New questions Premium: updated May, 2022

Question 1
Which function is performed by certificate authorities but is a limitation of
registration authorities?
A. CRL publishing
B. verifying user identity
C. certificate re-enrollment
D. accepts enrollment requests
Answer: A

Question 2
Which encryption algorithm provides highly secure VPN communications?
A. DES
B. 3DES
C. AES 256
D. AES 128
Answer: C

Question 3
A hacker initiated a social engineering attack and stole username and passwords
of some users within a company. Which product should be used as a solution to this
problem?
A. Cisco NGFW
B. Cisco AMP for Endpoints
C. Cisco Duo
D. Cisco AnyConnect
Answer: C

Question 4
How does a WCCP-configured router identify if the Cisco WSA is functional?
A. If an ICMP ping fails three consecutive times between a router and the
WSA, traffic is no longer transmitted to the router.

Page 1/47
 B. If an ICMP ping fails three consecutive times between a router and the
WSA, traffic is no longer transmitted to the WSA.
C. The router sends a Here-I-Am message every 10 seconds, and the WSA
acknowledges with an I-See-You message.
D. The WSA sends a Here-I-Am message every 10 seconds, and the router
acknowledges with an I-See-You message.
Answer: D

Question 5
What is a feature of NetFlow Secure Event Logging?
A. It exports only records that indicate significant events in a flow.
B. It supports v5 and v8 templates.
C. It filters NSEL events based on the traffic and event type through RSVP.
D. It delivers data records to NSEL collectors through NetFlow over TCP only.
Answer: A
The ASA and ASASM implementations of NSEL provide a stateful, IP flow tracking
method that exportsonly those records that indicate significant events in a flow.

Question 6
An administrator needs to configure the Cisco ASA via ASDM such that the
network management system can actively monitor the host using SNMPv3. Which two
tasks must be performed for this configuration? (Choose two)
A. Specify the SNMP manager and UDP port.
B. Specify a community string.
C. Add an SNMP USM entry.
D. Add an SNMP host access entry.
E. Specify an SNMP user group.
Answer: A D

Question 7
Which technology enables integration between Cisco ISE and other platforms
to gather and share network and vulnerability data and SIEM and location
information?
A. pxGrid
B. SNMP
Page 2/47
 C. NetFlow
D. Cisco Talos
Answer: A With Cisco pxGrid (Platform Exchange Grid), your multiple security products can now share
data and work together

Question 8
A large organization wants to deploy a security appliance in the public cloud to
form a site-to-site VPN and link the public cloud environment to the private cloud in
the headquarters data center. Which Cisco security appliance meets these
requirements?
A. Cisco Cloud Orchestrator
B. Cisco Stealthwatch Cloud
C. Cisco ASAv
D. Cisco WSAv
Answer: C
Cisco Intersight Cloud Orchestrator simplifies orchestration and automation for infrastructure
and workloads across hybrid cloud by providing an easy-to-use workflow designer.

Question 9
What is a benefit of using Cisco Tetration?
A. It collects policy compliance data and process details.
B. It collects telemetry data from servers and then uses software sensors to
analyze flow information.
C. It collects near-real time data from servers and inventories the software
packages that exist on servers
D. It collects enforcement data from servers and collects interpacket variation.
Answer: C Cisco Tetration requires tremendous processing power to analyze real-time telemetry
from enterprise servers, networks, applications, and end user devices.

Question 10
Which standard is used to automate exchanging cyber threat information?
A. IoC
B. TAXII
C. MITRE
D. STIX
Answer: B
TAXII, short for Trusted Automated eXchange of Intelligence Information,
defines how cyber threat information can be shared via services and message
exchanges.
Page 3/47
 Question 11
Which security solution uses NetFlow to provide visibility across the network,
data center, branch offices, and cloud?
A. Cisco Encrypted Traffic Analytics
B. Cisco CTA
C. Cisco Umbrella
D. Cisco Stealthwatch
Answer: D Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center,
branch offices, and cloud.

Question 12
An email administrator is setting up a new Cisco ESA. The administrator wants
to enable the blocking of greymail for the end user. Which feature must the
administrator enable first?
A. IP Reputation Filtering
B. Anti-Virus Filtering
C. File Analysis
D. Intelligent Multi-Scan
Answer: D Intelligent Multi-Scan (IMS) is a high performant multi-layer anti-spam solution that
uses a combination of anti-spam engines, including Cisco Anti-Spam, to increase
spam catch rates.

Question 13
Drag and drop the exploits from the left onto the type of security vulnerability
on the right.

Answer:

Page 4/47
 Path traversal( hay còn gọi là Directory traversal) là một lỗ hổng web cho phép kẻ tấn
công đọc các file không mong muốn trên server.
SQL Injection là một kỹ thuật lợi dụng những lỗ hổng về câu truy vấn lấy dữ liệu của
những website không an toàn trên web
CSRF ( Cross Site Request Forgery) là kỹ thuật tấn công bằng cách sử dụng quyền
chứng thực của người dùng đối với một website

path transversal: gives unauthorized access to web server files

cross-site request forgery: makes the client the target of attack
SQL injection: accesses or modifies application data
buffer overflow: causes memory access errors

Question 14
Which technology provides the benefit of Layer 3 through Layer 7 innovative
deep packet inspection, enabling the platform to identify and output various
applications within the network traffic flows?
A. Cisco ASAv
B. Cisco Prime Infrastructure
C. Cisco NBAR2
D. Account on Resolution
Answer: C Network Based Application Recognition (NBAR) is Cisco’s intelligent
classification mechanism that uses deep packet inspection (examination of
the data as well as the header of an IP packet) to organize Layer 7
applications on the basis of bandwidth usage. Using NBAR, the routers can
now recognize traffic from layers 3 to 7
Question 15
An organization must add new firewalls to its infrastructure and wants to use
Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking
traffic that include offering the user the option to bypass the block for certain sites
after displaying a warning page and to reset the connection. Which solution should the
organization choose?
A. Cisco ASA because it has an additional module that can be installed to
provide multiple blocking capabilities, whereas Cisco FTD does not.
B. Cisco FTD because it enables interactive blocking and blocking with reset
natively, whereas Cisco ASA does not.
C. Cisco FTD because it supports system rate level traffic blocking, whereas
Cisco ASA does not.
D. Cisco ASA because it allows for interactive blocking and blocking with reset
to be configured via the GUI, whereas Cisco FTD does not.
Answer: B

