Question 1

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

Accepted Answer

A)  SDN controller and the cloud 
B)  management console and the SDN controller 
C)  management console and the cloud 
D)  SDN controller and the management solution 
A)  SDN controller and the cloud 
B)  management console and the SDN controller 
C)  management console and the cloud 
D)  SDN controller and the management solution

Question 2

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

Accepted Answer

A)  Cisco Umbrella 
B)  NGIPS 
C)  Cisco Stealthwatch 
D)  Cisco Firepower 
A)  Cisco Umbrella 
B)  NGIPS 
C)  Cisco Stealthwatch 
D)  Cisco Firepower

Question 3

Which two activities can be done using Cisco DNA Center? (Choose two.)

Accepted Answer

A)  DHCP 
B)  design 
C)  accounting 
D)  DNS 
E)  provision 
A)  DHCP 
B)  design 
C)  accounting 
D)  DNS 
E)  provision

Question 4

How does DNS Tunneling exfiltrate data?

Accepted Answer

A)  An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. 
B)  An attacker opens a reverse DNS shell to get into the client's system and install malware on it. 
C)  An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain. 
D)  An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions. 
A)  An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. 
B)  An attacker opens a reverse DNS shell to get into the client's system and install malware on it. 
C)  An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain. 
D)  An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

Question 5

Which two key and block sizes are valid for AES? (Choose two.)

Accepted Answer

A)  64-bit block size, 112-bit key length 
B)  64-bit block size, 168-bit key length 
C)  128-bit block size, 192-bit key length 
D)  128-bit block size, 256-bit key length 
E)  192-bit block size, 256-bit key length 
A)  64-bit block size, 112-bit key length 
B)  64-bit block size, 168-bit key length 
C)  128-bit block size, 192-bit key length 
D)  128-bit block size, 256-bit key length 
E)  192-bit block size, 256-bit key length

Question 6

How is ICMP used an exfiltration technique?

Accepted Answer

A)  by flooding the destination host with unreachable packets 
B)  by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address 
C)  by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host 
D)  by overwhelming a targeted host with ICMP echo-request packets 
A)  by flooding the destination host with unreachable packets 
B)  by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address 
C)  by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host 
D)  by overwhelming a targeted host with ICMP echo-request packets

Question 7

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?

Accepted Answer

A)  device flow correlation 
B)  simple detections 
C)  application blocking list 
D)  advanced custom detections 
A)  device flow correlation 
B)  simple detections 
C)  application blocking list 
D)  advanced custom detections

Question 8

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

Accepted Answer

A)  hypervisor 
B)  virtual machine 
C)  network 
D)  application 
A)  hypervisor 
B)  virtual machine 
C)  network 
D)  application

Question 9

What is the function of the Context Directory Agent?

Accepted Answer

A)  reads the Active Directory logs to map IP addresses to usernames 
B)  relays user authentication requests from Web Security Appliance to Active Directory 
C)  maintains users' group memberships 
D)  accepts user authentication requests on behalf of Web Security Appliance for user identification 
A)  reads the Active Directory logs to map IP addresses to usernames 
B)  relays user authentication requests from Web Security Appliance to Active Directory 
C)  maintains users' group memberships 
D)  accepts user authentication requests on behalf of Web Security Appliance for user identification

Question 10

In which type of attach does the attacker insert their machine between two hosts that are communicating with each other?

Accepted Answer

A)  man-in-the-middle 
B)  LDAP injection 
C)  insecure API 
D)  cross-site scripting 
A)  man-in-the-middle 
B)  LDAP injection 
C)  insecure API 
D)  cross-site scripting

Question 11

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Accepted Answer

A)  Configure a common administrator account. 
B)  Place the Cisco ISE server and the AD server in the same subnet. 
C)  Synchronize the clocks of the Cisco ISE server and the AD server. 
D)  Configure a common DNS server. 
A)  Configure a common administrator account. 
B)  Place the Cisco ISE server and the AD server in the same subnet. 
C)  Synchronize the clocks of the Cisco ISE server and the AD server. 
D)  Configure a common DNS server.

