350-701 (SCOR) Exam Questions

Summary

The document presents multiple-choice questions about network security, including SDN architecture, APIs, and Cisco devices. The questions cover topics such as attack types, prevention techniques, and vulnerability assessment.

Full Transcript

- Expert Verified, Online, Free.

 Custom View Settings

Topic 1 - Single Topic

Question #1 Topic 1

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN controller and the network elements

B. management console and the SDN controller

C. management console and the cloud

D. SDN controller and the cloud

Correct Answer: A

Community vote distribution
A (100%)

Question #2 Topic 1

Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)

A. put

B. options

C. get

D. push

E. connect

Correct Answer: AC

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html

Community vote distribution
AC (80%) AE (20%)
Question #3 Topic 1

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A. SDN controller and the cloud

B. management console and the SDN controller

C. management console and the cloud

D. SDN controller and the management solution

Correct Answer: D

Community vote distribution
D (100%)

Question #4 Topic 1

What is a feature of the open platform capabilities of Cisco DNA Center?

A. application adapters

B. domain integration

C. intent-based APIs

D. automation adapters

Correct Answer: C

Community vote distribution
C (100%)
Question #5 Topic 1

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?

A. create an SNMP pull mechanism for managing AMP

B. gather network telemetry information from AMP for endpoints

C. get the process and PID information from the computers in the network

D. gather the network interface information about the computers AMP sees

Correct Answer: D

Question #6 Topic 1

Which form of attack is launched using botnets?

A. TCP flood

B. DDOS

C. DOS

D. virus

Correct Answer: B

Community vote distribution
B (80%) D (20%)
Question #7 Topic 1

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

A. smurf

B. distributed denial of service

C. cross-site scripting

D. rootkit exploit

Correct Answer: C

Community vote distribution
C (100%)

Question #8 Topic 1

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

A. user input validation in a web page or web application

B. Linux and Windows operating systems

C. database

D. web page images

Correct Answer: A

Reference:

https://tools.cisco.com/security/center/resources/sql_injection

Community vote distribution
A (100%)

Question #9 Topic 1

What is the difference between deceptive phishing and spear phishing?

A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.

B. A spear phishing campaign is aimed at a specific person versus a group of people.

C. Spear phishing is when the attack is aimed at the C-level executives of an organization.

D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Correct Answer: B

Community vote distribution
B (100%)
Question #10 Topic 1

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

A. The attack is fragmented into groups of 16 octets before transmission.

B. The attack is fragmented into groups of 8 octets before transmission.

C. Short synchronized bursts of traffic are used to disrupt TCP connections.

D. Malformed packets are used to crash systems.

E. Publicly accessible DNS servers are typically used to execute the attack.

Correct Answer: BD

Reference:

https://en.wikipedia.org/wiki/Ping_of_death

Community vote distribution
BD (100%)

Question #11 Topic 1

Which two mechanisms are used to control phishing attacks? (Choose two.)

A. Enable browser alerts for fraudulent websites.

B. Define security group memberships.

C. Revoke expired CRL of the websites.

D. Use antispyware software.

E. Implement email filtering techniques.

Correct Answer: AE

Community vote distribution
AE (100%)

Question #12 Topic 1

Which attack is commonly associated with C and C++ programming languages?

A. cross-site scripting

B. water holing

C. DDoS

D. buffer overflow

Correct Answer: D

Reference:

https://en.wikipedia.org/wiki/Buffer_overflow

Community vote distribution
D (100%)
Question #13 Topic 1

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)

A. Check integer, float, or Boolean string parameters to ensure accurate values.

B. Use prepared statements and parameterized queries.

C. Secure the connection between the web and the app tier.

D. Write SQL code instead of using object-relational mapping libraries.

E. Block SQL code execution in the web application database login.

Correct Answer: AB

Reference:

https://en.wikipedia.org/wiki/SQL_injection

Community vote distribution
BE (40%) AB (40%) BC (20%)

Question #14 Topic 1

Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)

A. phishing

B. brute force

C. man-in-the-middle

D. DDOS

E. tear drop

Correct Answer: AB

Community vote distribution
AB (100%)

Question #15 Topic 1

What are two rootkit types? (Choose two.)

A. registry

B. buffer mode

C. user mode

D. bootloader

E. virtual

Correct Answer: CD

Community vote distribution
CD (100%)
Question #16 Topic 1

How is DNS tunneling used to exfiltrate data out of a corporate network?

A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers

B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data

C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network

D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

Correct Answer: B

Community vote distribution
B (80%) C (20%)

Question #17 Topic 1

Which type of attack is social engineering?

A. trojan

B. MITM

C. phishing

D. malware

Correct Answer: C

Community vote distribution
C (100%)

Question #18 Topic 1

What are two DDoS attack categories? (Choose two.)

A. protocol

B. source-based

C. database

D. sequential

E. volume-based

Correct Answer: AE

Community vote distribution
AE (100%)
Question #19 Topic 1

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

A. man-in-the-middle

B. LDAP injection

C. insecure API

D. cross-site scripting

Correct Answer: A

Community vote distribution
A (100%)

Question #20 Topic 1

How does Cisco Advanced Phishing Protection protect users?

A. It utilizes sensors that send messages securely.

B. It uses machine learning and real-time behavior analytics.

C. It validates the sender by using DKIM.

D. It determines which identities are perceived by the sender.

Correct Answer: B

Community vote distribution
B (100%)

Question #21 Topic 1

How does DNS Tunneling exfiltrate data?

A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.

B. An attacker opens a reverse DNS shell to get into the client's system and install malware on it.

C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

D. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

Correct Answer: A

Community vote distribution
A (80%) B (20%)
Question #22 Topic 1

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the

VPN links, and software bugs on the system's applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear

text?

A. unencrypted links for traffic

B. weak passwords for authentication

C. improper file security

D. software bugs on applications

Correct Answer: A

Community vote distribution
A (100%)

Question #23 Topic 1

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device

undergoing?

A. SYN flood

B. slowloris

C. phishing

D. pharming

Correct Answer: A

Community vote distribution
A (83%) B (17%)

Question #24 Topic 1

Which two preventive measures are used to control cross-site scripting? (Choose two.)