Question 16

Page 5/47
 An engineer is configuring web filtering for a network using Cisco Umbrella
Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using
the SSL decryption feature, which type of certificate should be presented to the end-
user to accomplish this goal?
A. third-party
B. SubCA
C. self-signed
D. organization owned root
Answer: D The feature allows the Intelligent Proxy to go beyond simply inspecting normal URLs and
actually proxy and inspect traffic that's sent over HTTPS. The SSL Decryption feature
does require the root certificate be installed

Question 17
Which two parameters are used to prevent a data breach in the cloud? (Choose
two)
A. encryption
B. complex cloud-based web proxies
C. strong user authentication
D. antispoofing programs
E. DLP solutions
Answer: A C

Question 18
What is the term for when an endpoint is associated to a provisioning WLAN
that is shared with guest access, and the same guest portal is used as the BYOD portal?
A. streamlined access
B. multichannel GUI
C. single-SSID BYOD
D. dual-SSID BYOD
Answer: D If guest access is utilizing one of the named guest account, then same guest
portal can be used for employee BYOD portal. This flow is called Dual-SSID
BYOD, where the endpoint is associated to a provisioning WLAN which is
typically shared with guest access
Question 19
What is the function of the crypto isakmp key cisc414685095 address
192.168.50.1 255.255.255.255 command when establishing an IPsec VPN tunnel?

Page 6/47
 A. It prevents 192.168.50.1 from connecting to the VPN server.
B. It defines that data destined to 192.168.50.1 is going to be encrypted.
C. It configures the pre-shared authentication key for host 192.168.50.1.
D. It configures the local address for the VPN server 192.168.50.1.
Answer: C

Question 20
Which CLI command is used to enable URL filtering support for shortened
URLs on the Cisco ESA?
A. outbreakconfig
B. websecurityadvancedconfig
C. webadvancedconfig
D. websecurityconfig
Administrators can enable/disable email URL filtering for shortened URLs by connecting
Answer: B to a device through the CLI and typing the command websecurityadvancedconfig.

Question 21
Which Cisco ASA deployment model is used to filter traffic between hosts in
the same IP subnet using higher-level protocols without readdressing the network?
A. single context mode
B. routed mode
C. transparent mode
D. multiple context mode
Answer: C

Question 22
Which open source tool does Cisco use to create graphical visualizations of
network telemetry on Cisco IOS XE devices?
A. SNMP
B. Splunk
C. Grafana
D. InfluxDB
Answer: C

Page 7/47
 Question 23
Which Cisco DNA Center Intent API action is used to retrieve the number of
devices known to a DNA Center?
A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-
device/count
B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-
device/startIndex/recordsToReturn
C. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device
D. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-
device?parameter1=value&parameter2=value&…
Answer: A

Question 24
When NetFlow is applied to an interface, which component creates the flow
monitor cache that is used to collect traffic based on the key and nonkey fields in the
configured record?
A. flow sampler
B. flow exporter
C. records
D. flow monitor
Answer: D

Question 25
Refer to the exhibit.

ASA# show service-policy sfr

Global policy:
Service-policy: global_policy
Class-map: SFR
SFR: card status Up, mode fail-open monitor-only
packet input 0, packet output 44715478687, drop 0, reset-drop 0

Page 8/47
 What are two indications of the Cisco Firepower Services Module
configuration? (Choose two)
A. The module is operating in IPS mode.
B. The module fails to receive redirected traffic.
C. Traffic is blocked if the module fails.
D. Traffic continues to flow if the module fails.
E. The module is operating in IDS mode.
Answer: D E

Question 26
Why is it important for the organization to have an endpoint patching strategy?
A. so the organization can identify endpoint vulnerabilities
B. so the network administrator is notified when an existing bug is encountered
C. so the internal PSIRT organization is aware of the latest bugs
D. so the latest security fixes are installed on the endpoints
Answer: A

Question 27
Which system is InfluxDB and Grafana be used on to pull the data and display
the visualization information?
A. Docker containers
B. Windows Server 2019
C. specialized Cisco Linux system
D. Windows Server 2016
Answer: C

Question 28
Which Cisco ASA Platform mode disables the threat detection features except
for Advanced Threat Statistics?
A. routed
B. multiple context

Page 9/47
 C. cluster
D. transparent
Answer: B

Question 29
Which two parameters are used for device compliance checks? (Choose two)
A. device operating system version
B. DHCP snooping checks
C. Windows registry values
D. endpoint protection software version
E. DNS integrity checks
Answer: A D

Question 30
A network engineer entered the snmp-server user asmith myv7 auth sha cisco
priv aes 256 cisc0414685095 command and needs to send SNMP information to a host
at 10.255.255.1. Which command achieves this goal?
A. snmp-server host inside 10.255.255.1 version 3 asmith
B. snmp-server host inside 10.255.255.1 snmpv3 myv7
C. snmp-server host inside 10.255.255.1 snmpv3 asmith
D. snmp-server host inside 10.255.255.1 version 3 myv7
Answer: A

Question 31
An engineer is configuring Cisco WSA and needs to enable a separated email
transfer flow from the Internet and from the LAN. Which deployment mode must be
used to accomplish this goal?
A. two-interface
B. single interface
C. multi-context
D. transparent
Answer: A

Page 10/47
 Question 32
A small organization needs to reduce the VPN bandwidth load on their headend
Cisco ASA in order to ensure that bandwidth is available for VPN users needing
access to corporate resources on the 10.0.0.0/24 local HQ network. How is this
accomplished without adding additional devices to the network?
A. Configure VPN load balancing to send non-corporate traffic straight to the
internet.
B. Use split tunneling to tunnel traffic for the 10.0.0.0/24 network only.
C. Configure VPN load balancing to distribute traffic for the 10.0.0.0/24
network.
D. Use split tunneling to tunnel all traffic except for the 10.0.0.0/24 network.
Answer: B Split tunneling can work to alleviate this problem since it allows users to send only that traffic which
is destined for the corporate network across the tunnel. All other traffic such as instant messaging,
email, or casual browsing is sent out to the Internet via the local LAN of the VPN Client.

