Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Cisco 350-701 Implementing and Operating Cisco Security Core Technologies (SCOR) Exam Practice Test

Demo: 87 questions
Total 583 questions

Implementing and Operating Cisco Security Core Technologies (SCOR) Questions and Answers

Question 1

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

Options:

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Question 2

Drag and drop the common security threats from the left onto the definitions on the right.

Options:

Question 3

Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.

The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

Options:

A.

configure manager add DONTRESOLVE kregistration key>

B.

configure manager add 16

C.

configure manager add DONTRESOLVE FTD123

D.

configure manager add

Question 4

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

Options:

A.

The policy was created to send a message to quarantine instead of drop

B.

The file has a reputation score that is above the threshold

C.

The file has a reputation score that is below the threshold

D.

The policy was created to disable file analysis

Question 5

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Options:

A.

Encrypted Traffic Analytics

B.

Threat Intelligence Director

C.

Cognitive Threat Analytics

D.

Cisco Talos Intelligence

Question 6

Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?

Options:

A.

Hybrid

B.

Community

C.

Private

D.

Public

Question 7

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

Options:

A.

westbound AP

B.

southbound API

C.

northbound API

D.

eastbound API

Question 8

Why is it important to implement MFA inside of an organization?

Options:

A.

To prevent man-the-middle attacks from being successful.

B.

To prevent DoS attacks from being successful.

C.

To prevent brute force attacks from being successful.

D.

To prevent phishing attacks from being successful.

Question 9

Which attack type attempts to shut down a machine or network so that users are not able to access it?

Options:

A.

smurf

B.

bluesnarfing

C.

MAC spoofing

D.

IP spoofing

Question 10

Refer to the exhibit.

What will happen when this Python script is run?

Options:

A.

The compromised computers and malware trajectories will be received from Cisco AMP

B.

The list of computers and their current vulnerabilities will be received from Cisco AMP

C.

The compromised computers and what compromised them will be received from Cisco AMP

D.

The list of computers, policies, and connector statuses will be received from Cisco AMP

Question 11

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

Options:

A.

LDAP injection

B.

man-in-the-middle

C.

cross-site scripting

D.

insecure API

Question 12

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Options:

Question 13

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites

but other sites are not accessible due to an error. Why is the error occurring?

Options:

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Client computers do not have an SSL certificate deployed from an internal CA server.

D.

Intelligent proxy and SSL decryption is disabled in the policy

Question 14

What is provided by the Secure Hash Algorithm in a VPN?

Options:

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Question 15

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

Options:

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Question 16

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?

Options:

A.

need to be reestablished with stateful failover and preserved with stateless failover

B.

preserved with stateful failover and need to be reestablished with stateless failover

C.

preserved with both stateful and stateless failover

D.

need to be reestablished with both stateful and stateless failover

Question 17

How does Cisco Advanced Phishing Protection protect users?

Options:

A.

It validates the sender by using DKIM.

B.

It determines which identities are perceived by the sender

C.

It utilizes sensors that send messages securely.

D.

It uses machine learning and real-time behavior analytics.

Question 18

An organization wants to secure users, data, and applications in the cloud. The solution must be API-based and

operate as a cloud-native CASB. Which solution must be used for this implementation?

Options:

A.

Cisco Cloudlock

B.

Cisco Cloud Email Security

C.

Cisco Firepower Next-Generation Firewall

D.

Cisco Umbrella

Question 19

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

Options:

A.

1

B.

3

C.

5

D.

10

Question 20

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Options:

Question 21

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

Options:

A.

service management

B.

centralized management

C.

application management

D.

distributed management

Question 22

What are two benefits of Flexible NetFlow records? (Choose two)

Options:

A.

They allow the user to configure flow information to perform customized traffic identification

B.

They provide attack prevention by dropping the traffic

C.

They provide accounting and billing enhancements

D.

They converge multiple accounting technologies into one accounting mechanism

E.

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

Question 23

An administrator is trying to determine which applications are being used in the network but does not want the

network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

Options:

A.

NetFlow

B.

Packet Tracer

C.

Network Discovery

D.

Access Control

Question 24

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to

prevent the session during the initial TCP communication?

Options:

A.

Configure the Cisco ESA to drop the malicious emails

B.

Configure policies to quarantine malicious emails

C.

Configure policies to stop and reject communication

D.

Configure the Cisco ESA to reset the TCP connection

Question 25

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

Options:

A.

Multiple routers or VRFs are required.

B.

