CCNP - Network Security Controls Post Assessment

Which option defines a method that can be used for matching senders and recipients for the "example.com" domain?

@example.com

Cisco ESA can be both a physical and virtual instance. Which two options are hypervisors that are currently supported in a virtual implementation of Cisco ESA?

VMware ESXi Kernel-based virtual machine

What is the name of the stateful firewall feature available on Cisco IOS routers?

Zone-based policy firewall

When are "point-in-time detection technologies" considered useless?

after the attacker has compromised the internet-facing firewall appliance

Which two controls can Cisco WSA use to validate web requests?

basic URL filtering that leverages predefined, category-based web usage controls IPS-based signatures that are loaded in the Cisco WSA to prevent intrusions and alert system administrators

Cisco Secure Firewall ASA forwards packets based on different parameters when running in routed and transparent mode. On which parameter is the packet forwarding process on ASA running in transparent mode based?

destination MAC address

Which three actions can be applied on Cisco Secure Firewall ASA to the traffic class in a Layer 5-7 policy map?

drop, reset, inspect

Which level within a cluster overrides the settings for the other levels?

group level settings

What happens when a file hash has never been seen by the Cisco cloud malware analysis system

it will return an "unknown disposition" status, meaning the system doesn't have enough information to determine if the file is malicious or not; in this case, the file is automatically submitted to the cloud for further dynamic analysis to determine its nature and potential threat.

What would be the action if a TLS connection is unavailable but the Destination Controls TLS setting is set to Required?

retry/bounce message

Which statement about a DNS "blind spot" is correct?

A blind spot is the failure to properly monitor DNS activity for security purposes.

Which three features does the Acceptable Use Policy software on the Cisco WSA offer? (Choose three.)

Acceptable use policy, application, and protocol control Integrated authentication URL filters

Which type of Cisco Firepower discovery is NMAP an example of?

Active discovery

Which three actions can be applied on the messages before they are released due to overflow? (Choose three.)

Add X-Header Strip Attachment Delete

Which three anti-malware scanning engines can be used by the Cisco Dynamic Vectoring and Streaming engine in the process of inspecting web traffic for malicious content? (Choose three.)

Advanced Malware Protection McAfee Sophos

Which three parameters define a decryption policy on the Cisco WSA? (Choose three.)

Authentication Realm Default Identification Profile

Which three statements characterize user authentication in transparent proxy mode for web traffic? (Choose three.)

Authentication realm Default Identification profile

What are the four file policy rule actions? (Choose four.)

Block files Block malware Allow files Detect Files

What are the three similarities between IDS and IPS sensors?

Both use reflective ACLs to detect malicious network activity. Both use signature files to determine whether suspicious activity is occurring. Both can analyze all traffic that controls Layer 2-to-Layer 3 mappings, such as ARP and DHCP.

Which Cisco solution provides outstanding protection from malicious email with little administrative overhead?

Cisco Cloud Email Security

Which Cisco appliance uses reputation-based filtering to stop a large percent of spam before it enters the network?

Cisco Email Security Appliance

Which physical or virtual appliance is used to manage several Cisco Firepower NGFW firewalls?

Cisco FMC

Which feature in the email pipeline is available only in the outgoing mail policies?

DLP

Which common defense-in-depth method can help reduce the attack surface?

Deploy IPS, firewalls, and AAA-based platforms and services.

Which module in the modular design approach glues all other modules together?

Enterprise Core

In the FMC GUI, which type of event shows the results for both the file type and malware detection (for all dispositions) but not information about malware files transferred?

File events

Which feature can automatically enable rules that address Linux 2.6 vulnerabilities for environments where Linux 2.6 OS is detected?

Firepower Recommendations

To which three states can you set a rule in an intrusion policy? (Choose three.)

Generate Events Drop and Generate Events Disable

On the Cisco ESA, which component can be configured with public and private listeners?

HAT - Host Access Table

How can you quickly block IP communication to and from a certain IP address before traffic gets inspected by ACP?

In the events view, right-click IP address and select Blacklist IP Now. Deployment of configuration change is needed for the change to take effect.

On the Cisco ESA, what are the two main mail policies?

Incoming and outgoing mail policies

Which configuration tab is used to apply an intrusion policy and file policy to an access control policy rule?

Intrusion and file

What is the primary purpose of the "relative threat exposure" regarding the Cisco CTA dashboard

It answers the question: How is my organization doing as it relates to others?

Which three actions does the Dynamic Content Analysis engine perform when evaluating uncategorized web content? (Choose three.)

It evaluates the requested URL against the Cisco WSA URL category database. It dynamically inspects the website, scores the content, calculates model document proximity, and returns the closest category match. It identifies the requested URL as uncategorized after an unsuccessful match against the URL database.

