لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?
A. rovision the email appliance
B. eploy an encryption appliance
C. ap sender !P addresses to a host interface
D. nable flagged message handling
عرض الإجابة
اجابة صحيحة: D
السؤال #2
Which type of API is being used when a security application notifies a controller within a software- defined network architecture about a specific security threat?
A. estbound AP
B. outhbound API
C. orthbound API
D. astbound API
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Refer to the exhibit.What does the number 15 represent in this configuration?
A. rivilege level for an authorized user to this router
B. ccess list that identifies the SNMP devices that can access the router
C. nterval in seconds between SNMPv3 authentication attempts
D. umber of possible failed attempts until the SNMPv3 user is locked out
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?
A. estbound AP
B. outhbound API
C. orthbound API
D. astbound API
عرض الإجابة
اجابة صحيحة: B
السؤال #5
A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower.What must be configured to accomplish this?
A. Network Discovery policy to receive data from the host
B. Threat Intelligence policy to download the data from the host
C. File Analysis policy to send file data into Cisco Firepower
D. Network Analysis policy to receive NetFlow data from the host
عرض الإجابة
اجابة صحيحة: A
السؤال #6
How is data sent out to the attacker during a DNS tunneling attack?
A. s part of the UDP/53 packet payload
B. s part of the domain name
C. s part of the TCP/53 packet header
D. s part of the DNS response packet
عرض الإجابة
اجابة صحيحة: A
السؤال #7
In an IaaS cloud services model, which security function is the provider responsible for managing?
A. nternet proxy
B. irewalling virtual machines
C. ASB
D. ypervisor OS hardening
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Which attribute has the ability to change during the RADIUS CoA?
A. TP
B. uthorization
C. ccessibility
D. embership
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
A. t allows traffic if it does not meet the profile
B. t defines a traffic baseline for traffic anomaly deduction
C. t inspects hosts that meet the profile with more intrusion rules
D. t blocks traffic if it does not meet the profile
عرض الإجابة
اجابة صحيحة: B
السؤال #10
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)
A. authentication server: Cisco Identity Service Engine
B. supplicant: Cisco AnyConnect ISE Posture module
C. authenticator: Cisco Catalyst switch
D. authenticator: Cisco Identity Services Engine
E. authentication server: Cisco Prime Infrastructure
عرض الإجابة
اجابة صحيحة: AC
السؤال #11
An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default.Which technology must be used to implement these requirements?
A. irtual routing and forwarding
B. icrosegmentation
C. ccess control policy
D. irtual LAN
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Which functions of an SDN architecture require southbound APIs to enable communication?
A. DN controller and the network elements
B. anagement console and the SDN controller
C. anagement console and the cloud
D. DN controller and the cloud
عرض الإجابة
اجابة صحيحة: A
السؤال #13
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
A. se security services to configure the traffic monitor,
B. se URL categorization to prevent the application traffic
C. se an access policy group to configure application control settings
D. se web security reporting to validate engine functionality
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Which technology reduces data loss by identifying sensitive information stored in public computing environments?
A. ublic Cloud
B. ybrid Cloud
C. ommunity Cloud
D. rivate Cloud
عرض الإجابة
اجابة صحيحة: D
السؤال #15
DRAG DROP (Drag and Drop is not supported)Drag and drop the common security threats from the left onto the definitions on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Refer to the exhibit.What does this Python script accomplish?
A. t allows authentication with TLSv1 SSL protocol
B. t authenticates to a Cisco ISE with an SSH connection
C. t authenticates to a Cisco ISE server using the username of ersad
D. t lists the LDAP users from the external identity store configured on Cisco ISE
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Which IPS engine detects ARP spoofing?
A. tomic ARP Engine
B. ervice Generic Engine
C. RP Inspection Engine
D. IC Engine
عرض الإجابة
اجابة صحيحة: A
السؤال #18
What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?
A. isco Cloudlock
B. isco Umbrella
C. isco AMP
D. isco App Dynamics
عرض الإجابة
اجابة صحيحة: A
السؤال #19
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
A. authenticates the IKEv2 peers in the 172
B. authenticates the IP address of the 172
C. authenticates the IKEv1 peers in the 172
D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
عرض الإجابة
اجابة صحيحة: B
السؤال #20
07. Cisco AMP for Endpoints has connectors for which of the following operating systems?
A. indow
B. acOS
C. ndroid
D. lloftheseanswersarecorrec
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Which attack is commonly associated with C and C++ programming languages?