A. Enable client-side scripts on a per-domain basis.

B. Incorporate contextual output encoding/escaping.

C. Disable cookie inspection in the HTML inspection engine.

D. Run untrusted HTML input through an HTML sanitization engine.

E. SameSite cookie attribute should not be used.

Correct Answer: BD

Community vote distribution
BD (100%)
Question #25 Topic 1

Which threat involves software being used to gain unauthorized access to a computer system?

A. ping of death

B. HTTP flood

C. NTP amplification

D. virus

Correct Answer: D

Community vote distribution
D (100%)

Question #26 Topic 1

Which two capabilities does TAXII support? (Choose two.)

A. exchange

B. pull messaging

C. binding

D. correlation

E. mitigating

Correct Answer: AB

Community vote distribution
AB (100%)

Question #27 Topic 1

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied

automatically.

B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.

D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied

automatically.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

Correct Answer: CE

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-

ipsec.html

Community vote distribution
CE (100%)
Question #28 Topic 1

Which algorithm provides encryption and authentication for data plane communication?

A. AES-GCM

B. SHA-96

C. AES-256

D. SHA-384

Correct Answer: A

Community vote distribution
A (100%)

Question #29 Topic 1

DRAG DROP -

Drag and drop the capabilities from the left onto the correct technologies on the right.

Select and Place:

Correct Answer:
Question #30 Topic 1

Which two key and block sizes are valid for AES? (Choose two.)

A. 64-bit block size, 112-bit key length

B. 64-bit block size, 168-bit key length

C. 128-bit block size, 192-bit key length

D. 128-bit block size, 256-bit key length

E. 192-bit block size, 256-bit key length

Correct Answer: CD

Reference:

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Community vote distribution
CD (100%)

Question #31 Topic 1

Which two descriptions of AES encryption are true? (Choose two.)

A. AES is less secure than 3DES.

B. AES is more secure than 3DES.

C. AES can use a 168-bit key for encryption.

D. AES can use a 256-bit key for encryption.

E. AES encrypts and decrypts a key three times in sequence.

Correct Answer: BD

Reference:

https://gpdb.docs.pivotal.io/43190/admin_guide/topics/ipsec.html

Community vote distribution
BD (100%)

Question #32 Topic 1

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

A. STIX

B. XMPP

C. pxGrid

D. SMTP

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/administrator/guide/b_ScanCenter_Administrator_Guide/

b_ScanCenter_Administrator_Guide_chapter_0100011.pdf

Community vote distribution
A (100%)
Question #33 Topic 1

DRAG DROP -

Drag and drop the descriptions from the left onto the correct protocol versions on the right.

Select and Place:

Correct Answer:

Question #34 Topic 1

Which VPN technology can support a multivendor environment and secure traffic between sites?

A. SSL VPN

B. GET VPN

C. FlexVPN

D. DMVPN

Correct Answer: C

Reference:

https://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/data_sheet_c78-704277.html

Community vote distribution
C (94%) 6%
Question #35 Topic 1

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable

connectivity?

A. DMVPN

B. FlexVPN

C. IPsec DVTI

D. GET VPN

Correct Answer: D

Community vote distribution
D (100%)

Question #36 Topic 1

What is a commonality between DMVPN and FlexVPN technologies?

A. FlexVPN and DMVPN use the new key management protocol, IKEv2

B. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

C. IOS routers run the same NHRP code for DMVPN and FlexVPN

D. FlexVPN and DMVPN use the same hashing algorithms

Correct Answer: C

Reference:

https://packetpushers.net/cisco-flexvpn-dmvpn-high-level-design/#:~:text=In%20its%20essence%2C%20FlexVPN%20is,both%20are%20Cisco's%

20proprietary%20technologies.

Community vote distribution
C (100%)

Question #37 Topic 1

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

A. DTLSv1

B. TLSv1

C. TLSv1.1

D. TLSv1.2

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215331-anyconnect-implementation-and-

performanc.html

Community vote distribution
A (80%) D (20%)
Question #38 Topic 1

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most

prevalent threats?

A. Talos

B. PSIRT

C. SCIRT

D. DEVNET

Correct Answer: A

Community vote distribution
A (100%)

Question #39 Topic 1

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?

A. Common Vulnerabilities, Exploits and Threats

B. Common Vulnerabilities and Exposures

C. Common Exploits and Vulnerabilities

D. Common Security Exploits

Correct Answer: B

Community vote distribution
B (100%)

Question #40 Topic 1

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)

A. accounting

B. assurance

C. automation

D. authentication

E. encryption

Correct Answer: BC

Reference:

https://www.cisco.com/c/en/us/products/cloud-systems-management/dna-center/index.html

Community vote distribution
BC (100%)
Question #41 Topic 1

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?

A. ASDM

B. NetFlow

C. API

D. desktop client

Correct Answer: C

Community vote distribution
C (100%)

Question #42 Topic 1

What is a function of 3DES in reference to cryptography?

A. It encrypts traffic.

B. It creates one-time use passwords.

C. It hashes files.

D. It generates private keys.

Correct Answer: A

Community vote distribution
A (100%)

Question #43 Topic 1

Which two activities can be done using Cisco DNA Center? (Choose two.)

A. DHCP

B. design

C. accounting

D. DNS

E. provision

Correct Answer: BE

Reference:

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2-1/user_guide/

b_dnac_ug_1_2_1/b_dnac_ug_1_2_chapter_00.pdf

Community vote distribution
BE (100%)
Question #44 Topic 1

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify

HTTP/TFTP commands to perform file retrieval from the server?

A. terminal

B. selfsigned

C. url

D. profile

Correct Answer: D

Community vote distribution
D (100%)

Question #45 Topic 1

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific

security threat?

A. southbound API

B. westbound API

C. eastbound API

D. northbound API

Correct Answer: D

Community vote distribution
D (71%) B (29%)

Question #46 Topic 1

An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer

overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

A. sniffing the packets between the two hosts

B. sending continuous pings

C. overflowing the buffer's memory

D. inserting malicious commands into the database

Correct Answer: D

Community vote distribution
D (100%)
Question #47 Topic 1

What is the function of SDN southbound API protocols?

