Question 1

What is a feature of the open platform capabilities of Cisco DNA Center?

Accepted Answer

A)  application adapters 
B)  domain integration 
C)  intent-based APIs 
D)  automation adapters 
A)  application adapters 
B)  domain integration 
C)  intent-based APIs 
D)  automation adapters

Question 2

Which command enables 802.1X globally on a Cisco switch?

Accepted Answer

A)  dot1x system-auth-control 
B)  dot1x pae authenticator 
C)  authentication port-control auto 
D)  aaa new-model 
A)  dot1x system-auth-control 
B)  dot1x pae authenticator 
C)  authentication port-control auto 
D)  aaa new-model

Question 3

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?

Accepted Answer

A)  when there is a need to have more advanced detection capabilities 
B)  when there is no firewall on the network 
C)  when there is a need for traditional anti-malware detection 
D)  when there is no need to have the solution centrally managed 
A)  when there is a need to have more advanced detection capabilities 
B)  when there is no firewall on the network 
C)  when there is a need for traditional anti-malware detection 
D)  when there is no need to have the solution centrally managed

Question 4

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

Accepted Answer

A)  Cisco Firepower 
B)  Cisco Umbrella 
C)  ISE 
D)  AMP 
A)  Cisco Firepower 
B)  Cisco Umbrella 
C)  ISE 
D)  AMP

Question 5

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

Accepted Answer

A)  Ensure that the client computers are pointing to the on-premises DNS servers. 
B)  Enable the Intelligent Proxy to validate that traffic is being routed correctly. 
C)  Add the public IP address that the client computers are behind to a Core Identity. 
D)  Browse to http://welcome.umbrella.com/ to validate that the new identity is working. 
A)  Ensure that the client computers are pointing to the on-premises DNS servers. 
B)  Enable the Intelligent Proxy to validate that traffic is being routed correctly. 
C)  Add the public IP address that the client computers are behind to a Core Identity. 
D)  Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Question 6

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

Accepted Answer

A)  a Network Analysis policy to receive NetFlow data from the host 
B)  a File Analysis policy to send file data into Cisco Firepower 
C)  a Network Discovery policy to receive data from the host 
D)  a Threat Intelligence policy to download the data from the host 
A)  a Network Analysis policy to receive NetFlow data from the host 
B)  a File Analysis policy to send file data into Cisco Firepower 
C)  a Network Discovery policy to receive data from the host 
D)  a Threat Intelligence policy to download the data from the host

Question 7

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

Accepted Answer

A)  To view bandwidth usage for NetFlow records, the QoS feature must be enabled. 
B)  A sysopt command can be used to enable NSEL on a specific interface. A sysopt command can be used to enable NSEL on a specific interface. 
C)  NSEL can be used without a collector configured. 
D)  A flow-export event type must be defined under a policy. 
A)  To view bandwidth usage for NetFlow records, the QoS feature must be enabled. 
B)  A sysopt command can be used to enable NSEL on a specific interface. A sysopt command can be used to enable NSEL on a specific interface. 
C)  NSEL can be used without a collector configured. 
D)  A flow-export event type must be defined under a policy.

Question 8

What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)

Accepted Answer

A)  blocked ports 
B)  simple custom detections 
C)  command and control 
D)  allowed applications 
E)  URL 
A)  blocked ports 
B)  simple custom detections 
C)  command and control 
D)  allowed applications 
E)  URL

Question 9

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

Accepted Answer

A)  Network Discovery 
B)  Access Control 
C)  Packet Tracer 
D)  NetFlow 
A)  Network Discovery 
B)  Access Control 
C)  Packet Tracer 
D)  NetFlow

Question 10

Which two capabilities does TAXII support? (Choose two.)

Accepted Answer

A)  exchange 
B)  pull messaging 
C)  binding 
D)  correlation 
E)  mitigating 
A)  exchange 
B)  pull messaging 
C)  binding 
D)  correlation 
E)  mitigating

Question 11

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

Accepted Answer

A)  SYN flood 
B)  slowloris 
C)  phishing 
D)  pharming 
A)  SYN flood 
B)  slowloris 
C)  phishing 
D)  pharming

Question 12

What is the function of Cisco Cloudlock for data security?

Accepted Answer

A)  data loss prevention 
B)  controls malicious cloud apps 
C)  detects anomalies 
D)  user and entity behavior analytics 
A)  data loss prevention 
B)  controls malicious cloud apps 
C)  detects anomalies 
D)  user and entity behavior analytics

Question 13

A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two.)

Accepted Answer

A)  Deploy the Cisco ESA in the DMZ. 
B)  Use outbreak filters from SenderBase. 
C)  Configure a recipient access table. 
D)  Enable a message tracking service. 
E)  Scan quarantined emails using AntiVirus signatures. 
A)  Deploy the Cisco ESA in the DMZ. 
B)  Use outbreak filters from SenderBase. 
C)  Configure a recipient access table. 
D)  Enable a message tracking service. 
E)  Scan quarantined emails using AntiVirus signatures.

Question 14

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)

Accepted Answer

A)  RADIUS 
B)  TACACS+ 
C)  DHCP 
D)  sFlow 
E)  SMTP 
A)  RADIUS 
B)  TACACS+ 
C)  DHCP 
D)  sFlow 
E)  SMTP

Question 15

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

Accepted Answer

A)  The policy was created to send a message to quarantine instead of drop. 
B)  The file has a reputation score that is below the threshold. 
C)  The file has a reputation score that is above the threshold. 
D)  The policy was created to disable file analysis. 
A)  The policy was created to send a message to quarantine instead of drop. 
B)  The file has a reputation score that is below the threshold. 
C)  The file has a reputation score that is above the threshold. 
D)  The policy was created to disable file analysis.

