test-king.300-207 -278.questions&answers. · a. atomic arp engine b. service generic engine c....

Test-King.300-207 -278.Questions&answers.

Number: 300-207Passing Score: 800Time Limit: 120 minFile Version: 17.02

http://www.gratisexam.com/

1. Added Explanations and Exhibits most of the questions.2. I only used these questions and got 480 marks with this. Perfect Show.3. These are the most accurate study questions. Just focus on these and sit in your exam.4. Fixed the Exhibit size and Drag drops/hot spot questions.5. Still valid , Hurry up guys study and pass this one.

Exam A

QUESTION 1What is the default antispam policy for positively identified messages within the Cisco Email Security Appliance?

A. DropB. Deliver and Append with [SPAM]C. Deliver and Prepend with [SPAM]D. Deliver and Alternate Mailbox

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 2Refer to the exhibit.

What Cisco ESA CLI command generated the output?

A. smtproutesB. tophostsC. hoststatusD. workqueuestatus

Correct Answer: BSection: (none)Explanation


QUESTION 3What Event Action in an IPS signature is used to stop an attacker from communicating with a network using an access-list?


A. Request Block HostB. Deny Attacker InlineC. Deny Connection InlineD. Deny Packet InlineE. Request Block Connection

Correct Answer: ASection: (none)Explanation


QUESTION 4Within Cisco IPS anomaly detection, what is the default IP range of the external zone?

A. 0.0.0.0 0.0.0.0B. 0.0.0.0 - 255.255.255.255C. 0.0.0.0/8D. the network of the management interface



QUESTION 5Which two Cisco IPS events will generate an IP log? (Choose two.)

A. A signature had an event action that was configured with log packets.B. A statically configured IP or IP network criterion was matched.C. A dynamically configured IP address or IP network was matched.D. An attack produced a response action.

Correct Answer: ABSection: (none)Explanation


QUESTION 6Which three options are valid event actions for a Cisco IPS? (Choose three.)

A. deny-packet-inlineB. deny-attack-resetC. produce-verbose-alertD. log-attacker-packetsE. deny-packet-internalF. request-block-drop-connection

Correct Answer: ACDSection: (none)Explanation


QUESTION 7Which configuration option causes an ASA with IPS module to drop traffic matching IPS signatures and to block all traffic if the module fails?

A. Inline Mode, Permit TrafficB. Inline Mode, Close TrafficC. Promiscuous Mode, Permit TrafficD. Promiscuous Mode, Close Traffic


Explanation/Reference:answer is corrected.

QUESTION 8Which Cisco IPS CLI command shows the most fired signature?


A. show statistics virtual-sensorB. show event alertC. show alertD. show version



QUESTION 9Which IPS engine detects ARP spoofing?

A. Atomic ARP EngineB. Service Generic EngineC. ARP Inspection EngineD. AIC Engine

Correct Answer: A

Section: (none)Explanation


QUESTION 10Which two options are characteristics of router-based IPS? (Choose two.)

A. It supports custom signaturesB. It supports virtual sensors.C. It supports multiple VRFs.D. It uses configurable anomaly detection.E. Signature definition files have been deprecated.

Correct Answer: CESection: (none)Explanation


QUESTION 11What is the access-list command on a Cisco IPS appliance used for?

A. to permanently filter traffic coming to the Cisco IPS appliance via the sensing portB. to filter for traffic when the Cisco IPS appliance is in the inline modeC. to restrict management access to the sensorD. to create a filter that can be applied on the interface that is under attack



QUESTION 12How does a user access a Cisco Web Security Appliance for initial setup?

A. Connect the console cable and use the terminal at 9600 baud to run the setup wizard.B. Connect the console cable and use the terminal at 115200 baud to run the setup wizard.C. Open the web browser at 192.168.42.42:8443 for the setup wizard over https.D. Open the web browser at 192.168.42.42:443 for the setup wizard over https.



QUESTION 13What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access?


A. sslconfigB. sslciphersC. tlsconifgD. certconfig



QUESTION 14Joe was asked to secure access to the Cisco Web Security Appliance to prevent unauthorized access. Which four steps should Joe implement to accomplish thisgoal? (Choose four.)

A. Implement IP access lists to limit access to the management IP address in the Cisco Web Security Appliance GUI.B. Add the Cisco Web Security Appliance IP address to the local access list.C. Enable HTTPS access via the GUI/CLI with redirection from HTTP.D. Replace the Cisco self-signed certificate with a publicly signed certificate.E. Put the Cisco WSA Management interface on a private management VLAN.F. Change the netmask on the Cisco WSA Management interface to a 32-bit mask.

G: Create an MX record for the Cisco Web Security Appliance in DNS.

Correct Answer: ACDESection: (none)Explanation

Explanation/Reference:answer is modified.

QUESTION 15Which command is used to enable strong ciphers on the Cisco Web Security Appliance?

A. interfaceconfigB. strictsslC. etherconfigD. adminaccessconfig



QUESTION 16Which Cisco ESA command is used to edit the ciphers that are used for GUI access?

A. interfaceconfigB. etherconfigC. certconfigD. sslconfig

Correct Answer: DSection: (none)Explanation


QUESTION 17In order to set up HTTPS decryption on the Cisco Web Security Appliance, which two steps must be performed? (Choose two.)

A. Enable and accept the EULA under Security Services > HTTPS Proxy.B. Upload a publicly signed server certificate.C. Configure or upload a certificate authority certificate.D. Enable HTTPS decryption in Web Security Manager > Access Policies.

Correct Answer: ACSection: (none)Explanation


QUESTION 18When a Cisco Email Security Appliance joins a cluster, which four settings are inherited? (Choose four.)

A. IP addressB. DNS settingsC. SMTP routesD. HATE. RATF. hostname

G: certificates

Correct Answer: BCDESection: (none)Explanation


QUESTION 19The helpdesk was asked to provide a record of delivery for an important email message that a customer claims it did not receive. Which feature of the Cisco EmailSecurity Appliance provides this record?

A. Outgoing Mail ReportsB. SMTP RoutesC. Message TrackingD. Scheduled ReportsE. System Administration



QUESTION 20Connections are being denied because of SenderBase Reputation Scores. Which two features must be enabled in order to record those connections in the mail logon the Cisco ESA? (Choose two.)

A. Rejected Connection HandlingB. Domain Debug LogsC. Injection Debug LogsD. Message Tracking

Correct Answer: ADSection: (none)Explanation


QUESTION 21Which five system management and reporting protocols are supported by the Cisco Intrusion Prevention System? (Choose five.)


A. SNMPv2cB. SNMPv1C. SNMPv2D. SNMPv3E. syslogF. SDEE

G. SMTP

Correct Answer: ABCFGSection: (none)Explanation

Explanation/Reference:Answer: A, B, C, F, G


The system administrator of mydomain.com received complaints that some messages that were sent from sender [email protected] were delayed. Messagetracking data on the sender shows that an email sample that was received was clean and properly delivered. What is the likely cause of the intermittent delays?

A. The remote MTA has a SenderBase Reputation Score of -1.0.B. The remote MTA is sending emails from RFC 1918 IP addresses.C. The remote MTA has activated the SUSPECTLIST sender group.D. The remote MTA has activated the default inbound mail policy.



QUESTION 23A system administrator wants to know if the email traffic from a remote partner will activate special treatment message filters that are created just for them. Whichtool on the Cisco Email Security gateway can you use to debug or emulate the flow that a message takes through the work queue?

A. the message tracker interfaceB. centralized or local message trackingC. the CLI findevent commandD. the trace toolE. the CLI grep command



QUESTION 24Which command verifies that CWS redirection is working on a Cisco IOS router?

A. show content-scan session activeB. show content-scan summaryC. show interfaces statsD. show sessions



QUESTION 25Which two commands are used to verify that CWS redirection is working on a Cisco ASA appliance? (Choose two.)

A. show scansafe statisticsB. show webvpn statistics

C. show service-policy inspect scansafeD. show running-config scansafeE. show running-config webvpnF. show url-server statistics



QUESTION 26Which command sets the number of packets to log on a Cisco IPS sensor?

A. ip-log-count numberB. ip-log-packets numberC. ip-log-bytes numberD. ip-log number




The system administrator of mydomain.com was informed that one of the users in his environment received spam from an Internet sender. Message trackingshows that the emails for this user were not scanned by antispam. Why did the Cisco Email Security gateway fail to do a spam scan on emails [email protected]?

A. The remote MTA activated the SUSPECTLIST sender group.B. The Cisco Email Security gateway created duplicates of the message.C. The user [email protected] matched an inbound rule with antispam disabled.D. The user [email protected] matched an inbound rule with antispam disabled.



QUESTION 28What are two features of the Cisco ASA NGFW? (Choose two.)

A. It can restrict access based on qualitative analysis.B. It can restrict access based on reputation.C. It can reactively protect against Internet threats.D. It can proactively protect against Internet threats.

Correct Answer: BDSection: (none)Explanation


QUESTION 29Which three statements about Cisco CWS are true? (Choose three.)

A. It provides protection against zero-day threats.B. Cisco SIO provides it with threat updates in near real time.C. It supports granular application policies.D. Its Roaming User Protection feature protects the VPN from malware and data breaches.E. It supports local content caching.F. Its Cognitive Threat Analytics feature uses cloud-based analysis and detection to block threats outside the network.

Correct Answer: ABCSection: (none)Explanation



What are two facts about the interface that you can determine from the given output? (Choose two.)