Traffic is distributed statically by default.

C.

Floating static routes are required.

D.

HSRP is used for faliover.

Question 26

An organization has two systems in their DMZ that have an unencrypted link between them for communication.

The organization does not have a defined password policy and uses several default accounts on the systems.

The application used on those systems also have not gone through stringent code reviews. Which vulnerability

would help an attacker brute force their way into the systems?

Options:

A.

weak passwords

B.

lack of input validation

C.

missing encryption

D.

lack of file permission

Question 27

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,

data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity

platform. What should be used to meet these requirements?

Options:

A.

Cisco Umbrella

B.

Cisco Cloud Email Security

C.

Cisco NGFW

D.

Cisco Cloudlock

Question 28

Drag and drop the solutions from the left onto the solution's benefits on the right.

Options:

Question 29

What is the difference between Cross-site Scripting and SQL Injection, attacks?

Options:

A.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social

engineering attack.

C.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a

database is manipulated.

D.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Question 30

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?

Options:

A.

Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address

B.

Use the tenant control features to identify each subnet being used and track the connections within the

Cisco Umbrella dashboard

C.

Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard

D.

Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

Question 31

An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?

Options:

A.

CNAME

B.

MX

C.

SPF

D.

DKIM

Question 32

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures The configuration is created in the simple detection policy section, but it does not work What is the reason for this failure?

Options:

A.

The administrator must upload the file instead of the hash for Cisco AMP to use.

B.

The MD5 hash uploaded to the simple detection policy is in the incorrect format

C.

The APK must be uploaded for the application that the detection is intended

D.

Detections for MD5 signatures must be configured in the advanced custom detection policies

Question 33

What is the purpose of a NetFlow version 9 template record?

Options:

A.

It specifies the data format of NetFlow processes.

B.

It provides a standardized set of information about an IP flow.

C.

lt defines the format of data records.

D.

It serves as a unique identification number to distinguish individual data records

Question 34

Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?

Options:

A.

imports requests

B.

HTTP authorization

C.

HTTP authentication

D.

plays dent ID

Question 35

An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?

Options:

A.

single interface

B.

multi-context

C.

transparent

D.

two-interface

Question 36

Which two parameters are used to prevent a data breach in the cloud? (Choose two.)

Options:

A.

DLP solutions

B.

strong user authentication

C.

encryption

D.

complex cloud-based web proxies

E.

antispoofing programs

Question 37

Refer to the exhibit. All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and all servers must communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication between DNS servers and the file server?

Options:

A.

Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet0/4 as promiscuous ports.

B.

Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, Gigabit Ethernet0/3 and GigabitEthernet0/4 as isolated ports C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port and GigabitEthernet0/3 and GrgabitEthernet0/4 as community ports

C.

Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GrgabitEthernet0/4 as isolated ports.

Question 38

Which API method and required attribute are used to add a device into DNAC with the native API?

Options:

A.

lastSyncTime and pid

B.

POST and name

C.

userSudiSerialNos and devicelnfo

D.

GET and serialNumber

Question 39

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

Options:

A.

OpenC2

B.

OpenlOC

C.

CybOX

D.

STIX

Question 40

What is the difference between EPP and EDR?

Options:

A.

EPP focuses primarily on threats that have evaded front-line defenses that entered the environment.

B.

Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.

C.

EDR focuses solely on prevention at the perimeter.

D.

Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.

Question 41

Which system performs compliance checks and remote wiping?

Options:

A.

MDM

B.

ISE

C.

AMP

D.

OTP

Question 42

Which feature must be configured before implementing NetFlow on a router?

Options:

A.

SNMPv3

B.

syslog

C.

VRF

D.

IP routing

Question 43

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)

Options:

A.

blocks malicious websites and adds them to a block list

B.

does a real-time user web browsing behavior analysis

C.

provides a defense for on-premises email deployments

D.

uses a static algorithm to determine malicious

E.

determines if the email messages are malicious

Question 44

A network engineer entered the snmp-server user asmith myv7 auth sha cisco priv aes 256

cisc0xxxxxxxxx command and needs to send SNMP information to a host at 10.255.255.1. Which

command achieves this goal?

Options:

A.

snmp-server host inside 10.255.255.1 version 3 myv7

B.

snmp-server host inside 10.255.255.1 snmpv3 myv7

C.

snmp-server host inside 10.255.255.1 version 3 asmith

D.

snmp-server host inside 10.255.255.1 snmpv3 asmith

Question 45

Which baseline form of telemetry is recommended for network infrastructure devices?