A. ross-site scripting
B. ater holing
C. DoS
D. uffer overflow
عرض الإجابة
اجابة صحيحة: D
السؤال #22
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on host
A. he tunnel is not being established to hostB
B. hange isakmp to ikev2 in the command on hostA
C. nter the command with a different password on hostB
D. nter the same command on hostB
E. hange the password on hostA to the default password
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?
A. show authentication registrations
B. show authentication method
C. show dot1x all
D. show authentication sessions
عرض الإجابة
اجابة صحيحة: D
السؤال #24
Which algorithm provides asymmetric encryption?
A. C4
B. ES
C. SA
D. DES
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?
A. onfigure an advanced custom detection list
B. onfigure an IP Block & Allow custom detection list
C. onfigure an application custom detection list
D. onfigure a simple custom detection list
عرض الإجابة
اجابة صحيحة: A
السؤال #26
An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications.Which vulnerability allows the attacker to see the passwords being transmitted in clear text?
A. eak passwords for authentication
B. nencrypted links for traffic
C. oftware bugs on applications
D. mproper file security
عرض الإجابة
اجابة صحيحة: B
السؤال #27
How does Cisco Advanced Phishing Protection protect users?
A. t validates the sender by using DKIM
B. t determines which identities are perceived by the sender
C. t utilizes sensors that send messages securely
D. t uses machine learning and real-time behavior analytics
عرض الإجابة
اجابة صحيحة: B
السؤال #28
What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?
A. TIX
B. MPP
C. xGrid
D. MTP
عرض الإجابة
اجابة صحيحة: A
السؤال #29
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic.Which action will accomplish this task?
A. et content settings to High
B. onfigure the intelligent proxy
C. se destination block lists
D. onfigure application block lists
عرض الإجابة
اجابة صحيحة: B
السؤال #30
What is a characteristic of a bridge group in ASA Firewall transparent mode?
A. t includes multiple interfaces and access rules between interfaces are customizable
B. t is a Layer 3 segment and includes one port and customizable access rules
C. t allows ARP traffic with a single access rule
D. t has an IP address on its BVI interface and is used for management traffic
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which Cisco AMP file disposition valid?
A. pero analysis
B. ynamic analysis
C. andbox analysis
D. alware analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #32
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?
A. SIRT
B. alos
C. SIRT
D. EVNET
عرض الإجابة
اجابة صحيحة: B
السؤال #33
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.Which CoA type achieves this goal?
A. ort Bounce
B. oA Terminate
C. oA Reauth
D. oA Session Query
عرض الإجابة
اجابة صحيحة: C
السؤال #34
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients.What must be done on the Cisco ESA to accomplish this goal?
A. onfigure incoming content filters
B. se Bounce Verification
C. onfigure Directory Harvest Attack Prevention
D. ypass LDAP access queries in the recipient access table
عرض الإجابة
اجابة صحيحة: C
السؤال #35
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A. pplication settings
B. ontent categories
C. ecurity settings
D. estination lists
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Which type of attack is social engineering?
A. rojan
B. hishing
C. alware
D. ITM
عرض الإجابة
اجابة صحيحة: B
السؤال #37
A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?
A. DMVPN because it uses multiple SAs and FlexVPN does not
B. DMVPN because it supports IKEv2 and FlexVPN does not
C. FlexVPN because it supports IKEv2 and DMVPN does not
D. FlexVPN because it uses multiple SAs and DMVPN does not
عرض الإجابة
اجابة صحيحة: D
السؤال #38
Refer to the exhibit.A network administrator configures command authorization for the admin5 user.What is the admin5user able to do on HQ_Router after this configuration?
A. nmp-server host inside 10
B. nmp-server host inside 10
C. nmp-server host inside 10
D. nmp-server host inside 10
عرض الإجابة
اجابة صحيحة: B
السؤال #39
Refer to the exhibit.How does Cisco Umbrella manage traffic that is directed toward risky domains?