A. to allow for the static configuration of control plane applications

B. to enable the controller to use REST

C. to enable the controller to make changes

D. to allow for the dynamic configuration of control plane applications

Correct Answer: C

Community vote distribution
C (100%)

Question #48 Topic 1

DRAG DROP -

Drag and drop the threats from the left onto examples of that threat on the right.

Select and Place:

Correct Answer:
Question #49 Topic 1

What is the difference between Cross-site Scripting and SQL Injection attacks?

A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.

B. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed

from the client side.

C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.

D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a

browser.

Correct Answer: B

Community vote distribution
B (90%) 10%

Question #50 Topic 1

DRAG DROP -

Drag and drop the common security threats from the left onto the definitions on the right.

Select and Place:

Correct Answer:

Question #51 Topic 1

Which type of dashboard does Cisco DNA Center provide for complete control of the network?

A. distributed management

B. service management

C. application management

D. centralized management

Correct Answer: D

Community vote distribution
D (100%)
Question #52 Topic 1

Refer to the exhibit. What will happen when this Python script is run?

A. The list of computers, policies, and connector statuses will be received from Cisco AMP.

B. The list of computers and their current vulnerabilities will be received from Cisco AMP.

C. The compromised computers and malware trajectories will be received from Cisco AMP.

D. The compromised computers and what compromised them will be received from Cisco AMP.

Correct Answer: A

Community vote distribution
A (100%)

Question #53 Topic 1

Refer to the exhibit. What will happen when the Python script is executed?

A. The hostname will be printed for the client in the client ID field.

B. The hostname will be translated to an IP address and printed.

C. The script will pull all computer hostnames and print them.

D. The script will translate the IP address to FQDN and print it.

Correct Answer: C

Community vote distribution
C (100%)
Question #54 Topic 1

With which components does a southbound API within a software-defined network architecture communicate?

A. applications

B. controllers within the network

C. appliances

D. devices such as routers and switches

Correct Answer: D

Community vote distribution
D (100%)

Question #55 Topic 1

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

A. BYOD onboarding

B. MAC authentication bypass

C. client provisioning

D. Simple Certificate Enrollment Protocol

Correct Answer: D

Community vote distribution
C (41%) A (34%) D (25%)

Question #56 Topic 1

What are two characteristics of Cisco DNA Center APIs? (Choose two.)

A. They are Cisco proprietary.

B. They do not support Python scripts.

C. They view the overall health of the network.

D. They quickly provision new devices.

E. Postman is required to utilize Cisco DNA Center API calls.

Correct Answer: CD

Community vote distribution
CD (100%)
Question #57 Topic 1

A company discovered an attack propagating through their network via a file. A custom file detection policy was created in order to track this in

the future and ensure no other endpoints execute to infected file. In addition, it was discovered during testing that the scans are not detecting the

file as an indicator of compromise. What must be done in order to ensure that the policy created is functioning as it should?

A. Create an IP block list for the website from which the file was downloaded.

B. Block the application that the file was using to open.

C. Upload the hash for the file into the policy.

D. Send the file to Cisco Threat Grid for dynamic analysis.

Correct Answer: C

Community vote distribution
C (100%)

Question #58 Topic 1

Refer to the exhibit. What does the Python script accomplish?

A. It authenticates to a Cisco ISE server using the username or ersad.

B. It lists the LDAP users from the external identity store configured on Cisco ISE.

C. It authenticates to a Cisco ISE with an SSH connection.

D. It allows authentication with TLSv1 SSL protocol.

Correct Answer: A

Community vote distribution
A (42%) B (33%) D (17%) 8%
Question #59 Topic 1

What is a difference between GETVPN and IPsec?

A. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices.

B. GETVPN is based on IKEv2 and does not support IKEv1.

C. GETVPN provides key management and security association management.

D. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub.

Correct Answer: D

Community vote distribution
C (45%) D (45%) 9%

Question #60 Topic 1

Which algorithm provides asymmetric encryption?

A. 3DES

B. RC4

C. AES

D. RSA

Correct Answer: D

Community vote distribution
D (100%)

Question #61 Topic 1

What is a difference between an XSS attack and an SQL injection attack?

A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attack can exist in many different types of applications.

B. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where

attackers can steal data from them.

C. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.

D. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where

attackers can steal data from them.

Correct Answer: D

Community vote distribution
D (100%)
Question #62 Topic 1

What is a difference between a DoS attack and DDos attack?

A. A DoS attack is where a computer is used to flood a server with TCP packets, whereas DDoS attack is where a computer is used to flood a

server with UDP packets.

B. A DoS attack is where a computer is used to flood a server with UDP packets, whereas DDoS attack is where a computer is used to flood a

server with TCP packets.

C. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas DDoS attack is where a computer is used to

flood multiple servers that are distributed over a LAN.

D. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas DDoS attack is where multiple systems

target a single system with a DoS attack.

Correct Answer: D

Community vote distribution
D (100%)

Question #63 Topic 1

What are two advantages of using Cisco AnyConnect over DMVPN? (Choose two.)

A. It provides spoke-to-spoke communications without traversing the hub.

B. It enables VPN access for individual users from their machines.

C. It allows multiple sites to connect to the data center.

D. It allows different routing protocols to work over the tunnel.

E. It allows customization of access policies based on user identity.

Correct Answer: BE

Cisco Anyconnect is a Remote access VPN client based solution where users can install the client on their machines and can connect to the

respective VPN devices (ASA/FTD/Router). In order to secure connectivity for Anyconnect Users, one can also create custom access policies to

ensure proper conditions are met before access is granted to the VPN user.

Community vote distribution
BE (100%)
Question #64 Topic 1

What is the difference between a vulnerability and an exploit?

