Topic 2: Exam Pool B
An organization is implementing URL blocking using Cisco Umbrella. The users are able to
go to some sites
but other sites are not accessible due to an error. Why is the error occurring?
A.
Client computers do not have the Cisco Umbrella Root CA certificate installed
B.
IP-Layer Enforcement is not configured
C.
Client computers do not have an SSL certificate deployed from an internal CA server
D.
Intelligent proxy and SSL decryption is disabled in the policy
Client computers do not have the Cisco Umbrella Root CA certificate installed
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?
A.
3DES
B.
RSA
C.
DES
D.
AES
RSA
Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory,
energy and bandwidth savings and is thus better suited forsmall devices.
An attacker needs to perform reconnaissance on a target system to help gain access to it.
The system has weak passwords, no encryption on the VPN links, and software bugs on
the system’s applications. Which
vulnerability allows the attacker to see the passwords being transmitted in clear text?
A.
weak passwords for authentication
B.
unencrypted links for traffic
C.
software bugs on applications
D.
improper file security
unencrypted links for traffic
Which PKI enrollment method allows the user to separate authentication and enrollment
actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A.
url
B.
terminal
C.
profile
D.
selfsigned
profile
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-keyinfrastructure-
pki/211333-IOSPKI-Deployment-Guide-Initial-Design.html
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
A.
Port
B.
Rule
C.
Source
D.
Protocol
E.
Application
Rule
Source
Which deployment model is the most secure when considering risks to cloud adoption?
A.
Public Cloud
B.
Hybrid Cloud
C.
Community Cloud
D.
Private Cloud
Private Cloud
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
A.
Cisco Security Intelligence
B.
Cisco Application Visibility and Control
C.
Cisco Model Driven Telemetry
D.
Cisco DNA Center
Cisco Application Visibility and Control
https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/avc/guide/avc-userguide/avc_tech_overview.html
Which statement about IOS zone-based firewalls is true?
A.
An unassigned interface can communicate with assigned interfaces
B.
Only one interface can be assigned to a zone.
C.
An interface can be assigned to multiple zones.
D.
An interface can be assigned only to one zone.
An interface can be assigned only to one zone.
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?
A.
health policy
B.
system policy
C.
correlation policy
D.
access control policy
E.
health awareness policy
health policy
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
A.
Configure the datasecurityconfig command
B.
Configure the advancedproxyconfig command with the HTTPS subcommand
C.
Configure a small log-entry size.
D.
Configure a maximum packet size.
Configure the advancedproxyconfig command with the HTTPS subcommand
| Page 21 out of 63 Pages |
| Previous |
Copyright © - All Rights Reserved