Question 12

Which attack is commonly associated with C and C++ programming languages?

Accepted Answer

A)  cross-site scripting 
B)  water holing 
C)  DDoS 
D)  buffer overflow 
A)  cross-site scripting 
B)  water holing 
C)  DDoS 
D)  buffer overflow

Question 13

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

Accepted Answer

A)  Client computers do not have an SSL certificate deployed from an internal CA server. 
B)  Client computers do not have the Cisco Umbrella Root CA certificate installed. 
C)  IP-Layer Enforcement is not configured. 
D)  Intelligent proxy and SSL decryption is disabled in the policy. 
A)  Client computers do not have an SSL certificate deployed from an internal CA server. 
B)  Client computers do not have the Cisco Umbrella Root CA certificate installed. 
C)  IP-Layer Enforcement is not configured. 
D)  Intelligent proxy and SSL decryption is disabled in the policy.

Question 14

What is the function of SDN southbound API protocols?

Accepted Answer

A)  to allow for the static configuration of control plane applications 
B)  to enable the controller to use REST 
C)  to enable the controller to make changes 
D)  to allow for the dynamic configuration of control plane applications 
A)  to allow for the static configuration of control plane applications 
B)  to enable the controller to use REST 
C)  to enable the controller to make changes 
D)  to allow for the dynamic configuration of control plane applications

Question 15

What is managed by Cisco Security Manager?

Accepted Answer

A)  access point 
B)  ESA 
C)  WSA 
D)  ASA 
A)  access point 
B)  ESA 
C)  WSA 
D)  ASA

Question 16

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?

Accepted Answer

A)  Generate the RSA key using the crypto key generate rsa command. Generate the RSA key using the crypto key generate rsa command. 
B)  Configure the port using the ip ssh port 22 command. Configure the port using the ip ssh port 22 
C)  Enable the SSH server using the ip ssh server command. Enable the SSH server using the ip ssh server 
D)  Disable telnet using the no ip telnet command. Disable telnet using the no ip telnet 
A)  Generate the RSA key using the crypto key generate rsa command. Generate the RSA key using the crypto key generate rsa command. 
B)  Configure the port using the ip ssh port 22 command. Configure the port using the ip ssh port 22 
C)  Enable the SSH server using the ip ssh server command. Enable the SSH server using the ip ssh server 
D)  Disable telnet using the no ip telnet command. Disable telnet using the no ip telnet

Question 17

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

Accepted Answer

A)  It decrypts HTTPS application traffic for unauthenticated users. 
B)  It alerts users when the WSA decrypts their traffic. 
C)  It decrypts HTTPS application traffic for authenticated users. 
D)  It provides enhanced HTTPS application detection for AsyncOS. 
A)  It decrypts HTTPS application traffic for unauthenticated users. 
B)  It alerts users when the WSA decrypts their traffic. 
C)  It decrypts HTTPS application traffic for authenticated users. 
D)  It provides enhanced HTTPS application detection for AsyncOS.

Question 18

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

Accepted Answer

A)  SQL injection 
B)  phishing 
C)  buffer overflow 
D)  DoS 
A)  SQL injection 
B)  phishing 
C)  buffer overflow 
D)  DoS

Question 19

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

Accepted Answer

A)  Platform Exchange Grid 
B)  Multifactor Platform Integration 
C)  Firepower Threat Defense 
D)  Advanced Malware Protection 
A)  Platform Exchange Grid 
B)  Multifactor Platform Integration 
C)  Firepower Threat Defense 
D)  Advanced Malware Protection

Question 20

Which compliance status is shown when a configured posture policy requirement is not met?

