A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?

A. need to be reestablished with stateful failover and preserved with stateless failover

B. preserved with both stateful and stateless failover

C. need to be reestablished with both stateful and stateless failover

D. preserved with stateful failover and need to be reestablished with stateless failover

For a given policy in Cisco Umbrella, how should a customer block websites based on a custom list?

A. by adding the website IP addresses to the Cisco Umbrella blocklist

B. by adding the websites to a blocked type destination list

C. by specifying blocked domains in the policy settings

D. by specifying the websites in a custom blocked category

An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.
What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

A. Cisco Identity Services Engine and AnyConnect Posture module

B. Cisco Stealthwatch and Cisco Identity Services Engine integration

C. Cisco ASA firewall with Dynamic Access Policies configured

D. Cisco Identity Services Engine with PxGrid services enabled

What is the process in DevSecOps where all changes in the central code repository are merged and synchronized?

A. EP

B. CD

C. CI

D. QA

Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)

A. malware

B. denial-of-service attacks

C. ARP spoofing

D. exploits

E. eavesdropping

What is capability of EPP compared to EDR?

A. EPP protects against malware that has already entered the environment, and EDR focuses on protecting against botnets.

B. EDR protects against email attacks, and EPP focuses on detecting and monitoring phishing and ransomware email attacks.

C. EDR protects against malicious email attacks, and EPP focuses on suspicious website attacks including DoS and DDoS attempts.

D. EDR protects against malware that has already entered the environment, and EPP focuses on preventing malware from entering.

What are two workload security models? (Choose two.)

A. SaaS

B. PaaS

C. off-premises

D. on-premises

E. IaaS

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?

A. NetFlow collectors

B. Cisco Cloudlock

C. Cisco Stealthwatch Cloud

D. Cisco Umbrella

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)

A. data exfiltration

B. command and control communication

C. intelligent proxy

D. snort

E. URL categorization

In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.)

A. use Web Cache Communication Protocol

B. configure AD Group Policies to push proxy settings

C. configure the proxy IP address in the web-browser settings

D. configure policy-based routing on the network infrastructure

E. reference a Proxy Auto Config file

Which metric is used by the monitoring agent to collect and output packet loss and jitter information?

A. RTP performance

B. TCP performance

C. WSAv performance

D. AVC performance

What are the two most commonly used authentication factors in multifactor authentication? (Choose two.)

A. biometric factor

B. time factor

C. confidentiality factor

D. knowledge factor

E. encryption factor

Which API method and required attribute are used to add a device into Cisco DNA Center with the native API?

A. GET and serialNumber

B. userSudiSerlalNos and deviceInfo

C. POST and name

D. lastSyncTime and pid

When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?

A. It applies the next identification profile policy.

B. It applies the global policy.

C. It applies the advanced policy.

D. It blocks the request.

Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

A. SDLC

B. Lambda

C. Contiv

D. Docker

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

A. Cisco AMP for Endpoints

B. Cisco AnyConnect

C. Cisco Umbrella

D. Cisco Duo

An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Cisc433392759. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?

A. ntp server 192.168.1.110 primary key 1

B. ntp server 192.168.1.110 key 1 prefer

C. ntp peer 192.168.1.110 prefer key 1

D. ntp peer 192.168.1.110 key 1 primary

Which Cisco Firewall solution requires zone definition?

A. CBAC

B. Cisco AMP

C. ZBFW

D. Cisco ASA

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?

A. The administrator must upload the file instead of the hash for Cisco AMP to use.

B. The APK must be uploaded for the application that the detection is intended.

C. The MD5 hash uploaded to the simple detection policy is in the incorrect format.

D. Detections for MD5 signatures must be configured in the advanced custom detection policies.

When a site-to-site VPN is configured in Cisco FMC, which topology is supported when crypto ACLs are used instead of protected networks to define interesting traffic?

A. hub-and-spoke

B. full mesh

C. DMVPN

D. point-to-point

What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

A. Service Provider managed

B. User managed

C. Public managed

D. Hybrid managed

E. Enterprise managed

DRAG DROP
-
Drag and drop the firewall capabilities from the left onto the corresponding firewall deployment modes on the right.
 

Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Secure Workload implementation? (Choose two.)

A. NetFlow

B. Cisco Secure Workload

C. Cisco ASA

D. ERSPAN

E. ADC

While using Cisco Firepower's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)

A. IP addresses

B. URLs

C. port numbers

D. protocol IDs

E. MAC addresses

An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal?

A. SubCA

B. organization owned root

C. self-signed

D. third-party

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

A. Cisco Endpoint Security Analytics

B. Cisco AMP for Endpoints

C. Endpoint Compliance Scanner

D. Security Posture Assessment Service

Which function is performed by certificate authorities but is a limitation of registration authorities?

A. CRL publishing

B. certificate re-enrollment

C. verifying user identity

D. accepts enrollment requests

What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physical Secure Email Gateway?

