NEW QUESTION 1
Which description of a Dockers file is true?

• A. repository for Docker images
• B. software used to manage containers
• C. message daemon files
• D. text document used to build an image

Answer: D

NEW QUESTION 2
Which location for the PAC file on Cisco IronPort WSA in the default?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: A

NEW QUESTION 3
Drag LDAP queries used by ESA to query LDAP server on the left to its functionality on the right.

Answer:

Explanation: 1-5, 2-1, 3-4, 4-2, 5-3

NEW QUESTION 4
What is the purpose of the BGP TTL security check?

• A. to check for a TTL value in packet header of less than or equal to for successful peering
• B. to protect against routing table corruption
• C. to use for iBGP session
• D. to protect against CPU utilization-based attacks
• E. to authenticate a peer

Answer: D

NEW QUESTION 5
Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three)

• A. sysopt connection tcomss.
• B. nve-only
• C. default-mcast-group
• D. inspect vxlan
• E. set ip next-hop verity-availability
• F. segment-id

Answer: BCF

NEW QUESTION 6
What are two types of attacks against wireless networks that be prevented by a WLC? (Choose two)

• A. DHCP rouge server attacks
• B. Layer 3 flooding attacks
• C. Inverse ARP attacks on specific ports
• D. IP spoofing attacks
• E. ARP sniffing attacks on specific ports

Answer: AD

NEW QUESTION 7
In FMC the correlation rule could be based on which two elements? (Choose two.)

• A. Authorization rule
• B. Intrusion event
• C. CoA (Change of Authorization)
• D. Traffic profile variation
• E. NDAC (Network Device Admission Control)
• F. SGT (Security Group Tag) mapping
• G. Database type
• H. Authentication condition

Answer: BD

NEW QUESTION 8
A new computer is not getting its IPv6 address assigned by the router. While running WireShark to try to troubleshoot the problem, you find a lot of date that is not helpful to nail down the problem. What two filters
would you apply to WireShark to filter the data that you are looking for?(Choose two)

• A. icmpv6.type == 135
• B. icmpv6type == 136
• C. icmpv6.type == 136
• D. icmpv5type == 135
• E. icmpv6type == 135

Answer: AC

NEW QUESTION 9
Which three loT attack areas as defined by Client.?

• A. Ecosystem access control
• B. Local device vector injection
• C. Remote data storage tempering
• D. Local data storage
• E. Middleware exploitation
• F. Device physical interfaces
• G. Vendor frontend API enumeration

Answer: ADF

NEW QUESTION 10
For your enterprise ISE deployment, you are looking to use certificate-based authentication for all your Windows machines. You have already gone through the exercise of pushing the machine and user certificates out to all the machines using GPO. Since certificate based authentication, by default, doesn't check the certificate against Active Directory or requires credentials from the user, this essentially means that no groups are returned as a part of the authentication request. What are the possible ways to authorize the user based on Active Directory group membership?

• A. Configure the Windows supplicant to use saved credentials as well as certificate-based authentication
• B. Enable Change of Authorization on the deployment to perform double authentication
• C. Use EAP authorization to retrieve group information from Active Directory
• D. The certificate should be configured with the appropriate attributes which contain appropriate group information, which can be used in Authorization policies
• E. Use ISE as the Certificate Authority, which will then allow automatic group retrieval from Active Directoryto perform the required authorization
• F. Configure Network Access Device (NAD) to bypass certificate-based authentication and push configured user credentials as a proxy to ISE

Answer: F

NEW QUESTION 11
Which statement correctly describes 3DES encryption algorithm?

• A. It uses a set of three keys for encryption and a different set of three keys for decryption.
• B. It is a block Cipher algorithm but weaker than DES due to smaller key size.
• C. It is an asymmetric algorithm with a key size of 168 bits.
• D. It does decryption in reverse order with the same set of keys used during encryption.
• E. It is a block cipher algorithm with a key size of 56 bits.
• F. It is a stream cipher algorithm with a key size of 168 bits.

Answer: D

NEW QUESTION 12
Which two statements about Cisco URL Filtering on Cisco IOS Software are true? (Choose two)

• A. It supports Websense and N2H2 filtering at the same time,
• B. It supports local URL lists and third-party URL filtering servers.
• C. By default, it uses ports 80 and 22.
• D. It supports HTTP and HTTPS traffic.
• E. BY default, it allows all URLs when the connection to the filtering server is down.
• F. It requires minimal CPU time.

Answer: BF

NEW QUESTION 13
Refer to the exhibit.

Which meaning of this error message on a Cisco ASA is true?

• A. The route map redistribution is configured incorrectly.
• B. The default route is undefined.
• C. packed was denied and dropped by an ACL.
• D. The host is connected directly to the firewall.

Answer: B

NEW QUESTION 14
In a Cisco ASA multiple-context mode of operation configuration, what three session types are resourcelimited
by default when their context is a member of the default class? (Choose three.)

• A. SSL VPN sessions
• B. Telnet sessions
• C. TCP session
• D. IPSec sessions
• E. ASDM sessions
• F. SSH sessions

Answer: BDF

NEW QUESTION 15
Which statement about the TLS security protocol is true?

• A. TLS version 1.0 is less secure then SSL version 3.0
• B. The TLS and SSL versions can interoperate in the client-server handshake
• C. It is always recommended to disable TLS version 1.0 in the browser so that it only supports SSL for better security
• D. You need to replace SSL certificate with TLS certificate for successful TLS operation
• E. There are differences between TLS and SSL version 2 and 3
• F. It only supports data authentication for the client-server session using a browser

Answer: E

NEW QUESTION 16
Which option happens for traffic analysis Is an inline, intrusion prevention and AMP for Firepower deployment?

• A. Intrusion policy
• B. Security intelligence
• C. Access control rule
• D. Network discovery policy
• E. Network analysis policy
• F. File policy
• G. SSL policy

Answer: C

NEW QUESTION 17
Which of the following is one of the requirements for the FTD high availability setup?

• A. Units should not have any uncommitted changes of FMC and should be fully deployed
• B. Units should have DHCP configured for the interfaces
• C. Units should be configured in transparent mode
• D. Units should not synchronize using the same NTP source
• E. Units should be configured in routed mode
• F. Units should be in different domains in FMC
• G. Units should have the same major software version running on them, minor and maintenance version could be different

Answer: A

NEW QUESTION 18
Drag and drop the Fire AMP Connector Policy types from the left on to the correct functions on the right.

Answer:

Explanation: 1-3, 2-1, 3-4, 4-2, 5-5