CCNP与CCIE Security SCOR思科认证网络工程师题库2

CCNP/CCIESecuritySCOR题库2

QUESTION51

AnengineerneedsasolutionforTACACS+authenticationandauthorizationfordevice

administration.Theengineeralsowantstoenhancewiredandwirelessnetworksecuritybyrequiring

usersandendpointstouse802.1X,MAB,orWebAuth.Whichproductmeetsalloftheserequirements?

A.CiscoPrimeInfrastructure

B.CiscoIdentityServicesEngine

C.CiscoStealthwatch

D.CiscoAMPforEndpoints

CorrectAnswer:B

Section:(none)

Explanation

Explanation/Reference:

QUESTION52

Whenwired802.1Xauthenticationisimplemented,whichtwocomponentsarerequired?(Choose

two.)

A.authenticationserver:CiscoIdentityServiceEngine

B.supplicant:CiscoAnyConnectISEPosturemodule

C.authenticator:CiscoCatalystswitch

D.authenticator:CiscoIdentityServicesEngine

E.authenticationserver:CiscoPrimeInfrastructure

CorrectAnswer:AC

Section:(none)

Explanation

Explanation/Reference:

Reference:/blog/ise-series-802.lx

QUESTION53

TheCiscoASAmustsupportTLSproxyforencryptedCiscoUnifiedCommunicationstraffic.Where

musttheASAbeaddedontheCiscoUCManagerplatform?

A.CertificateTrustList

B.EndpointTrustList

C.EnterpriseProxyService

D.SecuredCollaborationProxy

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/td/docs/security/asa/special/unified-

communications/guide/unified-comm/unified-comm-tlsproxy.html

QUESTION54

WhichAPIisusedforContentSecurity?

A.NX-OSAPI

B.IOSXRAPI

C.OpenVulnAPI

D.AsyncOSAPI

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/td/docs/security/security_management/sma/smal2

-0/api/b_SMA_API_12/test_chapter_01.html

QUESTION55

Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo.)

A.Theattackisfragmentedintogroupsof16octetsbeforetransmission.

B.Theattackisfragmentedintogroupsof8octetsbeforetransmission.

C.ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.

D.Malformedpacketsareusedtocrashsystems.

E.PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.

CorrectAnswer:BD

Section:(none)

Explanation

Explanation/Reference:

Reference:/wiki/Ping_of_death

QUESTION56

Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo.)

A.Enablebrowseralertsforfraudulentwebsites.

B.Definesecuritygroupmemberships.

C.RevokeexpiredCRLofthewebsites.

D.Useantispywaresoftware.

E.Implementemailfilteringtechniques.

CorrectAnswer:AE

Section:(none)

Explanation

Explanation/Reference:

QUESTION57

WhichVPNtechnologycansupportamultivendorenvironmentandsecuretrafficbetweensites?

A.SSLVPN

B.GETVPN

C.FlexVPN

D.DMVPN

CorrectAnswer:C

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/products/collateral/routers/asr-1000-series-

aggregation-services-routers/data_sheet_c78-704277.html

QUESTION58

WhichSNMPv3configurationmustbeusedtosupportthestrongestsecuritypossible?

A.asa-host(config)#snmp-servergroupmyv3v3privasa-host(config)#snmp-serveruserandymyv3

authshaciscoprivdesciscXXXXXXXXasa-host(config)#snmp-serverhostinsideversion

3andy

B.asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)#snmp-serveruserandy

myv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#snmp-serverhostinside

version3andy

C.asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)#snmp-serveruserandy

myv3authshaciscopriv3desciscXXXXXXXXasa-host(config)#snmp-serverhostinside

version3andy

D.asa-host(config)#snmp-servergroupmyv3v3privasa-host(config)#snmp-serveruserandy

myv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#snmp-serverhostinside

version3andy

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

QUESTION59

WhichfeatureissupportedwhendeployingCiscoASAvwithinAWSpubliccloud?

