QUESTION 101
Which Cisco Firewall solution requires zone definition?
A. CBAC
B. Cisco AMP
C. Cisco ASA
D. ZBFW
Correct Answer: D
QUESTION 102
An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CES addresses. Which DNS record must be modified to accomplish this task?
A. CNAME
B. MX
C. DKIM
D. SPF
Correct Answer: B
QUESTION 103
What are two examples of code injection vulnerabilities? (Choose two.)
A. SQL injection
B. cross-site scripting
C. session hijacking
D. arbitrary command injection
E. XML external entity injection
Correct Answer: AB
QUESTION 104
How many interfaces per bridge group does an ASA bridge group deployment support?
A. Up to 2
B. Up to 4
C. Up to 8
D. Up to 16
Correct Answer: B
QUESTION 105
What is a difference between an XSS attack and an SQL injection attack?
A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications.
B. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them.
C. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.
D. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.
Correct Answer: C
QUESTION 106
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
A. Cisco Secure Network Analytics
B. Cisco Secure Client
C. Cisco ISE
D. Cisco AMP
Correct Answer: A
QUESTION 107
A network administrator must configure a Cisco ASA firewall for Cisco ASDM access. The administrator uploads the Cisco ASDM image to the firewall and configures the ASA management interface. Which action must the administrator take next to complete the configuration?
A. Configure the SSH service.
B. Enable AAA.
C. Enable the HTTP access.
D. Run Cisco ASDM on a Windows machine.
Correct Answer: C
QUESTION 108
A security engineer obtains a list of malicious executables. The engineer must import the list in bulk to a custom detection rule in a Cisco Secure Endpoint. The detection rule will be used to detect potentially infected corporate Android mobile devices. If the rule matches, the executable must be stopped from executing automatically on the device. Which type of custom detection must the engineer configure?
A. IP blocked lists
B. advanced custom detections
C. Android custom detection
D. blocked applications
Correct Answer: D
QUESTION 109
What is capability of EPP compared to EDR?
A. EDR protects against malicious email attacks, and EPP focuses on suspicious website attacks including DoS and DDoS attempts.
B. EPP protects against malware that has already entered the environment, and EDR focuses on protecting against botnets.
C. EDR protects against email attacks, and EPP focuses on detecting and monitoring phishing and ransomware email attacks.
D. EDR protects against malware that has already entered the environment, and EPP focuses on preventing malware from entering.
Correct Answer: D
QUESTION 110
Which endpoint security solution capability helps recognize sources of phishing attacks?
A. file retrospection
B. application security
C. threat intelligence feeds
D. data loss prevention
Correct Answer: C
QUESTION 111
What is the difference between cross-site scripting and cross-site request forgery?
A. Cross-site scripting injects malicious scripts into a victim’s browser and executes them, and cross-site request forgery exploits a user’s authenticated session to perform unauthorized actions on a trusted website.
B. Cross-site scripting interferes with the queries that an application makes to its database, and cross-site request forgery exploits a user’s authenticated session to perform unauthorized actions on a trusted website.
C. Cross-site scripting injects malicious scripts into a victim’s browser and executes them, and cross-site request forgery exploits a user’s unauthenticated session to perform unauthorized actions on a trusted website.
D. Cross-site scripting exploits a user’s authenticated session to perform unauthorized actions on a trusted website, and cross-site request forgery interferes with the queries that an application makes to its database.
Correct Answer: A
QUESTION 112
What is a capability of a Next-Generation Cisco Secure Firewall?
A. IPS
B. device trajectory
C. endpoint malware removal
D. patch management
Correct Answer: A
QUESTION 113
What is a security capability of Cisco Umbrella?
A. clickjacking protection
B. host-based antivirus protection
C. on-demand antivirus endpoint scans
D. category-based web filtering
Correct Answer: D
QUESTION 114
A user received an email with an attachment named Critical_Patch.exe but did not run it. Which category of the cyber kill chain describe this type of event based on the delivery of the malicious payload?
A. Weaponization
B. Delivery
C. Lateral Movement
D. Command and Control
Correct Answer: B
QUESTION 115
A security engineer configures a Cisco Secure Email Gateway to ensure that quarantined email messages are virus-free before the messages are delivered. In addition, the delivery of emails from known bad senders must be denied. Which two actions must be performed to meet the requirements? (Choose two.)
A. Enable a message tracking service.
B. Configure Sender Base Reputation Score on the sender group.
C. Deploy the Secure Email Gateway to the DMZ.
D. Scan quarantined email by using antivirus signatures.
E. Configure a recipient access table.
Correct Answer: BD
QUESTION 116
A security engineer is configuring an access control policy rule on a Cisco Secure Email device. The engineer must block certain URLs and select the Chat and Instant Messaging category. Which reputation score must the engineer configure to meet the requirement?
A. -10
B. -5.9
C. -3
D. -1
Correct Answer: C
QUESTION 117
Which two methods support transparent user identification on the Cisco Secure Web Appliance? (Choose two.)
A. RSA SecurID
B. TACACS+
C. LDAP
D. Active Directory
E. RADIUS
Correct Answer: CD
QUESTION 118
Which endpoint security solution capability reduces the effectiveness of spear phishing attacks?
A. antivirus scanning
B. data loss prevention
C. behavioral analytics
D. file retrospection
Correct Answer: C
QUESTION 119
What is a security capability of Cisco Umbrella?
A. static code analysis
B. host-based antivirus protection
C. domain-based web filtering
D. mobile device root detection
Correct Answer: C
QUESTION 120
Which logs the security team must analyze, after noticing malware-infected file on an endpoint, that attempts to beacon to an external site after IPS and SIEM logs are unable to identify the file’s behavior?
A. Antivirus
B. Email Server
C. DHCP Server
D. DNS server
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.