CCNP Security

Question 1

What are two list types within Cisco AMP for Endpoint Outbreak Control? (Choose two)

A. blocked ports

B. simple custom detections

C. command and control

D. allowed applications

E. URL

Answer 1

BD

Question 2

Which command enables 802.1x globally on a Cisco switch?

A. dot1x system-auth-control

B. dot1x pae authenticator

C. authentication port-control auto

D. aaa new-model

Answer 2

A

Question 3

What is the function of Cisco Cloudlock for data security?

A. data loss prevention

B. controls malicious cloud apps

C. detects anomalies

D. user and entity behavior analytics

Answer 3

A

Question 4

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

A. computer identity

B. Windows service

C. user identity

D. Windows Firewall

E. default browser

Answer 4

BD

Question 5

What is a characteristic of Dynamic ARP Inspection?

A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.

C. DAI associates a trust state with each switch.

D. DAI intercepts all ARP requests and responses on trusted ports only.

Answer 5

A

Question 6

Which Cisco product provides endpoint protection and allows administrators to centrally manage the deployment?

A. NGFW

B. AMP

C. WSA

D. ESA

Answer 6

B

Question 7

Where are individual sites specified to be blacklisted in Cisco Umbrella?

A. application settings

B. content categories

C. security settings

D. destination lists

Answer 7

D

Question 8

Which Statement about IOS zone-based firewalls is true?

A. An unassigned interface can communicate with assigned interfaces.

B. Only one interface can be assigned to a zone

C. An interface can be assigned to multiple zones

D. An interface can be assigned only to one zone

Answer 8

D

Question 9

Which two activities can be done using Cisco DNA Center?

A. DHCP

B. design

C. accounting

D. DNS

E. Provisioning

Answer 9

BE

Question 10

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

A. RSA SecureID

B. Internal Database

C. Active Directory

D. LDAP

Answer 10

A

Question 11

Which VPN technology can support a multivendor environment and secure traffic between sites?

A. SSL VPN

B. GET VPN

C. FlexVPN

D. DMVPN

Answer 11

C

Question 12

Which SNMPv3 Configuration must be used to support the strongest security possible?

Answer 12

aes 256

Question 13

Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other 3rd party management tools, and prioritize application traffic?

A. Cisco Security Intelligence

B. Cisco Application Visibility and Control

C. Cisco Model Driven Telemetry

D. Cisco DNA Center

Answer 13

B

Question 14

Which two endpoint measures are sued to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

A. Patch for Cross-Site Scripting

B. Perform backups to the private cloud

C. Protect against input validation and character escapes in the endpoint.

D. Install a spam and virus email filter

E. Protect systems with an up-to-date antimalware program.

Answer 14

DE

Question 15

An Engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS 17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.

Which two solutions mitigate the risk of this ransomware infection? (Choose Two)

A. Configure a posture policy in Cisco ISE to install the MS17-010 patch before allowing access to the network.

B. Set up a profiling policy in Cisco ISE to check and endpoint patch level before allowing access to the network.

C. Configure a posture policy in Cisco ISE to check that an endpoint patch level is met before allowing access on the network.

D. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

E. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Answer 15

AC

Question 16

Why would a user choose an on-premises ESA versus a CSA solution?

A. Sensitive data must remain onsite.

B. Demand is unpredicatable

C. The server team wants to outsource this service

D. ESA is deployed inline.

Answer 16

A

Question 17

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

A. DMVPN

B. FlexVPN

C. IPSec DVTI

D. GET VPN

Answer 17

D

Question 18

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

A. PaaS

B. XaaS

C. IaaS

D. SaaS

Answer 18

A

Question 19

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

A. Enable IP layer enforcement

B. Activate the Advanced Malware Protection License

C. Activate SSL Decryption

D. Enable Intelligent Proxy

Answer 19

D

Question 20

Which two features are used to configure Cisco Secure Email Gateway with a multilayer approach to fight viruses and malware? (Choose Two)

A. Sophos Engine

B. White list

C. RAT

D. outbreak filters

E. DLP

Answer 20

A
D

Question 21

How is Cisco Umbrella configured to log only security events?

