What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
Cisco Umbrella External Threat Feeds Cisco Threat Grid Cisco Stealthwatch.
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device? aaa server radius dynamic-author auth-type all aaa-new model ip device-tracking.
What is a characteristic of Firepower NGIPS inline deployment mode? ASA with Firepower module cannot be deployed It cannot take actions such as blocking traffic It is out-of-band from traffic It must have inline interface pairs configured.
A mall provides security services to customers with a shared appliance. The mall wants a separation of management on the shared appliance.
Which ASA deployment mode meets these needs?
routed mode multiple zone mode multiple context mode transparent mode.
What is managed by Cisco Security Manager? Cisco WLC Cisco ESA Cisco WSA Cisco ASA.
An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network.
Which product should be used to accomplish this goal?
Cisco Firepower Cisco Umbrella Cisco ISE Cisco AMP.
An engineer notices traffic interruptions on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network.
What must be configured, based on a predefined threshold, to address this issue?
Storm Control embedded event monitoring access control lists Bridge Protocol Data Unit guard.
What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs? Multiple NetFlow collectors are supported. Advanced NetFlow v9 templates and legacy v5 formatting are supported. Secure NetFlow connectors are optimized for Cisco Prime Infrastructure Flow-create events are delayed.
What is a key difference between Cisco Firepower and Cisco ASA? Cisco Firepower provides identity based access control while Cisco ASA does not. Cisco AS provides access control while Cisco Firepower does not. Cisco ASA provides SSL inspection while Cisco Firepower does not. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.
Select and Place: privilege escalation user login suspcious behaviour interesting file access file access from different user.
What is a benefit of using Cisco FMC over Cisco ASDM? Cisco FMC uses Java while Cisco ASDM uses HTML5. Cisco FMC provides centralized management while Cisco ASDM does not. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices.
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
Threat Intelligence Director Encrypted Traffic Analytics. Cognitive Threat Analytics. Cisco Talos Intelligence.
A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network.
Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)
permit allow reset trust monitor.
What is a characteristic of a bridge group in a Cisco ASA Firewall running in transparent mode? It has an IP address on its BVI interface and is used for management traffic. It allows ARP traffic with a single access rule. It includes multiple interfaces and access rules between interfaces are customizable. It is a Layer 3 segment and includes one port and customizable access rules.
While using Cisco Firepower's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)
IP addresses URLs port numbers protocol IDs MAC addresses.
What features does Cisco FTDv provide over Cisco ASAv? Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not. Cisco FTDv runs on VMware while Cisco ASAv does not. Cisco FTDv runs on AWS while Cisco ASAv does not. Cisco FTDv supports URL filtering while Cisco ASAv does not.
A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?
need to be re-established with stateful failover and preserved with stateless failover preserved with both stateful and stateless failover need to be reestablished with both stateful and stateless failover preserved with stateful failover and need to be reestablished with stateless failover.
Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos? authoring consumption sharing analysis.
An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped.
How would this be accomplished?
Set a trusted interface for the DHCP server. Set the DHCP snooping bit to 1. Enable ARP inspection for the required VLAN. Add entries in the DHCP snooping database.
What is a prerequisite when integrating a Cisco ISE server and an AD domain? Configure a common administrator account. Place the Cisco ISE server and the AD server in the same subnet. Synchronize the clocks of the Cisco ISE server and the AD server. Configure a common DNS server.
When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP address in this command is used for.
What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
The key server that is managing the keys for the connection will be at 1.2.3.4. The address that will be used as the crypto validation authority. All IP addresses other than 1.2.3.4 will be allowed. The remote connection will only be allowed from 1.2.3.4.
A network administrator is configuring SNMPv3 on a new router. The users have already been created, however, an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?
define the encryption algorithm to be used by SNMPv3 set the password to be used for SNMPv3 authentication map SNMPv3 users to SNMP views specify the UDP port used by SNMP.
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
Select and Place: Version 1 Version 5 Version 8 Version 9.
Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?
Method SAML Server AAA Server Group Group Policy.
An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower.
Which feature should be used to accomplish this?
Network Discovery Access Control Packet Tracer NetFlow.
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392481137. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however, is unable to do so.
Which command is required to enable the client to accept the server's authentication key?
ntp server 1.1.1.2 key 1 ntp peer 1.1.1.2 key 1 ntp server 1.1.1.1 key 1 ntp peer 1.1.1.1 key 1.
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.) Enable the snmp-server enable traps command and wait 300 seconds. Use EEM to have the ports return to service automatically in less than 300 seconds Ensure that interfaces are configured with the error-disable detection and recovery feature. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval. Enter the shutdown and no shutdown commands on the interfaces.
Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD uses a registration key of Cisc392481137 and is not behind a NAT device. Which command is needed to enable this on the Cisco FTD? configure manager add <FMC IP address> <registration key> 16 configure manager add DONTRESOLVE <registration key> FTD123 configure manager add <FMC IP address> <registration key> configure manager add DONTRESOLVE <registration key>.
A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower.
What must be configured to accomplish this? a Network Analysis policy to receive NetFlow data from the host a File Analysis policy to send file data into Cisco Firepower a Network Discovery policy to receive data from the host a Threat Intelligence policy to download the data from the host.
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users? file access from a different user user login suspicious behavior privilege escalation interesting file access.
Which attribute has the ability to change during the RADIUS CoA? authorization NTP accessibility membership.
An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not.
What should the administrator do to address this issue?
Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect. Configure the device sensor feature within the switch to send the appropriate protocol information.
An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have an existing Cisco ASA that must migrate over to Cisco FTDs.
Which solution meets the needs of the organization?
Cisco FMC Cisco CDO (Cisco Defense Orchestrator) CSM Cisco FDM.
What is the benefit of using telemetry over SNMP to configure new routers for monitoring purposes? Telemetry uses push and pull, which makes it more secure than SNMP. Telemetry uses push and pull, which makes it more scalable than SNMP. Telemetry uses a push method, which makes it faster than SNMP. Telemetry uses a pull method, which makes it more reliable than SNMP.
ntp authentication-key 10 md5 cisco123
ntp trusted-key 10
Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue? The hashing algorithm that was used was MD5, which is unsupported. The key was configured in plain text. NTP authentication is not enabled. The router was not rebooted after the NTP configuration updated.
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems.
What must be done to meet these requirements?
Enable traffic analysis in the Cisco FTD. Implement pre-filter policies for the CIP preprocessor. Configure intrusion rules for the DNP3 preprocessor. Modify the access control policy to trust the industrial traffic.
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed.
What must be done to ensure that all devices can communicate together?
Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices. Set the sftunnel port to 8305. Manually change the management port on Cisco FMC and all managed Cisco FTD devices. Set the sftunnel to go through the Cisco FTD.
An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this? crypto isakmp identity address 172.19.20.24 crypto ca identity 172.19.20.24 crypto enrollment peer address 172.19.20.24 crypto isakmp key Cisco0123456789 172.19.20.24.
A Cisco FTD engineer is creating a newIKEv2 policy called s2s00123456789 for their organization to allow additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy.
What should be done in order to support this?
Change the encryption to AES* to support all AES algorithms in the primary policy. Make the priority for the primary policy 10 and the new policy 1. Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy. Make the priority for the new policy 5 and the primary policy 1.
What is the functional difference between a Cisco ASA and Cisco IOS router with a Zone-Based Policy Firewall? The Cisco ASA can be configured for high availability, whereas the Cisco IOS router with Zone-Based Policy Firewall cannot. The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot. The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic,
even on untrusted interfaces. The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas Cisco ASA starts out by allowing traffic until
rules are added.
An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealthwatch406143794 command.
Which additional command is required to complete the flow record?
cache timeout active 60 destination 1.1.1.1 match ipv4 ttl transport udp 2055.
An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their accounts when they log into network devices. Which action accomplishes this task? Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE. Modify the current policy with the condition MFA: SourceSequence:DUO=true in the authorization conditions within Cisco ISE. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.
What is the function of the crypto isakmp key cisc406143794 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel? It prevents all IP addresses from connecting to the VPN server. It configures the pre-shared authentication key. It configures the local address for the VPN server. It defines what data is going to be encrypted via the VPN.
An administrator is adding a new switch to the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected.
Why is the ip radius source-interface command needed for this configuration?
Only requests that originate from a configured NAS IP are accepted by a RADIUS server. The RADIUS authentication key is transmitted only from the defined RADIUS source interface. RADIUS requests are generated only by a router if a RADIUS source interface is defined. Encrypted RADIUS authentication requires the RADIUS source interface to be defined.
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true? To view bandwidth usage for NetFlow records, the QoS feature must be enabled. A sysopt command can be used to enable NSEL on a specific interface. NSEL can be used without a collector configured. A flow-export event type must be defined under a policy.
Which feature requires a network discovery policy on the Cisco Firepower NGIPS? security intelligence impact flags health monitoring URL filtering.
Which policy is used to capture host information on the Cisco Firepower NGIPS Next-Generation Intrusion Prevention System? correlation intrusion access control network discovery.
What is a characteristic of traffic storm control behavior? Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. Traffic storm control cannot determine if the packet is unicast or broadcast. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.
Drag and drop the Firepower Next-Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
Select and Place: PortScan Detection Port Sweep Decoy PortScan Distributed PortScan.
aaa new-model
radius-server host 10.0.0.12 key secret12
Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true? The authentication request contains only a password The authentication request contains only a username The authentication and authorization requests are grouped in a single packet. There are separate authentication and authorization request packets.
|
