Topic 3: Exam Pool C
Which two parameters are used to prevent a data breach in the cloud? (Choose two.)
A.
DLP solutions
B.
strong user authentication
C.
encryption
D.
complex cloud-based web proxies
E.
antispoofing programs
DLP solutions
strong user authentication
Which technology is used to improve web traffic performance by proxy caching?
A.
WSA
B.
Firepower
C.
FireSIGHT
D.
ASA
WSA
Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and
test unknown sites for hidden advanced threats before allowing users to click them?
A.
Cisco Identity Services Engine
B.
Cisco Enterprise Security Appliance
C.
Cisco Web Security Appliance
D.
Cisco Advanced Stealthwatch Appliance
Cisco Web Security Appliance
What is the benefit of integrating Cisco ISE with a MDM solution?
A.
It provides compliance checks for access to the network
B.
It provides the ability to update other applications on the mobile device
C.
It provides the ability to add applications to the mobile device through Cisco ISE
D.
It provides network device administration access
It provides compliance checks for access to the network
Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)
A.
transparent mode
B.
routed mode
C.
inline mode
D.
active mode
E.
passive monitor-only mode
inline mode
active mode
https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/asdm72/firewall/asafirewall-asdm/modules-sfr.html
An engineer is adding a Cisco router to an existing environment. NTP authentication is
configured on all devices in the environment with the command ntp authentication-key 1
md5 Clsc427128380. There are two routers on the network that are configured as NTP
servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as
the authoritative time source. What command must be configured on the new router to use
192.168.1.110 as its primary time source without the new router attempting to offer time to
existing devices?
A.
ntp server 192.168.1.110 primary key 1
B.
ntp peer 192.168.1.110 prefer key 1
C.
ntp server 192.168.1.110 key 1 prefer
D.
ntp peer 192.168.1.110 key 1 primary
ntp server 192.168.1.110 primary key 1
Which type of data does the Cisco Stealthwatch system collect and analyze from routers, switches, and firewalls?
A.
NTP
B.
syslog
C.
SNMP
D.
NetFlow
NetFlow
What is a characteristic of Dynamic ARP Inspection?
A.
DAI determines the validity of an ARP packet based on valid IP to MAC address
bindings from the DHCP snooping binding database.
B.
In a typical network, make all ports as trusted except for the ports connecting to
switches, which are untrusted
C.
DAI associates a trust state with each switch.
D.
DAI intercepts all ARP requests and responses on trusted ports only.
DAI determines the validity of an ARP packet based on valid IP to MAC address
bindings from the DHCP snooping binding database.
Which two solutions help combat social engineering and phishing at the endpoint level?
(Choose two.)
A.
Cisco Umbrella
B.
Cisco ISE
C.
Cisco DNA Center
D.
Cisco TrustSec
E.
Cisco Duo Security
Cisco Umbrella
Cisco Duo Security
Which portion of the network do EPP solutions solely focus on and EDR solutions do not?
A.
server farm
B.
perimeter
C.
core
D.
East-West gateways
perimeter
Which two Cisco ISE components must be configured for BYOD? (Choose two.)
A.
local WebAuth
B.
central WebAuth
C.
null WebAuth
D.
guest
E.
dual
central WebAuth
guest
An engineer needs to add protection for data in transit and have headers in the email
message Which configuration is needed to accomplish this goal?
A.
Provision the email appliance
B.
Deploy an encryption appliance
C.
Map sender !P addresses to a host interface
D.
Enable flagged message handling
Enable flagged message handling
| Page 25 out of 53 Pages |
| Previous |