NEW QUESTION 1
Refer to the exhibit.

What does the number 15 represent in this configuration?

• A. privilege level for an authorized user to this router
• B. access list that identifies the SNMP devices that can access the router
• C. interval in seconds between SNMPv3 authentication attempts
• D. number of possible failed attempts until the SNMPv3 user is locked out

Answer: B

NEW QUESTION 2
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

• A. Cisco Prime Infrastructure
• B. Cisco Identity Services Engine
• C. Cisco Stealthwatch
• D. Cisco AMP for Endpoints

Answer: B

NEW QUESTION 3
Under which two circumstances is a CoA issued? (Choose two.)

• A. A new authentication rule was added to the policy on the Policy Service node.
• B. An endpoint is deleted on the Identity Service Engine server.
• C. A new Identity Source Sequence is created and referenced in the authentication policy.
• D. An endpoint is profiled for the first time.
• E. A new Identity Service Engine server is added to the deployment with the Administration persona.

Answer: BD

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html

NEW QUESTION 4
Which two preventive measures are used to control cross-site scripting? (Choose two.)

• A. Enable client-side scripts on a per-domain basis.
• B. Incorporate contextual output encoding/escaping.
• C. Disable cookie inspection in the HTML inspection engine.
• D. Run untrusted HTML input through an HTML sanitization engine.
• E. SameSite cookie attribute should not be used.

Answer: AB

NEW QUESTION 5
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)

• A. Sophos engine
• B. white list
• C. RAT
• D. outbreak filters
• E. DLP

Answer: AD

NEW QUESTION 6
Which ASA deployment mode can provide separation of management on a shared appliance?

• A. DMZ multiple zone mode
• B. transparent firewall mode
• C. multiple context mode
• D. routed mode

Answer: C

NEW QUESTION 7
Which two behavioral patterns characterize a ping of death attack? (Choose two.)

• A. The attack is fragmented into groups of 16 octets before transmission.
• B. The attack is fragmented into groups of 8 octets before transmission.
• C. Short synchronized bursts of traffic are used to disrupt TCP connections.
• D. Malformed packets are used to crash systems.
• E. Publicly accessible DNS servers are typically used to execute the attack.

Answer: BD

Explanation:
Reference: https://en.wikipedia.org/wiki/Ping_of_death

NEW QUESTION 8
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)

• A. TACACS+
• B. central web auth
• C. single sign-on
• D. multiple factor auth
• E. local web auth

Answer: BE

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01110.html

NEW QUESTION 9
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

• A. DNS tunneling
• B. DNSCrypt
• C. DNS security
• D. DNSSEC

Answer: A

Explanation:
Reference: https://learn-umbrella.cisco.com/cloud-security/dns-tunneling

NEW QUESTION 10
Which two mechanisms are used to control phishing attacks? (Choose two.)

• A. Enable browser alerts for fraudulent websites.
• B. Define security group memberships.
• C. Revoke expired CRL of the websites.
• D. Use antispyware software.
• E. Implement email filtering techniques.

Answer: AE

NEW QUESTION 11
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

• A. computer identity
• B. Windows service
• C. user identity
• D. Windows firewall
• E. default browser

Answer: BC

NEW QUESTION 12
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

• A. user input validation in a web page or web application
• B. Linux and Windows operating systems
• C. database
• D. web page images

Answer: C

Explanation:
Reference: https://tools.cisco.com/security/center/resources/sql_injection

NEW QUESTION 13
Which two capabilities does TAXII support? (Choose two.)

• A. exchange
• B. pull messaging
• C. binding
• D. correlation
• E. mitigating

Answer: BC

NEW QUESTION 14
Which deployment model is the most secure when considering risks to cloud adoption?

• A. public cloud
• B. hybrid cloud
• C. community cloud
• D. private cloud

Answer: D

NEW QUESTION 15
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

• A. put
• B. options
• C. get
• D. push
• E. connect

Answer: AC

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html

NEW QUESTION 16
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

• A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
• B. Cisco FTDv with one management interface and two traffic interfaces configured
• C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
• D. Cisco FTDv with two management interfaces and one traffic interface configured
• E. Cisco FTDv configured in routed mode and IPv6 configured

Answer: AC

Explanation:
Reference: https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/white-paper-c11-740505.html

NEW QUESTION 17
How does Cisco Stealthwatch Cloud provide security for cloud environments?

• A. It delivers visibility and threat detection.
• B. It prevents exfiltration of sensitive data.
• C. It assigns Internet-based DNS protection for clients and servers.
• D. It facilitates secure connectivity between public and private networks.

Answer: A

Explanation:
https://www.content.shi.com/SHIcom/ContentAttachmentImages/SharedResources/FBLP/Cisco/Cisco-091919-Simple-IT-Whitepaper.pdf

NEW QUESTION 18
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

• A. authentication server: Cisco Identity Service Engine
• B. supplicant: Cisco AnyConnect ISE Posture module
• C. authenticator: Cisco Catalyst switch
• D. authenticator: Cisco Identity Services Engine
• E. authentication server: Cisco Prime Infrastructure

Answer: AC

Explanation:
Reference: https://www.lookingpoint.com/blog/ise-series-802.1x

NEW QUESTION 19
Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

• A. PaaS
• B. XaaS
• C. IaaS
• D. SaaS

Answer: A

NEW QUESTION 20
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

• A. NGFW
• B. AMP
• C. WSA
• D. ESA

Answer: B

NEW QUESTION 21
......