Topic 1: Exam Pool A
Which protocol provides the strongest throughput performance when using Cisco
AnyConnect VPN?
A.
TLSv1.2
B.
TLSv1.1
C.
BJTLSv1
D.
DTLSv1
DTLSv1
DTLS is used for delay sensitive applications (voice and video)
as its UDP based while TLS is TCP based.Therefore DTLS offers strongest throughput
performance. The throughput of DTLS at the time of AnyConnect connection can be
expected to have processing performance close to VPN throughput.
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session
when an endpoint is
deleted from an identity group?
A.
posture assessment
B.
CoA
C.
external identity source
D.
SNMP probe
CoA
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-
3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010101.html
Which product allows Cisco FMC to push security intelligence observable to its sensors
from other products?
A.
Encrypted Traffic Analytics
B.
Threat Intelligence Director
C.
Cognitive Threat Analytics
D.
Cisco Talos Intelligence
Threat Intelligence Director
How is DNS tunneling used to exfiltrate data out of a corporate network?
A.
It corrupts DNS servers by replacing the actual IP address with a rogue address to
collect information or start other attacks.
B.
It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
C.
It redirects DNS requests to a malicious server used to steal user credentials, which
allows further damage
and theft on the network.
D.
It leverages the DNS server by permitting recursive lookups to spread the attack to other
DNS servers
It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
Domain name system (DNS) is the protocol that translates
human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13.
Because DNS messages are only used as the beginning of each communication and they
are not intended for data transfer, many organizations do not monitor their DNS traffic for
malicious activity. As a result, DNS-based attacks can be effective if launched against their
networks. DNS tunneling is one such attack.An example of DNS Tunneling is shown below:
The attacker incorporates one of many open-source DNS tunneling kits into an
authoritative DNSnameserver (NS) and malicious payload.2. An IP address (e.g.
1.2.3.4) is allocated from the attacker’s infrastructure and a domain name (e.g.
attackerdomain.com) is registered or reused. The registrar informs the top-level
domain (.com) nameservers to refer requests for attackerdomain.com to
ns.attackerdomain.com, which has a DNS record mapped to 1.2.3.43. The
attacker compromises a system with the malicious payload. Once the desired data
is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z)
broken into short strings (3KJ242AIE9, P028X977W,…).4. The payload initiates
thousands of unique DNS record requests to the attacker’s domain with each
string as
Reference: https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0
A network engineer has been tasked with adding a new medical device to the network.
Cisco ISE is being used as the NAC server, and the new device does not have a supplicant
available. What must be done in order to securely connect this device to the network?
A.
Use MAB with profiling
B.
Use MAB with posture assessment
C.
Use 802.1X with posture assessment
D.
Use 802.1X with profiling
Use MAB with profiling
Reference: https://community.cisco.com/t5/security-documents/ise-profiling-designguide/
ta-p/3739456
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?
A.
SAT
B.
HAT
C.
BAT
D.
RAT
RAT
What are two characteristics of Cisco DNA Center APIs? (Choose two)
A.
Postman is required to utilize Cisco DNA Center API calls.
B.
They do not support Python scripts.
C.
They are Cisco proprietary.
D.
They quickly provision new devices
E.
They view the overall health of the network
They quickly provision new devices
They view the overall health of the network
Which Dos attack uses fragmented packets to crash a target machine?
A.
smurf
B.
MITM
C.
teardrop
D.
LAND
teardrop
A teardrop attack is a denial-of-service (DoS)
attack that involves sending fragmented packets to a targetmachine. Since the machine
receiving such packets cannot reassemble them due to a bug in TCP/IPfragmentation
reassembly, the packets overlap one another, crashing the target network device. This
generally happens on older operating systems such as Windows 3.1x, Windows 95,
Windows NT and versions of the Linux kernel prior to 2.1.63.
Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?
A.
1
B.
2
C.
6
D.
31
6
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identitybased-networkingservices/config_guide_c17-663759.html
Which attack type attempts to shut down a machine or network so that users are not able
to access it?
A.
smurf
B.
bluesnarfing
C.
MAC spoofing
D.
IP spoofing
smurf
Denial-of-service (DDoS) aims at shutting down a
network or service, causing it to be inaccessible to itsintended users.The Smurf attack is a
DDoS attack in which large numbers of Internet Control Message Protocol (ICMP)packets
with the intended victim’s spoofed source IP are broadcast to a computer network using an
IPbroadcast address.
In an IaaS cloud services model, which security function is the provider responsible for
managing?
A.
Internet proxy
B.
firewalling virtual machines
C.
CASB
D.
hypervisor OS hardening
firewalling virtual machines
In this IaaS model, cloud providers offer resources to
users/machines that include computers as virtualmachines, raw (block) storage, firewalls
, load balancers, and network devices.Note: Cloud access security broker (CASB) provides
visibility and compliance checks, protects data against misuse and exfiltration, and
provides threat protections against malware such as ransomware.
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?
A.
SNMP
B.
SMTP
C.
syslog
D.
model-driven telemetry
model-driven telemetry
https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide
| Page 3 out of 53 Pages |
| Previous |