A. raffic is proximed through the intelligent proxy
B. raffic is managed by the security settings and blocked
C. raffic is managed by the application settings, unhandled and allowed
D. raffic is allowed but logged
عرض الإجابة
اجابة صحيحة: B
السؤال #40
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
A. PP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses
B. DR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses
C. PP focuses on network security, and EDR focuses on device security
D. DR focuses on network security, and EPP focuses on device security
عرض الإجابة
اجابة صحيحة: AD
السؤال #41
Which type of DNS abuse exchanges data between two computers even when there is no direct connection?
A. alware installation
B. ommand-and-control communication
C. etwork footprinting
D. ata exfiltration
عرض الإجابة
اجابة صحيحة: D
السؤال #42
An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower.Which feature should be used to accomplish this?
A. etFlow
B. acket Tracer
C. etwork Discovery
D. ccess Control
عرض الإجابة
اجابة صحيحة: A
السؤال #43
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?
A. YOD on boarding
B. imple Certificate Enrollment Protocol
C. lient provisioning
D. AC authentication bypass
عرض الإجابة
اجابة صحيحة: A
السؤال #44
04. What are two Detection and Analytics Engines of Cognitive Threat Analytics?
A. ataexfiltrati
B. ommandandcontrolcommunicati
C. ntelligentproxy
D.
عرض الإجابة
اجابة صحيحة: AB
السؤال #45
Refer to the exhibit.What will occur when this device tries to connect to the port?
A. 02
B. 02
C. 02 1X will work and the device will be allowed on the network
D. 02 1X and MAB will both be used and ISE can use policy to determine the access level
عرض الإجابة
اجابة صحيحة: B
السؤال #46
Which DoS attack uses fragmented packets in an attempt to crash a target machine?
A. eardrop
B. murf
C. AND
D. YN flood
عرض الإجابة
اجابة صحيحة: A
السؤال #47
What provides visibility and awareness into what is currently occurring on the network?
A. MX
B. MI
C. rime Infrastructure
D. elemetry
عرض الإجابة
اجابة صحيحة: D
السؤال #48
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?(Choose two)
A. t decrypts HTTPS application traffic for unauthenticated users
B. t alerts users when the WSA decrypts their traffic
C. t decrypts HTTPS application traffic for authenticated users
D. t provides enhanced HTTPS application detection for AsyncOS
عرض الإجابة
اجابة صحيحة: AD
السؤال #49
What is the role of an endpoint in protecting a user from a phishing attack?
A. se Cisco Stealthwatch and Cisco ISE Integration
B. tilize 802
C. se machine learning models to help identify anomalies and determine expected sending behavior
D. nsure that antivirus and anti malware software is up to date
عرض الإجابة
اجابة صحيحة: C
السؤال #50
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A. rl
B. erminal
C. rofile
D. elfsigned
عرض الإجابة
اجابة صحيحة: C
السؤال #51
Which two protocols must be configured to authenticate end users to the Cisco WSA? (Choose two.)
A. ACACS+
B. HAP
C. TLMSSP
D. ADIUS
E. erberos
عرض الإجابة
اجابة صحيحة: AD
السؤال #52
An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over to Cisco FTDs.Which solution meets the needs of the organization?
A. isco FMC
B. SM
C. isco FDM
D. DO
عرض الإجابة
اجابة صحيحة: B
السؤال #53
Refer to the exhibit.Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?
A. how authentication registrations
B. how authentication method
C. how dot1x all
D. how authentication sessions
عرض الإجابة
اجابة صحيحة: D
السؤال #54
An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices.What should be done to ensure that all subdomains of domain.com are blocked?
A. onfigure the *
B. onfigure the *
C. onfigure the *
D. onfigure the domain
عرض الإجابة
اجابة صحيحة: C
السؤال #55
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
A. ith an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it
B. ith a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product
C. ith an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product
D. ith an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it
عرض الإجابة
اجابة صحيحة: D
السؤال #56
An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance.Which product should be used to meet these requirements?
