExplanationExplanationStorm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.By using the “storm-control broadcast level [falling-threshold]” we can limit the broadcast traffic on the switch.
What features does Cisco FTDv provide over ASAv?
An organization has a Cisco ESA set up with policies and would like to customize the action assigned for
violations. The organization wants a copy of the message to be delivered with a message added to flag it as a
DLP violation. Which actions must be performed in order to provide this capability?
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 220.127.116.11 is attempting to authenticate to the client at 18.104.22.168, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?
ExplanationExplanationTo configure an NTP enabled router to require authentication when other devices connect to it, use thefollowing commands:NTP_Server(config)#ntp authentication-key 2 md5 securitytutNTP_Server(config)#ntp authenticateNTP_Server(config)#ntp trusted-key 2Then you must configure the same authentication-key on the client router:NTP_Client(config)#ntp authentication-key 2 md5 securitytutNTP_Client(config)#ntp authenticateNTP_Client(config)#ntp trusted-key 2NTP_Client(config)#ntp server 10.10.10.1 key 2Note: To configure a Cisco device as a NTP client, use the command ntp server
A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
ExplanationExplanation… we will showcase Cisco Threat Intelligence Director (CTID) an exciting feature on Cisco’s FirepowerManagement Center (FMC) product offering that automates the operationalization of threat intelligence. TID has the ability to consume threat intelligence via STIX over TAXII and allows uploads/downloads of STIX and simple blacklists. Reference: https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligencedirector
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?
Which type of algorithm provides the highest level of protection against brute-force attacks?
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
Which component of Cisco umbrella architecture increases reliability of the service?
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
Graphical user interface, text, application Description automatically generated
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?
What is a benefit of performing device compliance?
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?
ExplanationExplanationThe Mail Policies menu is where almost all of the controls related to email filtering happens. All the security and content filtering policies are set here, so it’s likely that, as an ESA administrator, the pages on this menu are where you are likely to spend most of your time.
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.
How does the switch behave in this situation?
Refer to the exhibit.
An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.
The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?
An administrator is trying to determine which applications are being used in the network but does not want the
network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?
Which attack is preventable by Cisco ESA but not by the Cisco WSA?
What is the benefit of installing Cisco AMP for Endpoints on a network?
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing
authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?
ExplanationExplanationHow To Troubleshoot ISE Failed Authentications & AuthorizationsCheck the ISE Live LogsLogin to the primary ISE Policy Administration Node (PAN).Go to Operations > RADIUS > Live Logs(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports >Endpoints and Users > RADIUS AuthenticationsCheck for Any Failed Authentication Attempts in the Log
For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)
Which public cloud provider supports the Cisco Next Generation Firewall Virtual?
How many interfaces per bridge group does an ASA bridge group deployment support?
ExplanationEach of the ASAs interfaces need to be grouped into one or more bridge groups. Each of these groups acts as an independent transparent firewall. It is not possible for one bridge group to communicate with another bridge group without assistance from an external router.As of 8.4(1) upto 8 bridge groups are supported with 2-4 interface in each group. Prior to this only one bridge group was supported and only 2 interfaces.Up to 4 interfaces are permitted per bridge–group (inside, outside, DMZ1, DMZ2)
A mall provides security services to customers with a shared appliance. The mall wants separation of
management on the shared appliance. Which ASA deployment mode meets these needs?
Which form of attack is launched using botnets?
ExplanationA botnet is a collection of internet-connected devices infected by malware that allow hackers to control them.Cyber criminals use botnets to instigate botnet attacks, which include malicious activities such as credentialsleaks, unauthorized access, data theft and DDoS attacks.
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention
What is the difference between deceptive phishing and spear phishing?
In deceptive phishing, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.
Spear phishing is carefully designed to get a single recipient to respond. Criminals select an individual target within an organization, using social media and other public information – and craft a fake email tailored for that person.
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current
Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory, energy and bandwidth savings and is thus better suited forsmall devices.
When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
Which deployment model is the most secure when considering risks to cloud adoption?