A. A vulnerability is a weakness that can be exploited by an attacker.

B. A vulnerability is a hypothetical event for an attacker to exploit.

C. An exploit is a hypothetical event that causes a vulnerability in the network.

D. An exploit is a weakness that can cause a vulnerability in the network.

Correct Answer: A

Reference:

https://debricked.com/blog/what-is-security-weakness/#:~:text=A%20vulnerability%20is%20a%20weakness,when%20it%20can%20be%

20exploited.&text=This%20is%20a%20%E2%80%9Ccommunity%2Ddeveloped,of%20common%20software%20security%20weaknesses%E2%80%

9D.

Community vote distribution
A (100%)

Question #65 Topic 1

What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise

networks or systems?

A. threat intelligence

B. Indicators of Compromise

C. trusted automated exchange

D. The Exploit Database

Correct Answer: A

Reference:

https://en.wikipedia.org/wiki/Cyber_threat_intelligence

Community vote distribution
A (100%)

Question #66 Topic 1

Refer to the exhibit. An engineer is implementing a certificate based VPN. What is the result of the existing configuration?

A. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully.

B. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.

C. The OU of the IKEv2 peer certificate is set to MANGLER.

D. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.

Correct Answer: B

Community vote distribution
B (100%)
Question #67 Topic 1

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?

A. event

B. intent

C. integration

D. multivendor

Correct Answer: B

Cisco is moving towards intent based networking and DNA center is a new addition to the solution offerings from Cisco.

Community vote distribution
B (100%)

Question #68 Topic 1

A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and

efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this

environment?

A. DMVPN because it uses multiple SAs and FlexVPN does not.

B. DMVPN because it supports IKEv2 and FlexVPN does not.

C. FlexVPN because it supports IKEv2 and DMVPN does not.

D. FlexVPN because it uses multiple SAs and DMVPN does not.

Correct Answer: D

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16-12/sec-flex-vpn-xe-16-12-book/sec-cfg-flex-

serv.html

Community vote distribution
D (100%)
Question #69 Topic 1

Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

A. show authentication registrations

B. show authentication method

C. show dot1x all

D. show authentication sessions

Correct Answer: D

Community vote distribution
D (100%)

Question #70 Topic 1

Refer to the exhibit. What does the number 15 represent in this configuration?

A. privilege level for an authorized user to this router

B. access list that identifies the SNMP devices that can access the router

C. interval in seconds between SNMPv3 authentication attempts

D. number of possible failed attempts until the SNMPv3 user is locked out

Correct Answer: B

Community vote distribution
B (100%)
Question #71 Topic 1

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Correct Answer: B

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-c4.html#wp6039879000

Community vote distribution
C (53%) B (47%)

Question #72 Topic 1

Which command enables 802.1X globally on a Cisco switch?

A. dot1x system-auth-control

B. dot1x pae authenticator

C. authentication port-control auto

D. aaa new-model

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/routers/nfvis/switch_command/b-nfvis-switch-command-reference/802_1x_commands.html

Community vote distribution
A (100%)

Question #73 Topic 1

What is a characteristic of Dynamic ARP Inspection?

A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.

C. DAI associates a trust state with each switch.

D. DAI intercepts all ARP requests and responses on trusted ports only.

Correct Answer: A

Community vote distribution
A (100%)
Question #74 Topic 1

Which statement about IOS zone-based firewalls is true?

A. An unassigned interface can communicate with assigned interfaces

B. Only one interface can be assigned to a zone.

C. An interface can be assigned to multiple zones.

D. An interface can be assigned only to one zone.

Correct Answer: D

Reference:

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

Community vote distribution
D (100%)

Question #75 Topic 1

When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

A. authentication server: Cisco Identity Service Engine

B. supplicant: Cisco AnyConnect ISE Posture module

C. authenticator: Cisco Catalyst switch

D. authenticator: Cisco Identity Services Engine

E. authentication server: Cisco Prime Infrastructure

Correct Answer: AC

Reference:

https://www.lookingpoint.com/blog/ise-series-802.1x

Community vote distribution
AC (100%)

Question #76 Topic 1

Which SNMPv3 configuration must be used to support the strongest security possible?

A. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX

asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

B. asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256

ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

C. asa-host(config)#snmp-server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des

ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

D. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256

ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Correct Answer: D

Community vote distribution
D (100%)
Question #77 Topic 1

Under which two circumstances is a CoA issued? (Choose two.)

A. A new authentication rule was added to the policy on the Policy Service node.

B. An endpoint is deleted on the Identity Service Engine server.

C. A new Identity Source Sequence is created and referenced in the authentication policy.

D. An endpoint is profiled for the first time.

E. A new Identity Service Engine server is added to the deployment with the Administration persona.

Correct Answer: BD

Reference:

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html

Community vote distribution
BD (100%)

Question #78 Topic 1

Which ASA deployment mode can provide separation of management on a shared appliance?

A. DMZ multiple zone mode

B. transparent firewall mode

C. multiple context mode

D. routed mode

Correct Answer: C

Community vote distribution
C (100%)
Question #79 Topic 1

Refer to the exhibit. Which command was used to display this output?

A. show dot1x all

B. show dot1x

C. show dot1x all summary

D. show dot1x interface gi1/0/12

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-

802x- pba.html

Community vote distribution
A (100%)

Question #80 Topic 1

What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?

A. It tracks flow-create, flow-teardown, and flow-denied events.

B. It provides stateless IP flow tracking that exports all records of a specific flow.

C. It tracks the flow continuously and provides updates every 10 seconds.

D. Its events match all traffic classes in parallel.

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/monitor-nsel.html

Community vote distribution
A (100%)
Question #81 Topic 1

A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0383320506 command and needs to send SNMP

information to a host at 10.255.254.1. Which command achieves this goal?

A. snmp-server host inside 10.255.254.1 snmpv3 andy

B. snmp-server host inside 10.255.254.1 version 3 myv3

C. snmp-server host inside 10.255.254.1 snmpv3 myv3

D. snmp-server host inside 10.255.254.1 version 3 andy

Correct Answer: D

Reference:

https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/sm/snmp-server-host.html

Community vote distribution
D (100%)

Question #82 Topic 1

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?

