Topic 1: Exam Pool A
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
A.
Port
B.
Rule
C.
Source
D.
Protocol
E.
Application
Rule
Source
Which deployment model is the most secure when considering risks to cloud adoption?
A.
Public Cloud
B.
Hybrid Cloud
C.
Community Cloud
D.
Private Cloud
Private Cloud
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
A.
Cisco Security Intelligence
B.
Cisco Application Visibility and Control
C.
Cisco Model Driven Telemetry
D.
Cisco DNA Center
Cisco Application Visibility and Control
https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/avc/guide/avc-userguide/avc_tech_overview.html
Which statement about IOS zone-based firewalls is true?
A.
An unassigned interface can communicate with assigned interfaces
B.
Only one interface can be assigned to a zone.
C.
An interface can be assigned to multiple zones.
D.
An interface can be assigned only to one zone.
An interface can be assigned only to one zone.
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?
A.
health policy
B.
system policy
C.
correlation policy
D.
access control policy
E.
health awareness policy
health policy
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
A.
Configure the datasecurityconfig command
B.
Configure the advancedproxyconfig command with the HTTPS subcommand
C.
Configure a small log-entry size.
D.
Configure a maximum packet size.
Configure the advancedproxyconfig command with the HTTPS subcommand
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
A.
RBAC
B.
ETHOS detection engine
C.
SPERO detection engine
D.
TETRA detection engine
ETHOS detection engine
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?
A.
cloud web services
B.
network AMP
C.
private cloud
D.
public cloud
private cloud
Which two preventive measures are used to control cross-site scripting? (Choose two)
A.
Enable client-side scripts on a per-domain basis.
B.
Incorporate contextual output encoding/escaping.
C.
Disable cookie inspection in the HTML inspection engine.
D.
Run untrusted HTML input through an HTML sanitization engine.
E.
Same Site cookie attribute should not be used.
Enable client-side scripts on a per-domain basis.
Incorporate contextual output encoding/escaping.
Which technology reduces data loss by identifying sensitive information stored in public computing environments?
A.
Cisco SDA
B.
Cisco Firepower
C.
Cisco HyperFlex
D.
Cisco Cloudlock
Cisco Cloudlock
A company is experiencing exfiltration of credit card numbers that are not being stored onpremise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?
A.
Security Manager
B.
Cloudlock
C.
Web Security Appliance
D.
Cisco ISE
Cloudlock
Cisco Cloudlock is a cloud-native cloud access security broker
(CASB) that helps you move to the cloud safely. It protects your cloud users, data, and
apps. Cisco Cloudlock provides visibility and compliance checks, protects data against
misuse and exfiltration, and provides threat protections against malware like ransomware.
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two)
A.
flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
B.
single sign-on access to on-premises and cloud applications
C.
integration with 802.1x security using native Microsoft Windows supplicant
D.
secure access to on-premises and cloud applications
E.
identification and correction of application vulnerabilities before allowing access to
resources
flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
secure access to on-premises and cloud applications
Two-factor authentication adds a second layer of security to
your online accounts. Verifying your identity using asecond factor (like your phone or other
mobile device) prevents anyone but you from logging in, even if theyknow your
password.Note: Single sign-on (SSO) is a property of identity and access management that
enables users to securelyauthenticate with multiple applications and websites by logging in
only once with just one set of credentials(username and password). With SSO, the
application or website that the user is trying to access relies on atrusted third party to verify
that users are who they say they are.
| Page 18 out of 53 Pages |
| Previous |