Question 1

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

Accepted Answer

A)  file access from a different user 
B)  user login suspicious behavior 
C)  privilege escalation 
D)  interesting file access 
A)  file access from a different user 
B)  user login suspicious behavior 
C)  privilege escalation 
D)  interesting file access

Question 2

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

Accepted Answer

A)  Cisco AppDynamics 
B)  Cisco Cloudlock 
C)  Cisco Umbrella 
D)  Cisco AMP 
A)  Cisco AppDynamics 
B)  Cisco Cloudlock 
C)  Cisco Umbrella 
D)  Cisco AMP

Question 3

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

Accepted Answer

A)  unencrypted links for traffic 
B)  weak passwords for authentication 
C)  improper file security 
D)  software bugs on applications 
A)  unencrypted links for traffic 
B)  weak passwords for authentication 
C)  improper file security 
D)  software bugs on applications

Question 4

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

Accepted Answer

A)  middleware 
B)  applications 
C)  virtualization 
D)  operating systems 
E)  data 
A)  middleware 
B)  applications 
C)  virtualization 
D)  operating systems 
E)  data

Question 5

How is ICMP used as an exfiltration technique?

Accepted Answer

A)  by flooding the destination host with unreachable packets 
B)  by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address 
C)  by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host 
D)  by overwhelming a targeted host with ICMP echo-request packets 
A)  by flooding the destination host with unreachable packets 
B)  by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address 
C)  by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host 
D)  by overwhelming a targeted host with ICMP echo-request packets

Question 6

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

Accepted Answer

A)  Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. 
B)  Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network. 
C)  Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. 
D)  Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. 
E)  Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion. 
A)  Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. 
B)  Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network. 
C)  Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. 
D)  Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. 
E)  Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Question 7

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

Accepted Answer

A)  STIX 
B)  XMPP 
C)  pxGrid 
D)  SMTP 
A)  STIX 
B)  XMPP 
C)  pxGrid 
D)  SMTP

Question 8

Why would a user choose an on-premises ESA versus the CES solution?

Accepted Answer

A)  Sensitive data must remain onsite. 
B)  Demand is unpredictable. 
C)  The server team wants to outsource this service. 
D)  ESA is deployed inline. 
A)  Sensitive data must remain onsite. 
B)  Demand is unpredictable. 
C)  The server team wants to outsource this service. 
D)  ESA is deployed inline.

Question 9

What is the purpose of the My Devices Portal in a Cisco ISE environment?

Accepted Answer

A)  to register new laptops and mobile devices 
B)  to manage and deploy antivirus definitions and patches on systems owned by the end user 
C)  to provision userless and agentless systems 
D)  to request a newly provisioned mobile device 
A)  to register new laptops and mobile devices 
B)  to manage and deploy antivirus definitions and patches on systems owned by the end user 
C)  to provision userless and agentless systems 
D)  to request a newly provisioned mobile device

Question 10

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

Accepted Answer

A)  Use 802.1X with posture assessment. 
B)  Use MAB with profiling. 
C)  Use 802.1X with profiling. 
D)  Use MAB with posture assessment. 
A)  Use 802.1X with posture assessment. 
B)  Use MAB with profiling. 
C)  Use 802.1X with profiling. 
D)  Use MAB with posture assessment.

Question 11

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)

Accepted Answer

A)  TACACS+ 
B)  central web auth 
C)  single sign-on 
D)  multiple factor auth 
E)  local web auth 
A)  TACACS+ 
B)  central web auth 
C)  single sign-on 
D)  multiple factor auth 
E)  local web auth

Question 12

Refer to the exhibit. What will happen when the Python script is executed?

Accepted Answer

A)  The hostname will be printed for the client in the client ID field. 
B)  The hostname will be translated to an IP address and printed. 
C)  The script will pull all computer hostnames and print them. 
D)  The script will translate the IP address to FQDN and print it. 
A)  The hostname will be printed for the client in the client ID field. 
B)  The hostname will be translated to an IP address and printed. 
C)  The script will pull all computer hostnames and print them. 
D)  The script will translate the IP address to FQDN and print it.

Question 13

In which cloud services model is the tenant responsible for virtual machine OS patching?

Accepted Answer

A)  IaaS 
B)  UCaaS 
C)  PaaS 
D)  SaaS 
A)  IaaS 
B)  UCaaS 
C)  PaaS 
D)  SaaS

Question 14

Which technology is used to improve web traffic performance by proxy caching?

Accepted Answer

A)  WSA 
B)  Firepower 
C)  FireSIGHT 
D)  ASA 
A)  WSA 
B)  Firepower 
C)  FireSIGHT 
D)  ASA

Question 15

What is a characteristic of traffic storm control behavior?

Accepted Answer

A)  Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. 
B)  Traffic storm control cannot determine if the packet is unicast or broadcast. 
C)  Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. 
D)  Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast. 
A)  Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval. 
B)  Traffic storm control cannot determine if the packet is unicast or broadcast. 
C)  Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval. 
D)  Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Question 16

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

Accepted Answer

A)  The ESA immediately makes another attempt to upload the file. 
B)  The file upload is abandoned. 
C)  AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload. 
D)  The file is queued for upload when connectivity is restored 
A)  The ESA immediately makes another attempt to upload the file. 
B)  The file upload is abandoned. 
C)  AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload. 
D)  The file is queued for upload when connectivity is restored

Question 17

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

Accepted Answer

A)  Use security services to configure the traffic monitor. 
B)  Use URL categorization to prevent the application traffic. 
C)  Use an access policy group to configure application control settings. 
D)  Use web security reporting to validate engine functionality. 
A)  Use security services to configure the traffic monitor. 
B)  Use URL categorization to prevent the application traffic. 
C)  Use an access policy group to configure application control settings. 
D)  Use web security reporting to validate engine functionality.