A. A Cisco Flexible NetFlow monitor is attached to the interface.B. A quality of service policy is attached to the interface.C. Cisco Application Visibility and Control limits throughput on the interface.D. Feature activation array is active on the interface.



QUESTION 31What are the two policy types that can use a web reputation profile to perform reputation-based processing? (Choose two.)


A. profile policiesB. encryption policiesC. decryption policiesD. access policies

Correct Answer: CD



QUESTION 32Which three pieces of information are required to implement transparent user identification using Context Directory Agent? (Choose three.)

A. the server name of the global catalog domain controllerB. the server name where Context Directory Agent is installedC. the backup Context Directory AgentD. the primary Context Directory AgentE. the shared secretF. the syslog server IP address

Correct Answer: BDESection: (none)Explanation


QUESTION 33Which method does Cisco recommend for collecting streams of data on a sensor that has been virtualized?

A. VACL captureB. SPANC. the Wireshark utilityD. packet capture



QUESTION 34

Which configuration mode enables a virtual sensor to monitor the session state for unidirectional traffic?

A. asymmetric modeB. symmetric modeC. loose modeD. strict mode



QUESTION 35Over the period of one day, several Atomic ARP engine alerts fired on the same IP address. You observe that each time an alert fired, requests on the IP addressexceeded replies by the same number. Which configuration could cause this behavior?

A. The reply-ratio parameter is enabled.B. MAC flip is enabled.C. The inspection condition is disabled.D. The IPS is misconfigured.



QUESTION 36Which type of signature is generated by copying a default signature and modifying its behavior?

A. metaB. customC. atomicD. normalized

Correct Answer: B



QUESTION 37Which two conditions must you configure in an event action override to implement a risk rating of 70 or higher and terminate the connection on the IPS? (Choosetwo.)

A. Configure the event action override to send a TCP reset.B. Set the risk rating range to 70 to 100.C. Configure the event action override to send a block-connection request.D. Set the risk rating range to 0 to 100.E. Configure the event action override to send a block-host request.



QUESTION 38Which two conditions must you configure in an event action rule to match all IPv4 addresses in the victim range and filter on the complete subsignature range?(Choose two.)

A. Disable event action override.B. Leave the victim address range unspecified.C. Set the subsignature ID-range to the default.D. Set the deny action percentage to 100.E. Set the deny action percentage to 0.

Correct Answer: BCSection: (none)Explanation


QUESTION 39If learning accept mode is set to "auto" and the knowledge base is loaded only when explicitly requested on the IPS, which statement about the knowledge base istrue?

A. The knowledge base is set to load dynamically.B. The knowledge base is set to "save only."


C. The knowledge base is set to "discarded."D. The knowledge base is set to load statically.



QUESTION 40In which way are packets handled when the IPS internal zone is set to "disabled"?

A. All packets are dropped to the external zone.B. All packets are dropped to the internal zone.C. All packets are ignored in the internal zone.D. All packets are sent to the default external zone.



QUESTION 41Which sensor deployment mode does Cisco recommend when interface capacity is limited and you need to increase sensor functionality?

A. inline interface pair modeB. inline VLAN pair modeC. inline VLAN group modeD. VLAN group mode



QUESTION 42Which role does Passive Identity Management play in the Cisco Cloud Web Security architecture?

A. It provides user-level information that is received from Active Directory.B. It enables the administrator to control web access for users and user groups.C. It defines a standard for exchanging authentication and authorization data.D. It controls content that passes into and out of the network.



QUESTION 43Which two statements about Cisco ESA clusters are true? (Choose two.)

A. A cluster must contain exactly one group.B. A cluster can contain multiple groups.C. Clusters are implemented in a client/server relationship.D. The cluster configuration must be managed by the cluster administrator.

E. The cluster configuration can be created and managed through either the GUI or the CLI.

Correct Answer: BESection: (none)Explanation

Explanation/Reference:answer is super valid.

QUESTION 44Which two statements about devices within a Cisco ESA cluster are true? (Choose two.)

A. Clustered systems must consist of devices in the same hardware series.B. Clustered devices can communicate via either SSH or Cluster Communication Service.C. Clustered devices can communicate only with Cluster Communication Service.D. In-the-cloud devices must be in a separate cluster from on-premise devices.E. Clustered devices can run different versions of AsyncOS.



QUESTION 45What is a primary difference between the web security features of the Cisco WSA and the Cisco ASA NGFW?

A. Cisco WSA provides URL filtering, while Cisco ASA NGFW does not.B. Cisco ASA NGFW provides caching services, while Cisco WSA does not.C. Cisco WSA provides web reputation filtering, while Cisco ASA NGFW does not.D. Cisco ASA NGFW provides application visibility and control on all ports, while Cisco WSA does not.



QUESTION 46Which Cisco ASA configuration command drops traffic if the Cisco ASA CX module fails?


A. no fail-openB. fail-closeC. fail-close auth-proxyD. auth-proxy



QUESTION 47Which Cisco Cloud Web Security Connector feature allows access by all of an organization's users while applying Active Directory group policies?

A. a company authentication keyB. a group authentication keyC. a PAC fileD. proxy forwardingE. a user authentication key



QUESTION 48Which Cisco ESA component receives connections from external mail servers?

A. MTAB. public listenerC. private listenerD. recipient access tableE. SMTP incoming relay agent



QUESTION 49What is the function of the Cisco Context Adaptive Scanning Engine in Cisco Hybrid Email Security services?

A. It uses real-time traffic threat assessment to identify suspicious email senders and messages.B. It provides a preventive defense against viruses by scanning messages before they enter the network.C. It analyzes message content and attachments to protect an organization's intellectual property.D. It protects against blended threats by using human-like logic to review and evaluate traffic.



QUESTION 50The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization hasdeployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).

The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects ofthe GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that arepresented.

Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.

How many Cisco ASAs and how many Cisco WSAs are participating in the WCCP service?

A. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and one Cisco WSA.

B. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and one Cisco WSA.C. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and two Cisco WSAs.D. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and two Cisco WSAs.E. Two Cisco ASAs and one Cisco WSA.F. Two Cisco ASAs and two Cisco WSAs.


Explanation/Reference:Explanation:

We can see from the output that the number of routers (ASA's) is 1, so there is a single ASA or an active/ standby pair being used, and 1 Cache Engine. If theASA's were in a active/active role it would show up as 2 routers.

QUESTION 51What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email Security appliance's administrative interface?

A. adminaccessconfigB. sshconfigC. sslconfigD. ipaccessconfig



QUESTION 52An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correctconfiguration?

A. Inline Mode, Permit TrafficB. Inline Mode, Close TrafficC. Promiscuous Mode, Permit Traffic

D. Promiscuous Mode, Close Traffic



QUESTION 53A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?

A. Show statistics virtual-sensorB. Show event alertC. Show alertD. Show version



QUESTION 54Which three options are characteristics of router-based IPS? (Choose three.)

A. It is used for large networks.B. It is used for small networks.C. It supports virtual sensors.D. It supports multiple VRFs.E. It uses configurable anomaly detection.F. Signature definition files have been deprecated.

Correct Answer: BDFSection: (none)Explanation


QUESTION 55A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication methodshould be selected?

A. TACACS+B. RADIUSC. Windows Active DirectoryD. Generic LDAP



QUESTION 56An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?

A. member ofB. groupC. classD. person



QUESTION 57Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most securemode?


A. Granular ACLs applied prior to authenticationB. Per user dACLs applied after successful authenticationC. Only EAPoL traffic allowed prior to authenticationD. Adjustable 802.1X timers to enable successful authentication



QUESTION 58A network administrator must enable which protocol extension to utilize EAP-Chaining?

A. EAP-FASTB. EAP-TLSC. MSCHAPv2D. PEAP



QUESTION 59In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?

A. Command setB. Group nameC. Method listD. Login type


Explanation/Reference:corrected.

QUESTION 60Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is themost likely cause of the problem?

A. EAP-TLS is not checked in the Allowed Protocols listB. Certificate authentication profile is not configured in the Identity StoreC. MS-CHAPv2-is not checked in the Allowed Protocols listD. Default rule denies all trafficE. Client root certificate is not included in the Certificate Store



QUESTION 61The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

A. tcp/8905B. udp/8905C. http/80D. https/443

Correct Answer: B



QUESTION 62Which two conditions are valid when configuring ISE for posturing? (Choose two.)

A. DictionaryB. member OfC. Profile statusD. FileE. Service

Correct Answer: DESection: (none)Explanation



Which three statements about the given configuration are true? (Choose three.)

A. TACACS+ authentication configuration is complete.B. TACACS+ authentication configuration is incomplete.C. TACACS+ server hosts are configured correctly.D. TACACS+ server hosts are misconfigured.E. The TACACS+ server key is encrypted.

F. The TACACS+ server key is unencrypted.

Correct Answer: BCFSection: (none)Explanation


QUESTION 64In AAA, what function does authentication perform?

A. It identifies the actions that the user can perform on the device.B. It identifies the user who is trying to access a device.C. It identifies the actions that a user has previously taken.D. It identifies what the user can access.



QUESTION 65Which identity store option allows you to modify the directory services that run on TCP/IP?

A. Lightweight Directory Access ProtocolB. RSA SecurID serverC. RADIUSD. Active Directory



QUESTION 66Which term describes a software application that seeks connectivity to the network via a network access device?

A. authenticatorB. serverC. supplicantD. WLC



QUESTION 67Cisco ISE distributed deployments support which three features? (Choose three.)

