Which action should you take when Cisco Threat Response notifies you that AMP has
identified a file as malware?

A.

Add the malicious file to the block list

B.

Send a snapshot to Cisco for technical support

C.

Forward the result of the investigation to an external threat-analysis engine

D.

Wait for Cisco Threat Response to automatically block the malware

Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat
Containment?

A.

pxGrid

B.

FTD RTC

C.

FMC RTC

D.

ISEGrid

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

A.

VPN connections can be re-established only if the failed master unit recovers.

B.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

C.

VPN connections must be re-established when a new master unit is elected.

D.

Only established VPN connections are maintained when a new master unit is elected. 

Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring
endpoint actively?

A.

Windows domain controller

B.

audit

C.

triage

D.

protection

In which two ways do access control policies operate on a Cisco Firepower system?
(Choose two.)

A.

Traffic inspection can be interrupted temporarily when configuration changes are
deployed.



 

B.

The system performs intrusion inspection followed by file inspection.

C.

They can block traffic based on Security Intelligence data.

D.

File policies use an associated variable set to perform intrusion prevention.

E.

The system performs a preliminary inspection on trusted traffic to validate that it
matches the trusted parameters.

Which two actions can be used in an access control policy rule? (Choose two.)

A.

Block with Reset

B.

Monitor

C.

Analyze

D.

Discover

E.

Block ALL 

An engineer has been tasked with using Cisco FMC to determine if files being sent through
the network are malware. Which two configuration takes must be performed to achieve this
file lookup? (Choose two.)

A.

The Cisco FMC needs to include a SSL decryption policy.

B.

The Cisco FMC needs to connect to the Cisco AMP for Endpoints service

C.

The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for
sandboxing.

D.

The Cisco FMC needs to connect with the FireAMP Cloud

E.

The Cisco FMC needs to include a file inspection policy for malware lookup.

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is
noticed that excessive and misleading events filing the database and overloading the Cisco
FMC. A monitored NAT device is executing multiple updates of its operating system in a
short period of time. What configuration change must be made to alleviate this issue? 

A.

Leave default networks.

B.

Change the method to TCP/SYN.
 

C.

Increase the number of entries on the NAT device.

D.

Exclude load balancers and NAT devices.

Refer to the exhibit.

What must be done to fix access to this website while preventing the same communication
to all other websites?

A.

Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1 50.

B.

Create an access control policy rule to allow port 80 to only 172.1.1 50

C.

Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50

D.

Create an access control policy rule to allow port 443 to only 172.1.1 50

An organization has a compliancy requirement to protect servers from clients, however, the
clients and servers all reside on the same Layer 3 network Without readdressing IP
subnets for clients or servers, how is segmentation achieved?

A.

Deploy a firewall in transparent mode between the clients and servers

B.

Change the IP addresses of the clients, while remaining on the same subnet.

C.

Deploy a firewall in routed mode between the clients and servers

D.

Change the IP addresses of the servers, while remaining on the same subnet