Topic 1: Exam Pool A
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two)
A.
RADIUS
B.
TACACS+
C.
DHCP
D.
sFlow
E.
SMTP
RADIUS
DHCP
An organization is receiving SPAM emails from a known malicious domain. What must be
configured in order to
prevent the session during the initial TCP communication?
A.
Configure the Cisco ESA to drop the malicious emails
B.
Configure policies to quarantine malicious emails
C.
Configure policies to stop and reject communication
D.
Configure the Cisco ESA to reset the TCP connection
Configure the Cisco ESA to drop the malicious emails
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A.
transparent
B.
redirection
C.
forward
D.
proxy gateway
transparent
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2013/CVDWebSecurityUsingCiscoWSADesignGuide-AUG13.pdf
What is managed by Cisco Security Manager?
A.
access point
B.
WSA
C.
ASA
D.
ESA
ASA
Which type of protection encrypts RSA keys when they are exported and imported?
A.
file
B.
passphrase
C.
NGE
D.
nonexportable
passphrase
Which two fields are defined in the NetFlow flow? (Choose two)
A.
type of service byte
B.
class of service bits
C.
Layer 4 protocol type
D.
destination port
E.
output logical interface
type of service byte
destination port
Cisco standard NetFlow version 5 defines a flow as
a unidirectional sequence of packets that all share seven values which define a unique key
for the flow:+ Ingress interface (SNMP ifIndex)+ Source IP address+ Destination IP
address+ IP protocol+ Source port for UDP or TCP, 0 for other protocols+ Destination port
for UDP or TCP, type and code for ICMP, or 0 for other protocols+ IP Type of ServiceNote:
A flow is a unidirectional series of packets between a given source and destination.
Which type of dashboard does Cisco DNA Center provide for complete control of the
network?
A.
service management
B.
centralized management
C.
application management
D.
distributed management
centralized management
Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systemsmanagement/
dna-center/nb-06- dna-center-faq-cte-en.html
Why is it important to implement MFA inside of an organization?
A.
To prevent man-the-middle attacks from being successful.
B.
To prevent DoS attacks from being successful.
C.
To prevent brute force attacks from being successful
D.
To prevent phishing attacks from being successful.
To prevent brute force attacks from being successful
An organization is implementing URL blocking using Cisco Umbrella. The users are able to
go to some sites
but other sites are not accessible due to an error. Why is the error occurring?
A.
Client computers do not have the Cisco Umbrella Root CA certificate installed
B.
IP-Layer Enforcement is not configured
C.
Client computers do not have an SSL certificate deployed from an internal CA server
D.
Intelligent proxy and SSL decryption is disabled in the policy
Client computers do not have the Cisco Umbrella Root CA certificate installed
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?
A.
3DES
B.
RSA
C.
DES
D.
AES
RSA
Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory,
energy and bandwidth savings and is thus better suited forsmall devices.
An attacker needs to perform reconnaissance on a target system to help gain access to it.
The system has weak passwords, no encryption on the VPN links, and software bugs on
the system’s applications. Which
vulnerability allows the attacker to see the passwords being transmitted in clear text?
A.
weak passwords for authentication
B.
unencrypted links for traffic
C.
software bugs on applications
D.
improper file security
unencrypted links for traffic
Which PKI enrollment method allows the user to separate authentication and enrollment
actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A.
url
B.
terminal
C.
profile
D.
selfsigned
profile
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-keyinfrastructure-
pki/211333-IOSPKI-Deployment-Guide-Initial-Design.html
| Page 17 out of 53 Pages |
| Previous |