A. global implementation of the profiler service CoAB. global implementation of the profiler service in Cisco ISEC. configuration to send system logs to the appropriate profiler nodeD. node-specific probe configurationE. server-specific probe configurationF. NetFlow probes



QUESTION 68How frequently does the Profiled Endpoints dashlet refresh data?

A. every 30 secondsB. every 60 secondsC. every 2 minutes

D. every 5 minutes



QUESTION 69Which command in the My Devices Portal can restore a previously lost device to the network?

A. ResetB. FoundC. ReinstateD. Request



QUESTION 70What is the first step that occurs when provisioning a wired device in a BYOD scenario?


A. The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate.B. The URL redirects to the Cisco ISE Guest Provisioning portal.C. Cisco ISE authenticates the user and deploys the SPW package.D. The device user attempts to access a network URL.



QUESTION 71Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server?

A. test aaa-server test cisco cisco123 all new-codeB. test aaa group7 tacacs+ auth cisco123 new-codeC. test aaa group tacacs+ cisco cisco123 new-codeD. test aaa-server tacacs+ group7 cisco cisco123 new-code



QUESTION 72In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue?

A. repositoryB. ftp-urlC. application-bundleD. collector



QUESTION 73

Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?

A. ASA# test aaa-server authentication Group1 username cisco password cisco555B. ASA# test aaa-server authentication group Group1 username cisco password cisco555C. ASA# aaa-server authorization Group1 username cisco password cisco555D. ASA# aaa-server authentication Group1 roger cisco555



QUESTION 74Which statement about system time and NTP server configuration with Cisco ISE is true?

A. The system time and NTP server settings can be configured centrally on the Cisco ISE.B. The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured individually on each ISE node.C. NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured individually on each ISE node.D. The system time and NTP server settings must be configured individually on each ISE node.



QUESTION 75Wireless client supplicants attempting to authenticate to a wireless network are generating excessive log messages. Which three WLC authentication settingsshould be disabled? (Choose three.)

A. RADIUS Server TimeoutB. RADIUS Aggressive-FailoverC. Idle TimerD. Session TimeoutE. Client Exclusion

F. Roaming

Correct Answer: BCDSection: (none)Explanation


QUESTION 76Which two authentication stores are supported to design a wireless network using PEAP EAP- MSCHAPv2 as the authentication method? (Choose two.)

A. Microsoft Active DirectoryB. ACSC. LDAPD. RSA Secure-IDE. Certificate Server



QUESTION 77What is another term for 802.11i wireless network security?

A. 802.1xB. WEPC. TKIPD. WPAE. WPA2

Correct Answer: ESection: (none)Explanation


QUESTION 78Which two EAP types require server side certificates? (Choose two.)

A. EAP-TLSB. PEAPC. EAP-MD5D. LEAPE. EAP-FASTF. MSCHAPv2



QUESTION 79Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?

A. Access PointB. SwitchC. Wireless LAN ControllerD. Authentication Server



QUESTION 80Which setting provides the best security for a WLAN and authenticates users against a centralized directory store?

A. WPA2 AES-CCMP and 801.X authenticationB. WPA2 AES-CCMP and PSK authentication

C. WPA2 TKIP and PSK authenticationD. WPA2 TKIP and 802.1X authentication



QUESTION 81Which two services are included in the Cisco ISE posture service? (Choose two.)

A. posture administrationB. posture run-timeC. posture monitoringD. posture policingE. posture catalog



QUESTION 82What is a requirement for posture administration services in Cisco ISE?


A. at least one Cisco router to store Cisco ISE profiling policiesB. Cisco NAC Agents that communicate with the Cisco ISE server

C. an ACL that points traffic to the Cisco ISE deploymentD. the advanced license package must be installed



QUESTION 83Which two statements about Cisco NAC Agents that are installed on clients that interact with the Cisco ISE profiler are true? (Choose two.)

A. They send endpoint data to AAA servers.B. They collect endpoint attributes.C. They interact with the posture service to enforce endpoint security policies.D. They block access from the network through noncompliant endpoints.E. They store endpoints in the Cisco ISE with their profiles.F. They evaluate clients against posture policies, to enforce requirements.

Correct Answer: CFSection: (none)Explanation


QUESTION 84What steps must you perform to deploy a CA-signed identify certificate on an ISE device?

A. 1. Download the CA server certificate.2. Generate a signing request and save it as a file.3. Access the CA server and submit the ISE request.4. Install the issued certificate on the ISE.

B. 1. Download the CA server certificate.2. Generate a signing request and save it as a file.3. Access the CA server and submit the ISE request.4. Install the issued certificate on the CA server.

C. 1. Generate a signing request and save it as a file.

2. Download the CA server certificate.3. Access the ISE server and submit the CA request.4. Install the issued certificate on the CA server.

D. 1. Generate a signing request and save it as a file.2. Download the CA server certificate.3. Access the CA server and submit the ISE request.4. Install the issued certificate on the ISE.



QUESTION 85What are three best practices for a Cisco Intrusion Prevention System? (Choose three.)

A. Checking for new signatures every 4 hoursB. Checking for new signatures on a staggered scheduleC. Automatically updating signature packsD. Manually updating signature packsE. Group tuning of signaturesF. Single tuning of signatures

Correct Answer: BCESection: (none)Explanation


QUESTION 86Who or what calculates the signature fidelity rating?

A. the signature authorB. Cisco Professional ServicesC. the administratorD. the security policy



QUESTION 87Which three zones are used for anomaly detection? (Choose three.)

A. Internal zoneB. External zoneC. Illegal zoneD. Inside zoneE. Outside zoneF. DMZ zone



QUESTION 88What is the default IP range of the external zone?

A. 0.0.0.0 0.0.0.0B. 0.0.0.0 - 255.255.255.255C. 0.0.0.0/8D. The network of the management interface



QUESTION 89When learning accept mode is set to auto, and the action is set to rotate, when is the KB created and used?

A. It is created every 24 hours and used for 24 hours.B. It is created every 24 hours, but the current KB is used.C. It is created every 1 hour and used for 24 hours.D. A KB is created only in manual mode.



QUESTION 90What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance?

A. filterconfigB. filters newC. messagefiltersD. policyconfig-- inbound or outbound-- filters



QUESTION 91A Cisco Email Security Appliance uses which message filter to drop all executable attachments entering and leaving the Cisco Email Security Appliance?

A. drop-exE. if (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe") { drop(); }B. drop-exE. if (recv-listener == "InboundMail" ) AND ( (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe")) { drop(); }C. drop-exe! if (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe") { drop(); }D. drop-exe! if (recv-listener == "InboundMail" ) AND ( (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe")) { drop(); }



QUESTION 92What can Cisco Prime Security Manager (PRSM) be used to achieve?

A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policiesB. Configure Cisco ASA connection limitsC. Configure TCP state bypass in Cisco ASA and IOSD. Configure Cisco IPS signature and monitor signature alertsE. Cisco Cloud Security on Cisco ASA



QUESTION 93Which is the default IP address and admin port setting for https in the Cisco Web Security Appliance?

A. http://192.168.42.42:8080B. http://192.168.42.42:80C. https://192.168.42.42:443D. https://192.168.42.42:8443



QUESTION 94

Which port is used for CLI Secure shell access?

A. Port 23B. Port 25C. Port 22D. Port 443



QUESTION 95Which Cisco technology prevents targeted malware attacks, provides data loss prevention and spam protection, and encrypts email?

A. SBAB. secure mobile accessC. IPv6 DMZ web serviceD. ESA



QUESTION 96During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map?

A. cxsc failB. cxsc fail-closeC. cxsc fail-openD. cxssp fail-close

Correct Answer: B



QUESTION 97A network engineer may use which three types of certificates when implementing HTTPS decryption services on the ASA CX? (Choose three.)

A. Self Signed Server CertificateB. Self Signed Root CertificateC. Microsoft CA Server CertificateD. Microsoft CA Subordinate Root CertificateE. LDAP CA Server CertificateF. LDAP CA Root CertificateG. Public Certificate Authority Server CertificateH. Public Certificate Authority Root Certificate



QUESTION 98Cisco's ASA CX includes which two URL categories? (Choose two.)


A. Proxy AvoidanceB. Dropbox

C. Hate SpeechD. FacebookE. Social NetworkingF. Instant Messaging and Video Messaging



QUESTION 99A Cisco Web Security Appliance's policy can provide visibility and control of which two elements? (Choose two.)

A. Voice and Video ApplicationsB. Websites with a reputation between -100 and -60C. Secure websites with certificates signed under an unknown CAD. High bandwidth websites during business hours

Correct Answer: CDSection: (none)Explanation


QUESTION 100Which Cisco Web Security Appliance design requires minimal change to endpoint devices?

A. Transparent ModeB. Explicit Forward ModeC. Promiscuous ModeD. Inline Mode



QUESTION 101What step is required to enable HTTPS Proxy on the Cisco Web Security Appliance?

A. Web Security Manager HTTPS Proxy click EnableB. Security Services HTTPS Proxy click EnableC. HTTPS Proxy is enabled by defaultD. System Administration HTTPS Proxy click Enable



QUESTION 102Which two statements about Cisco Cloud Web Security functionality are true? (Choose two.)

A. It integrates with Cisco Integrated Service Routers.B. It supports threat avoidance and threat remediation.C. It extends web security to the desktop, laptop, and PDA.D. It integrates with Cisco ASA Firewalls.



QUESTION 103Which Cisco Cloud Web Security tool provides URL categorization?

A. Cisco Dynamic Content Analysis EngineB. Cisco ScanSafe

C. ASA Firewall ProxyD. Cisco Web Usage Control



QUESTION 104Which three functions can Cisco Application Visibility and Control perform? (Choose three.)

