NEW QUESTION 1
Which option describes how the native VLAN is set up on an IPS sensor when VLAN groups are used in an inline deployment of the sensor?

• A. The sensor looks at the native VLAN setup on the switch to determine the correct native VLAN to use.
• B. The sensor does not care about VLANs.
• C. A default VLAN variable must be associated with each physical interface on the sensor.
• D. There is no way to set this, so you need to tag all traffic.
• E. ISL links are only supported.

Answer: C

NEW QUESTION 2
Who or what calculates the signature fidelity rating?

• A. the signature author
• B. Cisco Professional Services
• C. the administrator
• D. the security policy

Answer: A

NEW QUESTION 3
What is the access-list command on a Cisco IPS appliance used for?

• A. to permanently filter traffic coming to the Cisco IPS appliance via the sensing port
• B. to filter for traffic when the Cisco IPS appliance is in the inline mode
• C. to restrict management access to the sensor
• D. to create a filter that can be applied on the interface that is under attack

Answer: C

NEW QUESTION 4
A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?

• A. Show statistics virtual-sensor
• B. Show event alert
• C. Show alert
• D. Show version

Answer: A

NEW QUESTION 5
What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access?

• A. sslconfig
• B. sslciphers
• C. tlsconifg
• D. certconfig

Answer: A

NEW QUESTION 6
Which two types of software can be installed on a cisco ASA-5545-X appliance? (choose two)

• A. cisco ASAv
• B. Cisco firePOWER Appliance
• C. Cisco firePOWER services
• D. cisco ASA
• E. ciscofirePOWER management Center

Answer: CD

NEW QUESTION 7
Which Cisco technology secures the network through malware filtering, category-based control, and reputation-based control?

• A. Cisco ASA 5500 Series appliances
• B. Cisco IPS
• C. Cisco remote-access VPNs
• D. Cisco WSA

Answer: D

NEW QUESTION 8
Which commands are required to configure SSH on router? (Choose two.)

• A. Configure domain name using ip domain-name command
• B. Generate a key using crypto key generate rsa
• C. Configure a DHCP host for the router using dhcpname#configure terminal
• D. Generate enterprise CA self-sign certificate

Answer: AB

Explanation: Here are the steps:
Configure a hostname for the router using these commands. yourname#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. yourname (config)#hostname LabRouter
LabRouter(config)#
Configure a domain name with the ip domain-name command followed by whatever you would like your domain name to be. I used CiscoLab.com.
LabRouter(config)#ip domain-name CiscoLab.com
We generate a certificate that will be used to encrypt the SSH packets using the crypto key generate rsa command.
Take note of the message that is displayed right after we enter this command: "The name for the keys will be: LabRouter.CiscoLab.com" -- it combines the hostname of the router along with the domain name we configured to get the name of the encryption key generated; this is why it was important for us to, first of all, configure a hostname then a domain name before we generated the keys.
Reference: https://www.pluralsight.com/blog/tutorials/configure-secure-shell-ssh-on-cisco-router

NEW QUESTION 9
What is the default IP range of the external zone?

• A. 0.0.0.0 0.0.0.0
• B. 0.0.0.0 - 255.255.255.255
• C. 0.0.0.0/8
• D. The network of the management interface

Answer: B

NEW QUESTION 10
Which SSL traffic decryption feature is used when decrypting traffic from an external host to a server on your network?

• A. Decrypt by stripping the server certificate.
• B. Decrypt by resigning the server certificate
• C. Decrypt with a known private key
• D. Decypt with a known public key

Answer: B

NEW QUESTION 11
Which website can be used to validate group information about connections that flow through Cisco CWS?

• A. whoami.scansafe.com
• B. policytrace.scansafe.com
• C. policytrace.scansafe.net
• D. whoami.scansafe.net

Answer: C

NEW QUESTION 12
Connections are being denied because of SenderBase Reputation Scores. Which two features must be enabled in order to record those connections in the mail log on the Cisco ESA? (Choose two.)

• A. Rejected Connection Handling
• B. Domain Debug Logs
• C. Injection Debug Logs
• D. Message Tracking

Answer: AD

NEW QUESTION 13
What are three best practices for a Cisco Intrusion Prevention System? (Choose three.)

• A. Checking for new signatures every 4 hours
• B. Checking for new signatures on a staggered schedule
• C. Automatically updating signature packs
• D. Manually updating signature packs
• E. Group tuning of signatures
• F. Single tuning of signatures

Answer: BCE

NEW QUESTION 14
Which statement about the Cisco ASACX role in inspecting SSL traffic is true?

• A. To decrypt traffic, the Cisco ASACX must accept the websites' certificates as Trusted Root Cas.
• B. If the administrator elects to decrypt traffic, the Cisco ASACX acts as a man-in—me-middle.
• C. Either all traffic is decrypted, or no traffic is decrypted by the Cisco ASACX.
• D. The traffic is encrypted, so the Cisco ASACX cannot determine the content of the traffic.

Answer: B

NEW QUESTION 15
Within Cisco IPS anomaly detection, what is the default IP range of the external zone?

• A. 0.0.0.0 0.0.0.0
• B. 0.0.0.0 - 255.255.255.255
• C. 0.0.0.0/8
• D. the network of the management interface

Answer: B

NEW QUESTION 16
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.




Between the Cisco ASA configuration and the Cisco WSA configuration, what is true with respect to redirected ports?

• A. Both are configured for port 80 only.
• B. Both are configured for port 443 only.
• C. Both are configured for both port 80 and 443.
• D. Both are configured for ports 80, 443 and 3128.
• E. There is a configuration mismatch on redirected ports.

Answer: C

Explanation: This can be seen from the WSA Network tab shown below:

NEW QUESTION 17
With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment?

• A. vulnerable software
• B. file analysis
• C. detections
• D. prevalence
• E. threat root cause

Answer: C

NEW QUESTION 18
Which option describes the role of the Learning Accept Mode for anomaly detection?

• A. It creates a knowledge base of the network traffic
• B. It detects ongoing attacks and adds them to a database.
• C. It configures the anomaly detection zones.
• D. It identifies incomplete connections and flags them.

Answer: A

Explanation: http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/sec urity_manager/4-0/user/guide/CSMUserGuide_wrapper/ipsanom.html

NEW QUESTION 19
What step is required to enable HTTPS Proxy on the Cisco Web Security Appliance?

• A. Web Security Manager HTTPS Proxy click Enable
• B. Security Services HTTPS Proxy click Enable
• C. HTTPS Proxy is enabled by default
• D. System Administration HTTPS Proxy click Enable

Answer: B