What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

A. It decrypts HTTPS application traffic for unauthenticated users.

B. It alerts users when the WSA decrypts their traffic.

C. It decrypts HTTPS application traffic for authenticated users.

D. It provides enhanced HTTPS application detection for AsyncOS.

Refer to the exhibit. An engineer is implementing a certificate based VPN. What is the result of the existing configuration?

A. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully.

B. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.

C. The OU of the IKEv2 peer certificate is set to MANGLER.

D. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.

Which IETF attribute is supported for the RADIUS CoA feature?

A. 24 State

B. 30 Calling-Station-ID

C. 42 Acct-Session-ID

D. 81 Message-Authenticator

Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?

A. destination NAT

B. reverse tunnel

C. source NAT

D. GRE tunnel

What is a benefit of using a multifactor authentication strategy?

A. It provides an easy, single sign-on experience against multiple applications

B. It provides secure remote access for applications

C. It protects data by enabling the use of a second validation of identity

D. It provides visibility into devices to establish device trust

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

A. RTP performance

B. TCP performance

C. WSAv performance

D. AVC performance

Which feature must be configured before implementing NetFlow on a router?

A. syslog

B. IP routing

C. VRF

D. SNMPv3

Which two facts must be considered when deciding whether to deploy the Cisco Secure Web Appliance in Standard mode, Hybrid Web Security mode, or Cloud Web Security Connector mode? (Choose two.)

A. External DLP is available only in Standard mode and Hybrid Web Security mode.

B. The onsite web proxy is not supported in Cloud Web Security Connector mode.

C. Standard mode and Hybrid Web Security mode perform the same actions in response to the application of an individual policy.

D. Only Standard mode and Hybrid Web Security mode support Layer 4 traffic monitoring.

E. ISE integration is available only in Standard mode and Hybrid Web Security mode.

What is the ideal deployment mode to use when you need to manage separate security policies for multiple customers on a Cisco ASA device?

A. spanned cluster mode

B. IRB mode

C. VRF mode

D. multiple context mode

Which solution allows an administrator to provision, monitor, and secure mobile devices on Windows and Mac computers from a centralized dashboard?

A. Cisco Stealthwatch

B. Cisco Umbrella

C. Cisco AMP for Endpoints

D. Cisco ISE

Refer to the exhibit. How does Cisco Umbrella manage traffic that is directed toward risky domains?

A. Traffic is managed by the application settings, unhandled and allowed.

B. Traffic is managed by the security settings and blocked.

C. Traffic is proxied through the intelligent proxy.

D. Traffic is allowed but logged.

An administrator is testing new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue?

A. The server changed its time source to stratum 1.

B. The network device is sending the wrong password to the server.

C. NTP authentication has been configured on the network device.

D. NTP authentication has been configured on the NTP server.

Which solution should be leveraged for secure access of a CI/CD pipeline?

A. Duo Network Gateway

B. Cisco FTD network gateway

C. SSL WebVPN

D. remote access client

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?

A. It drops the packet after validation by using the IP & MAC Binding Table.

B. It forwards the packet without validation.

C. It forwards the packet after validation by using the IP & MAC Binding Table.

D. It drops the packet without validation.

When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?

A. guest

B. limited Internet

C. blocked

D. full Internet

Which type of attack is MFA an effective deterrent for?

A. ping of death

B. phishing

C. teardrop

D. syn flood

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

A. Use destination block lists.

B. Configure application block lists.

C. Configure the intelligent proxy.

D. Set content settings to High.

What is a benefit of using Cisco AVC for application control?

A. dynamic application scanning

B. management of application sessions

C. retrospective application analysis

D. zero-trust approach

What is an advantage of network telemetry over SNMP pulls?

A. security

B. scalability

C. accuracy

D. encapsulation

What are two characteristics of Cisco DNA Center APIs? (Choose two.)

A. They are Cisco proprietary.

B. They do not support Python scripts.

C. They view the overall health of the network.

D. They quickly provision new devices.

E. Postman is required to utilize Cisco DNA Center API calls.

What is a difference between DMVPN and sVTI?

A. DMVPN provides interoperability with other vendors, whereas sVTI does not.

B. DMVPN supports static tunnel establishment, whereas sVTI does not.

C. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

D. DMVPN supports tunnel encryption, whereas sVTI does not.

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A. Google Cloud Platform

B. Red Hat Enterprise Virtualization

C. Amazon Web Services

D. VMware ESXi

With regard to RFC 5176 compliance, how many IETF attributes are supported by the RADIUS CoA feature?

A. 3

B. 5

C. 10

D. 12

Which attack type attempts to shut down a machine or network so that users are not able to access it?

A. bluesnarfing

B. MAC spoofing

C. smurf

D. IP spoofing

Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find pattern on threats. Which term describes this process?

A. authoring

B. consumption

C. deployment

D. sharing

What is a description of microsegmentation?

A. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.

B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

C. Environments deploy centrally managed host-based firewall rules on each server or container.

D. Environments implement private VLAN segmentation to group servers with similar applications.

DRAG DROP
-
Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.
 

What is the target in a phishing attack?

A. perimeter firewall

B. IPS

C. web server

D. endpoint

A Cisco Secure Cloud Analytics administrator is setting up a private network monitor sensor to monitor an on-premises environment. Which two pieces of information from the sensor are used to link to the Secure Cloud Analytics portal? (Choose two.)

A. private IP address

B. unique service key

C. SSL certificate

D. public IP address

E. NAT ID

In which cloud services model is the customer responsible for scanning for and mitigation of application vulnerabilities?

A. VMaaS

B. IaaS

C. PaaS

D. SaaS

What is the default action before identifying the URL during HTTPS inspection in Cisco Secure Firewall Threat Defense software?

A. reset

B. buffer

C. drop

D. pass

Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?

A. multiple context mode

B. single context mode

C. routed mode

D. transparent mode

Which parameter is required when configuring a NetFlow exporter on a Cisco router?

A. exporter name

B. exporter description

C. source interface

D. DSCP value

How does Cisco Umbrella protect clients when they operate outside of the corporate network?

A. by forcing DNS queries to the corporate name servers

B. by modifying the registry for DNS lookups

C. by using the Cisco Umbrella roaming client

D. by using Active Directory group policies to enforce Cisco Umbrella DNS servers

What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?

A. It tracks flow-create, flow-teardown, and flow-denied events.

B. It provides stateless IP flow tracking that exports all records of a specific flow.

C. It tracks the flow continuously and provides updates every 10 seconds.

D. Its events match all traffic classes in parallel.

How is DNS tunneling used to exfiltrate data out of a corporate network?

A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers

B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data

C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network

D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing a file named abc123456789.exe without quarantining that file. What type of Outbreak Control list must the SHA-256 hash value for the file be added to in order to accomplish this?

A. Advanced Custom Detection

B. Simple Custom Detection

C. Isolation

D. Blocked Application

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

A. Cisco Secure Workload

B. Cisco Secure Network Analytics

C. Cisco AMP

D. Cisco Umbrella

Which benefit does endpoint security provide the overall security posture of an organization?

A. It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C. It allows the organization to detect and respond to threats at the edge of the network.

D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

How is ICMP used as an exfiltration technique?

A. by flooding the destination host with unreachable packets

B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

D. by overwhelming a targeted host with ICMP echo-request packets

Which Cisco solution integrates industry-leading artificial intelligence and machine learning analytics and an assurance database to review the security posture and maintain visibility of an organizations cloud environment?

A. Cisco Secure Workload

B. Cisco CSR1000v

C. Cisco DNA

D. Cisco FTD

What are two functions of IKEv1 but not IKEv2? (Choose two.)

A. IKEv1 conversations are initiated by the IKE_SA_INIT message.

B. With IKEv1, aggressive mode negotiates faster than main mode.

C. IKEv1 uses EAP for authentication.

D. NAT-T is supported in IKEv1 but not in IKEv2.

E. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext.

What are two rootkit types? (Choose two.)

A. registry

B. buffer mode

C. user mode

D. bootloader

E. virtual

What is a difference between an SQL injection and a cross-site scripting attack?

A. SQL injection intercepts user information, and XSS causes false or unpredictable results.

B. SQL injection modifies SQL queries, and XSS cloaks by encoding tags.

C. SQL injection detects environments, and XSS cloaks by encoding tags.

D. SQL injection modifies SQL queries, and XSS allows access to files beyond the root folder.

What is the process of performing automated static and dynamic analysis of files in an isolated environment against preloaded behavioral indicators for threat analysis?

A. advanced sandboxing

B. adaptive scanning

C. deep visibility scan

D. point-in-time checks

What is a difference between FlexVPN and DMVPN?

A. DMVPN uses only IKEv1. FlexVPN uses only IKEv2

B. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2

C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1

D. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2

An organization wants to reduce their attack surface for cloud applications. They want to understand application communications, detect abnormal application behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?

A. Configure Cisco Tetration to detect anomalies and vulnerabilities.

B. Modify the Cisco Duo configuration to restrict access between applications.

C. Use Cisco ISE to provide application visibility and restrict access to them.

D. Implement Cisco Umbrella to control the access each application is granted.

Which two aspects of the IaaS cloud service model are managed by the service provider? (Choose two.)

A. virtual machines

B. physical network

C. applications

D. hypervisors

E. virtual network

DRAG DROP
-
Drag and drop the Cisco Secure Email Gateway benefits from the left to the corresponding deployment options on the right.
 

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

A. Cisco Firepower

B. Cisco Umbrella

C. Cisco ISE

D. Cisco AMP