Chapter 7 - 11 | Final Review
B. Measured service D. Rapid elasticity
According to NIST, the essential characteristics of cloud computing include which of the following? A. Narrow network access B. Measured service C. Only remote services D. Rapid elasticity
All of these answers are correct.
Advanced custom detections offer many more signature types to the detection, including which of the following? File body-based signatures MD5 signatures Logical signatures All of these answers are correct.
D. Kanban
Agile uses the _____ process, a scheduling system for lean development and just-in-time manufacturing (JIT) originally developed by Taiichi Ohno from Toyota. A. DevTest B. Taiichi C. Ohno D. Kanban
All of these answers are correct.
AppDynamics provides cloud monitoring and supports which of the following platforms? Kubernetes Azure AWS Lambda All of these answers are correct.
All of these answers are correct.
Cisco AMP for Endpoints has connectors for which of the following operating systems? Windows macOS Android All of these answers are correct.
All of these answers are correct.
Cisco Cloud Email Security supports which of the following techniques to create the multiple layers of security needed to defend against? Geolocation-based filtering The Cisco Context Adaptive Scanning Engine (CASE) Advanced Malware Protection (AMP) All of these answers are correct.
Composite Risk Score (CRS)
Cisco Cloudlock provides a ___________ in order to assess the relative risk of cloud-connected apps and services according to business risk, usage risk, and vendor compliance. Composite Risk Score (CRS) Composite Risk Rating (CRR) Common Vulnerability Scoring System (CVSS) None of these answers is correct.
to define the encryption and integrity algorithms that are used to build the IPsec tunnel
Consider the following configuration on a Cisco ASA: crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac What is the purpose of this command? to define only the allowed encryption algorithms to define the ISAKMP parameters that are used to establish the tunnel to define what traffic is allowed through and protected by the tunnel to define the encryption and integrity algorithms that are used to build the IPsec tunnel
To flag or block suspicious network activity
Device flow correlation (DFC) can be used for which of the following scenarios? To correlate AMP for Endpoint logs with Cisco ISE logs To correlate AMP for Endpoint logs with Cisco FMC logs To correlate AMP for Endpoint logs with Tetration logs To flag or block suspicious network activity
EDR
Gartner defines _____ as the "tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints." A. EDR B. EPP C. EMP D. ETDR
Enter the name "outside" in the Interface Name text box.
How is an ASA interface configured as an outside interface when using ASDM? Enter the name "outside" in the Interface Name text box. Drag the interface to the port labeled "outside" in the ASA drawing. Select a check box from the Interface Type option that shows inside, outside, and DMZ. Select outside from the Interface Type drop-down menu.
It will be sent encrypted.
How will traffic that does not match that defined by access list 101 be treated by the router? It will be sent encrypted. It will be discarded. It will be sent unencrypted. It will be blocked.
The host initiates a clientless VPN connection using a compliant web browser to download the client.
If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image? The host initiates a clientless VPN connection using a compliant web browser to download the client. The host initiates a clientless connection to an FTP server to download the client. The host initiates a clientless connection to a TFTP server to download the client. The Cisco AnyConnect client is installed by default on most major operating systems.
PaaS (Platform as a Service)
In which of the following cloud models is the end customer responsible for maintaining and patching applications and making sure that data is protected, but not the virtual network or operating system? PaaS SaaS IaaS IaaS and PaaS
process tools
Individuals and interactions over _____ and _____ are two of Agile's main values. process tools rules goals
An SHA hash (checksum)
Like files, applications can be detected, blocked, and whitelisted with AMP for Endpoints. AMP for Endpoints does not look for the name of the application but which of the following elements? An SHA hash (checksum) An outbreak signature A custom signature A Spero signature
true
The ASA can be configured through ASDM as a DHCP server. true false
Processing network metadata from a SPAN or a network TAP Processing metadata out of NetFlow or IPFIX flow records
The Cisco Stealthwatch Cloud Sensor appliance can be deployed in which two different modes? Processing network metadata from a SPAN or a network TAP Processing metadata out of NetFlow or IPFIX flow records Processing data from Tetration PROCESSING data from Cloudlock Processing data from Umbrella
SHA
What HMAC algorithm is being used to provide data integrity? SHA MD5 DH AES
AES
What algorithm will be used for providing confidentiality? AES Diffie-Hellman RSA DES
A software development methodology designed to improve quality and for teams to adapt to the changing needs of the end customer
What is Extreme Programming (EP)? A software development methodology designed to improve quality and for teams to adapt to the changing needs of the end customer A DevSecOps concept to provide better SAST and DAST solutions in a DevOps environment A software development methodology designed to provide cloud providers with the ability to scale and deploy more applications per workload None of these answers is correct.