Which statement about a Cisco Secure Firewall ASA global ACL is true?

It is applied globally on all interfaces in inbound and outbound direction.

What are the three system-provided base intrusion policies? (Choose three.)

Low impact mode High impact mode Recommended

Which two third-party vendors integrate with Cisco ESA to provide antivirus scanning? (Choose two.)

Mcafee Sophos

Which ACP rule action will allow you to send traffic for additional inspection against IPS policy?

Monitor

Which three functionalities are performed by LINA (ASA) engine of the Cisco FTD Software? (Choose three.)

NAT, VPN, IP Routing

What is the minimum requirement regarding the number and type of listeners for accepting incoming and outgoing email in a single interface deployment of the Cisco ESA?

One public and one private listener

The Cisco Secure Firewall ASA has four operational interfaces running, each one configured with an IP address, interface name, and security levels. The following security levels are configured on the interfaces: 100 on the inside interface, 0 on the outside interface, and 50 on both dmz1 and dmz2 interfaces. To which interfaces can the dmz1 interface send outbound traffic if the ASA is using the default parameters?

Outside interface

Which NAT configuration is required when hosts from the 192.168.10.0/24 subnet in the inside NAT domain require a translation to a single 209.165.200.230 IPv4 address, but only when they are connecting to the 209.165.202.130 host in the outside NAT domain?

Policy NAT

Which translation type of NAT performs NAT based on a combination of source and destination IP addresses and services?

Policy NAT

Which three options are possible categories that a message can be put into after antispam scanning? (Choose three.)

Possible Spam Suspected Spam Not Spam

Which policy could be used to improve performance by early blocking or fastpathing traffic based on Layer 3/Layer 4 conditions?

Prefilter policy

Define the terms

Proximity - It defines how close the rule matches must occur in the message or attachment to qualify as valid. Minimum Total Score - This value is the minimum score that is required for the classifier to return a result. Weight - For each rule, you specify a weight to indicate the importance of the rule. Maximum Score - A rule's maximum score prevents many matches for a low-weight rule from skewing the final score of the scan.

Which parameter cannot be used to determine the identity of a transaction?

Proxy Port

What are three characteristics of RADIUS?

RADIUS uses UDP RADIUS encrypts passwords RADIUS uses one UDP port for authentication and one for accounting

Which three statements characterize user authentication in transparent proxy mode for web traffic? (Choose three.)

Redirect the client (status code 307) to the Cisco WSA, performing authentication, and then redirect the user back to the real website. Proxy authentication (status code 407) is used. Use client IP address or cookies to track authentication.

What is an advantage when deploying the Talos Intelligence Group security intelligence feed?

Regular updates to ensure that the system uses up-to-date information to filter your network traffic.

Which feature is not a component of a content filter?

SBRS

Which three classification criteria can be used in the sender groups? (Choose three.)

SBRS AMP Verdict Domain

On the Cisco ESA, which component can be configured with public and private listeners?

SMTP Groups

Which three technologies typically send traffic using cleartext?

SMTP, FTP, Telnet

Which NGFW feature supports inspection of SSL-based traffic

SSL/TLS traffic flow analysis

Which statement about a Cisco Secure Firewall ASA network object group is true?

Several network objects of different types can be included in a network object group.

Cisco Secure Firewall ASA interface access rules are the most commonly used access control mechanisms on the security appliance. Interface access rules permit or deny network applications to establish their sessions through the security appliance based on different information. On which three of these options is the access rules filtering based? (Choose three.)

Source & Destination IP Address Input or output interface Source or destination ports

Which file analysis option examines the structural characteristics such as metadata and header information in executable files?

Spero Analysis

Which three statements characterize the use of a PAC file? (Choose three.)

The PAC file provides failover and load balancing. The WPAD protocol provides automatic PAC file detection on the browser. The PAC file avoids configuration on the client side.

Which statement about Cisco Secure Firewall ASA Active/Standby failover is true?

The active ASA replicates all configuration changes to the standby ASA.

The SNORT rule header contains which four of the following fields? (Choose four.)

The rule's action The protocol The source and destination IP addresses and ports the direction indicators showing the flow of traffic from source to destination

What is a primary security benefit when using identity and access management for authorization posturing services?

The user will be provided different levels of access and service based on the device they are using when they enter their authentication credentials.

Which two are advantages of objects? (Choose two.)

They can be grouped They allow you to change object values used within an ACP without needing to redeploy the ACP to which the objects are associated

Which feature on Cisco Firepower Management Center is an example of leveraging shared threat intelligence information?

Threat Intelligence Director

Which file deposition indicates that the system queried Cisco AMP Cloud, but the file has not been assigned a disposition?

Unassigned

Which disposition will be returned by Cisco AMP cloud if definitive disposition for the file could not be determined?

Unknown