A. Validation of malicious trafficB. Traffic controlC. Extending Web Security to all computing devicesD. Application-level classificationE. MonitoringF. Signature tuning



QUESTION 105Which two options are features of the Cisco Email Security Appliance? (Choose two.)

A. Cisco Anti-Replay ServicesB. Cisco Destination RoutingC. Cisco Registered Envelope ServiceD. Cisco IronPort SenderBase Network



QUESTION 106Which Cisco technology combats viruses and malware with virus outbreak filters that are downloaded from Cisco SenderBase?

A. ASAB. WSAC. Secure mobile accessD. IronPort ESAE. SBA



QUESTION 107Which Cisco WSA is intended for deployment in organizations of up to 1500 users?

A. WSA S370B. WSA S670C. WSA S370-2RUD. WSA S170



QUESTION 108Which Cisco WSA is intended for deployment in organizations of more than 6000 users?

A. WSA S370

B. WSA S670C. WSA S370-2RUD. WSA S170



QUESTION 109Which command verifies that the correct CWS license key information was entered on the Cisco ASA?

A. sh run scansafe serverB. sh run scansafeC. sh run serverD. sh run server scansafe



QUESTION 110Which five system management protocols are supported by the Cisco Intrusion Prevention System? (Choose five.)

A. SNMPv2cB. SNMPv1C. SNMPv2D. SNMPv3E. SyslogF. SDEEG. SMTP

Correct Answer: ABCFG



QUESTION 111Which four statements are correct regarding management access to a Cisco Intrusion Prevention System? (Choose four.)

A. The Telnet protocol is enabled by defaultB. The Telnet protocol is disabled by defaultC. HTTP is enabled by defaultD. HTTP is disabled by defaultE. SSH is enabled by defaultF. SSH is disabled by defaultG. HTTPS is enabled by defaultH. HTTPS is disabled by default

Correct Answer: BDEGSection: (none)Explanation


QUESTION 112Which two GUI options display users' activity in Cisco Web Security Appliance? (Choose two.)

A. Web Security Manager Identity Identity NameB. Security Services ReportingC. Reporting UsersD. Reporting Reports by User Location



QUESTION 113The security team needs to limit the number of e-mails they receive from the Intellishield Alert Service. Which three parameters can they adjust to restrict alerts tospecific product sets? (Choose three.)

A. VendorB. Chassis/ModuleC. Device IDD. Service ContractE. Version/ReleaseF. Service Pack/Platform

Correct Answer: AEFSection: (none)Explanation


QUESTION 114What three alert notification options are available in Cisco IntelliShield Alert Manager? (Choose three.)


A. Alert Summary as TextB. Complete Alert as an HTML AttachmentC. Complete Alert as HTMLD. Complete Alert as RSSE. Alert Summary as Plain TextF. Alert Summary as MMS



QUESTION 115With Cisco IDM, which rate limit option specifies the maximum bandwidth for rate-limited traffic?

A. protocolB. rateC. bandwidthD. limit







QUESTION 117In an 802.1X authorization process, a network access device provides which three functions? (Choose three.)

A. Filters traffic prior to authenticationB. Passes credentials to authentication serverC. Enforces policy provided by authentication serverD. Hosts a central web authentication pageE. Confirms supplicant protocol complianceF. Validates authentication credentials



QUESTION 118Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.)

A. authentication order mab dot1xB. authentication order dot1x mabC. no authentication timerD. dot1x timeout tx-periodE. authentication openF. mab

Correct Answer: AFSection: (none)Explanation


QUESTION 119Which two attributes must match between two Cisco ASA devices to properly enable high availability? (Choose two.)

A. model, interface configuration, and RAMB. major and minor software releaseC. tcp dead-peer detection protocol

D. 802.1x authentication identity



QUESTION 120What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)

A. Administrator workstation rightsB. Active Directory Domain membershipC. Allowing of web browser activex installationD. WSUS service running



QUESTION 121Which three algorithms should be avoided due to security concerns? (Choose three.)

A. DES for encryptionB. SHA-1 for hashingC. 1024-bit RSAD. AES GCM mode for encryptionE. HMAC-SHA-1F. 256-bit Elliptic Curve Diffie-HellmanG. 2048-bit Diffie-Hellman







QUESTION 123Which statement about IOS accounting is true?

A. A named list of AAA methods must be defined.B. A named list of accounting methods must be defined.C. Authorization must be configured before accounting.D. A named list of tracking methods must be defined.



QUESTION 124What are the initial steps to configure an ACS as a TACACS server?

A. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Create.

B. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Create.

C. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Manage.

D. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Install.



QUESTION 125Which effect does the ip http secure-server command have on a Cisco ISE?

A. It enables the HTTP server for users to connect on the command line.B. It enables the HTTP server for users to connect by using web-based authentication.C. It enables the HTTPS server for users to connect by using web-based authentication.D. It enables the HTTPS server for users to connect on the command line.



QUESTION 126The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node?

A. tcp/8905, http/80, ftp/21B. tcp/8905, http/80, https/443C. udp/8905, telnet/23, https/443D. udp/8906, http/80, https/443

Correct Answer: BSection: (none)

Explanation


QUESTION 127Which two are valid ISE posture conditions? (Choose two.)


A. DictionaryB. memberOfC. Profile statusD. FileE. Service

Correct Answer: DESection: (none)Explanation


QUESTION 128A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.)

A. HTTP server enabledB. Radius authentication on the port with MABC. Redirect access-listD. Redirect-URLE. HTTP secure server enabledF. Radius authentication on the port with 802.1x

G. Pre-auth port based access-list



QUESTION 129Which three statements describe differences between TACACS+ and RADIUS? (Choose three.)

A. RADIUS encrypts the entire packet, while TACACS+ encrypts only the password.B. TACACS+ encrypts the entire packet, while RADIUS encrypts only the password.C. RADIUS uses TCP, while TACACS+ uses UDP.D. TACACS+ uses TCP, while RADIUS uses UDP.E. RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49.F. TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49



QUESTION 130Which two identity store options allow you to authorize based on group membership? (Choose two).

A. Lightweight Directory Access ProtocolB. RSA SecurID serverC. RADIUSD. Active Directory



QUESTION 131What attribute could be obtained from the SNMP query probe?

A. FQDNB. CDPC. DHCP class identifierD. User agent



QUESTION 132What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?

A. Configure the VLAN assignment.B. Configure the ACL assignment.C. Configure 802.1X authenticator authorization.D. Configure port security on the switch port.



QUESTION 133Which network component would issue the CoA?

A. switchB. endpointC. Admin NodeD. Policy Service Node



QUESTION 134What steps must you perform to deploy a CA-signed identity certificate on an ISE device?

A. 1. Download the CA server certificate and install it on ISE.2. Generate a signing request and save it as a file.3. Access the CA server and submit the CA request.4. Install the issued certificate on the ISE.

B. 1. Download the CA server certificate and install it on ISE.2. Generate a signing request and save it as a file.3. Access the CA server and submit the CSR.4. Install the issued certificate on the CA server.

C. 1. Generate a signing request and save it as a file.2. Download the CA server certificate and install it on ISE.3. Access the ISE server and submit the CA request.4. Install the issued certificate on the CA server.

D. 1. Generate a signing request and save it as a file.2. Download the CA server certificate and install it on ISE.3. Access the CA server and submit the CSR.4. Install the issued certificate on the ISE.



QUESTION 135An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Whichsolution is most suitable for achieving these goals?

A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE

B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructureC. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISED. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups



QUESTION 136Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose two.)

A. It configures system polices for NAC devices.B. It forwards traffic to destination devices.C. It provides statistics for device health.D. It replaces syslog, RADIUS, and TACACS+ servers.E. It automatically detects Cisco security appliances to configure.



QUESTION 137Which Cisco monitoring solution displays information and important statistics for the security devices in a network?

A. Cisco Prime LAN ManagementB. Cisco ASDM Version 5.2C. Cisco Threat Defense SolutionD. Syslog ServerE. TACACS+

Correct Answer: BSection: (none)

Explanation


QUESTION 138Which three search parameters are supported by the Email Security Monitor? (Choose three.)

A. Destination domainB. Network ownerC. MAC addressD. Policy requirementsE. Internal sender IP addressF. Originating domain

Correct Answer: ABESection: (none)Explanation


QUESTION 139Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats?

A. the IntelliShield Threat Outbreak AlertB. IntelliShield Alert Manager vulnerability alertsC. the IntelliShield Alert Manager historical databaseD. the IntelliShield Alert Manager web portalE. the IntelliShield Alert Manager back-end intelligence engine



QUESTION 140

A network engineer can assign IPS event action overrides to virtual sensors and configure which three modes? (Choose three.)

A. Anomaly detection operational modeB. Inline TCP session tracking modeC. Normalizer modeD. Load-balancing modeE. Inline and Promiscuous mixed modeF. Fail-open and fail-close mode



QUESTION 141What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?

A. Inline; fail openB. Inline; fail closedC. Promiscuous; fail openD. Promiscuous; fail closed



QUESTION 142Which three statements about threat ratings are true? (Choose three.)

A. A threat rating is equivalent to a risk rating that has been lowered by an alert rating.B. The largest threat rating from all actioned events is added to the risk rating.C. The smallest threat rating from all actioned events is subtracted from the risk rating.D. The alert rating for deny-attacker-inline is 45.

