NEW QUESTION 1

How is Cisco Umbrella configured to log only security events?

• A. per policy
• B. in the Reporting settings
• C. in the Security Settings section
• D. per network in the Deployments section

Answer: A

Explanation:
Reference: https://docs.umbrella.com/deployment-umbrella/docs/log-management

NEW QUESTION 2

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

• A. Encrypted Traffic Analytics
• B. Threat Intelligence Director
• C. Cognitive Threat Analytics
• D. Cisco Talos Intelligence

Answer: B

NEW QUESTION 3

Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to
the network?

• A. posture
• B. profiler
• C. Cisco TrustSec
• D. Threat Centric NAC

Answer: A

NEW QUESTION 4

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

• A. Configure the *.com address in the block list.
• B. Configure the *.domain.com address in the block list
• C. Configure the *.domain.com address in the block list
• D. Configure the domain.com address in the block list

Answer: C

NEW QUESTION 5

An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG. The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?

• A. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI.
• B. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI.
• C. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI
• D. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/b_ESA_Admin_Guide_11_0/b_ESA

NEW QUESTION 6

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

• A. Cisco Umbrella
• B. External Threat Feeds
• C. Cisco Threat Grid
• D. Cisco Stealthwatch

Answer: C

Explanation:
Reference:
https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligencedirector

NEW QUESTION 7

What are two workloaded security models? (Choose two)

• A. SaaS
• B. IaaS
• C. on-premises
• D. off-premises
• E. PaaS

Answer: CD

NEW QUESTION 8

What is the difference between Cross-site Scripting and SQL Injection, attacks?

• A. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
• B. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
• C. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
• D. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Answer: A

Explanation:
Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.Answer C is not correct because the statement “Cross-site Scripting is when executives in a corporation are attacked” is not true. XSS is a client-side vulnerability that targets other application users.Answer D is not correct because the statement “Cross-site Scripting is an attack where code is executed from the server side”. In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client’s side.Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites whereattackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POSTparameters.Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

NEW QUESTION 9

Under which two circumstances is a CoA issued? (Choose two)

• A. A new authentication rule was added to the policy on the Policy Service node.
• B. An endpoint is deleted on the Identity Service Engine server.
• C. A new Identity Source Sequence is created and referenced in the authentication policy.
• D. An endpoint is profiled for the first time.
• E. A new Identity Service Engine server is added to the deployment with the Administration persona

Answer: BD

Explanation:
The profiling service issues the change of authorization in the following cases:– Endpoint deleted—When an endpoint is deleted from the Endpoints page and the endpoint is disconnectedor removed from the network.An exception action is configured—If you have an exception action configured per profile that leads to anunusual or an unacceptable event from that endpoint. The profiling service moves the endpoint to thecorresponding static profile by issuing a CoA.– An endpoint is profiled for the first time—When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile.+ An endpoint identity group has changed—When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy.The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide

NEW QUESTION 10

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

• A. health policy
• B. system policy
• C. correlation policy
• D. access control policy
• E. health awareness policy

Answer: A

NEW QUESTION 11

An organization wants to improve its cybersecurity processes and to add intelligence to its data The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?

• A. Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use
• B. Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies.
• C. Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases
• D. Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides.

Answer: D

NEW QUESTION 12

What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?

• A. lf four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt.
• B. After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL
• C. After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL1
• D. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds.

Answer: D

NEW QUESTION 13

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

• A. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval.
• B. Use EEM to have the ports return to service automatically in less than 300 seconds.
• C. Enter the shutdown and no shutdown commands on the interfaces.
• D. Enable the snmp-server enable traps command and wait 300 seconds
• E. Ensure that interfaces are configured with the error-disable detection and recovery feature

Answer: CE

Explanation:
You can also bring up the port by using these commands:+ The “shutdown” interface configuration command followed by the “no shutdown” interface configurationcommand restarts the disabled port.+ The “errdisable recovery cause …” global configuration command enables the timer to automatically recover error-disabled state, and the “errdisable recovery interval interval” global configuration command specifies the time to recover error-disabled state.

NEW QUESTION 14

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

• A. It allows the endpoint to authenticate with 802.1x or MAB.
• B. It verifies that the endpoint has the latest Microsoft security patches installed.
• C. It adds endpoints to identity groups dynamically.
• D. It allows CoA to be applied if the endpoint status is compliant.

Answer: A

NEW QUESTION 15

Which two components do southbound APIs use to communicate with downstream devices? (Choose two.)

• A. services running over the network
• B. OpenFlow
• C. external application APIs
• D. applications running over the network
• E. OpFlex

Answer: BE

NEW QUESTION 16

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

• A. SDP
• B. LDAP
• C. subordinate CA
• D. SCP
• E. HTTP

Answer: BE

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/15-mt/sec-pki-15-mtbook/sec-pk

NEW QUESTION 17

An engineer needs to add protection for data in transit and have headers in the email message Which
configuration is needed to accomplish this goal?

• A. Provision the email appliance
• B. Deploy an encryption appliance.
• C. Map sender !P addresses to a host interface.
• D. Enable flagged message handling

Answer: D

NEW QUESTION 18

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

• A. RSA SecureID
• B. Internal Database
• C. Active Directory
• D. LDAP

Answer: C

NEW QUESTION 19

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

• A. accounting
• B. assurance
• C. automation
• D. authentication
• E. encryption

Answer: BC

Explanation:
Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06- cisco-dna-center-aag-cte-en.html

NEW QUESTION 20

What is a benefit of using a multifactor authentication strategy?

• A. It provides visibility into devices to establish device trust.
• B. It provides secure remote access for applications.
• C. It provides an easy, single sign-on experience against multiple applications
• D. lt protects data by enabling the use of a second validation of identity.

Answer: D

NEW QUESTION 21
......