The VPN connection is initiated by the remote user
What is an important characteristic of remote-access VPNs? Internal hosts have no knowledge of the VPN. The VPN configuration is identical between the remote devices. Information required to establish the VPN must remain static. The VPN connection is initiated by the remote user
posture assessment
What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase? host-based ACL installation posture assessment quality of service security security optimization
access list
What is needed to define interesting traffic in the creation of an IPsec tunnel? access list security associations transform set hashing algorithm
It hides the complexity of security commands.
What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA? ASDM provides increased configuration security. It hides the complexity of security commands. It does not require any initial device configuration. It does not require a remote connection to a Cisco device.
allows peers to exchange shared keys
What is the function of the Diffie-Hellman algorithm within the IPsec framework? allows peers to exchange shared keys provides strong data encryption guarantees message integrity provides authentication
permits VPN to work when NAT is being used on one or both ends of the VPN
What is the purpose of NAT-T? upgrades NAT for IPv4 allows NAT to be used for IPv6 addresses enables NAT for PC-based VPN clients permits VPN to work when NAT is being used on one or both ends of the VPN
to assign IP addresses to clients when they connect
What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections? to identify which clients are allowed to connect to assign IP addresses to clients when they connect to identify which users are allowed to download the client image to assign addresses to the interfaces on the ASA
When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.
What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites? By applying the ACL on a public interface, multiple crypto ACLs can be built to prevent public users from connecting to the VPN-enabled router. Multiple crypto ACLs can be configured to deny specific network traffic from crossing a VPN. When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types. Multiple crypto ACLs can define multiple remote peers for connecting with a VPN-enabled router across the Internet or network.
to define interesting traffic
What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection? to identify the peer to permit only secure protocols to log denied traffic to define interesting traffic
web server access
What must be configured on an ASA before it can be accessed by ASDM? Telnet or SSH Ethernet 0/0 IP address web server access an Ethernet port other than 0/0
The user no longer has access to the VPN.
What occurs when a user logs out of the web portal on a clientless SSL VPN connection? The browser cache is cleared. Downloaded files are deleted. The user no longer has access to the VPN. The web portal times out
ESP AH ISAKMP
What three protocols must be permitted through the company firewall for establishment of IPsec site-to-site VPNs? (Choose three.) ESP NTP HTTPS AH ISAKMP SSH
IKE and ISAKMP
When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic? preshared key IKE and ISAKMP IKE ISAKMP
during both Phase 1 and 2
When is a security association (SA) created if an IPsec VPN tunnel is used to connect between two sites? only during Phase 1 only during Phase 2 during both Phase 1 and 2 after the tunnel is created, but before traffic is sent
the peer a valid access list
When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.) IP addresses on all active interfaces the peer the ISAKMP policy encryption a valid access list the hash
Device Setup
Which ASDM configuration option is used to configure the ASA enable secret password? Interfaces Monitoring Device Setup Device Management
master passphrase
Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA? device protection master passphrase security master super encryption
inside
Which ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices? DMZ inside outside local
File sandboxing
Which Cisco AMP feature allows you to analyze unknown files to understand true file behavior? A. File retrospection B. File sandboxing C. File scanning D. File reputation
Forged Email Detection (FED)
Which Cisco Email Security feature is used to detect spear phishing attacks by examining one or more parts of the SMTP message for manipulation, including the "Envelope-From," "Reply To," and "From" headers? Forged Email Detection (FED) Forged Email Protection (FEP) Sender Policy Framework (SPF) Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Management Access
Which Device Management menu item would be used to access the ASA command line from within Cisco ASDM? System Image/Configuration Management Access Advanced Licensing
System Time
Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server? Startup Wizard Interfaces Routing Device Name/Password System Time
clientless SSL
Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA? clientless SSL client-based SSL site-to-site using a preshared key site-to-site using an ACL
negotiation of IPsec policy
Which action do IPsec peers take during the IKE Phase 2 exchange? exchange of DH keys negotiation of IPsec policy verification of peer identity negotiation of IKE policy sets
both SSL and IPsec
Which item describes secure protocol support provided by Cisco AnyConnect? SSL only IPsec only both SSL and IPsec neither SSL nor IPsec
a dedicated Layer 3 management interface
Which minimum configuration is required on most ASAs before ASDM can be used? SSH Ethernet 0/0 a logical VLAN interface and an Ethernet port other than 0/0 a dedicated Layer 3 management interface
Outbreak Control
Which of the following AMP for Endpoints features allow you to create lists for Custom Detections, Application Control, Network, and Endpoint indicators of compromise (IOC)? Inbox feature Group Policies Outbreak Control None of these answers is correct.