E. Unmitigated events do not cause a threat rating modification.F. The threat rating for deny-attacker-inline is 50.

Correct Answer: ADESection: (none)Explanation


QUESTION 143An IPS is configured to fail-closed and you observe that all packets are dropped. What is a possible reason for this behavior?

A. Mainapp is unresponsive.B. The global correlation update failed.C. The IPS span session failed.D. The attack drop file is misconfigured.



QUESTION 144What can you use to access the Cisco IPS secure command and control channel to make configuration changes?

A. SDEEB. the management interfaceC. an HTTP serverD. Telnet


Explanation/Reference:perfected.

QUESTION 145Which Cisco technology provides spam filtering and email protection?

A. IPSB. ESAC. WSAD. CX



QUESTION 146You ran the ssh generate-key command on the Cisco IPS and now administrators are unable to connect.Which action can be taken to correct the problem?

A. Replace the old key with a new key on the client.B. Run the ssh host-key command.C. Add the administrator IP addresses to the trusted TLS host list on the IPS.D. Run the ssh authorized-keys command.



QUESTION 147Which command allows the administrator to access the Cisco WSA on a secure channel on port 8443?

A. strictsslB. adminaccessconfigC. sslD. ssh



QUESTION 148Which command can change the HTTPS SSL method on the Cisco ESA?

A. sslconfigB. strictsslC. sshconfigD. adminaccessconfig



QUESTION 149When you configure the Cisco ESA to perform blacklisting, what are two items you can disable to enhance performance? (Choose two.)

A. spam scanningB. antivirus scanningC. APT detectionD. rootkit detection



QUESTION 150

Which Cisco ESA predefined sender group uses parameter-matching to reject senders?


A. BLACKLISTB. WHITELISTC. SUSPECTLISTD. UNKNOWNLIST



QUESTION 151Which command disables SSH access for administrators on the Cisco ESA?

A. interfaceconfigB. sshconfigC. sslconfigD. systemsetup



QUESTION 152The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has

deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).



What traffic is not redirected by WCCP?

A. Traffic destined to public address space

B. Traffic sent from public address spaceC. Traffic destined to private address spaceD. Traffic sent from private address space


Explanation/Reference:From the screen shot below we see the WCCP-Redirection ACL is applied, so all traffic from the Private IP space to any destination will be redirected.

QUESTION 153The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization hasdeployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).



Between the Cisco ASA configuration and the Cisco WSA configuration, what is true with respect to redirected ports?

A. Both are configured for port 80 only.

B. Both are configured for port 443 only.C. Both are configured for both port 80 and 443.D. Both are configured for ports 80, 443 and 3128.E. There is a configuration mismatch on redirected ports.


Explanation/Reference:This can be seen from the WSA Network tab shown below:

QUESTION 154

The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization hasdeployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).



Which of the following is true with respect to the version of WCCP configured on the Cisco ASA and the Cisco WSA?

A. Both are configured for WCCP v1.

B. Both are configured for WCCP v2.C. Both are configured for WCCP v3.D. There is a WCCP version mismatch between the Cisco WSA and the Cisco ASA.


Explanation/Reference:Explanation:ASA version shows as version 2.0:

WSA also shows version 2 is being used:

QUESTION 155

Correct Answer: Steps are in Explanation below:Section: (none)Explanation

Explanation/Reference:First, enable the Gig 0/0 and Gig 0/1 interfaces:

Second, create the pair under the “interface pairs” taB.

Then, apply the HIGHRISK action rule to the newly created interface pair:

Then apply the same for the MEDIUMRISK traffic (deny attacker inline)

Finally. Log the packets for the LOWRICK event:

When done it should look like this:

QUESTION 156What is the authentication method for an encryption envelope that is set to medium security?

A. The recipient must always enter a password, even if credentials are cached.B. A password is required, but cached credentials are permitted.C. The recipient must acknowledge the sensitivity of the message before it opens.D. The recipient can open the message without authentication.



QUESTION 157What is the default antispam policy for positively identified messages?

A. DropB. Deliver and Append with [SPAM]C. Deliver and Prepend with [SPAM]D. Deliver and Alternate Mailbox



QUESTION 158Which command establishes a virtual console session to a CX module within a Cisco Adaptive Security Appliance?

A. session 1 ip addressB. session 2 ip addressC. session 1D. session ips consoleE. session cxsc console



QUESTION 159What is the default CX Management 0/0 IP address on a Cisco ASA 5512-X appliance?

A. 192.168.1.1B. 192.168.1.2C. 192.168.1.3D. 192.168.1.4

E. 192.168.1.5F. 192.168.8.8

Correct Answer: FSection: (none)Explanation


QUESTION 160An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correctconfiguration?

A. Inline Mode, Permit TrafficB. Inline Mode, Close TrafficC. Promiscuous Mode, Permit TrafficD. Promiscuous Mode, Close Traffic



QUESTION 161A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?

A. Show statistics virtual-sensorB. Show event alertC. Show alertD. Show version



QUESTION 162Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.)

A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).B. Integrate sensors primarily on the less trusted side of the firewall (outside interfaces).C. Implement redundant IPS and make data paths symmetrical.D. Implement redundant IPS and make data paths asymmetrical.E. Use NIPS only for small implementations.



QUESTION 163Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?

A. sensor# configure terminalsensor(config)# service sensorsensor(config-hos)# network-settingssensor(config-hos-net)# ftp-timeout 500

B. sensor# configure terminalsensor(config)# service hostsensor(config-hos)# network-settings parameter ftpsensor(config-hos-net)# ftp-timeout 500

C. sensor# configure terminalsensor(config)# service hostsensor(config-hos)# network-settingssensor(config-hos-net)# ftp-timeout 500

D. sensor# configure terminalsensor(config)# service networksensor(config-hos)# network-settingssensor(config-hos-net)# ftp-timeout 500

Correct Answer: CSection: (none)

Explanation


QUESTION 164What are two benefits of using SPAN with promiscuous mode deployment? (Choose two.)

A. SPAN does not introduce latency to network traffic.B. SPAN can perform granular scanning on captures of per-IP-address or per-port monitoring.C. Promiscuous Mode can silently block traffic flows on the IDS.D. SPAN can analyze network traffic from multiple points.



QUESTION 165What are the initial actions that can be performed on an incoming SMTP session by the workqueue of a Cisco Email Security Appliance?

A. Accept, Reject, Relay, TCPRefuseB. LDAP Verification, Envelope Sender Verification, Bounce Verification, Alias Table VerificationC. Recipient Access Table Verification, Host DNS Verification, Masquerading, Spam Payload CheckD. SMTP Authentication, SBRS Verification, Sendergroup matching, DNS host verification




What CLI command generated the output?

A. smtproutesB. tophostsC. hoststatusD. workqueuestatus



QUESTION 167Which version of AsyncOS for web is required to deploy the Web Security Appliance as a CWS connector?

A. AsyncOS version 7.7.xB. AsyncOS version 7.5.x

C. AsyncOS version 7.5.7D. AsyncOS version 7.5.0



QUESTION 168What are three benefits of the Cisco AnyConnect Secure Mobility Solution? (Choose three.)

A. It can protect against command-injection and directory-traversal attacks.B. It provides Internet transport while maintaining corporate security policies.C. It provides secure remote access to managed computers.D. It provides clientless remote access to multiple network-based systems.E. It enforces security policies, regardless of the user location.F. It uses ACLs to determine best-route connections for clients in a secure environment.



QUESTION 169Which Cisco technology secures the network through malware filtering, category-based control, and reputation-based control?

A. Cisco ASA 5500 Series appliancesB. Cisco remote-access VPNsC. Cisco IronPort WSAD. Cisco IPS



QUESTION 170Which antispam technology assumes that email from server A, which has a history of distributing spam, is more likely to be spam than email from server B, whichdoes not have a history of distributing spam?

A. Reputation-based filteringB. Context-based filteringC. Cisco ESA multilayer approachD. Policy-based filtering



QUESTION 171Which Cisco technology is a modular security service that combines a stateful inspection firewall with next-generation application awareness, providing near real-time threat protection?

A. Cisco ASA 5500 series appliancesB. Cisco ASA CX Context-Aware SecurityC. WSAD. Internet Edge Firewall / IPS



QUESTION 172Which three are required steps to enable SXP on a Cisco ASA? (Choose three).

A. configure AAA authenticationB. configure passwordC. issue the aaa authorization command aaa-server group commandD. configure a peerE. configure TACACSF. issue the cts sxp enable command



QUESTION 173Which three network access devices allow for static security group tag assignment? (Choose three.)

A. intrusion prevention systemB. access layer switchC. data center access switchD. load balancerE. VPN concentratorF. wireless LAN controller



QUESTION 174Which option is required for inline security group tag propagation?

A. Cisco Secure Access Control SystemB. hardware supportC. Security Group Tag Exchange Protocol (SXP) v4D. Cisco Identity Services Engine



QUESTION 175Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

A. destination MAC addressB. source MAC addressC. 802.1AE header in EtherTypeD. security group tag in EtherTypeE. integrity check valueF. CRC/FCS



QUESTION 176Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)

A. manually on links between supported switchesB. in the Cisco Identity Services EngineC. in the global configuration of a TrustSec non-seed switchD. dynamically on links between supported switchesE. in the Cisco Secure Access Control SystemF. in the global configuration of a TrustSec seed switch



QUESTION 177Which three pieces of information can be found in an authentication detail report? (Choose three.)


A. DHCP vendor IDB. user agent stringC. the authorization rule matched by the endpointD. the EAP method the endpoint is usingE. the RADIUS username being usedF. failed posture requirement

Correct Answer: CDESection: (none)Explanation


QUESTION 178Certain endpoints are missing DHCP profiling data.

Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE?

A. output of show interface gigabitEthernet 0 from the CLIB. output of debug logging all 7 from the CLIC. output of show logging application profiler.log from the CLID. the TCP dump diagnostic tool through the GUI

E. the posture troubleshooting diagnostic tool through the GUI



QUESTION 179Which debug command on a Cisco WLC shows the reason that a client session was terminated?

A. debug dot11 state enableB. debug dot1x packet enableC. debug client mac addrD. debug dtls event enableE. debug ap enable cisco ap



QUESTION 180Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.)

A. Windows Active DirectoryB. LDAPC. RADIUS token serverD. internal endpoint storeE. internal user storeF. certificate authentication profileG. RSA SecurID

Correct Answer: AESection: (none)

Explanation


QUESTION 181Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabledinterface? (Choose two.)

A. authentication host-mode single-hostB. authentication host-mode multi-domainC. authentication host-mode multi-hostD. authentication host-mode multi-auth



QUESTION 182Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?

A. RADIUS Attribute (5) NAS-PortB. RADIUS Attribute (6) Service-TypeC. RADIUS Attribute (7) Framed-ProtocolD. RADIUS Attribute (61) NAS-Port-Type



QUESTION 183Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6or newer?

A. dACLB. DNS ACLC. DNS ACL defined in Cisco ISED. redirect ACL



QUESTION 184Which time allowance is the minimum that can be configured for posture reassessment interval?

A. 5 minutesB. 20 minutesC. 60 minutesD. 90 minutes



QUESTION 185Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth?

A. If Authentication failed > ContinueB. If Authentication failed > DropC. If user not found > ContinueD. If user not found > Reject


Explanation


QUESTION 186Which option restricts guests from connecting more than one device at a time?

A. Guest Portal policy > Set Device registration portal limitB. Guest Portal Policy > Set Allow only one guest session per userC. My Devices Portal > Set Maximum number of devices to registerD. Multi-Portal Policy > Guest users should be able to do device registration



QUESTION 187In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two).

A. exceptionB. network scan (NMAP)C. delete endpointD. automatically remediateE. create matching identity group



QUESTION 188Which statement about the Cisco ISE BYOD feature is true?

A. Use of SCEP/CA is optional.B. BYOD works only on wireless access.C. Cisco ISE needs to integrate with MDM to support BYOD.D. Only mobile endpoints are supported.



QUESTION 189What user rights does an account need to join ISE to a Microsoft Active Directory domain?

A. Create and Delete Computer ObjectsB. Domain AdminC. Join and Leave DomainD. Create and Delete User Objects



QUESTION 190A network administrator must enable which protocol to utilize EAP-Chaining?

A. EAP-FASTB. EAP-TLSC. MSCHAPv2D. PEAP



QUESTION 191The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement?

A. Device registration status and device activation statusB. Network access device and time conditionC. User credentials and server certificateD. Built-in profile and custom profile



QUESTION 192A user is deploying a Cisco IPS appliance in a data center to mitigate most attacks, including atomic attacks. Which two modes does Cisco recommend using toconfigure for this? (Choose two.)

A. VLAN pairB. interface pairC. transparent modeD. EtherChannel load balancingE. promiscuous mode



QUESTION 193Which statement about Cisco IPS Manager Express is true?

A. It provides basic device management for large-scale deployments.B. It provides a GUI for configuring IPS sensors and security modules.C. It enables communication with Cisco ASA devices that have no administrative access.D. It provides greater security than simple ACLs.




When designing the network to redirect web traffic utilizing the Catalyst 6500 to the Cisco Web Security Appliance, impact on the switch platform needsconsideration. Which four rows identify the switch behavior in correlation to the redirect method? (Choose four.)

A. Row 1B. Row 2C. Row 3D. Row 4

E. Row 5F. Row 6

G: Row 7H: Row 8




Which four rows exhibit the correct WCCP service to protocol assignments? (Choose four.)

A. Row 1B. Row 2C. Row 3D. Row 4E. Row 5F. Row 6

G: Row 7H: Row 8



QUESTION 196Which three protocols are required when considering firewall rules for email services using a Cisco Email Security Appliance? (Choose three.)

A. SMTPB. HTTPC. DNSD. SNMPE. FTP



QUESTION 197Which two design considerations are required to add the Cisco Email Security Appliance to an existing mail delivery chain? (Choose two.)

A. Existing MX records should be maintained and policy routing should be used to redirect traffic to the ESA.B. Update the MX records to point to the inbound listener interfaces on the ESA.C. Update the MX records to point to the outbound listener interfaces on the ESA.D. Different Listeners must be used to handle inbound and outbound mail handling.E. The ESA should be connected to the same subnet as the Email Server because it maintains only a single routing table.F. The ESA can be connected to a DMZ external to the Email Server because it maintains multiple routing tables.

G: The ESA can be connected to a DMZ external to the Email Server but it maintains only a single routing table.H: Mail Listeners by default can share the same IP interface by defining the routes for sending and receiving.



QUESTION 198Which three sender reputation ranges identify the default behavior of the Cisco Email Security Appliance? (Choose three.)

A. If it is between -1 and +10, the email is acceptedB. If it is between +1 and +10, the email is acceptedC. If it is between -3 and -1, the email is accepted and additional emails from the sender are throttledD. If it is between -3 and +1, the email is accepted and additional emails from the sender are throttledE. If it is between -4 and +1, the email is accepted and additional emails from the sender are throttledF. If it is between -10 and -3, the email is blocked

G: If it is between -10 and -3, the email is sent to the virus and spam engines for additional scanningH: If it is between -10 and -4, the email is blocked

Correct Answer: ACFSection: (none)Explanation


QUESTION 199Which two statements regarding the basic setup of the Cisco CX for services are correct? (Choose two.)

A. The Packet capture feature is available for either permitted or dropped packets by default.B. Public Certificates can be used for HTTPS Decryption policies.C. Public Certificates cannot be used for HTTPS Decryption policies.D. When adding a standard LDAP realm, the group attribute will be UniqueMember.E. The Packet capture features is available for permitted packets by default.



QUESTION 200Which three zones are used for anomaly detection in a Cisco IPS? (Choose three.)

A. internal zoneB. external zoneC. illegal zoneD. inside zoneE. outside zoneF. DMZ zone



QUESTION 201Who or what calculates the signature fidelity rating in a Cisco IPS?

A. the signature authorB. Cisco Professional ServicesC. the administratorD. the security policy



QUESTION 202What is a feature of Cisco WLC and IPS synchronization?

A. Cisco WLC populates the ACLs to prevent repeat intruder attacks.B. The IPS automatically send shuns to Cisco WLC for an active host block.C. Cisco WLC and IPS synchronization enables faster wireless access.

D. IPS synchronization uses network access points to provide reliable monitoring.



QUESTION 203Which two components are required to connect to a WLAN network that is secured by EAP-TLS authentication? (Choose two.)

A. Kerberos authentication serverB. AAA/RADIUS serverC. PSKsD. CA server



QUESTION 204Which statement about Cisco Management Frame Protection is true?

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.B. It detects spoofed MAC addresses.C. It identifies potential RF jamming attacks.D. It protects against frame and device spoofing.



QUESTION 205Which three statements about the Cisco wireless IPS solution are true? (Choose three.)


A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.B. It detects spoofed MAC addresses.C. It identifies potential RF jamming attacks.D. It protects against frame and device spoofing.E. It allows the WLC to failover because of congestion.

Correct Answer: BCDSection: (none)Explanation


QUESTION 206In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.)

A. configurationB. authenticationC. sensingD. policy requirementsE. monitoringF. repudiation

Correct Answer: ABDSection: (none)Explanation


QUESTION 207In a split ACS deployment with primary and secondary servers, which three statements about AAA load handling are true? (Choose three.)

A. During normal operations, each server processes the full workload of both servers.B. If a AAA connectivity problem occurs, the servers split the full load of authentication requests.C. If a AAA connectivity problem occurs, each server processes the full workload of both servers.D. During normal operations, the servers split the full load of authentication requests.E. During normal operations, each server is used for specific operations, such as device administration and network admission.F. The primary servers are used to distribute policy information to other servers in the enterprise.

Correct Answer: CDESection: (none)Explanation


QUESTION 208Which three personas can a Cisco ISE assume in a deployment? (Choose three.)

A. connectionB. authenticationC. administrationD. testingE. policy serviceF. monitoring

Correct Answer: CEFSection: (none)Explanation


QUESTION 209Which three components comprise the Cisco ISE profiler? (Choose three.)

A. the sensor, which contains one or more probesB. the probe managerC. a monitoring tool that connects to the Cisco ISED. the trigger, which activates ACLsE. an analyzer, which uses configured policies to evaluate endpointsF. a remitter tool, which fails over to redundant profilers



QUESTION 210Which three statements about the Cisco ISE profiler are true? (Choose three.)

A. It sends endpoint data to AAA servers.B. It collects endpoint attributes.C. It stores MAC addresses for endpoint systems.D. It monitors and polices router and firewall traffic.E. It matches endpoints to their profiles.F. It stores endpoints in the Cisco ISE database with their profiles.

Correct Answer: BEFSection: (none)Explanation


QUESTION 211From which location can you run reports on endpoint profiling?

A. Reports > Operations > Catalog > EndpointB. Operations > Reports > Catalog > EndpointC. Operations > Catalog > Reports > Endpoint

D. Operations > Catalog > Endpoint



QUESTION 212Which three statements about Cisco ASA CX are true? (Choose three.)

