| A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.) |
| How many interfaces per bridge group does an ASA bridge group deployment support? |
| In which type of attack does the attacker insert their machine between two hosts that are communicating with each other? |
| A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs? |
| Which two behavioral patterns characterize a ping of death attack? (Choose two.) |
| Which two descriptions of AES encryption are true? (Choose two.) |
| While using Cisco Firepower’s Security Intelligence policies, which two criteria is blocking based upon? (Choose two.) |
| What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging? |
| Which product allows Cisco FMC to push security intelligence observable to its sensors from other products? |
| What is a function of 3DES in reference to cryptography? |
| What is a difference between a DoS attack and DDos attack? |
| Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users? |
| An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392481137. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however is unable to do so. Which command is required to enable the client to accept the server’s authentication key? |
| Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server? |
| An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements? |
| Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.) |
| A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0383320506 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal? |
| A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases? |
| Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities? |
| An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text? |
| What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command? |
| How does DNS Tunneling exfiltrate data? |
| What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes? |
| What are two rootkit types? (Choose two.) |
| Which two activities can be done using Cisco DNA Center? (Choose two.) |
| Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.) |
| Which algorithm provides encryption and authentication for data plane communication? |
| What is a characteristic of Dynamic ARP Inspection? |
| What is the function of SDN southbound API protocols? |
| What is the function of the crypto isakmp key cisc406143794 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel? |
| Under which two circumstances is a CoA issued? (Choose two.) |
| An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASA that must migrate over to Cisco FTDs. Which solution meets the needs of the organization? |
| An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together? |
| A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this? |
| What is the difference between Cross-site Scripting and SQL Injection attacks? |
| How is DNS tunneling used to exfiltrate data out of a corporate network? |
| Which VPN technology can support a multivendor environment and secure traffic between sites? |
| Which threat involves software being used to gain unauthorized access to a computer system? |
| A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing? |
| An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2? |
| What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems? |
| A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this? |
| Which information is required when adding a device to Firepower Management Center? |
| Which two preventive measures are used to control cross-site scripting? (Choose two.) |
| Which type of attack is social engineering? |
| An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used? |
| What is a difference between FlexVPN and DMVPN? |
| Which form of attack is launched using botnets? |
| Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.) |
| How does Cisco Advanced Phishing Protection protect users? |
| What are two advantages of using Cisco AnyConnect over DMVPN? (Choose two.) |
| Which feature is configured for managed devices in the device platform settings of the Firepower Management Center? |
| Which functions of an SDN architecture require southbound APIs to enable communication? |
| Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment? |
| When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4? |
| An engineer notices traffic interruptions on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue? |
| What is a key difference between Cisco Firepower and Cisco ASA? |
| What is managed by Cisco Security Manager? |
| Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches? |
| What is a commonality between DMVPN and FlexVPN technologies? |
| Which two mechanisms are used to control phishing attacks? (Choose two.) |
| A company discovered an attack propagating through their network via a file. A custom file detection policy was created in order to track this in the future and ensure no other endpoints execute to infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the policy created is functioning as it should? |
| An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal? |
| Which SNMPv3 configuration must be used to support the strongest security possible? |
| What are two characteristics of Cisco DNA Center APIs? (Choose two.) |
| Which command enables 802.1X globally on a Cisco switch? |
| Which two capabilities does TAXII support? (Choose two.) |
| What is a feature of the open platform capabilities of Cisco DNA Center? |
| An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal? |
| An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue? |
| A Cisco FTD engineer is creating a newIKEv2 policy called s2s00123456789 for their organization to allow additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this? |
| Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? |
| The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform? |
| What is a difference between GETVPN and IPsec? |
| Which attribute has the ability to change during the RADIUS CoA? |
| Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.) |
| An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task? |
| An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this? |
| What is the difference between deceptive phishing and spear phishing? |
| What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs? |
| What is a difference between an XSS attack and an SQL injection attack? |
| Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity? |
| Which two kinds of attacks are prevented by multifactor authentication? (Choose two.) |
| Which attack is commonly associated with C and C++ programming languages? |
| In which form of attack is alternate encoding, such as hexadecimal representation, most often observed? |
| With which components does a southbound API within a software-defined network architecture communicate? |
| What is a benefit of using Cisco FMC over Cisco ASDM? |
| What features does Cisco FTDv provide over Cisco ASAv? |
| Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.) |
| An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this? |
| Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN? |
| What is a prerequisite when integrating a Cisco ISE server and an AD domain? |
| Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device? |
| Which algorithm provides asymmetric encryption? |
| The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network? |
| An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal? |
| What is a functional difference between a Cisco ASA and Cisco IOS router with Zone-Based Policy Firewall? |
| What is a characteristic of Firepower NGIPS inline deployment mode? |
| What is a characteristic of a bridge group in a Cisco ASA Firewall running in transparent mode? |
| An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealthwatch406143794 command. Which additional command is required to complete the flow record? |
| What are two DDoS attack categories? (Choose two.) |
| When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used? |
| Which ASA deployment mode can provide separation of management on a shared appliance? |
| A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the Interface status of all interfaces, and there is no err-disabled interface. What is causing this problem? |
| Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.) |
| Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true? |
| An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished? |
| A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0383320506 address 0.0.0.0 command on host A. The tunnel is not being established to host B. What action is needed to authenticate the VPN? |
| Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.) |
| Which type of dashboard does Cisco DNA Center provide for complete control of the network? |
| Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources? |
| An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration? |
| Which two key and block sizes are valid for AES? (Choose two.) |
| Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats? |
| What is the difference between a vulnerability and an exploit? |
| Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos? |
| When wired 802.1X authentication is implemented, which two components are required? (Choose two.) |
| What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol? |
| What provides the ability to program and monitor networks from somewhere other than the DNAC GUI? |
| A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment? |
| Which statement about IOS zone-based firewalls is true? |
| What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats? |