A. isco Umbrella
B. isco AMP
C. isco Stealthwatch
D. isco Tetration
عرض الإجابة
اجابة صحيحة: D
السؤال #57
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
A. uthenticates the IKEv2 peers in the 172
B. uthenticates the IP address of the 172
C. uthenticates the IKEv1 peers in the 172
D. ecures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
عرض الإجابة
اجابة صحيحة: C
السؤال #58
Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?
A. onfigure system add
B. onfigure manager add host
C. onfigure manager delete
D. onfigure manager add
عرض الإجابة
اجابة صحيحة: D
السؤال #59
An organization has two systems in their DMZ that have an unencrypted link between them for communication.The organization does not have a defined password policy and uses several default accounts on the systems.The application used on those systems also have not gone through stringent code reviews.Which vulnerability would help an attacker brute force their way into the systems?
A. eak passwords
B. ack of input validation
C. issing encryption
D. ack of file permission
عرض الإجابة
اجابة صحيحة: C
السؤال #60
DRAG DROP (Drag and Drop is not supported)Drag and drop the descriptions from the left onto the encryption algorithms on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #61
Refer to the exhibit.What will happen when this Python script is run?
A. he compromised computers and malware trajectories will be received from Cisco AMP
B. he list of computers and their current vulnerabilities will be received from Cisco AMP
C. he compromised computers and what compromised them will be received from Cisco AMP
D. he list of computers, policies, and connector statuses will be received from Cisco AMP
عرض الإجابة
اجابة صحيحة: D
السؤال #62
03. In which type of Cisco WSA deployment mode is the client configured to use the web proxy?
A. ransparentmode
B. xplicitforwardmode
C. CCPmode
D. oneoftheseanswersiscorrec
عرض الإجابة
اجابة صحيحة: B
السؤال #63
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
A. t allows the administrator to quarantine malicious files so that the application can function, just not maliciously
B. t discovers and controls cloud apps that are connected to a company's corporate environment
C. t deletes any application that does not belong in the network
D. t sends the application information to an administrator to act on
عرض الإجابة
اجابة صحيحة: B
السؤال #64
What is a difference between FlexVPN and DMVPN?
A. MVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1
B. MVPN uses only IKEv1 FlexVPN uses only IKEv2
C. lexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2
D. lexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2
عرض الإجابة
اجابة صحيحة: C
السؤال #65
Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?
A. o issue and revoke digital certificates
B. o validate the authenticity of a digital certificate
C. o create the private key for a digital certificate
D. o certify the ownership of a public key by the named subject
عرض الإجابة
اجابة صحيحة: B
السؤال #66
An MDM provides which two advantages to an organization with regards to device management? (Choose two)
A. GFW
B. MP
C. SA
D. SA
عرض الإجابة
اجابة صحيحة: AB
السؤال #67
Refer to the exhibit.Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance.What is causing this issue?
A. o split-tunnel policy is defined on the Firepower Threat Defense appliance
B. he access control policy is not allowing VPN traffic in
C. ite-to-site VPN peers are using different encryption algorithms
D. ite-to-site VPN preshared keys are mismatched
عرض الإجابة
اجابة صحيحة: A
السؤال #68
What is the difference between Cross-site Scripting and SQL Injection, attacks?
A. daptive Network Control Policy List
B. ontext Visibility
C. ccounting Reports
D. ADIUS Live Logs
عرض الإجابة
اجابة صحيحة: A
السؤال #69
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
A. t tracks flow-create, flow-teardown, and flow-denied events
B. t provides stateless IP flow tracking that exports all records of a specific flow
C. t tracks the flow continuously and provides updates every 10 seconds
D. ts events match all traffic classes in parallel
عرض الإجابة
اجابة صحيحة: A
السؤال #70
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)
A. outed mode
B. ransparent mode
C. ultiple context mode
D. ultiple zone mode
عرض الإجابة
اجابة صحيحة: CE
السؤال #71
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users,data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity platform.What should be used to meet these requirements?
A. isco Umbrella
B. isco Cloud Email Security
C. isco NGFW
D. isco Cloudlock
عرض الإجابة
اجابة صحيحة: D
السؤال #72
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.How does the switch behave in this situation?