A.multiplecontextmode

B.userdeploymentofLayer3networks

C.IPv6

D.clustering

CorrectAnswer:B

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/td/docs/security/asa/asa96/asav/quick-start-

book/asav-96-qsg/asav-aws.html

QUESTION60

WhichproxymodemustbeusedonCiscoWSAtoredirectTCPtrafficwithWCCP?

A.transparent

B.redirection

C.forward

D.proxygateway

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/support/docs/security/web-security-

appliance/117940-qa-wsa-00.html

QUESTION61

AnMDMprovideswhichtwoadvantagestoanorganizationwithregardstodevicemanagement?

(Choosetwo.)

A.assetinventorymanagement

B.allowedapplicationmanagement

C.ActiveDirectorygrouppolicymanagement

D.networkdevicemanagement

E.criticaldevicemanagement

CorrectAnswer:AB

Section:(none)

Explanation

Explanation/Reference:

QUESTION62

WhichTalosreputationcenterallowsyoutotrackthereputationofIPaddressesforemailandweb

traffic?

A.IPBlacklistCenter

B.FileReputationCenter

C.AMPReputationCenter

D.IPandDomainReputationCenter

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

QUESTION63

UnderwhichtwocircumstancesisaCoAissued?(Choosetwo.)

A.AnewauthenticationrulewasaddedtothepolicyonthePolicyServicenode.

B.AnendpointisdeletedontheIdentityServiceEngineserver.

C.AnewIdentitySourceSequenceiscreatedandreferencedintheauthenticationpolicy.

D.Anendpointisprofiledforthefirsttime.

E.AnewIdentityServiceEngineserverisaddedtothedeploymentwiththeAdministrationpersona.

CorrectAnswer:BD

Section:(none)

Explanation

Explanation/Reference:

Reference:https://www.cisco.eom/en/US/docs/security/ise/l.0/user_guide/iselO_prof_pol.html

QUESTION64

WhichsolutioncombinesCiscoIOSandIOSXEcomponentstoenableadministratorstorecognize

applications,collectandsendnetworkmetricstoCiscoPrimeandotherthird-partymanagement

tools,andprioritizeapplicationtraffic?

A.CiscoSecurityIntelligence

B.CiscoApplicationVisibilityandControl

C.CiscoModelDrivenTelemetry

D.CiscoDNACenter

CorrectAnswer:B

Section:(none)

Explanation

Explanation/Reference:

QUESTION65

Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingand

socialengineeringattacks?(Choosetwo.)

A.Patchforcross-sitescripting.

B.Performbackupstotheprivatecloud.

C.Protectagainstinputvalidationandcharacterescapesintheendpoint.

D.Installaspamandvirusemailfilter.

E.Protectsystemswithanup-to-dateantimalwareprogram.

CorrectAnswer:DE

Section:(none)

Explanation

Explanation/Reference:

QUESTION66

AnengineerusedaposturecheckonaMicrosoftWindowsendpointanddiscoveredthattheMS17-

010patchwasnotinstalled,whichlefttheendpointvulnerabletoWannaCryransomware.Whichtwo

solutionsmitigatetheriskofthisransomwareinfection?(Choosetwo.)

A.ConfigureaposturepolicyinCiscoIdentityServicesEnginetoinstalltheMS17-010patchbefore

allowingaccessonthenetwork.

B.SetupaprofilingpolicyinCiscoIdentityServiceEnginetocheckandendpointpatchlevelbefore

allowingaccessonthenetwork.

C.ConfigureaposturepolicyinCiscoIdentityServicesEnginetocheckthatanendpointpatchlevel

ismetbeforeallowingaccessonthenetwork.

D.Configureendpointfirewallpoliciestostoptheexploittrafficfrombeingallowedtorunand

replicatethroughoutthenetwork.

E.Setupawell-definedendpointpatchingstrategytoensurethatendpointshavecritical

vulnerabilitiespatchedinatimelyfashion.

CorrectAnswer:AC

Section:(none)

Explanation

Explanation/Reference:

QUESTION67

DRAGDROP

DraganddropthestepsfromtheleftintothecorrectorderontherighttoenableAppDynamicsto

monitoranEC2instanceinAmazonWebServices.