Question 33
Which benefit does DMVPN provide over GETVPN?
A. DMVPN can be used over the public Internet, and GETVPN requires a
private network
B. DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.
C. DMVPN supports QoS, multicast, and routing, and GETVPN supports only
QoS.
D. DMVPN supports non-IP protocols, and GETVPN supports only IP
protocols.
Answer: A
GETVPN (Group Encrypted Transport VPN) is a tunnel-less VPN technology meant for private
networks like MPLS VPN where we use a single SA (Security Association) for all routers in a
group. GETVPN Supports quality of service (QoS), multicast, and routing
Question 34
Which system facilitates deploying microsegmentation and multi-tenancy
services with a policy-based container?
A. Docker
B. SDLC
C. Lambda
D. Contiv
Answer: D
Contiv is an open source container networking fabric for heterogeneous container deployments
across virtual machines, bare-metal, and public or private clouds. As the industry’s most
Page
powerful 11/47 networking fabric, Contiv, with its Layer 2, Layer 3, overlay and ACI modes,
container
natively integrates with Cisco infrastructure and maps the application intent with the
infrastructure capabilities using rich networking and security policies.
 Question 35
An engineer needs to configure an access control policy rule to always send
traffic for inspection without using the default action. Which action should be
configured for this rule?
A. monitor
B. allow
C. trust
D. block
Answer: B

Question 36
Which two functions does the Cisco Advanced Phishing Protection solution
perform in trying to protect from phishing attacks? (Choose two)
A. uses a static algorithm to determine malicious
B. determines if the email messages are malicious
C. does a real-time user web browsing behavior analysis
D. blocks malicious websites and adds them to a block list
E. provides a defense for on-premises email deployments
Answer: B E • Automatically remove malicious emails from the recipient’s inbox and calls out identity
deceptiontechniques to prevent wire fraud or other advanced attacks.
The Advanced Phishing Protection engine on the email gateway checks the unique behavior of
all legitimatesenders, based on the historic email traffic to your organization.
Question 37
What are two things to consider when using PAC files with the Cisco WSA?
(Choose two)
A. If the WSA host port is changed, the default port redirects web traffic to the
correct port automatically
B. The WSA hosts PAC files on port 6001 by default.
C. PAC files use if-else statements to determine whether to use a proxy or a
direct connection for traffic between the PC and the host.
D. By default, they direct traffic through a proxy when the PC and the host are
on the same subnet
E. The WSA hosts PAC files on port 9001 by default.
Answer: C E The PAC file checks the local IP subnet address of the PC and then makes a decision based
on IF / ELSE statement/s. If the PC is located in a subnet that matches, a proxy server is used.
If thePage 12/47
PC is on any other subnet, a direct connection is used instead of the proxy.
By default, the proxy PAC file would be hosted on port 9001.
 Question 38
When implementing transparent user identification for single sign-on with
Internet Explorer, how is the redirect hostname configured?
A. as an IP address
B. as a FQDN
C. as a distinguished name
D. as a short host name
Answer: D Obtaining credentials transparently facilitates a single-sign-on environment. Transparent
user identification is an authentication realm setting.For Internet Explorer, be sure the
Redirect Hostname is the short host name (containing no dots) or the NetBIOS name
rather than a fully qualified domain.
Question 39
What kind of service that user can access to web application that managed,
updated, maintained by service provider?
A. IaC
B. IaaS
C. PaaS
D. SaaS
Answer: D

Question 40
What are two ways a network administrator transparently identifies users using
Active Directory on the Cisco WSA? (Choose two)
A. Create NTLM or Kerberos authentication realm and enable transparent user
identification
B. The eDirectory client must be installed on each client workstation
C. Deploy a separate eDirectory server; the client IP address is recorded in this
server
D. Create an LDAP authentication realm and disable transparent user
identification
E. Deploy a separate Active Directory agent such as Cisco Context Directory
Agent
Answer: A E Transparently identify users with authentication realms – This option is available when one or
more authentication realms are configured to support transparent identification using one of the
following authentication servers: Active Directory and LDAP

Page 13/47
 Question 41
Which technology limits communication between nodes on the same network
segment to individual applications?
A. serverless infrastructure
B. machine-to-machine firewalling
C. SaaS deployment
D. microsegmentation
Answer: D Microsegmentation is a security method of managing network access between workloads.
With microsegmentation, administrators can manage security policies that limit traffic
based on the principle of least privilege and Zero Trust.

Question 42
Which MDM configuration provides scalability?
A. BYOD support without extra appliance or licenses
B. enabling use of device features such as camera use
C. pushing WPA2-Enterprise settings automatically to devices
D. automatic device classification with level 7 fingerprinting
Answer: C Scalability and security via intelligent automation. Automatically import configurations from
security applications and deploy changes to thousands of devices

Question 43
Drag and drop the concepts from the left onto the correct descriptions on the
right.

Answer: x
BYOD: My Devices portal that allows users to register their device
posture assessment: Results can have a status of compliant or noncompliant
profiling: requires probes to collect attributes of connected endpoints
Page 14/47
 guest services: sponsor portal that is used to gain access to network resources

Question 44
An engineer is configuring device-hardening on a router in order to prevent
credentials from being seen if the router configuration was compromised. Which
command should be used?
A. username < username> password <password>
B. username <username> privilege 15 password <password>
C. service password-recovery
D. service password-encryption
Answer: D

Question 45
What are two security benefits of an MDM deployment? (Choose two)
A. distributed software upgrade
B. robust security policy enforcement
C. on-device content management
D. privacy control checks
E. distributed dashboard
Answer: B C

Question 46
Refer to the exhibit.

Page 15/47
 The DHCP snooping database resides on router R1, and dynamic ARP
inspection is configured only on switch SW2. Which ports must be configured as
untrusted so that dynamic ARP inspection operates normally?
A. P2 and P3 only
B. P5, P6, and P7 only
C. P1, P2, P3, and P4 only
D. P2, P3, and P6 only
Answer: D

Question 47
Which Cisco platform provides an agentless solution to provide visibility across
the network including encrypted traffic analytics to detect malware in encrypted traffic
without the need for decryption?
A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect
Answer: B It can detect and respond to advanced threats, and help simplify network segmentation using a
combination of behavioral modeling, multilayered machine learning, and global threat
intelligence. And it is the first and only solution in the industry that can detect malware in
encrypted traffic without any decryption.
Question 48

Page 16/47
 A network engineer is tasked with configuring a Cisco ISE server to implement
external authentication against Active Directory. What must be considered about the
authentication requirements? (Choose two)
A. RADIUS communication must be permitted between the ISE server and the
domain controller
B. The ISE account must be a domain administrator in Active Directory to
perform JOIN operations
C. Active Directory only supports user authentication by using MSCHAPv2
D. LDAP communication must be permitted between the ISE server and the
domain controller
E. Active Directory supports user and machine authentication by using
MSCHAPv2
Answer: D E Cisco ISE supports user and machine authentication against Active Directory using
EAP-MSCHAPv2

Question 49
Which CoA response code is sent if an authorization state is changed
successfully on a Cisco IOS device?
A. CoA-ACK
B. CoA-NAK
C. CoA-MAB
D. CoA-NCL
CoA requests, as described in RFC 5176, are used in a pushed model to allow for session
Answer: A identification, host reauthentication, and session termination. The model comprises one
request (CoA-Request) and two possible response codes:
CoA acknowledgment (ACK) [CoA-ACK]
CoA non-acknowledgment (NAK) [CoA-NAK]
Question 50
What is a feature of container orchestration?
A. ability to deploy Amazon ECS clusters by using the Cisco Container
Platform data plane
B. ability to deploy Kubernetes clusters in air-gapped sites
C. ability to deploy Amazon EKS clusters by using the Cisco Container
Platform data plane
D. automated daily updates
Answer: B Container orchestration as a service using Kubernetes is also available from many ISPs and
cloud platforms, such as Google Cloud, Amazon Web Services, and Microsoft Azure.