A. t forwards the packet after validation by using the MAC Binding Table
B. t drops the packet after validation by using the IP & MAC Binding Table
C. t forwards the packet without validation
D. t drops the packet without validation
عرض الإجابة
اجابة صحيحة: B
السؤال #73
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
A. murf
B. ITM
C. eardrop
D. AND
عرض الإجابة
اجابة صحيحة: B
السؤال #74
Refer to the exhibit.What will happen when the Python script is executed?
A. he hostname will be translated to an IP address and printed
B. he hostname will be printed for the client in the client ID field
C. he script will pull all computer hostnames and print them
D. he script will translate the IP address to FODN and print it
عرض الإجابة
اجابة صحيحة: C
السؤال #75
What Cisco command shows you the status of an 802.1X connection on interface gi0/1?
A. how authorization status
B. how authen sess int gi0/1
C. how connection status gi0/1
D. how ver gi0/1
عرض الإجابة
اجابة صحيحة: B
السؤال #76
Refer to the exhibit.Which type of authentication is in use?
A. DAP authentication for Microsoft Outlook
B. OP3 authentication
C. MTP relay server authentication
D. xternal user and relay mail authentication
عرض الإجابة
اجابة صحيحة: A
السؤال #77
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows.What action would allow the attacker to gain access to machine 1 but not machine 2?
A. niffing the packets between the two hosts
B. ending continuous pings
C. verflowing the buffer's memory
D. nserting malicious commands into the database
عرض الإجابة
اجابة صحيحة: D
السؤال #78
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)
A. P Blacklist Center
B. ile Reputation Center
C. MP Reputation Center
D. P and Domain Reputation Center
عرض الإجابة
اجابة صحيحة: DE
السؤال #79
What must be used to share data between multiple security products?
A. dvanced Malware Protection
B. latform Exchange Grid
C. ultifactor Platform Integration
D. irepower Threat Defense
عرض الإجابة
اجابة صحيحة: B
السؤال #80
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
A. uality of service
B. ime synchronization
C. etwork address translations
D. ntrusion policy
عرض الإجابة
اجابة صحيحة: BC
السؤال #81
Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?
A. ybrid
B. ommunity
C. rivate
D. ublic
عرض الإجابة
اجابة صحيحة: B
السؤال #82
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A. ser input validation in a web page or web application
B. inux and Windows operating systems
C. atabase
D. eb page images
عرض الإجابة
اجابة صحيحة: A
السؤال #83
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. ransparent
B. edirection
C. orward
D. roxy gateway
عرض الإجابة
اجابة صحيحة: A
السؤال #84
Which parameter is required when configuring a Netflow exporter on a Cisco Router?
A. SCP value
B. ource interface
C. xporter name
D. xporter description
عرض الإجابة
اجابة صحيحة: C
السؤال #85
DRAG DROP (Drag and Drop is not supported)Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #86
An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics Which two actions must be taken to implement this requirement? (Choose two.)
A. t defines what data is going to be encrypted via the VPN
B. t configures the pre-shared authentication key
C. t prevents all IP addresses from connecting to the VPN server
D. t configures the local address for the VPN server
عرض الإجابة
اجابة صحيحة: BE
السؤال #87
Which feature is supported when deploying Cisco ASAv within AWS public cloud?
A. ultiple context mode
B. ser deployment of Layer 3 networks
C. Pv6
D. lustering
عرض الإجابة
اجابة صحيحة: B
السؤال #88
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so.Which command is required to enable the client to accept the server's authentication key?
A. tp peer 1
B. tp server 1
C. tp server 1
D. tp peer 1
عرض الإجابة
اجابة صحيحة: B
السؤال #89
What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?
A. elemetry uses a pull mehod, which makes it more reliable than SNMP
B. elemetry uses push and pull, which makes it more scalable than SNMP
C. elemetry uses push and pull which makes it more secure than SNMP
D. elemetry uses a push method which makes it faster than SNMP
عرض الإجابة
اجابة صحيحة: D
السؤال #90
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?(Choose two)
A. ompliant
B. nknown
C. uthorized
D. oncompliant
عرض الإجابة
اجابة صحيحة: BD
السؤال #91
Why is it important to implement MFA inside of an organization?