A. per policy

B. in the Reporting Settings

C. in the security settings section

D. per network in the deployments section

Answer 21

A

Question 22

What is the primary difference between and Endpoint Protection Platform and an Endpoint Detection and Response?

A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.

B. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

C. EPP focuses on network security, and EDR focuses on device security.

D. EDR focuses on network security, and EPP focuses on device security

Answer 22

A

Question 23

On which part of the IT environment does DevSecOps focus?

A. Application Development

B. Wireless network

C. Data center

D. Perimeter Network

Answer 23

A

Question 24

Which functions of an SDN architecture require southbound APIs to enable communication?

A. SDN Controller and the network elements

B. Management Console and the SDN controller

C. Management Console and the Cloud

D. SDN controller and the cloud

Answer 24

A

Question 25

What is a characteristic of traffic storm control behavior?

Answer 25

Traffic storms drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.

Question 26

Which two request methods of REST API are valid on the Cisco ASA Platform? A. put B. options C. get D. push E. connect

Answer 26

A C

Question 27

In a PaaS model, which layer is the tenant responsible for maintaining and patching? A. hypervisor B. virtual machine C. network D. application

Answer 27

D

Question 28

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task? A. device flow correlation B. simple detections C. application blocking list D. advanced custom detections

Answer 28

C

Question 29

Which ASA deployment mode can provide separation of management on a shared appliance? A. DMZ multiple zone mode B. transparent firewall mode C. multiple context mode D. routed mode

Answer 29

C

Question 30

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose Two) A. FTDv configured in routed mode and managed by an FMCv installed in AWS. B. FTDv with one management interface and two traffic interfaces configured. C. FTDv configured in routed mode and managed by a physical FMC appliance on premises D. FTDv with two management interfaces and one traffic interface configured. E. FTDv configured in routed mode and IPv6 configured.

Answer 30

A C

Question 31

What can be integrated with Cisco Talos Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats? A. Umbrealla B. External Threat Feeds C. Cisco Threat Grid D. Cisco Stealthwatch

Answer 31

B

Question 32

What provides visibility and awareness into what is currently occurring on the network? A. CMX B. WMI C. Prime Infrastructure D. Telemetry

Answer 32

D

Question 33

Which attack is commonly associated with C and C++ programming languages? A. XSS B. Water Holing C. DDoS D. Buffer Overflow

Answer 33

D

Question 34

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

Answer 34

CoA Reauth

Question 35

REFER TO EXHIBIT Which command was used to display this output?

Answer 35

show dot1x all

Question 36

Which two prevention techniques are used to mitigate SQL injection attacks?

Answer 36

1. Check integer, float, or Boolean string parameters to ensure accurate values. 2. Use prepared statements and parameterized queries.

Question 37

How does Cisco Stealthwatch Cloud provide security for cloud environments?

Answer 37

Delivers visibility and threat detections

Question 38

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System?

Answer 38

SIP SSL

Question 39

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

Answer 39

Time Synchronization

Question 40

The main function of northbound APIs is in the SDN architecture is to enable communication between which two areas of a network?

Answer 40

SDN controller and the management solution

Question 41

REFER TO THE EXHIBIT: What is the result of the configuration?

Answer 41

Traffic from the inside and DMZ networks is redirected

Question 42

Which information is required when adding a device to Firepower Management Center?

Answer 42

Registration Key

Question 43

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose Two)

Answer 43

Encryption DLP

Question 44

What is a characteristic of Cisco ASA NetFlow v9 Secure Event Logging?

Answer 44

It tracks flow-create, flow-teardown, and flow-denied events.

Question 45

Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

Answer 45

SSL Decryption

Question 46

Which two kinds of attacks are prevented by MFA?

Answer 46

Phishing Brute Force

Question 47

With Cisco AMP, which option shows a list of all files that have been executed in your environment?

Answer 47

prevalenace

Question 48

Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment?

Answer 48

6

Question 49

Which two features of Cisco Email Security can protect your organization against email threats?

Answer 49

Data Loss Prevention Geolocation-based filtering

Question 50

DRAG AND DROP List the correct steps to enable AppDynamics to monitor an EC2 Instance in AWS?

