QUESTION 1
What is an advantage of Cisco Secure Client when compared to IPsec?
A. Cisco Secure Client provides SSL and IKEv1, and IPsec provides SSL and IKEv2.
B. Cisco Secure Client provides SSL and IKEv1, and IPsec provides IKEv1.
C. Cisco Secure Client provides SSL and IKEv2, and IPsec provides IKEv1 and IKEv2.
D. Cisco Secure Client provides IKEv1 and IKEv2, and IPsec provides IKEv2.
Correct Answer: C
QUESTION 2
What is the purpose of deploying the latest patch to an endpoint?
A. to restrict server access to administrators only
B. to acquire new features as part of a major release
C. to resolve security and functionality issues
D. to remove unnecessary software from a server
Correct Answer: C
QUESTION 3
What are two capabilities of a Cisco Secure Web Appliance configured in Transparent mode? (Choose two.)
A. Layer 4 switches automatically redirect traffic destined to port 80.
B. It requires a proxy for the client web browser.
C. It handles explicit HTTP requests.
D. It requires a PAC file for the client web browser.
E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
Correct Answer: AE
QUESTION 4
A threat actor used a phishing email to deliver a fie named Financial_Statement_Summary.pdf with an embedded macro. The file was opened, and a remote code execution attack occurred in a company’s infrastructure. Which step must the security team take next for the recovery stage?
A. Immediately disconnect all company systems from the network.
B. Determine the systems involved and deploy available patches.
C. Block all PDF files from being opened on user devices.
D. Delete the phishing email from the user’s inbox.
Correct Answer: B
QUESTION 5
A network administrator must configure remote access to a Cisco ASA. The administrator enables Secure Client VPN access, creates a group policy, and configures access list bypass. Which action must be taken to meet the requirement?
A. Enable user accounts for remote access VPN.
B. Define method lists for authentication.
C. Create the connection profile and tunnel group.
D. Configure NAT exemption for remote clients.
Correct Answer: C
QUESTION 6
How does Cisco Stealthwatch Cloud provide security for cloud environments?
A. It assigns Internet-based DNS protection for clients and servers.
B. It delivers visibility and threat detection
C. It prevents exfiltration of sensitive data
D. It facilitates secure connectivity between public and private networks.
Correct Answer: B
QUESTION 7
A network administrator configures Dynamic ARP Inspection on a switch After Dynamic ARP Inspection is applied all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces and there is no err-disabled interface. What is causing this problem?
A. The no ip arp inspection trust command is applied on all user host interfaces
B. Dynamic ARP Inspection has not been enabled on all VLANs
C. DHCP snooping has not been enabled on all VLANs.
D. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
Correct Answer: C
QUESTION 8
Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victims web browser executes the code?
A. cross-site scripting
B. SQL injection
C. buffer overflow
D. browser WGET
Correct Answer: A
QUESTION 9
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
A. Use Bounce Verification.
B. Configure Directory Harvest Attack Prevention.
C. Bypass LDAP access queries in the recipient access table
D. Configure incoming content filters.
Correct Answer: B
QUESTION 10
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.)
A. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.
B. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassivelD).
C. It integrates with third-party products to provide better visibility throughout the network.
D. It allows multiple security products to share information and work together to enhance security posture in the network
E. It allows for the assignment of Security Group Tags and does not require 802.1X to be configured on the switch or the endpoint.
Correct Answer: BE
QUESTION 11
When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
A. All IP addresses other than 1.2.3.4 will be allowed.
B. The remote connection will only be allowed from 1.2.3.4
C. The key server that is managing the keys for the connection will be at 1.2.3.4.
D. The address that will be used as the crypto validation authority.
Correct Answer: B
QUESTION 12
Which algorithm provides asymmetric encryption?
A. RC4
B. RSA
C. 3DES
D. AES
Correct Answer: B
QUESTION 13
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?
A. Cisco AMP for Network
B. Cisco Secure Client
C. Cisco ISE
D. Cisco Secure Workload
Correct Answer: D
QUESTION 14
What are two functionalities of SDN Northbound APIs? (Choose two.)
A. Northbound APIs form the interface between the SDN controller and business applications.
B. Northbound APIs form the interface between the SDN controller and the network switches or routers.
C. OpenFlow is a standardized northbound API protocol.
D. Northbound APIs use the NETCONF protocol to communicate with applications.
E. Northbound APIs provide a programmable interface for applications to dynamically configure the network.
Correct Answer: AE
QUESTION 15
Which solution should be leveraged for secure access of a CI/CD pipeline?
A. Duo Network Gateway
B. SSL WebVPN
C. remote access client
D. Cisco FTD network gateway
Correct Answer: A
QUESTION 16
Which command is used to log all events to a destination collector 209.165.201.10?
A. CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10
B. CiscoASA(config-cmap)# flow-export event-type flow-update destination 209.165.201.10
C. CiscoASA(config-pmap-c)# flow-export event-type flow-update destination 209.165.201.10
D. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.10
Correct Answer: A
QUESTION 17
An engineer must set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration. Which switch port MAC address security setting must be used?
A. aging
B. sticky
C. static
D. maximum
Correct Answer: B
QUESTION 18
When choosing an algorithm to use, what should be considered about Diffie Hellman and RSA for key establishment?
A. DH is a symmetric key establishment algorithm intended to output asymmetric keys.
B. RSA is a symmetric key establishment algorithm intended to output asymmetric keys.
C. DH is an asymmetric key establishment algorithm intended to output symmetric keys.
D. RSA is an asymmetric key establishment algorithm intended to output symmetric keys.
Correct Answer: C
QUESTION 19
When MAB is configured for use within the 802. 1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password?
A. The MAB uses the IP address as username and password.
B. Each device must be set manually by the administrator.
C. The MAB uses the MAC address as username and password.
D. The MAB uses the Call-Station-ID as username and password.
Correct Answer: C
QUESTION 20
Which two devices support WCCP for traffic redirection? (Choose two.)
A. Cisco ASA
B. Cisco IOS
C. Cisco IPS
D. proxy server
E. Cisco Secure Web Appliance
Correct Answer: AB
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.