Page 17/47
 Question 51
Which metric is used by the monitoring agent to collect and output packet loss
and jitter information?
A. WSAv performance
B. AVC performance
C. RTP performance
D. OTCP performance
Answer: C

Question 52
Which solution for remote workers enables protection, detection, and response
on the endpoint against known and unknown threats?
A. Cisco AMP for Endpoints
B. Cisco AnyConnect
C. Cisco Umbrella
D. Cisco Duo
Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-managed endpoint security
Answer: A solution that provides advanced protection against viruses, malware, and other cyber-threats by
detecting, preventing, and responding to threats.

Question 53
Which two components do southbound APIs use to communicate with
downstream devices? (Choose two)
A. services running over the network
B. external application APIs
C. OpenFlow
D. applications running over the network
E. OpFlex
Giống với OpenFlow, OpFlex được thiết kế cho sự giao tiếp giữa trung tâm quản lý với
Answer: C E các thiết bị mạng. Trong khi OpenFlow Controller thì đẩy những command xuống
những thiết bị network đã bật protocol OpenFlow thì OpFex lại hoạt động theo một
phương thức hoàn toàn khác.

Question 54
Which solution detects threats across a private network, public clouds, and
encrypted traffic?
A. Cisco Stealthwatch

Page 18/47
 B. Cisco CTA
C. Cisco Encrypted Traffic Analytics
D. Cisco Umbrella
Answer: A Umbrella is a cloud security platform that provides the first line of defense against
threats on the internet.

Question 55
What limits communication between applications or containers on the same
node?
A. microservicing
B. container orchestration
C. microsegmentation
D. Software-Defined Access
Answer: C

Question 56
Which Cisco security solution integrates with cloud applications like Dropbox
and Office 365 while protecting data from being exfiltrated?
A. Cisco Talos
B. Cisco Stealthwatch Cloud
C. Cisco Cloudlock
D. Cisco Umbrella Investigate
Answer: C Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you
move to the cloud safely. It protects your cloud users, data, and apps.

Question 57
What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in
terms of application and infrastructure automation?
A. container orchestration
B. cloud application security broker
C. compile-time instrumentation
D. continuous integration and continuous deployment
Answer: D

Page 19/47
 Question 58
Which type of attack is MFA an effective deterrent for?
A. ping of death
B. phishing
C. teardrop
D. syn flood
Answer: B Investing in an MFA solution is an effective way to secure your data from
unauthorized access and protect your resources.

Question 59
An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and
needs to ensure that traffic is inspected without alerting end-users. Which action
accomplishes this goal?
A. Install the Cisco Umbrella root CA onto the user’s device.
B. Modify the user’s browser settings to suppress errors from Cisco Umbrella.
C. Upload the organization root CA to Cisco Umbrella.
D. Restrict access to only websites with trusted third-party signed certificates.
Answer: A

Question 60
A network engineer has configured a NTP server on a Cisco ASA. The Cisco
ASA has IP reachability to the NTP server and is not filtering any traffic. The show
ntp association detail command indicates that the configured NTP server is
unsynchronized and has a stratum of 16. What is the cause of this issue?
A. Resynchronization of NTP is not forced
B. NTP is not configured to use a working server
C. An access list entry for UDP port 123 on the inside interface is missing
D. An access list entry for UDP port 123 on the outside interface is missing
Answer: B

Question 61
Which direction do attackers encode data in DNS requests during exfiltration
using DNS tunneling?

Page 20/47
 A. inbound
B. north-south
C. east-west
D. outbound
Answer: D DNS Tunneling is a method of cyber attack that encodes the data of other programs or
protocols in DNS queries and responses.

Question 62
Which solution should be leveraged for secure access of a CI/CD pipeline?
A. SSL WebVPN
B. remote access client
C. Duo Network Gateway
D. Cisco FTD network gateway
Answer: C Secure Access by Duo is a user-centric zero-trust security platform with
two-factor authentication to protect access to sensitive data for all users

Question 63
Which type of data exfiltration technique encodes data in outbound DNS
requests to specific servers and can be stopped by Cisco Umbrella?
A. DNS tunneling
B. DNS flood attack
C. cache poisoning
D. DNS hijacking
Answer: A

Question 64
Which system performs compliance checks and remote wiping?
A. OTP
B. MDM
C. AMP
D. ISE
Answer: B MDM provides total management for mobile and PC. Provision settings and restrictions,
manage inventory and device tracking, remote wipe an entire device or selectively just the
managed apps and data, and remotely view and live troubleshoot using the included native
remote desktop support.
Question 65

Page 21/47
 Why is it important to patch endpoints consistently?
A. Patching helps to mitigate vulnerabilities.
B. Patching reduces the attack surface of the infrastructure.
C. Patching is required per the vendor contract.
D. Patching allows for creating a honeypot.
Answer: A

Question 66
What are two facts about WSA HTTP proxy configuration with a PAC file?
(Choose two)
A. It is defined as a Transparent proxy deployment.
B. In a dual-NIC configuration, the PAC file directs traffic through the two
NICs to the proxy.
C. The PAC file, which references the proxy, is deployed to the client web
browser.
D. It is defined as an Explicit proxy deployment.
E. It is defined as a Bridge proxy deployment.
With an Explicit Deployment, you explicitly tell the client computers to send the
Answer: C D web traffic to the Cisco WSA.
A Proxy Auto Configuration (PAC) file is a script that determines whether web
browser requests (HTTP, HTTPS and FTP) go direct to the destination server or
are forwarded to a Web Proxy server. So you create a PAC file and host it on WSA
Question 67 and on a browser, instead of giving ip address of a WSA, you can define a link to
download the PAC file and run it.
How does Cisco Umbrella protect clients when they operate outside of the
corporate network?
A. by modifying the registry for DNS lookups
B. by using Active Directory group policies to enforce Cisco Umbrella DNS
servers
C. by forcing DNS queries to the corporate name servers
D. by using the Cisco Umbrella roaming client
Answer: D The Cisco Umbrella roaming client is a great tool for protecting remote users but it can also
protect users on your corporate network, adding another layer of security.