A. flow exporter

B. ip flow-export destination 1.1.1.1 2055

C. flow-export destination inside 1.1.1.1 2055

D. ip flow monitor input

Correct Answer: C

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/guide/asa_netflow.html

Community vote distribution
C (88%) 13%

Question #83 Topic 1

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)

A. Define a NetFlow collector by using the flow-export command

B. Create a class map to match interesting traffic

C. Create an ACL to allow UDP traffic on port 9996

D. Enable NetFlow Version 9

E. Apply NetFlow Exporter to the outside interface in the inbound direction

Correct Answer: AB

Community vote distribution
AB (100%)
Question #84 Topic 1

Refer to the exhibit. A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on

HQ_Router after this configuration?

A. set the IP address of an interface

B. add subinterfaces

C. complete no configurations

D. complete all configurations

Correct Answer: C

Community vote distribution
C (100%)

Question #85 Topic 1

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0383320506 address 0.0.0.0 command on host A. The tunnel is

not being established to host B. What action is needed to authenticate the VPN?

A. Change the password on host A to the default password

B. Enter the command with a different password on host B

C. Enter the same command on host B

D. Change isakmp to ikev2 in the command on host A

Correct Answer: C

Community vote distribution
C (100%)

Question #86 Topic 1

How many interfaces per bridge group does an ASA bridge group deployment support?

A. up to 16

B. up to 2

C. up to 4

D. up to 8

Correct Answer: C

Community vote distribution
C (100%)
Question #87 Topic 1

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are

unable to communicate with any destination. The network administrator checks the Interface status of all interfaces, and there is no err-disabled

interface. What is causing this problem?

A. DHCP snooping has not been enabled on all VLANs

B. Dynamic ARP inspection has not been enabled on all VLANs

C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users

D. The no ip arp inspection trust command is applied on all user host interfaces

Correct Answer: D

Community vote distribution
A (85%) D (15%)

Question #88 Topic 1

What is a difference between FlexVPN and DMVPN?

A. DMVPN uses only IKEv1. FlexVPN uses only IKEv2

B. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2

C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1

D. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2

Correct Answer: B

Community vote distribution
B (100%)
Question #89 Topic 1

DRAG DROP -

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.

Select and Place:

Correct Answer:
Question #90 Topic 1

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send

telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?

A. sFlow

B. NetFlow

C. mirror port

D. VPC flow logs

Correct Answer: D

Community vote distribution
D (100%)

Question #91 Topic 1

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing.

Which action should be taken to accomplish this goal?

A. Generate the RSA key using the crypto key generate rsa command.

B. Configure the port using the ip ssh port 22 command.

C. Enable the SSH server using the ip ssh server command.

D. Disable telnet using the no ip telnet command.

Correct Answer: A

Community vote distribution
A (100%)

Question #92 Topic 1

Refer to the exhibit. Which type of authentication is in use?

A. POP3 authentication

B. SMTP relay server authentication

C. external user and relay mail authentication

D. LDAP authentication for Microsoft Outlook

Correct Answer: D

Community vote distribution
D (50%) B (36%) 14%
Question #93 Topic 1

Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP

address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network

connectivity?

A. ip dhcp snooping limit 41

B. ip dhcp snooping verify mac-address

C. ip dhcp snooping trust

D. ip dhcp snooping vlan 41

Correct Answer: C

Community vote distribution
C (100%)
Question #94 Topic 1

Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

A. Site-to-site VPN preshared keys are mismatched.

B. Site-to-site VPN peers are using different encryption algorithms.

C. No split-tunnel policy is defined on the Firepower Threat Defense appliance.

D. The access control policy is not allowing VPN traffic in.

Correct Answer: D

Community vote distribution
D (100%)
Question #95 Topic 1

Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to

communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the

problem according to this command output?

A. interesting traffic was not applied

B. encryption algorithm mismatch

C. authentication key mismatch

D. hashing algorithm mismatch

Correct Answer: C

Community vote distribution
C (76%) B (24%)
Question #96 Topic 1

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other

managed devices in a deployment?

A. group policy

B. access control policy

C. device management policy

D. platform settings policy

Correct Answer: D

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/

platform_settings_policies_for_managed_devices.pdf

Community vote distribution
D (100%)

Question #97 Topic 1

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic.

Where must the ASA be added on the Cisco UC Manager platform?

A. Certificate Trust List

B. Endpoint Trust List

C. Enterprise Proxy Service

D. Secured Collaboration Proxy

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/special/unified-communications/guide/unified-comm/unified-comm-tlsproxy.html

Community vote distribution
A (71%) D (29%)
Question #98 Topic 1

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

A. SIP

B. inline normalization

C. SSL

D. packet decoder

E. modbus

Correct Answer: AC

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-

v60/Application_Layer_Preprocessors.html

Community vote distribution
AC (100%)

Question #99 Topic 1

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

A. quality of service

B. time synchronization

C. network address translations

D. intrusion policy

Correct Answer: B

Community vote distribution
B (100%)

Question #100 Topic 1

Which information is required when adding a device to Firepower Management Center?

A. username and password

B. encryption method

C. device serial number

D. registration key

Correct Answer: D

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-

v60/Device_Management_Basics.html#ID-2242-

0000069d

Community vote distribution
D (100%)
Question #101 Topic 1

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively

automate responses to those threats?

A. Cisco Umbrella

B. External Threat Feeds

C. Cisco Threat Grid

D. Cisco Stealthwatch

Correct Answer: B

Community vote distribution
B (100%)

Question #102 Topic 1

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

A. aaa server radius dynamic-author

B. auth-type all

C. aaa new-model

D. ip device-tracking

Correct Answer: A

Community vote distribution
C (62%) A (38%)

Question #103 Topic 1

What is a characteristic of Firepower NGIPS inline deployment mode?

A. ASA with Firepower module cannot be deployed

B. It cannot take actions such as blocking traffic

C. It is out-of-band from traffic

D. It must have inline interface pairs configured

Correct Answer: D

Community vote distribution
D (100%)
Question #104 Topic 1

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance.

Which ASA deployment mode meets these needs?