Options:

A.

SDNS

B.

NetFlow

C.

passive taps

D.

SNMP

Question 46

Drag and drop the security solutions from the left onto the benefits they provide on the right.

Options:

Question 47

An engineer recently completed the system setup on a Cisco WSA Which URL information does the system send to SensorBase Network servers?

Options:

A.

Summarized server-name information and MD5-hashed path information

B.

complete URL,without obfuscating the path segments

C.

URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnect

D.

none because SensorBase Network Participation is disabled by default

Question 48

What are two functionalities of SDN Northbound APIs? (Choose two.)

Options:

A.

Northbound APIs provide a programmable interface for applications to dynamically configure the network.

B.

Northbound APIs form the interface between the SDN controller and business applications.

C.

OpenFlow is a standardized northbound API protocol.

D.

Northbound APIs use the NETCONF protocol to communicate with applications.

E.

Northbound APIs form the interface between the SDN controller and the network switches or routers.

Question 49

Which portion of the network do EPP solutions solely focus on and EDR solutions do not?

Options:

A.

server farm

B.

perimeter

C.

core

D.

East-West gateways

Question 50

What is a benefit of flexible NetFlow records?

Options:

A.

They are used for security

B.

They are used for accounting

C.

They monitor a packet from Layer 2 to Layer 5

D.

They have customized traffic identification

Question 51

What does endpoint isolation in Cisco AMP for Endpoints security protect from?

Options:

A.

an infection spreading across the network E

B.

a malware spreading across the user device

C.

an infection spreading across the LDAP or Active Directory domain from a user account

D.

a malware spreading across the LDAP or Active Directory domain from a user account

Question 52

Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

Options:

A.

Cisco Tetration

B.

Cisco ISE

C.

Cisco AMP for Network

D.

Cisco AnyConnect

Question 53

Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to

the network?

Options:

A.

posture

B.

profiler

C.

Cisco TrustSec

D.

Threat Centric NAC

Question 54

What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)

Options:

A.

It is defined as a Transparent proxy deployment.

B.

In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.

C.

The PAC file, which references the proxy, is deployed to the client web browser.

D.

It is defined as an Explicit proxy deployment.

E.

It is defined as a Bridge proxy deployment.

Question 55

Why should organizations migrate to an MFA strategy for authentication?

Options:

A.

Single methods of authentication can be compromised more easily than MFA.

B.

Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.

C.

MFA methods of authentication are never compromised.

D.

MFA does not require any piece of evidence for an authentication mechanism.

Question 56

Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.)

Options:

A.

Cisco Umbrella

B.

Cisco ISE

C.

Cisco DNA Center

D.

Cisco TrustSec

E.

Cisco Duo Security

Question 57

II

An engineer musí set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration Which switch port MAC address security setting must be used?

Options:

A.

sticky

B.

static

C.

aging

D.

maximum

Question 58

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

Options:

A.

webadvancedconfig

B.

websecurity advancedconfig

C.

outbreakconfig

D.

websecurity config

Question 59

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

Options:

A.

Time-based one-time passwords

B.

Data loss prevention

C.

Heuristic-based filtering

D.

Geolocation-based filtering

E.

NetFlow

Question 60

What is the difference between deceptive phishing and spear phishing?

Options:

A.

Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B.

A spear phishing campaign is aimed at a specific person versus a group of people.

C.

Spear phishing is when the attack is aimed at the C-level executives of an organization.

D.

Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Question 61

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

Options:

A.

Check integer, float, or Boolean string parameters to ensure accurate values.

B.

Use prepared statements and parameterized queries.

C.

Secure the connection between the web and the app tier.

D.

Write SQL code instead of using object-relational mapping libraries.

E.

Block SQL code execution in the web application database login.

Question 62

What is a characteristic of traffic storm control behavior?

Options:

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within

the interval.

B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is

unicast or broadcast.

Question 63

What is a difference between FlexVPN and DMVPN?

Options:

A.

DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B.

DMVPN uses only IKEv1 FlexVPN uses only IKEv2

C.

FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2

D.

FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2

Question 64

What is a characteristic of Dynamic ARP Inspection?

Options:

A.

DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP

snooping binding database.

B.

In a typical network, make all ports as trusted except for the ports connecting to switches, which are

untrusted

C.

DAI associates a trust state with each switch.

D.

DAI intercepts all ARP requests and responses on trusted ports only.

Question 65

Which option is the main function of Cisco Firepower impact flags?