Question 68
Which function is included when Cisco AMP is added to web security?
A. multifactor, authentication-based user identity

Page 22/47
 B. detailed analytics of the unknown file’s behavior
C. phishing detection on emails
D. threat prevention on an infected endpoint
Answer: B Provides ability to analyze unknown files in a securesandbox environment to
determine a file’s threat level

Question 69
When a next-generation endpoint security solution is selected for a company,
what are two key deliverables that help justify the implementation? (Choose two)
A. continuous monitoring of all files that are located on connected endpoints
B. macro-based protection to keep connected endpoints safe
C. signature-based endpoint protection on company endpoints
D. email integration to protect endpoints from malicious content that is located
in email
E. real-time feeds from global threat intelligence centers
Answer: A E

Question 70
Which two actions does the Cisco Identity Services Engine posture module
provide that ensures endpoint security? (Choose two)
A. The latest antivirus updates are applied before access is allowed.
B. Assignments to endpoint groups are made dynamically, based on endpoint
attributes.
C. Patch management remediation is performed.
D. A centralized management solution is deployed.
E. Endpoint supplicant configuration is deployed.
Answer: A D

Question 71
Why should organizations migrate to an MFA strategy for authentication?
A. Single methods of authentication can be compromised more easily than
MFA.

Page 23/47
 B. Biometrics authentication leads to the need for MFA due to its ability to be
hacked easily.
C. MFA methods of authentication are never compromised.
D. MFA does not require any piece of evidence for an authentication
mechanism.
Answer: A

Question 72
What is the purpose of joining Cisco WSAs to an appliance group?
A. All WSAs in the group can view file analysis results
B. It simplifies the task of patching multiple appliances
C. It supports cluster operations to expedite the malware analysis process
D. The group supports improved redundancy
Answer: D

Question 73
Which Cisco solution extends network visibility, threat detection, and analytics
to public cloud environments?
A. Cisco Umbrella
B. Cisco Stealthwatch Cloud
C. Cisco Appdynamics
D. Cisco CloudLock
Secure your environment without installing software or hardware. Cisco Secure Cloud
Answer: B Analytics (formerly Stealthwatch Cloud) is a SaaS-based, efficient way to gain visibility
and threat detection.

Question 74
Which two Cisco ISE components must be configured for BYOD? (Choose
two)
A. central WebAuth
B. local WebAuth
C. null WebAuth
D. guest
E. dual

Page 24/47
 Answer: A D

Question 75
Which configuration method provides the options to prevent physical and
virtual endpoint devices that are in the same base EPG or uSeg from being able to
communicate with each other with Vmware VDS or Microsoft vSwitch?
A. inter-EPG isolation
B. intra-EPG isolation
C. inter-VLAN security
D. placement in separate EPGs
Intra-EPG Isolation is an option to prevent physical or virtual endpoint devices that are in the
Answer: B same base EPG or microsegmented (uSeg) EPG from communicating with each other. By
default, endpoint devices included in the same EPG are allowed to communicate with one
another.

Question 76
In which scenario is endpoint-based security the solution?
A. inspecting encrypted traffic
B. device profiling and authorization
C. performing signature-based application control
D. inspecting a password-protected archive
Answer: D C hay D

Question 77
What are two ways that Cisco Container Platform provides value to customers
who utilize cloud service providers? (Choose two)
A. allows developers to create code once and deploy to multiple clouds
B. helps maintain source code for cloud deployments
C. manages Docker containers
D. manages Kubernetes clusters
E. creates complex tasks for managing code
Answer: A D Cisco Container Platform is a turnkey, production-grade, extensible platform that
enables you to deploy and manage multiple Kubernetes clusters

Question 78

Page 25/47
 What is the recommendation in a zero-trust model before granting access to
corporate applications and resources?
A. to use multifactor authentication
B. to use strong passwords
C. to use a wired network, not wireless
D. to disconnect from the network when inactive
Answer: A

Question 79
An organization must add new firewalls to its infrastructure and wants to use
Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking
traffic that include offering the user the option to bypass the block for certain sites
after displaying a warning page and to reset the connection. Which solution should the
organization choose?
A. Cisco FTD because it supports system rate level traffic blocking, whereas
Cisco ASA does not
B. Cisco ASA because it allows for interactive blocking and blocking with reset
to be configured via the GUI, whereas Cisco FTD does not.
C. Cisco FTD because it enables interactive blocking and blocking with reset
natively, whereas Cisco ASA does not
D. Cisco ASA because it has an additional module that can be installed to
provide multiple blocking capabilities, whereas Cisco FTD does not.
Answer: C

Question 80
Which IETF attribute is supported for the RADIUS CoA feature?
A. 81 Message-Authenticator
B. 30 Calling-Station-ID
C. 42 Acct-Session-ID
D. 24 State
24 State
Answer: D 31 Calling-Station-ID
44 Acct-Session-ID
80 Message-Authenticator
101 Error-Cause

Question 81

Page 26/47
 Which Cisco cloud security software centrally manages policies on multiple
platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?
A. Cisco Secureworks
B. Cisco Configuration Professional
C. Cisco Defense Orchestrator
D. Cisco DNAC
Answer: C
Cisco Defense Orchestrator (CDO) is a cloud-based security policy and device manager
that simplifies and unifies policy across your Cisco firewalls.