Question 18

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two.)

Accepted Answer

A)  use Web Cache Communication Protocol 
B)  configure Active Directory Group Policies to push proxy settings 
C)  configure the proxy IP address in the web-browser settings 
D)  configure policy-based routing on the network infrastructure 
E)  reference a Proxy Auto Config file 
A)  use Web Cache Communication Protocol 
B)  configure Active Directory Group Policies to push proxy settings 
C)  configure the proxy IP address in the web-browser settings 
D)  configure policy-based routing on the network infrastructure 
E)  reference a Proxy Auto Config file

Question 19

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

Accepted Answer

A)  computer identity 
B)  Windows service 
C)  user identity 
D)  Windows firewall 
E)  default browser 
A)  computer identity 
B)  Windows service 
C)  user identity 
D)  Windows firewall 
E)  default browser

Question 20

Refer to the exhibit. What will happen when this Python script is run?

Accepted Answer

A)  The list of computers, policies, and connector statuses will be received from Cisco AMP. 
B)  The list of computers and their current vulnerabilities will be received from Cisco AMP. 
C)  The compromised computers and malware trajectories will be received from Cisco AMP. 
D)  The compromised computers and what compromised them will be received from Cisco AMP. 
A)  The list of computers, policies, and connector statuses will be received from Cisco AMP. 
B)  The list of computers and their current vulnerabilities will be received from Cisco AMP. 
C)  The compromised computers and malware trajectories will be received from Cisco AMP. 
D)  The compromised computers and what compromised them will be received from Cisco AMP.

Exam 41: Implementing Cisco Collaboration Core Technologies (CLCOR)

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system's applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

How is ICMP used as an exfiltration technique?

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

Why would a user choose an on-premises ESA versus the CES solution?

What is the purpose of the My Devices Portal in a Cisco ISE environment?

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)

Refer to the exhibit. What will happen when the Python script is executed?

In which cloud services model is the tenant responsible for virtual machine OS patching?

Which technology is used to improve web traffic performance by proxy caching?

What is a characteristic of traffic storm control behavior?

A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two.)

For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)

Refer to the exhibit. What will happen when this Python script is run?

Supporting Cisco Data Center System Devices (DCTECH)

Cisco Certified Technician Routing & Switching (RSTECH)

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Cisco Certified Network Associate (CCNA)

Managing Industrial Networks with Cisco Networking Technologies (IMINS)

DevNet Associate (DEVASC)

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)

Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Implementing Cisco SD-WAN Solutions (ENSDWI)

Designing Cisco Enterprise Networks (ENSLD)

Designing Cisco Enterprise Wireless Networks (300-425 ENWLSD)

Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI)

Automating Cisco Enterprise Solutions (ENAUTO)

Implementing Cisco Service Provider Advanced Routing Solutions (SPRI)

Implementing Cisco Service Provider VPN Services (SPVI)

Designing Cisco Data Center Infrastructure (DCID)

Troubleshooting Cisco Data Center Infrastructure (DCIT)

Implementing Cisco Application Centric Infrastructure (DCACI)

Configuring Cisco MDS 9000 Series Switches (DCSAN)

Implementing Cisco Application Centric Infrastructure - Advanced

Automating Cisco Data Center Solutions (DCAUTO)

Securing Networks with Cisco Firepower (300-710 SNCF)

Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)

Securing Email with Cisco Email Security Appliance (300-720 SESA)

Securing the Web with Cisco Web Security Appliance (300-725 SWSA)

Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

Automating Cisco Security Solutions (SAUTO)

Implementing Cisco Collaboration Applications (CLICA)

Implementing Cisco Advanced Call Control and Mobility Services (CLASSM)

Implementing Cisco Collaboration Cloud and Edge Solutions

Implementing Cisco Collaboration Conferencing

Automating Cisco Collaboration Solutions (CLAUTO)

Implementing DevOps Solutions and Practices using Cisco Platforms (DEVOPS)

Developing Solutions Using Cisco IoT and Edge Platforms (DEVIOT)

Developing Applications for Cisco Webex and Webex Devices (DEVWBX)

Performing CyberOps Using Core Security Technologies (CBRCOR)

Implementing Cisco Enterprise Network Core Technologies (ENCOR)

Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

Implementing and Operating Cisco Data Center Core Technologies (DCCOR)

Implementing and Operating Cisco Security Core Technologies

Developing Applications using Cisco Core Platforms and APIs (DEVCOR)

CCDE Design Written

Deploying Cisco Unified Contact Center Express

Cisco Meraki Solutions Specialist

Securing Cisco Networks with Sourcefire FireAMP Endpoints

Designing Cisco Unified Contact Center Enterprise (UCCED)

Implementing and Supporting Cisco Unified Contact Center Enterprise (UCCEIS)

Cisco Collaboration SaaS Authorization Exam

Cisco Security Architecture for System Engineers

Adopting The Cisco Business Architecture Approach (DTBAA)

Cisco Customer Success Manager (CSM)

Mastering The Cisco Business Architecture Discipline (DTBAD)

Filters