A. It groups multiple ASAs as a single logical device.B. It can perform context-aware inspection.C. It provides high-density security services with high availability.D. It uses policy-based interface controls to inspect and forward TCP- and UDP-based packets.E. It can make context-aware decisions.F. It uses four cooperative architectural constructs to build the firewall.

Correct Answer: BEFSection: (none)Explanation


QUESTION 213During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map?

A. cxsc failB. cxsc fail-closeC. cxsc fail-openD. cxssp fail-close



QUESTION 214Cisco AVC allows control of which three of the following? (Choose three.)

A. FacebookB. LWAPPC. IPv6D. MySpaceE. TwitterF. WCCP

Correct Answer: ADESection: (none)Explanation


QUESTION 215The Web Security Appliance has identities defined for faculty and staff, students, and default access. The faculty and staff identity identifies users based on thesource network and authenticated credentials. The identity for students identifies users based on the source network along with successful authenticationcredentials. The global identity is for guest users not authenticated against the domain.

Recently, a change was made to the organization's security policy to allow faculty and staff access to a social network website, and the security group changed theaccess policy for faculty and staff to allow the social networking category.

Which are the two most likely reasons that the category is still being blocked for a faculty and staff user? (Choose two.)

A. The user is being matched against the student policy because the user did not enter credentials.B. The user is using an unsupported browser so the credentials are not working.C. The social networking URL was entered into a custom URL category that is blocked in the access policy.D. The user is connected to the wrong network and is being blocked by the student policy.E. The social networking category is being allowed but the AVC policy is still blocking the website.



QUESTION 216Which five system management protocols are supported by the Intrusion Prevention System? (Choose five.)

A. SNMPv2cB. SNMPv1C. SNMPv2D. SNMPv3E. syslogF. SDEEG. SMTP

Correct Answer: ABCFGSection: (none)Explanation


QUESTION 217Which IPS signature regular expression CLI command matches a host issuing a domain lookup for www.theblock.com?

A. regex-string (\x03[Tt][Hh][Ee]\x05[Bb][Ll][Oo][Cc][Kk])B. regex-string (\x0b[theblock.com])C. regex-string (\x03[the]\x05[block]0x3[com])D. regex-string (\x03[T][H][E]\x05[B][L][O][C][K]\x03[.][C][O][M]



QUESTION 218Which three user roles are partially defined by default in Prime Security Manager? (Choose three.)

A. networkoperatorB. adminC. helpdeskD. securityoperatorE. monitoringadminF. systemadmin



QUESTION 219Which three options are IPS signature classifications? (Choose three.)

A. tuned signaturesB. response signaturesC. default signaturesD. custom signaturesE. preloaded signaturesF. designated signatures



QUESTION 220At which value do custom signatures begin?

A. 1024B. 10000C. 1D. 60000



QUESTION 221Which two commands are valid URL filtering commands? (Choose two.)

A. url-server (DMZ) vendor smartfilter host 10.0.1.1B. url-server (DMZ) vendor url-filter host 10.0.1.1C. url-server (DMZ) vendor n2h2 host 10.0.1.1D. url-server (DMZ) vendor CISCO host 10.0.1.1E. url-server (DMZ) vendor web host 10.0.1.1



QUESTION 222A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessmentand outline hardware and software capable and incapable devices?

A. Prime InfrastructureB. Network Control SystemC. Cisco Security ManagerD. Identity Services Engine



QUESTION 223Which EAP method uses a modified version of the MS-CHAP authentication protocol?

A. EAP-POTPB. EAP-TLSC. LEAPD. EAP-MD5



QUESTION 224Under which circumstance would an inline posture node be deployed?

A. When the NAD does not support CoAB. When the NAD cannot support the number of connected endpointsC. When a PSN is overloadedD. To provide redundancy for a PSN



QUESTION 225Which Cisco ISE 1.x protocol can be used to control admin access to network access devices?

A. TACACS+B. RADIUSC. EAPD. Kerberos



QUESTION 226A user is on a wired connection and the posture status is noncompliant.

Which state will their EPS session be placed in?

A. disconnectedB. limitedC. no accessD. quarantined



QUESTION 227Which three posture states can be used for authorization rules? (Choose three.)

A. unknownB. knownC. noncompliantD. quarantinedE. compliantF. no accessG. limited

Correct Answer: ACESection: (none)Explanation


QUESTION 228Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.)

A. UnknownB. CompliantC. FailOpenD. FailCloseE. Noncompliant

Correct Answer: BESection: (none)Explanation


QUESTION 229Which two portals can be configured to use portal FQDN? (Choose two.)

A. adminB. sponsorC. guestD. my devicesE. monitoring and troubleshooting



QUESTION 230When you add a new PSN for guest access services, which two options must be enabled under deployment settings? (Choose two.)

A. Admin

B. MonitoringC. Policy ServiceD. Session ServicesE. Profiling



QUESTION 231In Cisco ISE, which probe must be enabled to collect profiling data using Device Sensor?

A. RADIUSB. SNMPQueryC. SNMPTrapD. Network ScanE. Syslog



QUESTION 232When you create a new server profile on the Cisco ESA, which subcommand of the ldapconfig command configures spam quarantine end-user authentication?

A. isqauthB. isqaliasC. testD. server

Correct Answer: ASection: (none)

Explanation


QUESTION 233Which three administrator actions are used to configure IP logging in Cisco IME? (Choose three.)

A. Select a virtual sensor.B. Enable IP logging.C. Specify the host IP address.D. Set the logging duration.E. Set the number of packets to capture.F. Set the number of bytes to capture.



QUESTION 234Which centralized reporting function of the Cisco Content Security Management Appliance aggregates data from multiple Cisco ESA devices?

A. message tracking


B. web trackingC. system trackingD. logging

Correct Answer: A



QUESTION 235What is a value that Cisco ESA can use for tracing mail flow?

A. the FQDN of the source IP addressB. the FQDN of the destination IP addressC. the destination IP addressD. the source IP address



QUESTION 236What are three features of the Cisco Security Intellishield Alert Manager Service? (Choose three.)

A. validation of alerts by security analystsB. custom notificationsC. complete threat and vulnerability remediationD. vendor-specific threat analysisE. workflow-management toolsF. real-time threat and vulnerability mitigation



QUESTION 237

When you deploy a sensor to send connection termination requests, which additional traffic-monitoring function can you configure the sensor to perform?

A. Monitor traffic as it flows to the sensor.B. Monitor traffic as it flows through the sensor.C. Monitor traffic from the Internet only.D. Monitor traffic from both the Internet and the intranet.



QUESTION 238Which IPS feature allows you to aggregate multiple IPS links over a single port channel?

A. UDLDB. ECLBC. LACPD. PAgP



QUESTION 239Which Cisco IPS deployment mode is best suited for bridged interfaces?

A. inline interface pair modeB. inline VLAN pair modeC. inline VLAN group modeD. inline pair mode

Correct Answer: B



QUESTION 240When a Cisco IPS is deployed in fail-closed mode, what are two conditions that can result in traffic being dropped? (Choose two.)

A. The signature engine is undergoing the build process.B. The SDF failed to load.C. The built-in signatures are unavailable.D. An ACL is configured.



QUESTION 241If inline-TCP-evasion-protection-mode on a Cisco IPS is set to asymmetric mode, what is a side effect?

A. Packet flow is normal.B. TCP requests are throttled.C. Embryonic connections are ignored.D. Evasion may become possible.



QUESTION 242What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints?

A. the ISEB. an ACLC. a routerD. a policy server



QUESTION 243What are the initial steps must you perform to add the ISE to the WLC?

A. 1. With a Web browser, establish an HTTP connection to the WLC pod.2, Navigate to Administration > Authentication > New.3. Enter server values to begin the configuration.

B. 1. With a Web browser, establish an FTP connection to the WLC pod.2. Navigate to Security > Administration > New.3. Add additional security features for FTP authentication.

C. 1. With a Web browser, establish an HTTP connection to the WLC pod.2. Navigate to Authentication > New.3. Enter ACLs and Authentication methods to begin the configuration.

D. 1. With a Web browser connect, establish an HTTPS connection to the WLC pod.2. Navigate to Security > Authentication > New.3. Enter server values to begin the configuration.



QUESTION 244Which command configures console port authorization under line con 0?

A. authorization default|WORD

B. authorization exec line con 0|WORDC. authorization line con 0|WORDD. authorization exec default|WORD



QUESTION 245Which two statements about administrative access to the ACS Solution Engine are true? (Choose two.)

A. The ACS Solution Engine supports command-line connections through a serial-port connection.B. For GUI access, an administrative GUI user must be created with the add-guiadmin command.C. The ACS Solution Engine supports command-line connections through an Ethernet interface.D. An ACL-based policy must be configured to allow administrative-user access.E. GUI access to the ACS Solution Engine is not supported.



QUESTION 246What is the purpose of the Cisco ISE Guest Service Sponsor Portal?

A. It tracks and stores user activity while connected to the Cisco ISE.B. It securely authenticates guest users for the Cisco ISE Guest Service.C. It filters guest users from account holders to the Cisco ISE.D. It creates and manages Guest User accounts.



QUESTION 247What is the effect of the ip http secure-server command on a Cisco ISE?

A. It enables the HTTP server for users to connect on the command line.B. It enables the HTTP server for users to connect using Web-based authentication.C. It enables the HTTPS server for users to connect using Web-based authentication.D. It enables the HTTPS server for users to connect on the command line.



