Topic 1: Exam Pool A
Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?
A.
Cisco Stealthwatch
B.
Cisco Umbrella
C.
Cisco Firepower
D.
NGIPS
Cisco Umbrella
Cisco Umbrella protects users from accessing malicious
domains by proactively analyzing and blocking unsafe destinations – before a connection is ever made. Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent. Cisco Umbrella roaming protects your employees even when they are off the VPN.
An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router.
The organization
needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from
the IP address of
172.19.20.24. Which command on the hub will allow the administrator to accomplish this?
A.
crypto ca identity 172.19.20.24
B.
crypto isakmp key Cisco0123456789 172.19.20.24
C.
crypto enrollment peer address 172.19.20.24
D.
crypto isakmp identity address 172.19.20.24
crypto isakmp key Cisco0123456789 172.19.20.24
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-crbook/
sec-crc4.html#wp3880782430The command “crypto enrollment peer address” is not
valid either.The command “crypto ca identity …” is only used to declare a trusted CA for the
router and puts you in the caidentity configuration mode. Also it should be followed by a
name, not an IP address. For example: “crypto caidentity CA-Server” -> Answer A is not
correct.Only answer B is the best choice left.
Which ASA deployment mode can provide separation of management on a shared
appliance?
A.
DMZ multiple zone mode
B.
transparent firewall mode
C.
multiple context mode
D.
routed mode
multiple context mode
Which two protocols must be configured to authenticate end users to the Web Security
Appliance? (Choose two.)
A.
NTLMSSP
B.
Kerberos
C.
CHAP
D.
TACACS+
E.
RADIUS
NTLMSSP
Kerberos
What must be enabled to secure SaaS-based applications?
A.
modular policy framework
B.
two-factor authentication
C.
application security gateway
D.
end-to-end encryption
application security gateway
An organization has DHCP servers set up to allocate IP addresses to clients on the LAN.
What must be
done to ensure the LAN switches prevent malicious DHCP traffic while also distributing IP
addresses to
the correct endpoints?
A.
Configure Dynamic ARP Inspection and add entries in the DHCP snooping database
B.
Configure DHCP snooping and set an untrusted interface for all clients
C.
Configure Dynamic ARP Inspection and antispoofing ACLs in the DHCP snooping
database
D.
Configure DHCP snooping and set a trusted interface for the DHCP server
Configure DHCP snooping and set a trusted interface for the DHCP server
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A.
user input validation in a web page or web application
B.
Linux and Windows operating systems
C.
database
D.
web page images
user input validation in a web page or web application
ExplanationSQL injection usually occurs when you ask a user for input, like
their username/userid, but the user gives(“injects”) you an SQL statement that you will unknowingly run on your database. For example:Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to a selectstring. The variable is fetched from user input (getRequestString):txtUserId = getRequestString(“UserId”);txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;If user enter something like this: “100 OR 1=1” then the SzQL statement will look like this:SELECT * FROM Users WHERE UserId = 100 OR 1=1;The SQL above is valid
and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE. Ahacker might get access to all the user names and passwords in this database
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?
A.
Implement pre-filter policies for the CIP preprocessor
B.
Enable traffic analysis in the Cisco FTD
C.
Configure intrusion rules for the DNP3 preprocessor
D.
Modify the access control policy to trust the industrial traffic
Configure intrusion rules for the DNP3 preprocessor
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmcconfigguide-
v63/scada_preprocessors.htmlBoth DNP3 and CIP preprocessors can be used
to detect traffic anomalies but we choose CIP as it is widely used in industrial
applications.Note:+ An intrusion rule is a specified set of keywords and arguments that the
system uses to detect attempts to exploit vulnerabilities in your network. As the system
analyzes network traffic, it compares packets against the conditions specified in each rule,
and triggers the rule if the data packet meets all the conditions specified in the rule. +
Preprocessor rules, which are rules associated with preprocessors and packet decoder
detection options in the network analysis policy. Most preprocessor rules are disabled by
default.
Which baseline form of telemetry is recommended for network infrastructure devices?
A.
SDNS
B.
NetFlow
C.
passive taps
D.
SNMP
SNMP
When a transparent authentication fails on the Web Security Appliance, which type of
access does the end user get?
A.
guest
B.
limited Internet
C.
blocked
D.
full Internet
blocked
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.
However, the connection is failing. Which action should be taken to accomplish this goal?
A.
Disable telnet using the no ip telnet command.
B.
Enable the SSH server using the ip ssh server command.
C.
Configure the port using the ip ssh port 22 command.
D.
Generate the RSA key using the crypto key generate rsa command.
Generate the RSA key using the crypto key generate rsa command.
In this question, the engineer was trying to secure
the connection so maybe he was trying to allow SSH to the device. But maybe something went wrong so the connection was failing (the connection used to be good). So maybe he was missing the “crypto key generate rsa” command.
How does a cloud access security broker function?
A.
It is an authentication broker to enable single sign-on and multi-factor authentication for
a cloud solution
B.
lt integrates with other cloud solutions via APIs and monitors and creates incidents
based on events from the cloud solution
C.
It acts as a security information and event management solution and receives syslog
from other cloud solutions
D.
It scans other cloud solutions being used within the network and identifies vulnerabilities
lt integrates with other cloud solutions via APIs and monitors and creates incidents
based on events from the cloud solution
| Page 23 out of 53 Pages |
| Previous |