A. o prevent man-the-middle attacks from being successful
B. o prevent DoS attacks from being successful
C. o prevent brute force attacks from being successful
D. o prevent phishing attacks from being successful
عرض الإجابة
اجابة صحيحة: C
السؤال #92
Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?
A. KEv1
B. H
C. SP
D. KEv2
عرض الإجابة
اجابة صحيحة: C
السؤال #93
Which two behavioral patterns characterize a ping of death attack? (Choose two.)
A. he attack is fragmented into groups of 16 octets before transmission
B. he attack is fragmented into groups of 8 octets before transmission
C. hort synchronized bursts of traffic are used to disrupt TCP connections
D. alformed packets are used to crash systems
E. ublicly accessible DNS servers are typically used to execute the attack
عرض الإجابة
اجابة صحيحة: BD
السؤال #94
Under which two circumstances is a CoA issued? (Choose two)
A. et the IP address of an interface
B. omplete no configurations
C. omplete all configurations
D. dd subinterfaces
عرض الإجابة
اجابة صحيحة: BD
السؤال #95
Which command enables 802.1X globally on a Cisco switch?
A.
B.
C.
D. 1
عرض الإجابة
اجابة صحيحة: A
السؤال #96
Which two key and block sizes are valid for AES? (Choose two)
A. ES-GCM
B. HA-96
C. ES-256
D. HA-384
عرض الإجابة
اجابة صحيحة: CD
السؤال #97
An organization wants to secure users, data, and applications in the cloud. The solution must be API- based and operate as a cloud-native CASB.Which solution must be used for this implementation?
A. isco Cloudlock
B. isco Cloud Email Security
C. isco Firepower Next-Generation Firewall
D. isco Umbrella
عرض الإجابة
اجابة صحيحة: A
السؤال #98
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.However, the connection is failing.Which action should be taken to accomplish this goal?
A. isable telnet using the no ip telnet command
B. nable the SSH server using the ip ssh server command
C. onfigure the port using the ip ssh port 22 command
D. enerate the RSA key using the crypto key generate rsa command
عرض الإجابة
اجابة صحيحة: D
السؤال #99
05. You are hired to configure a site-to-site VPN between a Cisco FTD device and a Cisco IOS-XE router. Which of the following encryption and hashing protocols will you select for optimal security?
A. ES-192,SHA,Diffie-HellmanGroup21
B. DEA,SHA,Diffie-HellmanGroup2
C. ES-192,SHA,Diffie-HellmanGroup5
D. ES-256,SHA,Diffie-HellmanGroup21
عرض الإجابة
اجابة صحيحة: A
السؤال #100
09. The Cisco ESA acts as a mail transfer agent. The Cisco ESA is the destination of which public records?
A. A
B. X
C. -NAME
D. lloftheseanswersarecorrec
عرض الإجابة
اجابة صحيحة: B
السؤال #101
Which risk is created when using an Internet browser to access cloud-based service?
A. isconfiguration of infrastructure, which allows unauthorized access
B. ntermittent connection to the cloud connectors
C. ulnerabilities within protocol
D. nsecure implementation of API
عرض الإجابة
اجابة صحيحة: D
السؤال #102
DRAG DROP (Drag and Drop is not supported)Drag and drop the VPN functions from the left onto the description on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #103
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the "Chat and Instant Messaging" category.Which reputation score should be selected to accomplish this goal?
A.
B.
C.
D. 0
عرض الإجابة
اجابة صحيحة: D
السؤال #104
What is a difference between an XSS attack and an SQL injection attack?
A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attack can exist in many different types of applications
B. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them
C. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications
D. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them
عرض الإجابة
اجابة صحيحة: D
السؤال #105
What is the difference between a vulnerability and an exploit?
A. A vulnerability is a weakness that can be exploited by an attacker
B. A vulnerability is a hypothetical event for an attacker to exploit
C. An exploit is a hypothetical event that causes a vulnerability in the network
D. An exploit is a weakness that can cause a vulnerability in the network
عرض الإجابة
اجابة صحيحة: A
السؤال #106
Which Dos attack uses fragmented packets to crash a target machine?
A. o prevent theft of the endpoints
B. ecause defense-in-depth stops at the network
C. o expose the endpoint to more threats
D. ecause human error or insider threats will still exist
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.