Question 82
Which Cisco DNA Center Intent API action is used to retrieve the number of
devices known to a DNA Center?
A. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-
device/count
B. GET https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/network-device
C. GET
https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice?parameter1=va
lue&parameter2=value&….
D. GET
https://fqdnOrlPofDnaCenterPlatform/dna/intent/api/v1/networkdevice/startIndex/reco
rdsToReturn
Answer: A

Question 83
What is the difference between a vulnerability and an exploit?
A. A vulnerability is a hypothetical event for an attacker to exploit
B. An exploit is a hypothetical event that causes a vulnerability in the network
C. An exploit is a weakness that can cause a vulnerability in the network
D. A vulnerability is a weakness that can be exploited by an attacker
Answer: D

Question 84

Page 27/47
 An administrator needs to configure the Cisco ASA via ASDM such that the
network management system can actively monitor the host using SNMPv3. Which two
tasks must be performed for this configuration? (Choose two)
A. Specify the SNMP manager and UDP port.
B. Specify an SNMP user group
C. Specify a community string.
D. Add an SNMP USM entry
E. Add an SNMP host access entry
Answer: A E

Question 85
Which Cisco security solution determines if an endpoint has the latest OS
updates and patches installed on the system?
A. Cisco Endpoint Security Analytics
B. Cisco AMP for Endpoints
C. Endpoint Compliance Scanner
D. Security Posture Assessment Service
Answer: D Security Posture Assessment Service provides a point-in-timeassessment of the risk posed to
an organization byvulnerabilities present in the organization’s IP-networkedsystems and/or
physical perimeter security controls. Theservice measures the extent to which identified
vulnerabilitiescan be utilized to achieve unexpected or unauthorized access tothe OS or
Question 86 applications on IP-connected endpoints (UNIX /Windows / network and security devices)

When a transparent authentication fails on the Web Security Appliance, which

type of access does the end user get?
A. guest
B. limited Internet
C. blocked
D. full Internet
Answer: C

Question 87
Using Cisco Cognitive Threat Analytics, which platform automatically blocks
risky sites, and test unknown sites for hidden advanced threats before allowing users to
click them?

Page 28/47
 A. Cisco Identity Services Engine
B. Cisco Enterprise Security Appliance
C. Cisco Web Security Appliance
D. Cisco Advanced Stealthwatch Appliance
Answer: C

Question 88
Which technology provides a combination of endpoint protection endpoint
detection, and response?
A. Cisco AMP
B. Cisco Talos
C. Cisco Threat Grid
D. Cisco Umbrella
Answer: A Secure Endpoint establishes protection, detection, response, and user access
coverage to defend your endpoints

Question 89
When a Cisco WSA checks a web request, what occurs if it is unable to match a
user-defined policy?
A. It blocks the request.
B. It applies the global policy.
C. It applies the next identification profile policy.
D. It applies the advanced policy.
Answer: B If no user-defined policy is matched against a Web request, then the global policy for
that policy type is applied. Global policies are always positioned last in Policy tables and
cannot be re-ordered.

Question 90
Which solution supports high availability in routed or transparent mode as well
as in northbound and southbound deployments?
A. Cisco FTD with Cisco ASDM
B. Cisco FTD with Cisco FMC
C. Cisco Firepower NGFW physical appliance with Cisco. FMC
D. Cisco Firepower NGFW Virtual appliance with Cisco FMC
Answer: B

Page 29/47
 Question 91
Which endpoint protection and detection feature performs correlation of
telemetry, files, and intrusion events that are flagged as possible active breaches?
A. retrospective detection
B. elastic search
C. file trajectory
D. indication of compromise
Answer: D

Question 92
Which RADIUS feature provides a mechanism to change the AAA attributes of
a session after it is authenticated?
A. Authorization
B. Accounting
C. Authentication
D. CoA
Answer: D

Question 93
Which two authentication protocols are supported by the Cisco WSA? (Choose
two)
A. WCCP
B. NTLM
C. TLS
D. SSL
E. LDAP
Answer: B E

Question 94
Which technology should be used to help prevent an attacker from stealing
usernames and passwords of users within an organization?

Page 30/47
 A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication
Answer: D

Question 95
Which baseline form of telemetry is recommended for network infrastructure
devices?
A. SDNS
B. NetFlow
C. passive taps
D. SNMP
Answer: D

Question 96
Refer to the exhibit.

Consider that any feature of DNS requests, such as the length off the domain
name and the number of subdomains, can be used to construct models of expected
behavior to which observed values can be compared. Which type of malicious attack
are these values associated with?
A. Spectre Worm
B. Eternal Blue Windows
C. Heartbleed SSL Bug
D. W32/AutoRun worm
Answer: D
Page 31/47
 Question 97
Drag and drop the posture assessment flow actions from the left into a sequence
on the right.

Answer:
Step 1: Validate user credentials
Step 2: Permit just enough for the posture assessment
Step 3: Check device compliance with security policy
Step 4: Apply updates or take other necessary action
Step 5: Grant appropriate access with compliant device

Question 98
Which Cisco WSA feature supports access control using URL categories?
A. transparent user identification
B. SOCKS proxy services
C. web usage controls
D. user session restrictions
Answer: A

Question 99
What is an advantage of the Cisco Umbrella roaming client?
A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections

Page 32/47
 C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment
Answer: C

Question 100
An organization has DHCP servers set up to allocate IP addresses to clients on
the LAN. What must be done to ensure the LAN switches prevent malicious DHCP
traffic while also distributing IP addresses to the correct endpoints?
A. Configure Dynamic ARP Inspection and add entries in the DHCP snooping
database
B. Configure DHCP snooping and set an untrusted interface for all clients
C. Configure Dynamic ARP Inspection and antispoofing ACLs in the DHCP
snooping database
D. Configure DHCP snooping and set a trusted interface for the DHCP server
Answer: A

Question 101
Refer to the exhibit.

What is the result of the Python script?

A. It uses the POST HTTP method to obtain a username and password to be
used for authentication
B. It uses the POST HTTP method to obtain a token to be used for
authentication
C. It uses the GET HTTP method to obtain a token to be used for authentication
D. It uses the GET HTTP method to obtain a username and password to be used
for authentication

Page 33/47
 Answer: B

Question 102
Which solution stops unauthorized access to the system if a user’s password is
compromised?
A. VPN
B. MFA
C. AMP
D. SSL
Answer: B

Question 103
Which feature enables a Cisco ISR to use the default bypass list automatically
for web filtering?
A. filters
B. group key
C. company key
D. connector
Answer: D

Question 104
Which industry standard is used to integrate Cisco ISE and pxGrid to each other
and with other interoperable security platforms?
A. IEEE
B. IETF
C. NIST
D. ANSI
Answer: B Cisco pxGrid can help an entire ecosystem of dissimilar, IETF standards-track
technologies work together. Manage your security through a single interface.

Question 105
What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?

Page 34/47
 A. blocks traffic from URL categories that are known to contain malicious
content
B. decrypts SSL traffic to monitor for malicious content
C. monitors suspicious traffic across all the TCP/UDP ports
D. prevents data exfiltration by searching all the network traffic for specified
sensitive information
Answer: C The Cisco Web Security Appliance (WSA) has a built-in Layer 4 Traffic Monitor
(L4TM) service that can block suspicious sessions across all network ports
(TCP/UDP 0-65535).