QUESTION 248When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)

A. It will return an access-accept and send the redirection URL for all users.B. It establishes secure connectivity between the RADIUS server and the ISE.C. It allows the ISE to send a CoA request that indicates when the user is authenticated.D. It is used for posture assessment, so the ISE changes the user profile based on posture result.E. It allows multiple users to authenticate at the same time.



QUESTION 249What are the initial steps to configure an ACS as a TACACS server?

A. 1. Choose Network Devices and AAA Clients > Network Resources.

2. Click Create.B. 1. Choose Network Resources > Network Devices and AAA Clients.

2. Click Create.C. 1. Choose Network Resources > Network Devices and AAA Clients.

2. Click Manage.D. 1. Choose Network Devices and AAA Clients > Network Resources.

2. Click Install.



QUESTION 250Which two statements about administrative access to the Cisco Secure ACS SE are true? (Choose two.)

A. The Cisco Secure ACS SE supports command-line connections through a serial-port connection.B. For GUI access, an administrative GUI user must be created by using the add-guiadmin command.C. The Cisco Secure ACS SE supports command-line connections through an Ethernet interface.D. An ACL-based policy must be configured to allow administrative-user access.E. GUI access to the Cisco Secure ASC SE is not supported.



QUESTION 251Which Cisco Web Security Appliance deployment mode requires minimal change to endpoint devices?

A. Transparent ModeB. Explicit Forward ModeC. Promiscuous ModeD. Inline Mode


Explanation/Reference:modified and corrected.

QUESTION 252Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)

A. LLDP agent informationB. user agentC. DHCP optionsD. open portsE. operating systemF. trunk ports



QUESTION 253Which two profile attributes can be collected by a Cisco Wireless LAN Controller that supports Device Sensor? (Choose two.)

A. LLDP agent informationB. user agentC. DHCP optionsD. open portsE. CDP agent informationF. FQDN

Correct Answer: BCSection: (none)Explanation


QUESTION 254Which statement about Cisco ISE BYOD is true?

A. Dual SSID allows EAP-TLS only when connecting to the secured SSID.B. Single SSID does not require endpoints to be registered.C. Dual SSID allows BYOD for guest users.D. Single SSID utilizes open SSID to accommodate different types of users.E. Single SSID allows PEAP-MSCHAPv2 for native supplicant provisioning.



QUESTION 255Which two types of client provisioning resources are used for BYOD implementations? (Choose two.)

A. user agentB. Cisco NAC agentC. native supplicant profilesD. device sensorE. software provisioning wizards



QUESTION 256Which protocol sends authentication and accounting in different requests?

A. RADIUSB. TACACS+C. EAP-ChainingD. PEAPE. EAP-TLS



QUESTION 257You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously.

Which configuration is missing on the network access device?

A. RADIUS authenticationB. RADIUS accountingC. DHCP requiredD. AAA override



QUESTION 258A properly configured Cisco ISE Policy Service node is not receiving any profile data from a Cisco switch that runs Device Sensor.

Which option is the most likely reason for the failure?

A. Syslog is configured for the Policy Administration Node.B. RADIUS Accounting is disabled.C. The SNMP community strings are mismatched.

D. RADIUS Authentication is misconfigured.E. The connected endpoints support CDP but not DHCP.



QUESTION 259Which three features should be enabled as best practices for MAB? (Choose three.)

A. MD5B. IP source guardC. DHCP snoopingD. storm controlE. DAIF. URPF



QUESTION 260When MAB is configured, how often are ports reauthenticated by default?

A. every 60 secondsB. every 90 secondsC. every 120 secondsD. never



QUESTION 261What is a required step when you deploy dynamic VLAN and ACL assignments?

A. Configure the VLAN assignment.B. Configure the ACL assignment.C. Configure Cisco IOS Software 802.1X authenticator authorization.D. Configure the Cisco IOS Software switch for ACL assignment.



QUESTION 262Which model does Cisco support in a RADIUS change of authorization implementation?

A. pushB. pullC. policyD. security



QUESTION 263An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company alsowants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?

A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users

B. MACsec in Multiple-Host Mode in order to open or close a port based on a single authenticationC. Identity-based ACLs on the switches with user identities provided by ISED. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE



QUESTION 264Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.)

A. IOS-7-PROXY_DROPB. AP-1-AUTH_PROXY_DOS_ATTACKC. MKA-2-MACDROPD. AUTHMGR-5-MACMOVEE. ASA-6-CONNECT_BUILTF. AP-1-AUTH_PROXY_FALLBACK_REQ



QUESTION 265Which administrative role has permission to assign Security Group Access Control Lists?

A. System AdminB. Network Device AdminC. Policy AdminD. Identity Admin


Explanation



If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect?

A. From Friday at 6:00 p.m. until Monday at 8:00 a.m.B. From Monday at 8:00 a.m. until Friday at 6:00 p.m.C. From Friday at 6:01 p.m. until Monday at 8:01 a.m.D. From Monday at 8:01 a.m. until Friday at 5:59 p.m.



QUESTION 267Which set of commands allows IPX inbound on all interfaces?

A. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface globalB. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface insideC. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface outsideD. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow out interface global

Correct Answer: ASection: (none)

Explanation


QUESTION 268Which command enables static PAT for TCP port 25?

A. nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtpB. nat static 209.165.201.3 eq smtpC. nat (inside,outside) static 209.165.201.3 service tcp smtp smtpD. static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255



QUESTION 269When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)

A. It returns an access-accept and sends the redirection URL for all users.B. It establishes secure connectivity between the RADIUS server and the Cisco ISE.C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated.D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result.E. It allows multiple users to authenticate at the same time.



QUESTION 270Which Cisco technology is a customizable web-based alerting service designed to report threats and vulnerabilities?

A. Cisco Security Intelligence OperationsB. Cisco Security IntelliShield Alert Manager ServiceC. Cisco Security Optimization ServiceD. Cisco Software Application Support Service



QUESTION 271

Which signature definition is virtual sensor 0 assigned to use?

A. rules0B. vs0C. sig0D. ad0E. ad1

F. sigl


Explanation/Reference:Explanation:This is the default signature.You can create multiple security policies and apply them to individual virtual sensors. A security policy is made up of a signature definition policy, an event actionrules policy, and an anomaly detection policy. Cisco IPS contains a default signature definition policy called sig0, a default event action rules policy called rules0,and a default anomaly detection policy called ad0. You can assign the default policies to a virtual sensor or you can create new policies.

QUESTION 272

What action will the sensor take regarding IP addresses listed as known bad hosts in the Cisco SensorBase network?

A. Global correlation is configured in Audit mode fortesting the feature without actually denying any hosts.B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.C. It will not adjust risk rating values based on the known bad hosts list.D. Reputation filtering is disabled.


Explanation/Reference:Explanation:This can be seen on the Globabl Correlation Inspection/Reputation tab show below:

QUESTION 273

To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?

A. It will not contribute to the SensorBase network.B. It will contribute to the SensorBase network, but will withhold some sensitive informationC. It will contribute the victim IP address and port to the SensorBase network.D. It will not contribute to Risk Rating adjustments that use information from the SensorBase network.


Explanation/Reference:Explanation:To configure network participation, follow these steps:Step 1 Log in to IDM using an account with administrator privileges. Step 2 Choose Configuration > Policies > Global Correlation > Network Participation. Step 3 Toturn on network participation, click the Partial or Full radio button:·Partial--Data is contributed to the SensorBase Network, but data considered potentially sensitive is filtered out and never sent.·Full--All data is contributed to the SensorBase Network

In this case, we can see that this has been turned off as shown below:

QUESTION 274

Which two statements about Signature 1104 are true? (Choose two.)

A. This is a custom signature.B. The severity level is High.C. This signature has triggered as indicated by the red severity icon.D. Produce Alert is the only action defined.E. This signature is enabled, but inactive, as indicated bythe/0 to that follows the signature number.


Explanation/Reference:Explanation:thThis can be seen here where signature 1004 is the 5 one down:

QUESTION 275

Which three statements about the Cisco IPS appliance configurations are true? (Choose three.)

A. The maximum number of denied attackers is set to 10000.B. The block action duraton is set to 3600 seconds.C. The Meta Event Generator is globally enabled.D. Events Summarization is globally disabled.E. Threat Rating Adjustment is globally disabled.



QUESTION 276

What is the status of OS Identification?

A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprintingB. OS mapping information will not be used for Risk Rating calculations.C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.D. It is enabled for passive OS fingerprinting for all networks.


Explanation/Reference:Explanation:Understanding Passive OS FingerprintingPassive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of thesehosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type.The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of therisk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack.You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode).Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in thealert. Passive OS fingerprinting consists of three components: ·Passive OS learning Passive OS learning occurs as the sensor observes traffic on the network.Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address. ·User-configurable OS identification You can configure OS host mappings, which take precedence over learned OS mappings. ·Computation of attack relevance ratingand risk rating

QUESTION 277Which three features does Cisco CX provide? (Choose three.)

A. HTTPS traffic decryption and inspectionB. Application Visibility and ControlC. Category or reputation-based URL filteringD. Email virus scanningE. Application optimization and accelerationF. VPN authentication



QUESTION 278Which three functions can Cisco Application Visibility and Control perform within Cisco Cloud Web Security? (Choose three.)

A. validation of malicious trafficB. traffic control

C. extending Web Security to all computing devicesD. application-level classificationE. monitoringF. signature tuning


Explanation/Reference:valid.


test-king.300-207 -278.questions&answers. · a. atomic arp engine b. service generic engine c....

Documents