Options:

A.

They alert administrators when critical events occur.

B.

They highlight known and suspected malicious IP addresses in reports.

C.

They correlate data about intrusions and vulnerability.

D.

They identify data that the ASA sends to the Firepower module.

Question 66

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

Options:

A.

Change isakmp to ikev2 in the command on hostA.

B.

Enter the command with a different password on hostB.

C.

Enter the same command on hostB.

D.

Change the password on hostA to the default password.

Question 67

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

Options:

A.

Nexus

B.

Stealthwatch

C.

Firepower

D.

Tetration

Question 68

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention

System?

Options:

A.

Security Intelligence

B.

Impact Flags

C.

Health Monitoring

D.

URL Filtering

Question 69

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social

engineering attacks? (Choose two)

Options:

A.

Patch for cross-site scripting.

B.

Perform backups to the private cloud.

C.

Protect against input validation and character escapes in the endpoint.

D.

Install a spam and virus email filter.

E.

Protect systems with an up-to-date antimalware program

Question 70

An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a

recipient address. Which list contains the allowed recipient addresses?

Options:

A.

SAT

B.

BAT

C.

HAT

D.

RAT

Question 71

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a

connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

Options:

A.

Cisco Firepower

B.

Cisco Umbrella

C.

ISE

D.

AMP

Question 72

What is the primary role of the Cisco Email Security Appliance?

Options:

A.

Mail Submission Agent

B.

Mail Transfer Agent

C.

Mail Delivery Agent

D.

Mail User Agent

Question 73

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256

cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

Options:

A.

snmp-server host inside 10.255.254.1 version 3 andy

B.

snmp-server host inside 10.255.254.1 version 3 myv3

C.

snmp-server host inside 10.255.254.1 snmpv3 andy

D.

snmp-server host inside 10.255.254.1 snmpv3 myv3

Question 74

Which two capabilities does TAXII support? (Choose two)

Options:

A.

Exchange

B.

Pull messaging

C.

Binding

D.

Correlation

E.

Mitigating

Question 75

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed

through the Cisco Umbrella network. Which action tests the routing?

Options:

A.

Ensure that the client computers are pointing to the on-premises DNS servers.

B.

Enable the Intelligent Proxy to validate that traffic is being routed correctly.

C.

Add the public IP address that the client computers are behind to a Core Identity.

D.

Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Question 76

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

Options:

A.

interpacket variation

B.

software package variation

C.

flow insight variation

D.

process details variation

Question 77

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA

command must be used?

Options:

A.

flow-export destination inside 1.1.1.1 2055

B.

ip flow monitor input

C.

ip flow-export destination 1.1.1.1 2055

D.

flow exporter

Question 78

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

Options:

A.

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

B.

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

C.

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

D.

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Question 79

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

Options:

A.

RSA SecureID

B.

Internal Database

C.

Active Directory

D.

LDAP

Question 80

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention

System? (Choose two)

Options:

A.

packet decoder

B.

SIP

C.

modbus

D.

inline normalization

E.

SSL

Question 81

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which

probe must be enabled for this type of profiling to work?

Options:

A.

NetFlow

B.

NMAP

C.

SNMP

D.

DHCP

Question 82

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline

posture node?

Options:

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

Question 83

Under which two circumstances is a CoA issued? (Choose two)

Options:

A.

A new authentication rule was added to the policy on the Policy Service node.

B.

An endpoint is deleted on the Identity Service Engine server.

C.

A new Identity Source Sequence is created and referenced in the authentication policy.

D.

An endpoint is profiled for the first time.

E.

A new Identity Service Engine server is added to the deployment with the Administration persona

Question 84

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

Options:

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Question 85

Why would a user choose an on-premises ESA versus the CES solution?

Options:

A.

Sensitive data must remain onsite.

B.

Demand is unpredictable.

C.

The server team wants to outsource this service.

D.

ESA is deployed inline.

Question 86

Which two behavioral patterns characterize a ping of death attack? (Choose two)

Options:

A.

The attack is fragmented into groups of 16 octets before transmission.

B.

The attack is fragmented into groups of 8 octets before transmission.

C.

Short synchronized bursts of traffic are used to disrupt TCP connections.

D.

Malformed packets are used to crash systems.

E.

Publicly accessible DNS servers are typically used to execute the attack.

Question 87

Which type of attack is social engineering?

Options:

A.

trojan

B.

phishing

C.

malware

D.

MITM

Demo: 87 questions
Total 583 questions