Question 16

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

Accepted Answer

A)  because defense-in-depth stops at the network 
B)  because human error or insider threats will still exist 
C)  to prevent theft of the endpoints 
D)  to expose the endpoint to more threats 
A)  because defense-in-depth stops at the network 
B)  because human error or insider threats will still exist 
C)  to prevent theft of the endpoints 
D)  to expose the endpoint to more threats

Question 17

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0383320506 address 0.0.0.0 command on host A. The tunnel is not being established to host B. What action is needed to authenticate the VPN?

Accepted Answer

A)  Change the password on host A to the default password 
B)  Enter the command with a different password on host B 
C)  Enter the same command on host B 
D)  Change isakmp to ikev2 in the command on host A Change isakmp to ikev2 in the command on host A 
A)  Change the password on host A to the default password 
B)  Enter the command with a different password on host B 
C)  Enter the same command on host B 
D)  Change isakmp to ikev2 in the command on host A Change isakmp to ikev2 in the command on host A

Question 18

An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?

Accepted Answer

A)  deliver and add disclaimer text 
B)  quarantine and send a DLP violation notification 
C)  quarantine and alter the subject header with a DLP violation 
D)  deliver and send copies to other recipients 
A)  deliver and add disclaimer text 
B)  quarantine and send a DLP violation notification 
C)  quarantine and alter the subject header with a DLP violation 
D)  deliver and send copies to other recipients

Question 19

Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

Accepted Answer

A)  dot1x reauthentication 
B)  cisp enable 
C)  dot1x pae authenticator 
D)  authentication open 
A)  dot1x reauthentication 
B)  cisp enable 
C)  dot1x pae authenticator 
D)  authentication open

Question 20

What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two.)

Accepted Answer

A)  single sign-on access to on-premises and cloud applications 
B)  identification and correction of application vulnerabilities before allowing access to resources 
C)  secure access to on-premises and cloud applications 
D)  integration with 802.1x security using native Microsoft Windows supplicant 
E)  flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications 
A)  single sign-on access to on-premises and cloud applications 
B)  identification and correction of application vulnerabilities before allowing access to resources 
C)  secure access to on-premises and cloud applications 
D)  integration with 802.1x security using native Microsoft Windows supplicant 
E)  flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications

Exam 41: Implementing Cisco Collaboration Core Technologies (CLCOR)

What is a feature of the open platform capabilities of Cisco DNA Center?

Which command enables 802.1X globally on a Cisco switch?

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

Which two capabilities does TAXII support? (Choose two.)

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

What is the function of Cisco Cloudlock for data security?

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0383320506 address 0.0.0.0 command on host A. The tunnel is not being established to host B. What action is needed to authenticate the VPN?

Refer to the exhibit. An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two.)

Supporting Cisco Data Center System Devices (DCTECH)

Cisco Certified Technician Routing & Switching (RSTECH)

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Cisco Certified Network Associate (CCNA)

Managing Industrial Networks with Cisco Networking Technologies (IMINS)

DevNet Associate (DEVASC)

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)

Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Implementing Cisco SD-WAN Solutions (ENSDWI)

Designing Cisco Enterprise Networks (ENSLD)

Designing Cisco Enterprise Wireless Networks (300-425 ENWLSD)

Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI)

Automating Cisco Enterprise Solutions (ENAUTO)

Implementing Cisco Service Provider Advanced Routing Solutions (SPRI)

Implementing Cisco Service Provider VPN Services (SPVI)

Designing Cisco Data Center Infrastructure (DCID)

Troubleshooting Cisco Data Center Infrastructure (DCIT)

Implementing Cisco Application Centric Infrastructure (DCACI)

Configuring Cisco MDS 9000 Series Switches (DCSAN)

Implementing Cisco Application Centric Infrastructure - Advanced

Automating Cisco Data Center Solutions (DCAUTO)

Securing Networks with Cisco Firepower (300-710 SNCF)

Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)

Securing Email with Cisco Email Security Appliance (300-720 SESA)

Securing the Web with Cisco Web Security Appliance (300-725 SWSA)

Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

Automating Cisco Security Solutions (SAUTO)

Implementing Cisco Collaboration Applications (CLICA)

Implementing Cisco Advanced Call Control and Mobility Services (CLASSM)

Implementing Cisco Collaboration Cloud and Edge Solutions

Implementing Cisco Collaboration Conferencing

Automating Cisco Collaboration Solutions (CLAUTO)

Implementing DevOps Solutions and Practices using Cisco Platforms (DEVOPS)

Developing Solutions Using Cisco IoT and Edge Platforms (DEVIOT)

Developing Applications for Cisco Webex and Webex Devices (DEVWBX)

Performing CyberOps Using Core Security Technologies (CBRCOR)

Implementing Cisco Enterprise Network Core Technologies (ENCOR)

Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

Implementing and Operating Cisco Data Center Core Technologies (DCCOR)

Implementing and Operating Cisco Security Core Technologies

Developing Applications using Cisco Core Platforms and APIs (DEVCOR)

CCDE Design Written

Deploying Cisco Unified Contact Center Express

Cisco Meraki Solutions Specialist

Securing Cisco Networks with Sourcefire FireAMP Endpoints

Designing Cisco Unified Contact Center Enterprise (UCCED)

Implementing and Supporting Cisco Unified Contact Center Enterprise (UCCEIS)

Cisco Collaboration SaaS Authorization Exam

Cisco Security Architecture for System Engineers

Adopting The Cisco Business Architecture Approach (DTBAA)

Cisco Customer Success Manager (CSM)

Mastering The Cisco Business Architecture Discipline (DTBAD)

Filters