Question 106
Which solution is made from a collection of secure development practices and
guidelines that developers must follow to build secure applications?
A. OWASP
B. Fuzzing Framework
C. Radamsa
D. AFL
The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works
to improve the security of software. Through community-led open-source software projects,
Answer: A hundreds of local chapters worldwide, tens of thousands of members, and leading
educational and training conferences, the OWASP Foundation is the source for developers
and technologists to secure the web.

Question 107
What is the process of performing automated static and dynamic analysis of
files against preloaded behavioral indicators for threat analysis?
A. deep visibility scan
B. point-in-time checks
C. advanced sandboxing
D. advanced scanning
Answer: C

Question 108
Which Cisco ISE service checks the compliance of endpoints before allowing
the endpoints to connect to the network?
A. posture
B. profiler
C. Cisco TrustSec

Page 35/47
 D. Threat Centric NAC
Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows
Answer: A you to check the state, also known as posture, of all the endpoints that are
connecting to a network for compliance with corporate security policies

Question 109
Refer to the exhibit.

import requests
client_id = ‘a1b2c3d4e5f6g7h8i9j0’
api_key = ‘a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6’

What does the API key do while working with

https://api.amp.cisco.com/v1/computers?
A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication
Answer: C

Question 110
How does the Cisco WSA enforce bandwidth restrictions for web applications?
A. It implements a policy route to redirect application traffic to a lower-
bandwidth link
B. It dynamically creates a scavenger class QoS policy and applies it to each
client that connects through the WSA
C. It sends commands to the uplink router to apply traffic policing to the
application traffic
D. It simulates a slower link by introducing latency into application traffic
Answer: C

Question 111
Which feature within Cisco ISE verifies the compliance of an endpoint before
providing access to the network?

Page 36/47
 A. Posture
B. Profiling
C. pxGrid
D. MAB
Answer: A

Question 112
Which Cisco AMP feature allows an engineer to look back to trace past
activities, such as file and process activity on an endpoint?
A. endpoint isolation
B. advanced search
C. advanced investigation
D. retrospective security
This is the power of continuous analysis, continuous detection, and retrospective
Answer: D security: the ability to record the activity of every file in the system and, if a
supposedly “good” file turns “bad,” the ability to detect it and rewind the recorded
history to see the origin of the threat and the behavior it exhibited.

Question 113
Which two protocols must be configured to authenticate end users to the Web
Security Appliance? (Choose two)
A. NTLMSSP
B. Kerberos
C. CHAP
D. TACACS+
E. RADIUS
Answer: A B If using NTLMSSP, authenticate users using either the Web Security appliance or the
upstream proxy server, but not both. (Recommend Web Security appliance)
If using Kerberos, authenticate using the Web Security appliance.

Question 114
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which
action must be taken before granting API access in the Dropbox admin console?
A. Authorize Dropbox within the Platform settings in the Cisco Cloudlock
portal.
B. Add Dropbox to the Cisco Cloudlock Authentication and API section in the
Cisco Cloudlock portal.

Page 37/47
 C. Send an API request to Cisco Cloudlock from Dropbox admin portal.
D. Add Cisco Cloudlock to the Dropbox admin portal.
Answer: A

Question 115
What is a benefit of using Cisco Umbrella?
A. DNS queries are resolved faster.
B. Attacks can be mitigated before the application connection occurs.
C. Files are scanned for viruses before they are allowed to run.
D. It prevents malicious inbound traffic.
Answer: B Cisco Umbrella offers flexible, cloud-delivered security. It combines multiple security
functions into one solution, so you can extend data protection to devices, remote
users, and distributed locations anywhere. Umbrella is the easiest way to effectively
protect your users everywhere in minutes.
Question 116
Drag and drop the cryptographic algorithms for IPsec from the left onto the
cryptographic processes on the right.

Answer:
Authentication
+ esp-md5-hmac
+ esp-sha-hmac
Encryption
+ esp-3des
+ esp-aes-256

Page 38/47
 Question 117
Which security solution is used for posture assessment of the endpoints in a
BYOD solution?
A. Cisco FTD
B. Cisco ASA
C. Cisco Umbrella
D. Cisco ISE
Answer: D Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check
the state, also known as posture, of all the endpoints that are connecting to a network for
compliance with corporate security policies

Question 118
Which characteristic is unique to a Cisco WSAv as compared to a physical
appliance?
A. supports VMware vMotion on VMware ESXi
B. requires an additional license
C. performs transparent redirection
D. supports SSL decryption
Answer: A

Question 119
What are two benefits of using an MDM solution? (Choose two)
A. grants administrators a way to remotely wipe a lost or stolen device
B. provides simple and streamlined login experience for multiple applications
and users
C. native integration that helps secure applications across multiple cloud
platforms or on-premises environments
D. encrypts data that is stored on endpoints
E. allows for centralized management of endpoint device applications and
configurations MDM provides total management for mobile and PC. Provision settings and
restrictions, manage inventory and device tracking, remote wipe an entire device
Answer: A E or selectively just the managed apps and data, and remotely view and live
troubleshoot using the included native remote desktop support.

Question 120

Page 39/47
 What are two benefits of using Cisco Duo as an MFA solution? (Choose two)
A. grants administrators a way to remotely wipe a lost or stolen device
B. provides simple and streamlined login experience for multiple applications
and users
C. native integration that helps secure applications across multiple cloud
platforms or on-premises environments
D. encrypts data that is stored on endpoints
E. allows for centralized management of endpoint device applications and
configurations
Answer: B C

Question 121
What is a benefit of using GET VPN over FlexVPN within a VPN deployment?
A. GET VPN supports Remote Access VPNs
B. GET VPN natively supports MPLS and private IP networks
C. GET VPN uses multiple security associations for connections
D. GET VPN interoperates with non-Cisco devices
Answer: B

Question 122
Which solution allows an administrator to provision, monitor, and secure
mobile devices on Windows and Mac computers from a centralized dashboard?
A. Cisco Umbrella
B. Cisco AMP for Endpoints
C. Cisco ISE
D. Cisco Stealthwatch
Answer: C

Question 123
Which type of data does the Cisco Stealthwatch system collect and analyze
from routers, switches, and firewalls?
A. NTP

Page 40/47
 B. syslog
C. SNMP
D. NetFlow
Answer: D As mentioned earlier, Stealthwatch can collect NetFlow telemetry from network devices to
analyze it for anomaly and threat detection

Question 124
What is the term for the concept of limiting communication between
applications or containers on the same node?
A. container orchestration
B. software-defined access
C. microservicing
D. microsegmentation
Answer: D

Question 125
What is a characteristic of an EDR solution and not of an EPP solution?
A. stops all ransomware attacks
B. retrospective analysis
C. decrypts SSL traffic for better visibility
D. performs signature-based detection
Endpoint protection (EPP) usually means anti-malware, anti-spam, anti-phishing, etc. These
Answer: B are features prevent attacks without a detailed explanation of why EPP stops an action and
how the attack is.
Endpoint detection and response (EDR) usually means how to record the attack in detail and
provide certain remediation methods to recover the affected machines or files.
Question 126
Drag and drop the security solutions from the left onto the benefits they provide
on the right.