AnyConnect
Which of the following clients allow you to aid the distribution of the AMP for Endpoints connector and can be used for remote access VPN, secure network access, and posture assessments with Cisco's Identity Services Engine? DUO AnyConnect Tetration Cisco SMA
Cisco Threat Response (CTR)
Which of the following is a "one-pane-of-glass" console that automates integrations across Cisco security products (including AMP for Endpoints) and threat intelligence sources? Cisco SMA Cisco Threat Response (CTR) Tetration Firepower Management Console
Investigate
Which of the following is a Cisco Umbrella component that provides organizations access to global intelligence that can be used to enrich security data and events or help with incident response? It also provides the most complete view of an attacker's infrastructure and enables security teams to discover malicious domains, IP addresses, and file hashes and even predict emergent threats. Investigate Internet Security Gateway Cloudlock CASB
Pod
Which of the following is a Kubernetes component that is a group of one or more containers with shared storage and networking, including a specification for how to run the containers? Pod k8s node kubectl kubeadm
Cloudlock
Which of the following is a cloud access security broker (CASB) solution provided by Cisco? Tetration Stealthwatch Cloud Cloudlock Umbrella
PaaS
Which of the following is a cloud computing model that provides everything except applications? Services provided by this model include all phases of the system development life cycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software. These solutions tend to be proprietary, which can cause problems if the customer moves away from the provider's platform. IaaS PaaS SaaS Hybrid clouds
Scrum
Which of the following is a framework that helps organizations work together because it encourages teams to learn through experiences, self-organize while working on a solution, and reflect on their wins and losses to continuously improve? DevSecOps Scrum Waterfall None of these answers is correct.
Exclusion set
Which of the following is a list of directories, file extensions, or even threat names that you do not want the AMP agent to scan and definitely not to convict as malware? Exclusion set Application blacklist TETRA blacklist None of these answers is correct.
Waterfall
Which of the following is a software and hardware development and project management methodology that has at least five to seven phases that follow in strict linear order, where each phase cannot start until the previous phase has been completed? Agile Waterfall DevOps CI/CD
Continuous Integration (CI)
Which of the following is a software development practice where programmers merge code changes in a central repository multiple times a day? Continuous Integration (CI) Agile Scrum Containers None of these answers is correct.
Fuzzing
Which of the following is a technique that can be used to find software errors (or bugs) and security vulnerabilities in applications, operating systems, infrastructure devices, IoT devices, and other computing devices? This technique involves sending random data to the unit being tested in order to find input validation issues, program failures, buffer overflows, and other flaws. Scanning DAST Fuzzing SAST
Spero
Which of the following is an AMP for Endpoints engine that uses machine learning to proactively identify threats that were previously unknown? This solution uses active heuristics to gather execution attributes, and because the underlying algorithms come up with generic models, they can identify malicious software based on its general appearance rather than basing identity on specific patterns or signatures. TETRA Ethos Spero All of these answers are correct.