SelectandPlace:

CorrectAnswer:

Section:(none)

Explanation

Explanation/Reference:

QUESTION68

Whywouldauserchooseanon-premisesESAversustheCESsolution?

A.Sensitivedatamustremainonsite.

B.Demandisunpredictable.

C.Theserverteamwantstooutsourcethisservice.

D.ESAisdeployedinline.

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

QUESTION69

WhichtechnologymustbeusedtoimplementsecureVPNconnectivityamongcompanybranches

overaprivateIPcloudwithany-to-anyscalableconnectivity?

A.DMVPN

B.FlexVPN

C.IPsecDVTI

D.GETVPN

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

QUESTION70

WhichCiscosolutiondoesCiscoUmbrellaintegratewithtodetermineifaURLismalicious?

A.AMP

B.AnyConnect

C.DynDNS

D.Talos

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

QUESTION71

WhatisthepurposeoftheDecryptforApplicationDetectionfeaturewithintheWSADecryption

options?

A.ItdecryptsHTTPSapplicationtrafficforunauthenticatedusers.

B.ItalertsuserswhentheWSAdecryptstheirtraffic.

C.ItdecryptsHTTPSapplicationtrafficforauthenticatedusers.

D.ItprovidesenhancedHTTPSapplicationdetectionforAsyncOS.

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/td/docs/security/wsa/wsall7/user_guide/b_WSA_U

serGuide_ll_7/b_WSA_UserGuide_ll_7_chapter_01011.html

QUESTION72

WhatistheprimaryroleoftheCiscoEmailSecurityAppliance?

A.MailSubmissionAgent

B.MailTransferAgent

C.MailDeliveryAgent

D.MailUserAgent

CorrectAnswer:B

Section:(none)

Explanation

Explanation/Reference:

QUESTION73

WhichtwofeaturesofCiscoDNACenterareusedinaSoftwareDefinedNetworksolution?(Choose

two.)

A.accounting

B.assurance

C.automation

D.authentication

E.encryption

CorrectAnswer:BC

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/products/cloud-systems-management/dna-

center/index.html

QUESTION74

Whichcloudservicemodeloffersanenvironmentforcloudconsumerstodevelopanddeploy

applicationswithoutneedingtomanageormaintaintheunderlyingcloudinfrastructure?

A.PaaS

B.XaaS

C.laaS

D.SaaS

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

QUESTION75

WhatisarequiredprerequisitetoenablemalwarefilescanningfortheSecureInternetGateway?

A.EnableIPLayerenforcement.

B.ActivatetheAdvancedMalwareProtectionlicense

C.ActivateSSLdecryption.

D.EnableIntelligentProxy.

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

QUESTION76

WhichtwofeaturesareusedtoconfigureCiscoESAwithamultilayerapproachtofightvirusesand

malware?(Choosetwo.)

A.Sophosengine

B.whitelist

C.RAT

D.outbreakfilters

E.DLP

CorrectAnswer:AD

Section:(none)

Explanation

Explanation/Reference:

QUESTION77

HowisCiscoUmbrellaconfiguredtologonlysecurityevents?

A.perpolicy

B.intheReportingsettings

C.intheSecuritySettingssection

D.pernetworkintheDeploymentssection

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

Reference:/deployment-umbrella/docs/log-management

QUESTION78

WhatistheprimarydifferencebetweenanEndpointProtectionPlatformandanEndpointDetection

andResponse?

A.EPPfocusesonprevention,andEDRfocusesonadvancedthreatsthatevadeperimeterdefenses.

B.EDRfocusesonprevention,andEPPfocusesonadvancedthreatsthatevadeperimeterdefenses.

C.EPPfocusesonnetworksecurity,andEDRfocusesondevicesecurity.

D.EDRfocusesonnetworksecurity,andEPPfocusesondevicesecurity.

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/products/security/endpoint-security/what-is-

endpoint-detection-response-edr.html

QUESTION79

OnwhichpartoftheITenvironmentdoesDevSecOpsfocus?

