QUESTION 61
Which two methods must be used to add switches into the fabric so that administrators can control how switches are added into DCNM for private cloud management? (Choose two.)
A. PowerOn Auto Provisioning
B. Cisco Prime Infrastructure
C. Seed IP
D. CDP AutoDiscovery
E. Cisco Cloud Director
Correct Answer: AC
QUESTION 62
Which algorithm provides encryption and authentication for data plane communication?
A. AES-256
B. AES-GCM
C. SHA-384
D. SHA-96
Correct Answer: B
QUESTION 63
What is the ideal deployment mode to use when you need to manage separate security policies for multiple customers on a Cisco ASA device?
A. spanned cluster mode
B. IRB mode
C. multiple context mode
D. VRF mode
Correct Answer: C
QUESTION 64
Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?
A. network address translations
B. time synchronization
C. quality of service
D. intrusion policy
Correct Answer: B
QUESTION 65
An engineer must force an endpoint to re authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE Which CoA type achieves this goal?
A. CoA Session Query
B. CoA Reauth
C. CoA Terminate
D. Port Bounce
Correct Answer: B
QUESTION 66
What provides visibility and awareness into what is currently occurring on the network?
A. Cisco Prime Infrastructure
B. WMI
C. Telemetry
D. CMX
Correct Answer: C
QUESTION 67
What is the benefit of installing Cisco AMP for Endpoints on a network?
A. It enables behavioral analysis to be used for the endpoints.
B. It provides operating system patches on the endpoints for security.
C. It provides flow-based visibility for the endpoints’ network connections.
D. It protects endpoint systems through application control and real-time scanning.
Correct Answer: D
QUESTION 68
Which type of dashboard does Cisco DNA Center provide for complete control of the network?
A. centralized management
B. service management
C. distributed management
D. application management
Correct Answer: A
QUESTION 69
An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?
A. Configure the Cisco ESA to reset the TCP connection.
B. Configure policies to stop and reject communication.
C. Configure policies to quarantine malicious emails.
D. Configure the Cisco ESA to drop the malicious emails.
Correct Answer: A
QUESTION 70
What is an attribute of the DevSecOps process?
A. mandated security controls and check lists
B. isolated security team
C. development security
D. security scanning and theoretical vulnerabilities
Correct Answer: C
QUESTION 71
A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?
A. The hosts must use a different datastore than the virtual appliance.
B. The hosts must have access to the same defined network
C. The hosts must run different versions of Cisco AsyncOS.
D. The hosts must run Cisco AsyncOS 10.0 or greater.
Correct Answer: B
QUESTION 72
An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?
A. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not.
B. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not
C. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.
D. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not.
Correct Answer: D
QUESTION 73
A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?
A. Cisco Stealthwatch Cloud
B. Cisco ASAv
C. Cisco Cloud Orchestrator
D. Cisco WSAv
Correct Answer: B
QUESTION 74
What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?
A. The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.
B. The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity.
C. Secure Endpoint stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.
D. Secure Endpoint authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.
Correct Answer: C
QUESTION 75
Which API method and required attribute are used to add a device into Cisco DNA Center with the native API?
A. GET and serialNumber
B. POST and name
C. lastSync Time and pid
D. userSudiSerialNos and devicelnfo
Correct Answer: B
QUESTION 76
An organization is implementing ASA for their users. They need to ensure that authorization is verified for every command that is being entered by the network administrator. Which protocol must be configured in order to provide this capability?
A. RADIUS
B. EAPOL
C. TACACS+
D. SSH
Correct Answer: C
QUESTION 77
Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Tetration implementation? (Choose two.)
A. Cisco ASA
B. ADC
C. ERSPAN
D. NetFlow
E. Cisco Secure Workload
Correct Answer: CD
QUESTION 78
A network administrator is setting up a site-to-site VPN from a Cisco FTD to a cloud environment. After the administrator configures the VPN on both sides, they still cannot reach the cloud environment. Which command must the administrator run on the FTD to verify that the VPN is encrypting traffic in both directions?
A. show crypto ipsec sa
B. show vpn-sessiondb detail l2l
C. show crypto ipsec stats
D. show crypto isakmp sa
Correct Answer: A
QUESTION 79
A company is planning to deploy an application to a secure cloud environment. The solution must meet these requirements:
1. A third-party must control the underlying cloud infrastructure.
2. The company must control the deployed applications.
3. A third-party must control networking components
Which cloud service model must be used?
A. SaaS
B. PaaS
C. IaaS
D. private cloud
Correct Answer: B
QUESTION 80
What is an advantage of FlexVPN when compared to DMVPN?
A. FlexVPN provides NHRP for communication, and DMVPN provides NHRP for registration and communication.
B. FlexVPN provides IPsec to announce routing information, and DMVPN provides NHRP for communication.
C. FlexVPN provides one static multipoint GRE interface, and DMVPN provides static and dynamic point-to-point interfaces.
D. FlexVPN provides NHRP for communication, and DMVPN provides IPsec to announce routing information.
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.