A. routed mode

B. multiple zone mode

C. multiple context mode

D. transparent mode

Correct Answer: C

Community vote distribution
C (100%)

Question #105 Topic 1

What is managed by Cisco Security Manager?

A. Cisco WLC

B. Cisco ESA

C. Cisco WSA

D. Cisco ASA

Correct Answer: D

Community vote distribution
D (100%)

Question #106 Topic 1

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The

solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

A. Cisco Firepower

B. Cisco Umbrella

C. Cisco ISE

D. Cisco AMP

Correct Answer: A

Community vote distribution
B (46%) D (38%) A (17%)
Question #107 Topic 1

An engineer notices traffic interruptions on the network. Upon further investigation, it is learned that broadcast packets have been flooding the

network. What must be configured, based on a predefined threshold, to address this issue?

A. Storm Control

B. embedded event monitoring

C. access control lists

D. Bridge Protocol Data Unit guard

Correct Answer: A

Community vote distribution
A (100%)

Question #108 Topic 1

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A. Multiple NetFlow collectors are supported.

B. Advanced NetFlow v9 templates and legacy v5 formatting are supported.

C. Secure NetFlow connectors are optimized for Cisco Prime Infrastructure

D. Flow-create events are delayed.

Correct Answer: A

Community vote distribution
D (56%) A (44%)

Question #109 Topic 1

What is a key difference between Cisco Firepower and Cisco ASA?

A. Cisco Firepower provides identity based access control while Cisco ASA does not.

B. Cisco AS provides access control while Cisco Firepower does not.

C. Cisco ASA provides SSL inspection while Cisco Firepower does not.

D. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Correct Answer: D

Community vote distribution
D (100%)
Question #110 Topic 1

DRAG DROP -

Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Select and Place:

Correct Answer:

Question #111 Topic 1

What is a benefit of using Cisco FMC over Cisco ASDM?

A. Cisco FMC uses Java while Cisco ASDM uses HTML5.

B. Cisco FMC provides centralized management while Cisco ASDM does not.

C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.

D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices.

Correct Answer: B

Community vote distribution
B (88%) 13%

Question #112 Topic 1

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

A. Threat Intelligence Director

B. Encrypted Traffic Analytics.

C. Cognitive Threat Analytics.

D. Cisco Talos Intelligence

Correct Answer: A

Community vote distribution
A (100%)
Question #113 Topic 1

A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions

should be selected to allow the traffic to pass without inspection? (Choose two.)

A. permit

B. allow

C. reset

D. trust

E. monitor

Correct Answer: BD

Community vote distribution
BD (53%) DE (47%)

Question #114 Topic 1

What is a characteristic of a bridge group in a Cisco ASA Firewall running in transparent mode?

A. It has an IP address on its BVI interface and is used for management traffic.

B. It allows ARP traffic with a single access rule.

C. It includes multiple interfaces and access rules between interfaces are customizable.

D. It is a Layer 3 segment and includes one port and customizable access rules.

Correct Answer: C

Community vote distribution
C (71%) A (29%)

Question #115 Topic 1

While using Cisco Firepower's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)

A. IP addresses

B. URLs

C. port numbers

D. protocol IDs

E. MAC addresses

Correct Answer: AB

Community vote distribution
AB (100%)
Question #116 Topic 1

What features does Cisco FTDv provide over Cisco ASAv?

A. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not.

B. Cisco FTDv runs on VMware while Cisco ASAv does not.

C. Cisco FTDv runs on AWS while Cisco ASAv does not.

D. Cisco FTDv supports URL filtering while Cisco ASAv does not.

Correct Answer: D

Reference:

https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2018/pdf/BRKSEC-2064.pdf

Community vote distribution
D (100%)

Question #117 Topic 1

A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the

connection status in both cases?

A. need to be reestablished with stateful failover and preserved with stateless failover

B. preserved with both stateful and stateless failover

C. need to be reestablished with both stateful and stateless failover

D. preserved with stateful failover and need to be reestablished with stateless failover

Correct Answer: D

Community vote distribution
D (100%)

Question #118 Topic 1

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A. authoring

B. consumption

C. sharing

D. analysis

Correct Answer: B

Community vote distribution
B (100%)
Question #119 Topic 1

An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that

legitimate requests are not dropped. How would this be accomplished?

A. Set a trusted interface for the DHCP server.

B. Set the DHCP snooping bit to 1.

C. Enable ARP inspection for the required VLAN.

D. Add entries in the DHCP snooping database.

Correct Answer: A

Community vote distribution
A (50%) C (42%) 8%

Question #120 Topic 1

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

A. Configure a common administrator account.

B. Place the Cisco ISE server and the AD server in the same subnet.

C. Synchronize the clocks of the Cisco ISE server and the AD server.

D. Configure a common DNS server.

Correct Answer: C

Reference:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215233-identity-service-engine-ise-and-active.html#anc1

Community vote distribution
C (100%)

Question #121 Topic 1

When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address

0.0.0.0.

The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0

to 1.2.3.4?

A. The key server that is managing the keys for the connection will be at 1.2.3.4.

B. The address that will be used as the crypto validation authority.

C. All IP addresses other than 1.2.3.4 will be allowed.

D. The remote connection will only be allowed from 1.2.3.4.

Correct Answer: D
Question #122 Topic 1

A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is

needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?

A. define the encryption algorithm to be used by SNMPv3

B. set the password to be used for SNMPv3 authentication

C. map SNMPv3 users to SNMP views

D. specify the UDP port used by SNMP

Correct Answer: C

Community vote distribution
C (83%) B (17%)

Question #123 Topic 1

DRAG DROP -

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Select and Place:

Correct Answer:

Reference:

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2015/pdf/BRKNMS-3132.pdf
Question #124 Topic 1

Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an

external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be

modified to allow this?

A. Method

B. SAML Server

C. AAA Server Group

D. Group Policy

Correct Answer: C

Community vote distribution
A (89%) 11%
Question #125 Topic 1

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata

to Cisco

Firepower. Which feature should be used to accomplish this?

A. Network Discovery

B. Access Control

C. Packet Tracer

D. NetFlow

Correct Answer: D

Community vote distribution
A (100%)

Question #126 Topic 1

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp

authentication-key 1 md5 Cisc392481137. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however is unable to do so.