Web content filtering and redirect
Which of the following is not a feature of the AMP solution? File reputation File sandboxing File retrospection Web content filtering and redirect
Build
Which of the following is the CI/CD pipeline stage that includes the compilation of programs written in languages such as Java, C/C++, and Go? Develop Build Deploy Package and Compile
Listeners
Which of the following is used by the Cisco ESA to handle incoming SMTP connection requests? These entities demarcate the email-processing service configured on a Cisco ESA interface. WCCP redirects MX records SMTP MSAs Listeners
All of these answers are correct.
Which of the following statements are true about the Cisco Email Security solution? The Sender Policy Framework (SPF) is used for sender authentication. DomainKeys Identified Mail (DKIM) is used for domain authentication. Domain-based Message Authentication, Reporting, and Conformance (DMARC) is used for domain authentication. All of these answers are correct.
design
Which of the following would be considered the first step of an Agile development cycle? design review develop deploy
R1(config)# crypto isakmp key cisco123 address 209.165.200.227 R2(config)# crypto isakmp key cisco123 address 209.165.200.226
Which pair of crypto isakmp key commands would correctly configure PSK on the two routers? R1(config)# crypto isakmp key cisco123 hostnameR1 R2(config)# crypto isakmp key cisco123 hostname R2 R1(config)# crypto isakmp key cisco123 address 209.165.200.227 R2(config)# crypto isakmp key cisco123 address 209.165.200.226 R1(config)# crypto isakmp key cisco123 address 209.165.200.226 R2(config)# crypto isakmp key cisco123 address 209.165.200.227 R1(config)# crypto isakmp key cisco123 address 209.165.200.226 R2(config)# crypto isakmp key secure address 209.165.200.227
IPsec
Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? AES ESP IPsec MD5
clientless SSL VPN
Which remote-access VPN connection allows the user to connect by using a web browser? clientless SSL VPN IPsec (IKEv2) VPN IPsec (IKEv1) VPN site-to-site VPN
IPsec (IKEv2) VPN
Which remote-access VPN connection allows the user to connect using Cisco AnyConnect? clientless SSL VPN IPsec (IKEv2) VPN IPsec (IKEv1) VPN site-to-site VPN
clientless SSL VPN
Which remote-access VPN connection needs a bookmark list? site-to-site VPN IPsec (IKEv1) VPN IPsec (IKEv2) VPN clientless SSL VPN
IPsec is a framework of open standards that relies on existing algorithms.
Which statement accurately describes a characteristic of IPsec? IPsec works at the application layer and protects all application data. IPsec works at the transport layer and protects data at the network layer. IPsec is a framework of open standards that relies on existing algorithms. IPsec is a framework of proprietary standards that depend on Cisco specific algorithms. IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
VPNs use virtual connections to create a private network through a public network.
Which statement describes a VPN? VPNs use dedicated physical connections to transfer data between remote users. VPNs use logical connections to create public networks through the Internet. VPNs use open source virtualization software to create the tunnel through the Internet. VPNs use virtual connections to create a private network through a public network.
The ASA 5505 can use either a AAA server or a local database.
Which statement describes available user authentication methods when using an ASA 5505 device? The ASA 5505 only uses a AAA server for authentication. The ASA 5505 only uses a local database for authentication. The ASA 5505 can use either a AAA server or a local database. The ASA 5505 must use both a AAA server and a local database.
The longer the key, the more key possibilities exist.
Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key? The length of a key will not vary between encryption algorithms. The length of a key does not affect the degree of security. The shorter the key, the harder it is to break. The longer the key, the more key possibilities exist.
The administrator can connect to and manage a single ASA.
Which statement describes the function provided to a network administrator who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application? The administrator can connect to and manage a single ASA. The administrator can connect to and manage multiple ASA devices. The administrator can connect to and manage multiple ASA devices and Cisco routers. The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.
ADM enables network admins to build tight network security policies based on various signals such as network flows, processes, and other side information like load balancer configs and route tags.