A.applicationdevelopment

B.wirelessnetwork

C.datacenter

D.perimeternetwork

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

QUESTION80

WhichfunctionsofanSDNarchitecturerequiresouthboundAPIstoenablecommunication?

A.SDNcontrollerandthenetworkelements

B.managementconsoleandtheSDNcontroller

C.managementconsoleandthecloud

D.SDNcontrollerandthecloud

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

QUESTION81

Whatisacharacteristicoftrafficstormcontrolbehavior?

A.Trafficstormcontroldropsallbroadcastandmulticasttrafficifthecombinedtrafficexceedsthe

levelwithintheinterval.

B.Trafficstormcontrolcannotdetermineifthepacketisunicastorbroadcast.

C.Trafficstormcontrolmonitorsincomingtrafficlevelsovera10-secondtrafficstormcontrolinterval.

0.TrafficstormcontrolusestheIndividual/Groupbitinthepacketsourceaddresstodetermineifthe

packetisunicastorbroadcast.

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/td/docs/routers/7600/ios/121E/configuration/guide

/storm.html

QUESTION82

WhichtworequestofRESTAPIarevalidontheCiscoASAPlatform?(Choosetwo.)

A.put

B.options

C.get

D.push

E.connect

CorrectAnswer:AC

Section:(none)

Explanation

Explanation/Reference:

Reference:https://www.cisco.eom/c/en/us/td/docs/security/asa/api/qsg-asa-api.html

QUESTION83

InaPaaSmodel,whichlayeristhetenantresponsibleformaintainingandpatching?

A.hypervisor

B.virtualmachine

C.network

D.application

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

Reference:https:〃/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-

how-to-choose/

QUESTION84

AnengineerisconfiguringAMPforendpointsandwantstoblockcertainfilesfromexecuting.Which

outbreakcontrolmethodisusedtoaccomplishthistask?

A.deviceflowcorrelation

B.simpledetections

C.applicationblockinglist

D.advancedcustomdetections

CorrectAnswer:C

Section:(none)

Explanation

Explanation/Reference:

QUESTION85

WhichASAdeploymentmodecanprovideseparationofmanagementonasharedappliance?

A.DMZmultiplezonemode

B.transparentfirewallmode

C.multiplecontextmode

D.routedmode

CorrectAnswer:C

Section:(none)

Explanation

Explanation/Reference:

QUESTION86

WhichtwodeploymentmodelconfigurationsaresupportedforCiscoFTDvinAWS?(Choosetwo.)

A.CiscoFTDvconfiguredinroutedmodeandmanagedbyanFMCvinstalledinAWS

B.CiscoFTDvwithonemanagementinterfaceandtwotrafficinterfacesconfigured

C.CiscoFTDvconfiguredinroutedmodeandmanagedbyaphysicalFMCapplianceonpremises

D.CiscoFTDvwithtwomanagementinterfacesandonetrafficinterfaceconfigured

E.CiscoFTDvconfiguredinroutedmodeandIPv6configured

CorrectAnswer:AC

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/products/collateral/security/adaptive-security-

virtual-appliance-asav/white-paper-cll-740505.html

QUESTION87

WhatcanbeintegratedwithCiscoThreatIntelligenceDirectortoprovideinformationaboutsecurity

threats,whichallowstheSOCtoproactivelyautomateresponsestothosethreats?

A.CiscoUmbrella

B.ExternalThreatFeeds

C.CiscoThreatGrid

D.CiscoStealthwatch

CorrectAnswer:C

Section:(none)

Explanation

Explanation/Reference:

QUESTION88

Whatprovidesvisibilityandawarenessintowhatiscurrentlyoccurringonthenetwork?

A.CMX

B.WMI

C.PrimeInfrastructure

D.Telemetry

CorrectAnswer:C

Section:(none)

Explanation

Explanation/Reference:

QUESTION89

WhichattackiscommonlyassociatedwithCandC++programminglanguages?

A.cross-sitescripting

B.waterholing

C.DDoS

D.bufferoverflow

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

Reference:/wiki/Buffer_overflow

QUESTION90

Anengineermustforceanendpointtore-authenticateanalreadyauthenticatedsessionwithout

disruptingtheendpointtoapplyaneworupdatedpolicyfromISE.WhichCoAtypeachievesthis

goal?