Which command is required to enable the client to accept the server's authentication key?

A. ntp server 1.1.1.2 key 1

B. ntp peer 1.1.1.2 key 1

C. ntp server 1.1.1.1 key 1

D. ntp peer 1.1.1.1 key 1

Correct Answer: C

Reference:

https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch14s13.html

Community vote distribution
C (69%) A (31%)

Question #127 Topic 1

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken

to ensure that interfaces are put back into service? (Choose two.)

A. Enable the snmp-server enable traps command and wait 300 seconds.

B. Use EEM to have the ports return to service automatically in less than 300 seconds

C. Ensure that interfaces are configured with the error-disable detection and recovery feature.

D. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval.

E. Enter the shutdown and no shutdown commands on the interfaces.

Correct Answer: CE

Community vote distribution
CE (100%)
Question #128 Topic 1

Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD

uses a registration key of Cisc392481137 and is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

A. configure manager add 16

B. configure manager add DONTRESOLVE FTD123

C. configure manager add

D. configure manager add DONTRESOLVE

Correct Answer: C

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-

v62/firepower_command_line_reference.html#ID-

2201-000004b4

Community vote distribution
C (61%) A (39%)
Question #129 Topic 1

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into

Cisco Firepower.

What must be configured to accomplish this?

A. a Network Analysis policy to receive NetFlow data from the host

B. a File Analysis policy to send file data into Cisco Firepower

C. a Network Discovery policy to receive data from the host

D. a Threat Intelligence policy to download the data from the host

Correct Answer: C

Question #130 Topic 1

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

A. file access from a different user

B. user login suspicious behavior

C. privilege escalation

D. interesting file access

Correct Answer: A

Community vote distribution
A (100%)

Question #131 Topic 1

Which attribute has the ability to change during the RADIUS CoA?

A. authorization

B. NTP

C. accessibility

D. membership

Correct Answer: A

Community vote distribution
A (60%) D (40%)
Question #132 Topic 1

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP

phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the

administrator do to address this issue?

A. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.

B. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE.

C. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect.

D. Configure the device sensor feature within the switch to send the appropriate protocol information.

Correct Answer: D

Community vote distribution
D (50%) A (50%)

Question #133 Topic 1

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have

a local VM but does have existing Cisco ASA that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?

A. Cisco FMC

B. CDO

C. CSM

D. Cisco FDM

Correct Answer: B

Community vote distribution
B (50%) A (50%)

Question #134 Topic 1

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

A. Telemetry uses push and pull, which makes it more secure than SNMP.

B. Telemetry uses push and pull, which makes it more scalable than SNMP.

C. Telemetry uses a push method, which makes it faster than SNMP.

D. Telemetry uses a pull method, which makes it more reliable than SNMP.

Correct Answer: C

Community vote distribution
C (90%) 10%
Question #135 Topic 1

Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP

authentication is not enforced. What is the cause of this issue?

A. The hashing algorithm that was used was MD5, which is unsupported.

B. The key was configured in plain text.

C. NTP authentication is not enabled.

D. The router was not rebooted after the NTP configuration updated.

Correct Answer: C

Question #136 Topic 1

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems.

What must be done to meet these requirements?

A. Enable traffic analysis in the Cisco FTD.

B. Implement pre-filter policies for the CIP preprocessor.

C. Configure intrusion rules for the DNP3 preprocessor.

D. Modify the access control policy to trust the industrial traffic.

Correct Answer: C

Community vote distribution
C (100%)

Question #137 Topic 1

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other

communications on the network and must be changed. What must be done to ensure that all devices can communicate together?

A. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices.

B. Set the sftunnel port to 8305.

C. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.

D. Set the sftunnel to go through the Cisco FTD.

Correct Answer: C

Community vote distribution
C (63%) A (38%)
Question #138 Topic 1

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key

on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to

accomplish this?

A. crypto isakmp identity address 172.19.20.24

B. crypto ca identity 172.19.20.24

C. crypto enrollment peer address 172.19.20.24

D. crypto isakmp key Cisco0123456789 172.19.20.24

Correct Answer: D

Question #139 Topic 1

A Cisco FTD engineer is creating a newIKEv2 policy called s2s00123456789 for their organization to allow additional protocols to terminate

network devices with.

They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger

algorithms listed in the primary policy. What should be done in order to support this?

A. Change the encryption to AES* to support all AES algorithms in the primary policy.

B. Make the priority for the primary policy 10 and the new policy 1.

C. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy.

D. Make the priority for the new policy 5 and the primary policy 1.

Correct Answer: D

Community vote distribution
D (100%)

Question #140 Topic 1

What is a functional difference between a Cisco ASA and Cisco IOS router with Zone-Based Policy Firewall?

A. The Cisco ASA can be configured for high availability, whereas the Cisco IOS router with Zone-Based Policy Firewall cannot.

B. The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot.

C. The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic,

even on untrusted interfaces.

D. The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas Cisco ASA starts out by allowing traffic until rules

are added.

Correct Answer: C

Community vote distribution
D (55%) C (45%)
Question #141 Topic 1

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record

Stealthwatch406143794 command. Which additional command is required to complete the flow record?

A. cache timeout active 60

B. destination 1.1.1.1

C. match ipv4 ttl

D. transport udp 2055

Correct Answer: C

Reference:

https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/config-trouble-netflow-stealth.pdf

Community vote distribution
C (100%)

Question #142 Topic 1

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using

their account when they log into network devices. Which action accomplishes this task?

A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.

B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE.

C. Modify the current policy with the condition MFA: SourceSequence:DUO=true in the authorization conditions within Cisco ISE.

D. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

Correct Answer: B

Reference:

https://duo.com/docs/authproxy-reference

Community vote distribution
B (86%) 14%

Question #143 Topic 1

What is the function of the crypto isakmp key cisc406143794 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

A. It prevents all IP addresses from connecting to the VPN server.

B. It configures the pre-shared authentication key.

C. It configures the local address for the VPN server.

D. It defines what data is going to be encrypted via the VPN.

Correct Answer: B

This command is used to configure pre-shared-key for IPsec remote acess users on the Cisco router. Address is mentioned as 0.0.0.0 0.0.0.0

because the users will be connecting from random ip addresses and it is almost impossible to mention all the ip addresses. Hence, 0.0.0.0

0.0.0.0 is used to allow all public ip addresses.
Question #144 Topic 1

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the

RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

A. Only requests that originate from a configured NAS IP are accepted by a RADIUS server.

B. The RADIUS authentication key is transmitted only from the defined RADIUS source interface.

C. RADIUS requests are generated only by a router if a RADIUS source interface is defined.

D. Encrypted RADIUS authentication requires the RADIUS source interface be defined.

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/srfrad.html#wp1027454

Community vote distribution
A (100%)

Question #145 Topic 1

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled.

B. A sysopt command can be used to enable NSEL on a specific interface.

C. NSEL can be used without a collector configured.

D. A flow-export event type must be defined under a policy.

Correct Answer: D

Question #146 Topic 1

Which feature requires a network discovery policy on the Cisco Firepower NGIPS?

A. security intelligence

B. impact flags

C. health monitoring

D. URL filtering

Correct Answer: B

Community vote distribution
B (100%)
Question #147 Topic 1

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

A. correlation

B. intrusion

C. access control

D. network discovery

Correct Answer: D

Question #148 Topic 1

What is a characteristic of traffic storm control behavior?

A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

B. Traffic storm control cannot determine if the packet is unicast or broadcast.

C. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/12-1E/configuration/guide/storm.html
Question #149 Topic 1

DRAG DROP -

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Select and Place:

Correct Answer:

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/detecting_specific_threats.html

Question #150 Topic 1

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?

A. The authentication request contains only a password

B. The authentication request contains only a username

C. The authentication and authorization requests are grouped in a single packet.

D. There are separate authentication and authorization request packets.

Correct Answer: C
Question #151 Topic 1

Which deployment model is the most secure when considering risks to cloud adoption?

A. public cloud

B. hybrid cloud

C. community cloud

D. private cloud

Correct Answer: D

Community vote distribution
D (100%)

Question #152 Topic 1

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

A. It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.

B. It discovers and controls cloud apps that are connected to a company's corporate environment.

C. It deletes any application that does not belong in the network.

D. It sends the application information to an administrator to act on.

Correct Answer: B

Reference:

https://www.cisco.com/c/en/us/products/security/cloudlock/index.html#~features

Question #153 Topic 1

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

A. DNS tunneling

B. DNSCrypt

C. DNS security

D. DNSSEC

Correct Answer: A

Reference:

https://learn-umbrella.cisco.com/cloud-security/dns-tunneling
Question #154 Topic 1

Which technology reduces data loss by identifying sensitive information stored in public computing environments?

A. Cisco SDA

B. Cisco Firepower

C. Cisco HyperFlex

D. Cisco Cloudlock

Correct Answer: D

Reference:

https://www.cisco.com/c/dam/en/us/products/collateral/security/cloudlock/cisco-cloudlock-cloud-data-security-datasheet.pdf

Question #155 Topic 1

In which cloud services model is the tenant responsible for virtual machine OS patching?

A. IaaS

B. UCaaS

C. PaaS

D. SaaS

Correct Answer: A

Reference:

https://www.cmswire.com/cms/information-management/cloud-service-models-iaas-saas-paas-how-microsoft-office-365-azure-fit-in-

021672.php

Community vote distribution
A (88%) 13%

Question #156 Topic 1

What is the function of Cisco Cloudlock for data security?

A. data loss prevention

B. controls malicious cloud apps

C. detects anomalies

D. user and entity behavior analytics

Correct Answer: A

Reference:

https://umbrella.cisco.com/products/casb

Community vote distribution
A (100%)
Question #157 Topic 1

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A. multiple context mode

B. user deployment of Layer 3 networks

C. IPv6

D. clustering

Correct Answer: B

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96-qsg/asav-aws.html

Community vote distribution
B (100%)

Question #158 Topic 1

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain

the underlying cloud infrastructure?

A. PaaS

B. XaaS

C. IaaS

D. SaaS

Correct Answer: A

Community vote distribution
A (100%)

Question #159 Topic 1

Which risk is created when using an Internet browser to access cloud-based service?

A. misconfiguration of Infra, which allows unauthorized access

B. intermittent connection to the cloud connectors

C. vulnerabilities within protocol

D. insecure implementation of API

Correct Answer: C

Community vote distribution
C (43%) D (43%) 14%
Question #160 Topic 1

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-

premise?

A. Cisco AppDynamics

B. Cisco Cloudlock

C. Cisco Umbrella

D. Cisco AMP

Correct Answer: B

Community vote distribution
B (100%)

Question #161 Topic 1

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

A. middleware

B. applications

C. virtualization

D. operating systems

E. data

Correct Answer: BE

Question #162 Topic 1

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A. Google Cloud Platform

B. Red Hat Enterprise Virtualization

C. Amazon Web Services

D. VMware ESXi

Correct Answer: C
Question #163 Topic 1

What is an attribute of the DevSecOps process?

A. security scanning and theoretical vulnerabilities

B. development security

C. isolated security team

D. mandated security controls and check lists

Correct Answer: B

Community vote distribution
B (83%) D (17%)

Question #164 Topic 1

On which part of the IT environment does DevSecOps focus?

A. application development

B. wireless network

C. data center

D. perimeter network

Correct Answer: A

Question #165 Topic 1

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

A. hypervisor

B. virtual machine

C. network

D. application

Correct Answer: D

Reference:

https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-how-to-choose/
Question #166 Topic 1

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B. Cisco FTDv with one management interface and two traffic interfaces configured

C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D. Cisco FTDv with two management interfaces and one traffic interface configured

E. Cisco FTDv configured in routed mode and IPv6 configured

Correct Answer: AC

Reference:

https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/white-paper-c11-740505.html

Question #167 Topic 1

DRAG DROP -

Drag and drop the steps from the left into the correct or