Which statement is not true about Cisco Tetration? Tetration uses software agents or can obtain telemetry information from Cisco's network infrastructure devices. You can use the Application Dependency Mapping (ADM) functionality to provide insight into the kind of complex applications that run in a data center, but not in the cloud. ADM enables network admins to build tight network security policies based on various signals such as network flows, processes, and other side information like load balancer configs and route tags. Tetration's Vulnerability Dashboard supports CVSS versions 2 and 3.
encryption
Which technique is necessary to ensure a private transfer of data using a VPN? authorization encryption scalability virtualization
hairpinning
Which term describes a situation where VPN traffic that is is received by an interface is routed back out that same interface? split tunneling hairpinning MPLS GRE
AH uses IP protocol 51. AH provides integrity and authentication. ESP provides encryption, authentication, and integrity.
Which three statements describe the IPsec protocol framework? (Choose three.) AH uses IP protocol 51. AH provides encryption and integrity. AH provides integrity and authentication. ESP uses UDP protocol 50. ESP requires both authentication and encryption. ESP provides encryption, authentication, and integrity.
crypto ipsec transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac
Which transform set provides the best protection? crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-aes esp-des esp-sha-hmac
MD5 SHA
Which two IPsec protocols are used to provide data integrity? MD5 SHA AES DH RSA
50 51 ESP uses protocol 50. AH uses protocol 51. ISAKMP uses UDP port 500.
Which two protocols must be allowed for an IPsec VPN tunnel is operate properly? (Choose two.) 50 51 168 169 500 501
IPsec works at the network layer and operates over all Layer 2 protocols. IPsec is a framework of open standards that relies on existing algorithms.
Which two statements accurately describe characteristics of IPsec? (Choose two.) IPsec works at the application layer and protects all application data. IPsec works at the transport layer and protects data at the network layer. IPsec works at the network layer and operates over all Layer 2 protocols. IPsec is a framework of proprietary standards that depend on Cisco specific algorithms. IPsec is a framework of standards developed by Cisco that relies on OSI algorithms. IPsec is a framework of open standards that relies on existing algorithms.
AES
Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA? 128-bit AES 3DES public/private key
SSL
Which type of security is required for initial access to the Cisco ASDM by using the local application option? AES biometric SSL WPA2 corporate
GETVPN
Which type of site-to-site VPN uses trusted group members to eliminate point-to-point IPsec tunnels between the members of a group? DMVPN GETVPN GRE MPLS
All of these answers are correct.
You are hired to deploy AMP for Endpoints, and one of the requirements is that you must use an exclusion set to resolve conflicts with other security products or mitigate performance issues by excluding directories that contain large files that are frequently written to, like databases. Which of the following is an exclusion type available in AMP for Endpoints that can help you accomplish this task? Threat-based exclusion Extension-based exclusion Wildcards All of these answers are correct.
TCP port 443 or TCP port 32137
You are hired to deploy AMP for Endpoints. In order to allow a connector to communicate with Cisco cloud servers for file and network disposition lookups, a firewall must allow the clients to connect to the Cisco servers over which of the following protocols and ports? TCP port 443 and TCP port 80 TCP port 443 or TCP port 32137 UDP port 32137 and TCP port 443 TCP port 443, UDP port 53, and UDP port 500
File trajectory
You are investigating a potential threat outbreak in your organization. Which of the following can be used to see what endpoints have seen a potential malware file? Outbreak groups Outbreak filters Device trajectory File trajectory
All of these answers are correct
You can design and build your own policies in Cisco Cloudlock by starting with which of the following categories? Custom Regex Event Analysis Salesforce Report Export Activity All of these answers are correct
device flow correlation (DFC)
You can use outbreak control IP lists in conjunction with _____ detections, which allows you to flag or even block suspicious network activity. device flow correlation (DFC) PAC files group policies AVC
Enabler
You can use the AMP _____ add-on to AnyConnect to aid in the distribution of the AMP connector to clients who use AnyConnect for remote access VPN, secure network access, posture assessments with Cisco's Identity Services Engine, and more. A. Activate B. Enabler C. Authorize D. Access
C. DevSecOps
_____ is a concept used in recent years to describe how to move security activities to the start of the development lifecycle and having built-in security practices in the CI/CD pipeline. A. DevSec B. DevNew C. DevSecOps D. DevOps