A. simplifies the distribution of software updates

B. enables the allocation of additional resources

C. provides an automated setup process

D. provides faster performance

Which form of attack is launched using botnets?

A. TCP flood

B. DDOS

C. DOS

D. virus

What is the most common type of data exfiltration that organizations currently experience?

A. encrypted SMTP

B. SQL database injections

C. HTTPS file upload site

D. Microsoft Windows network shares

Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD uses a registration key of Cisc392481137 and is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A. configure manager add 16

B. configure manager add DONTRESOLVE FTD123

C. configure manager add

D. configure manager add DONTRESOLVE

With which components does a southbound API within a software-defined network architecture communicate?

A. applications

B. controllers within the network

C. appliances

D. devices such as routers and switches

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

A. computer identity

B. Windows service

C. user identity

D. Windows firewall

E. default browser

Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

A. northbound API

B. westbound API

C. eastbound API

D. southbound API

What is a benefit of performing device compliance?

A. providing multi-factor authentication

B. verification of the latest OS patches

C. providing attribute-driven policies

D. device classification and authorization

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?

A. routed mode

B. multiple zone mode

C. multiple context mode

D. transparent mode

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

A. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud.

B. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud.

C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud.

D. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?

A. Intelligent Multi-Scan

B. Anti-Virus Filtering

C. IP Reputation Filtering

D. File Analysis

Which Cisco Umbrella package supports selective proxy for inspection of traffic from risky domains?

A. DNS Security Advantage

B. SIG Essentials

C. DNS Security Essentials

D. SIG Advantage

How does a Cisco Secure Web Appliance integrated with LDAP handle the permissions of a currently logged in Active Directory group member when the Active Directory administrator changes the permissions of the user's group mid session?

A. If the Cisco Secure Client Mobility Client is configured on the endpoint to provide Active Directory updates, the Cisco Secure Web Appliance changes the user’s permissions immediately when alerted by the client.

B. If the Cisco Secure Web Appliance is configured to receive real-time updates from the Active Directory user agent, it changes the user’s permissions immediately when the agent sends the update.

C. The Cisco Secure Web Appliance terminates the current session and prompts the user to re-authenticate in order to update the effective permissions.

D. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user’s session.

Which algorithm provides encryption and authentication for data plane communication?

A. AES-GCM

B. SHA-96

C. AES-256

D. SHA-384

Refer to the exhibit. An engineer must enable secure SSH protocols and enters this configuration. What are two results of running this set of commands on a Cisco router? (Choose two.)

A. generates RSA key pairs on the router

B. enables SSHv1 on the router

C. uses the FQDN with the label command

D. labels the key pairs to be used for SSH

E. generates AES key pairs on the router

Which action adds IOCs to customize detections for a new attack?

A. Use the initiate Endpoint 1OC scan feature to gather the IOC information and push it to clients.

B. Upload the 10Cs into the Installed Endpoint IOC feature within Cisco Secure Endpoint.

C. Add a custom advanced detection to include the 1OCs needed within Cisco Secure Endpoint.

D. Modify the base policy within Cisco Secure Endpoint to include simple custom detections.

The security team has installed a Cisco Secure Email Gateway. During setup, a large number of email messages containing the string "abcde1111111111" are being blocked. The security team wants to investigate and determine if the emails are part of a phishing or malware attack. Which configuration step must the security team apply?

A. Implement a policy to only allow email from trusted to the network senders.

B. Apply a policy to route all blocked emails to a separate quarantine folder.

C. Configure sender domain reputation policy to check if sender email domain is known to be malicious.

D. Configure a policy to disable spam filtering in order to expedite email delivery.

What is a difference between FlexVPN and DMVPN?

A. DMVPN uses only IKEv1. FlexVPN uses only IKEv2

B. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2

C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1

D. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2

What is the difference between Cross-site Scripting and SQL Injection attacks?

A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

B. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.

D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

An organization is moving toward the zero-trust model. Which Cisco solution enables administrators to deploy and control microsegmentation of endpoints that are connected to a Cisco Data Center Virtual Edge, Cisco Application Virtual Switch, Microsoft vSwitch, and VMware vSphere Distributed Switch?

A. Cisco Titration

B. Cisco DCNM

C. Cisco Stealthwatch

D. Cisco ACI

What are two DDoS attack categories? (Choose two.)

A. protocol

B. source-based

C. database

D. sequential

E. volume-based

What is a difference between DMVPN and sVTI?

A. DMVPN provides interoperability with other vendors, whereas sVTI does not.

B. DMVPN supports static tunnel establishment, whereas sVTI does not.

C. DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

D. DMVPN supports tunnel encryption, whereas sVTI does not.

What is the difference between a vulnerability and an exploit?

A. A vulnerability is a weakness that can be exploited by an attacker.

B. A vulnerability is a hypothetical event for an attacker to exploit.

C. An exploit is a hypothetical event that causes a vulnerability in the network.

D. An exploit is a weakness that can cause a vulnerability in the network.