Accepted Answer

A)  authorized 
B)  compliant 
C)  unknown 
D)  noncompliant 
A)  authorized 
B)  compliant 
C)  unknown 
D)  noncompliant

Exam 41: Implementing Cisco Collaboration Core Technologies (CLCOR)

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

Which Cisco security solution protects remote users against phishing attacks when they are not connected to the VPN?

Which two activities can be done using Cisco DNA Center? (Choose two.)

How does DNS Tunneling exfiltrate data?

Which two key and block sizes are valid for AES? (Choose two.)

How is ICMP used an exfiltration technique?

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?

In a PaaS model, which layer is the tenant responsible for maintaining and patching?

What is the function of the Context Directory Agent?

In which type of attach does the attacker insert their machine between two hosts that are communicating with each other?

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Which attack is commonly associated with C and C++ programming languages?

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

What is the function of SDN southbound API protocols?

What is managed by Cisco Security Manager?

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?

What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

Which attack is preventable by Cisco ESA but not by the Cisco WSA?

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

Which compliance status is shown when a configured posture policy requirement is not met?

Supporting Cisco Data Center System Devices (DCTECH)

Cisco Certified Technician Routing & Switching (RSTECH)

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Cisco Certified Network Associate (CCNA)

Managing Industrial Networks with Cisco Networking Technologies (IMINS)

DevNet Associate (DEVASC)

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)

Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Implementing Cisco SD-WAN Solutions (ENSDWI)

Designing Cisco Enterprise Networks (ENSLD)

Designing Cisco Enterprise Wireless Networks (300-425 ENWLSD)

Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI)

Automating Cisco Enterprise Solutions (ENAUTO)

Implementing Cisco Service Provider Advanced Routing Solutions (SPRI)

Implementing Cisco Service Provider VPN Services (SPVI)

Designing Cisco Data Center Infrastructure (DCID)

Troubleshooting Cisco Data Center Infrastructure (DCIT)

Implementing Cisco Application Centric Infrastructure (DCACI)

Configuring Cisco MDS 9000 Series Switches (DCSAN)

Implementing Cisco Application Centric Infrastructure - Advanced

Automating Cisco Data Center Solutions (DCAUTO)

Securing Networks with Cisco Firepower (300-710 SNCF)

Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)

Securing Email with Cisco Email Security Appliance (300-720 SESA)

Securing the Web with Cisco Web Security Appliance (300-725 SWSA)

Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

Automating Cisco Security Solutions (SAUTO)

Implementing Cisco Collaboration Applications (CLICA)

Implementing Cisco Advanced Call Control and Mobility Services (CLASSM)

Implementing Cisco Collaboration Cloud and Edge Solutions

Implementing Cisco Collaboration Conferencing

Automating Cisco Collaboration Solutions (CLAUTO)

Implementing DevOps Solutions and Practices using Cisco Platforms (DEVOPS)

Developing Solutions Using Cisco IoT and Edge Platforms (DEVIOT)

Developing Applications for Cisco Webex and Webex Devices (DEVWBX)

Performing CyberOps Using Core Security Technologies (CBRCOR)

Implementing Cisco Enterprise Network Core Technologies (ENCOR)

Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

Implementing and Operating Cisco Data Center Core Technologies (DCCOR)

Implementing and Operating Cisco Security Core Technologies

Developing Applications using Cisco Core Platforms and APIs (DEVCOR)

CCDE Design Written

Deploying Cisco Unified Contact Center Express

Cisco Meraki Solutions Specialist

Securing Cisco Networks with Sourcefire FireAMP Endpoints

Designing Cisco Unified Contact Center Enterprise (UCCED)

Implementing and Supporting Cisco Unified Contact Center Enterprise (UCCEIS)

Cisco Collaboration SaaS Authorization Exam

Cisco Security Architecture for System Engineers

Adopting The Cisco Business Architecture Approach (DTBAA)

Cisco Customer Success Manager (CSM)

Mastering The Cisco Business Architecture Discipline (DTBAD)

Filters