Where are individual sites specified to be blacklisted in Cisco Umbrella?
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the
ASA be added on the Cisco UC Manager platform?
Which information is required when adding a device to Firepower Management Center?
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?
What are two rootkit types? (Choose two)
ExplanationThe term ‘rootkit’ originally comes from the Unix world, where the word ‘root’ is used to describe a user with thehighest possible level of access privileges, similar to an ‘Administrator’ in Windows. The word ‘kit’ refers to thesoftware that grants root-level access to the machine. Put the two together and you get ‘rootkit’, a program thatgives someone – with legitimate or malicious intentions – privileged access to a computer.There are four main types of rootkits: Kernel rootkits, User mode rootkits, Bootloader rootkits, Memory rootkits
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.
However, the connection is failing. Which action should be taken to accomplish this goal?
ExplanationExplanationIn this question, the engineer was trying to secure the connection so maybe he was trying to allow SSH to the device. But maybe something went wrong so the connection was failing (the connection used to be good). So maybe he was missing the “crypto key generate rsa” command.
Which two activities can be done using Cisco DNA Center? (Choose two)
Which two mechanisms are used to control phishing attacks? (Choose two)
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
What is a commonality between DMVPN and FlexVPN technologies?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention
System? (Choose two)
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak
control method is used to accomplish this task?
How is Cisco Umbrella configured to log only security events?
Which feature is configured for managed devices in the device platform settings of the Firepower Management
The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?
Which threat involves software being used to gain unauthorized access to a computer system?
Which SNMPv3 configuration must be used to support the strongest security possible?
Which statement about IOS zone-based firewalls is true?
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch
was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate
the risk of this ransom ware infection? (Choose two)
ExplanationA posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File.In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware.
A company has 5000 Windows users on its campus. Which two precautions should IT take to prevent WannaCry ransomware from spreading to all clients? (Choose two.)
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?
What is the process of performing automated static and dynamic analysis of files against preloaded
behavioral indicators for threat analysis?
Which benefit does DMVPN provide over GETVPN?
Which IETF attribute is supported for the RADIUS CoA feature?
Which system performs compliance checks and remote wiping?
Drag and drop the exploits from the left onto the type of security vulnerability on the right.
In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)
An engineer needs to detect and quarantine a file named abc424400664 zip based on the MD5 signature of the file using the Outbreak Control list feature within Cisco Advanced Malware Protection (AMP) for Endpoints The configured detection method must work on files of unknown disposition Which Outbreak Control list must be configured to provide this?
What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
What is a feature of container orchestration?
Why is it important to have a patching strategy for endpoints?
A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN
and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco
security appliance meets these requirements?
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN. What must be done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP addresses to the correct endpoints?
Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?
What is the most commonly used protocol for network telemetry?
Why should organizations migrate to a multifactor authentication strategy?
Which two capabilities of Integration APIs are utilized with Cisco DNA center? (Choose two)
What is a difference between Cisco AMP for Endpoints and Cisco Umbrella?
Cisco Advanced Malware Protection (AMP) for endpoints can be seen as a replacement for the traditional antivirus solution. It is a next generation, cloud delivered endpoint protection platform (EPP), and advanced endpoint detection and response (EDR). Providing Protection – Detection Response
While Cisco Umbrella can enforce security at the DNS-, IP-, and HTTP/S-layer, this report does not require that blocking is enabled and only monitors your DNS activity. Any malicious domains requested and IPs resolved are indicators of compromise (IOC).
Any malicious domains requested and IPs resolved are indicators of compromise (IOC)
An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?
Which baseline form of telemetry is recommended for network infrastructure devices?
Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?
A customer has various external HTTP resources available including Intranet Extranet and Internet, with a
proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured
to select when to connect direct or when to use the proxy?
An engineer musí set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration Which switch port MAC address security setting must be used?
An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?
What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?
What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?
An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing file named abc424952615.exe without quarantining that file What type of Outbreak Control list must the SHA.-256 hash value for the file be added to in order to accomplish this?