Answer 50

1. Configure a Machine Agent 2. Install Monitoring extension 3. Update config yaml 4. Restart the Machine agent

Question 51

Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

Answer 51

Impact Flag

Question 52

REFER TO THE EXHIBIT: Which statement about the authentication protocol used in the configuration is true?

Answer 52

The authentication and authorization requests are grouped in a single packet.

Question 53

Which two preventive measures are used to control cross-site scripting? (Choose Two) A. Enable client-side scripts on a per-domain basis B. Incorporate contextual output encoding/escaping C. Disable cookie inspection in the HTML inspection engine. D. Run untrusted HTML input through an HTML sanitization engine. E. Same Site cookie attribute should not be used.

Answer 53

B D

Question 54

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

Answer 54

network discovery

Question 55

REFER TO THE EXHIBIT: Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

Answer 55

show authentication sessions

Question 56

An engineer is configuring a Cisco Secure Email Gateway and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?

Answer 56

RAT (Recipient Access Table)

Question 57

Which two capabilities does TAXII support? A. exchange B. pull messaging C. binding D. correlation E. mitigating

Answer 57

A B

Question 58

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment? A. group policy B. access control policy C. device management policy D. platform service policy

Answer 58

D

Question 59

An administrator wants to ensure that all endpoints are complaint before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10. What must the administrator implement to ensure that all devices are complaint before they are allowed on the network?

Answer 59

Cisco ISE and AnyConnect Posture module

Question 60

What are two detection and analytics engines of Cognitive Threat Analytics? (Choose two) A. data exfiltration B. command and control communication C. intelligent proxy D. snort E. URL categorization

Answer 60

A B

Question 61

In which form of attack is alternate encoding, such as hexadecimal representation, most often observed? A. smurf B. distributed denial of service C. cross-site scripting D. rootkit exploit

Answer 61

C

Question 62

Which two conditions are prerequisites for stateful failover for IPsec?

Answer 62

1. The IPsec configuration that is set up on the active device must be duplicated on the standby device. 2. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

Question 63

What Cisco command shows you the status of an 802.1x connection on interface gi0/1?

Answer 63

show authen sess int gi0/1

Question 64

A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations?

Answer 64

DHCP Snooping Dynamic ARP inspection

Question 65

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node? A. RADIUS Change of Authorization B. device tracking C. DHCP snooping D. VLAN hopping

Answer 65

A

Question 66

What is the result of running the crypto isakmp key ciscxxxxxxxxxxxx address 172.16.0.0 command?

Answer 66

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscxxxxxxxxxxx.

Question 67

Which two probes are configured to gather attributes of connected endpoints using Cisco ISE?

Answer 67

RADIUS DHCP

Question 68

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

Answer 68

Tetration

Question 69

What are the two most commonly used authentication factors in MFA?

Answer 69

Time Factor Knowledge Factor

Question 70

Which two key and block sizes are valid for AES?

Answer 70

128- bit block size. 192 bit key length 128-bit block size. 256 bit key length

Question 71

After deploying a Cisco Secure Email Gateway on your network, you notice that some messages fail to reach their destinations. Which task can you perform to determine where each message was lost? A. Configure the trackingconfig command to enable message tracking. B. Generate a system report C. Review the log files D. Perform a trace

Answer 71

A

Question 72

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

Answer 72

RSA

Question 73

How is ICMP used an exfiltration technique? A. by Flooding the destination host with unreachable packets. B. by sending large number of ICMP packets with a targeted hosts source IP address using an IP broadcast address. C. By encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host D. by overwhelming a targeted host with ICMP echo-request packets.

Answer 73

C

Question 74

What is the difference between deceptive phishing and spear phishing?

Answer 74

Spear Phishing campaign is aimed at a specific person versus a group of people.

Question 75

An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1x, MAB, or WebAuth. Which products meets all of these requirements?

Answer 75

Cisco ISE

Question 76

When wired 802.1x authentication is implemented, which two components are required? (Choose Two) A. authentication server: Cisco ISE B. supplicant: Cisco AnyConnect ISE Posture module C. authenticator: Cisco Catalyst Swtich D. authenticator: Cisco ISE E. authenticator server: Cisco Prime Infrastructure

Answer 76

A C

Question 77

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

Answer 77

Certificate Trust List

Question 78

Which API is used for Content Security?

Answer 78

AsyncOS API