QUESTION 141
After a malware infection, a security engineer must create a new rule by using the Cisco Secure Endpoint API to block USB storage devices on all endpoints. Which relative URL path must be used to create the rule?
A. /organizations/{organizationldentifier}/device_control/configurations
B. /organizations/{organizationldentifier}/policies/{policyGuid}/device_control_configuration
C. /organizations/{organizationldentifier}/device_control/configurations/{configurationGuid}/rules
D. /organizations/{organizationldentifier}/policies/{policyGuid}/exclusion_sets
Correct Answer: C
QUESTION 142
On which part of the IT environment does DevSecOps focus?
A. application development
B. perimeter network
C. wireless network
D. data center
Correct Answer: A
QUESTION 143
How does Cisco Umbrella protect clients when they operate outside of the corporate network?
A. by using Active Directory group policies to enforce Umbrella DNS servers
B. by using the Umbrella roaming client
C. by modifying the registry for DNS lookups
D. by forcing DNS queries to the corporate name servers
Correct Answer: B
QUESTION 144
An engineer must add a new device to a network that uses Cisco ISE as a network access control server. The new device has no supplicant available. What must be configured in Cisco ISE to connect the device to the network securely?
A. MAB with profiling
B. MAB with posture assessment
C. 802.1X with posture assessment
D. 802.1X with profiling
Correct Answer: B
QUESTION 145
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?
A. sharing
B. authoring
C. consumption
D. analysis
Correct Answer: C
QUESTION 146
Which risk is created when using an Internet browser to access cloud-based service?
A. intermittent connection to the cloud connectors
B. misconfiguration of Infra, which allows unauthorized access
C. vulnerabilities within protocol
D. insecure implementation of API
Correct Answer: D
QUESTION 147
A network administrator wants to deploy a Secure Web Appliance to protect users even when they are outside of the corporate environment. The destination IP and port of all packets sent from the user devices must be that of the proxy. Which proxy method must be used to meet this requirement?
A. transparent
B. anonymity
C. reverse
D. explicit
Correct Answer: D
QUESTION 148
What is the goal of an endpoint patching strategy?
A. to maintain an accurate register of all applications and devices
B. to ensure consistent and reliable patching for important applications or devices
C. to test and review all patches before deploying to production systems
D. to ensure that lack of expertise is not a consideration in security
Correct Answer: B
QUESTION 149
When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities,which name is used?
A. Common Vulnerabilities, Exploits and Threats
B. Common Security Exploits
C. Common Vulnerabilities and Exposures
D. Common Exploits and Vulnerabilities
Correct Answer: C
QUESTION 150
Which baseline form of telemetry is recommended for network infrastructure devices?
A. SNMP
B. DNS
C. passive taps
D. NetFlow
Correct Answer: D
QUESTION 151
What is a difference between a DoS attack and a DDoS attack?
A. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas a DDoS attack is where multiple systems target a single system with a DoS attack
B. A DoS attack is where a computer is used to flood a server with TCP packets, whereas a DDoS attack is where a computer is used to flood a server with UDP packets.
C. A DoS attack is where a computer is used to flood a server with UDP packets, whereas a DDoS attack is where a computer is used to flood a server with TCP packets.
D. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN
Correct Answer: A
QUESTION 152
An engineer must establish and maintain the redirection of selected types of traffic flowing through a group of routers for a new deployment of Secure Web Appliance by using WCCP. The selected traffic must be redirected to a group of web-caches with the aim of optimizing resource usage and lowering response times. Which proxy mode must be configured for Secure Web Appliance to meet this requirement?
A. transparent
B. WCCP redirect
C. hybrid
D. explicit
Correct Answer: A
QUESTION 153
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)
A. single sign-on
B. multiple factor auth
C. central web auth
D. local web auth
E. TACACS+
Correct Answer: CD
QUESTION 154
What are two components of the Cisco ISE posture service? (Choose two.)
A. client services
B. run-time services
C. real-time services
D. administration services
E. deployment services
Correct Answer: BD
QUESTION 155
What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?
A. Cisco Umbrella
B. Cisco AMP
C. Cisco App Dynamics
D. Cisco Cloudlock
Correct Answer: D
QUESTION 156
Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?
A. westbound API
B. southbound API
C. eastbound API
D. northbound API
Correct Answer: B
QUESTION 157
What is the purpose of RADIUS CoA in a network access control implementation?
A. Push a new policy for authenticated users.
B. Reinforce the policy for unauthenticated users.
C. Apply new TACACS+ settings.
D. Change the RADIUS server credentials.
Correct Answer: A
QUESTION 158
What is a benefit of an early endpoint patching strategy?
A. Patches are tested extensively after deploying.
B. Patching cycles have specific deadlines.
C. An attacker has less time to exploit a vulnerability.
D. Disruptions from patching are controllable.
Correct Answer: C
QUESTION 159
Which statement about IOS zone-based firewalls is true?
A. An interface can be assigned only to one zone.
B. Only one interface can be assigned to a zone.
C. An interface can be assigned to multiple zones.
D. An unassigned interface can communicate with assigned interfaces.
Correct Answer: A
QUESTION 160
Which benefit does endpoint security provide to the overall security posture of an organization?
A. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.
B. It streamlines the incident response process to automatically perform digital forensics on the endpoint
C. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.
D. It allows the organization to detect and respond to threats at the edge of the network
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.