A.PortBounce

B.CoATerminate

C.CoAReauth

D.CoASessionQuery

CorrectAnswer:C

Section:(none)

Explanation

Explanation/Reference:

QUESTION91

SysauthcontrolEnabled

DotlxProtocolVersion3

DotlxInfoforGigabitEthernetl/0/12

PAEAUTHENTICATOR

PortcontrolFORCE__AUTHORIZED

ControlDirection=Both

HostModeSINGLE__HOST

QuietPeriod60

ServerTimeout0

SuppTimeout30

ReAuthMax2

MaxReq2

TxPeriod30

Refertotheexhibit.Whichcommandwasusedtodisplaythisoutput?

A.showdotlxall

B.showdotlx

C.showdotlxallsummary

D.showdotlxinterfacegil/0/12

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/td/docs/ios-xml/ios/sec_usr8021x/configuration/xe-

3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x-pba.html

QUESTION92

WhichtwopreventiontechniquesareusedtomitigateSQLinjectionattacks?(Choosetwo.)

A.Checkinteger,float,orBooleanstringparameterstoensureaccuratevalues.

B.Usepreparedstatementsandparameterizedqueries.

C.Securetheconnectionbetweenthewebandtheapptier.

D.WriteSQLcodeinsteadofusingobject-relationalmappinglibraries.

E.BlockSQLcodeexecutioninthewebapplicationdatabaselogin.

CorrectAnswer:AB

Section:(none)

Explanation

Explanation/Reference:

Reference:/wiki/SQL_injection

QUESTION93

HowdoesCiscoStealthwatchCloudprovidesecurityforcloudenvironments?

A.Itdeliversvisibilityandthreatdetection.

B.Itpreventsexfiltrationofsensitivedata.

C.ItassignsInternet-basedDNSprotectionforclientsandservers.

D.Itfacilitatessecureconnectivitybetweenpublicandprivatenetworks.

CorrectAnswer:A

Section:(none)

Explanation

Explanation/Reference:

Reference:

/SHIcom/ContentAttachmentlmages/SharedResources/FBLP/Cisco/Ci

sco-091919-Simple-IT-Whitepaper.pdf

QUESTION94

WhichtwoapplicationlayerpreprocessorsareusedbyFirepowerNextGenerationIntrusionPrevention

System?(Choosetwo.)

A.SIP

B.inlinenormalization

C.SSL

D.packetdecoder

E.modbus

CorrectAnswer:AC

Section:(none)

Explanation

Explanation/Reference:

Reference:/c/en/us/td/docs/security/firepower/60/configuration/guide/

fpmc-config-guide-v60/Application_Layer_Preprocessors.html

QUESTION95

WhichfeatureisconfiguredformanageddevicesinthedeviceplatformsettingsoftheFirepower

ManagementCenter?

A.qualityofservice

B.timesynchronization

C.networkaddresstranslations

D.intrusionpolicy

CorrectAnswer:B

Section:(none)

Explanation

Explanation/Reference:

QUESTION96

ThemainfunctionofnorthboundAPIsintheSDNarchitectureistoenablecommunicationbetweenwhich

twoareasofanetwork?

A.SDNcontrollerandthecloud

B.managementconsoleandtheSDNcontrollerC.managementconsoleandthecloud

D.SDNcontrollerandthemanagementsolution

CorrectAnswer:D

Section:(none)

Explanation

Explanation/Reference:

QUESTION97

Gatewayoflastresortis1.1.1.1tonetwork0.0.0.0

S*0.0.0.0[1/0]via1.1.1.1zoutside

Cisdirectlyconnectxoutside

S[1/0]via,inside

Cisdirectlyconnected,inside

Cisdirectlyconnected,dmz

S(1/0]via,dmz

access-listredirect-aclpermitipany

access-listredirect-aclpermitipany

class-mapredirect-class

matchaccess-listredirect-acl

policy-mapinside-policy

class