Page 41/47
 Answer:
+ detection, blocking, tracking, analysis, and remediation to protect the
enterprise against targeted and persistent malware attacks: Cisco AMP for Endpoints
+ policy enforcement based on complete visibility of users, mobile devices,
client-side applications, communication between virtual machines, vulnerabilities,
threats, and URLs: Full contextual awareness
+ unmatched security and web reputation intelligence provides real-time threat
intelligence and security protection: Collective Security Intelligence
+ superior threat prevention and mitigation for known and unknown threats:
NGIPS

Question 127
Based on the NIST 800-145 guide, which cloud architecture may be owned,
managed, and operated by one or more of the organizations in the community, a third
party, or some combination of them, and it may exist on or off premises?
A. hybrid cloud
B. private cloud
C. public cloud
D. community cloud
Answer: D

Question 128
How does Cisco AMP for Endpoints provide next-generation protection?

Page 42/47
 A. It encrypts data on user endpoints to protect against ransomware.
B. It leverages an endpoint protection platform and endpoint detection and
response.
C. It utilizes Cisco pxGrid, which allows Cisco AMP to pull threat feeds from
threat intelligence centers.
D. It integrates with Cisco FTD devices.
Answer: B
Cisco Secure Endpoint offers cloud-delivered next-generation antivirus and advanced
endpoint detection and response.

Question 129
A company has 5000 Windows users on its campus. Which two precautions
should IT take to prevent WannaCry ransomware from spreading to all clients?
(Choose two)
A. Segment different departments to different IP blocks and enable Dynamic
ARP inspection on all VLANs
B. Ensure that noncompliant endpoints are segmented off to contain any
potential damage.
C. Ensure that a user cannot enter the network of another department.
D. Perform a posture check to allow only network access to those Windows
devices that are already patched.
E. Put all company users in the trusted segment of NGFW and put all servers to
the DMZ segment of the Cisco NGFW.
Answer: B D

Question 130
What are two characteristics of the RESTful architecture used within Cisco
DNA Center? (Choose two)
A. REST uses methods such as GET, PUT, POST, and DELETE.
B. REST codes can be compiled with any programming language.
C. REST is a Linux platform-based architecture.
D. The POST action replaces existing data at the URL path.
E. REST uses HTTP to send a request to a web service.
Answer: A E REST is a software architecture style for designing scalable networked applications,
specifically web services.
The specified HTTP methods or verbs for REST are as follows:
GET - List the URI's in a collection, or a representation of an individual member
POST - Create a new entry in a collection. The new entry's URI is assigned automatically
andPage
returned by the operation
43/47
PUT - Replace an entire collection with a collection, or individual member with another. If a
member does not exist, create one
DELETE - Delete an entire collection or an individual member
 Question 131
What is the process In DevSecOps where all changes in the central code
repository are merged and synchronized?
A. CD
B. EP
C. CI
D. QA
Answer: C Continuous integration (CI) is the process of automating and integrating code changes and
updates from many team members during software development

Question 132
Which Cisco platform onboards the endpoint and can issue a CA signed
certificate while also automatically configuring endpoint network settings to use the
signed endpoint certificate, allowing the endpoint to gain network access?
A. Cisco ISE
B. Cisco NAC
C. Cisco TACACS+
D. Cisco WSA
Answer: A

Question 133
Which cloud service offering allows customers to access a web application that
is being hosted, managed, and maintained by a cloud service provider?
A. IaC
B. SaaS
C. IaaS
D. PaaS
Answer: B

Question 134
How does Cisco Workload Optimization portion of the network do EPP
solutions solely performance issues?
A. It deploys an AWS Lambda system

Page 44/47
 B. It automates resource resizing
C. It optimizes a flow path
D. It sets up a workload forensic score
Answer: B Workload Optimization Manager right-sizes public cloud instances and then continuously
monitors and adjusts resources as demand fluctuates.

Question 135
Email security has become a high priority task for a security engineer at a large
multi- national organization due to ongoing phishing campaigns. To help control this,
the engineer has deployed an Incoming Content Filter with a URL reputation of (-
10.00 to -6.00) on the Cisco ESA. Which action will the system perform to disable any
links in messages that match the filter?
A. Defang
B. Quarantine
C. FilterAction
D. ScreenAction
Answer: A
Defang means, the HTML part of the URL is “destroyed” but still visible.

Question 136
What are two workloaded security models? (Choose two)
A. SaaS
B. IaaS
C. on-premises
D. off-premises
E. PaaS
Answer: C D

Question 137
Which API method and required attribute are used to add a device into DNAC
with the native API?
A. lastSyncTime and pid
B. POST and name
C. userSudiSerialNos and deviceInfo

Page 45/47
 D. GET and serialNumber
Answer: B

Question 138
What provides total management for mobile and PC including managing
inventory and device tracking, remote view, and live troubleshooting using the
included native remote desktop support?
A. mobile device management
B. mobile content management
C. mobile application management
D. mobile access management
MDM provides total management for mobile and PC. Provision settings and restrictions,
Answer: A manage inventory and device tracking, remote wipe an entire device or selectively just the
managed apps and data, and remotely view and live troubleshoot using the included native
remote desktop support.

Question 139
What is the most common type of data exfiltration that organizations currently
experience?
A. HTTPS file upload site
B. Microsoft Windows network shares
C. SQL database injections
D. encrypted SMTP
Answer: A

Question 140
An administrator is configuring NTP on Cisco ASA via ASDM and needs to
ensure that rogue NTP servers cannot insert themselves as the authoritative time
source. Which two steps must be taken to accomplish this task? (Choose two)
A. Specify the NTP version
B. Configure the NTP stratum
C. Set the authentication key
D. Choose the interface for syncing to the NTP server
E. Set the NTP DNS hostname
Answer: C E

Page 46/47
 Question 141
Which two criteria must a certificate meet before the WSA uses it to decrypt
application traffic? (Choose two)
A. It must include the current date.
B. It must reside in the trusted store of the WSA.
C. It must reside in the trusted store of the endpoint.
D. It must have been signed by an internal CA.
E. It must contain a SAN.
Answer: A B

Page 47/47