Deck 23: Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)

A) OSPFv2 with IPv6 capabilities
B) virtual links
C) SHA authentication to OSPF packets
D) area boundary router type 1 LSA filtering
E) MD5 authentication to OSPF packets

A) multi-instance
B) multiple deployment
C) single deployment
D) single-context

A) Redundant Interface
B) EtherChannel
C) Speed
D) Media Type
E) Duplex

A) transparent inline mode
B) TAP mode
C) strict TCP enforcement
D) propagate link state

A) drop packet
B) generate events
C) drop connection
D) drop and generate

A) inline set
B) passive
C) transparent
D) inline tap

A) by creating a URL object in the policy to block the website.
B) Cisco Talos will automatically update the policies.
C) by denying outbound web access
D) by isolating the endpoint

A) Modify the network discovery policy to detect new hosts to inspect.
B) Modify the access control policy to redirect interesting traffic to the engine.
C) Modify the intrusion policy to determine the minimum severity of an event to inspect.
D) Modify the network analysis policy to process the packets for inspection.

A) Inline tap mode can send a copy of the traffic to another device.
B) Inline tap mode does full packet capture.
C) Inline mode cannot do SSL decryption.
D) Inline mode can drop malicious traffic.

A) Configure a second circuit to an ISP for added redundancy.
B) Keep a copy of the current configuration to use as backup.
C) Configure the Cisco FMCs for failover.
D) Configure the Cisco FMC managed devices for clustering.

A) The output format option for the packet logs is unavailable.
B) Only the UDP packet type is supported.
C) The destination MAC address is optional if a VLAN ID value is entered.
D) The VLAN ID and destination MAC address are optional.

A) EIGRP
B) OSPF
C) static routing
D) IS-IS
E) BGP

A) STP
B) HSRP
C) GLBP
D) VRRP

A) subinterface
B) switch virtual
C) bridge virtual
D) bridge group member

A) by assigning an inline set interface
B) by using a BVI and creating a BVI IP address in the same subnet as the user segment
C) by leveraging the ARP to direct traffic through the firewall
D) by bypassing protocol inspection by leveraging pre-filter rules

A) Change the intrusion policy from security to balance.
B) Configure a trust policy for the CEO.
C) Configure firewall bypass.
D) Create a NAT policy just for the CEO.

A) Create a custom search in Cisco FMC and select it in each section of the report.
B) Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.
C) Add a Table View section to the report with the Search field defined as the network in CIDR format.
D) Select IP Address as the X-Axis in each section of the report.

A) a default DMZ policy for which only a user can change the IP addresses.
B) deny ip any
C) no policy rule is included
D) permit ip any

A) Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.
B) Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.
C) Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.
D) Deploy multiple Cisco FTD HA pairs to increase performance.

A) rate-limiting
B) suspending
C) correlation
D) thresholding

A) box lever chart
B) arrow chart
C) bar chart
D) benchmark chart

A) configure manager local 10.0.0.10 Cisco123
B) configure manager add Cisco123 10.0.0.10
C) configure manager local Cisco123 10.0.0.10
D) configure manager add 10.0.0.10 Cisco123

A) Intrusion Events
B) Correlation Information
C) Appliance Status
D) Current Sessions
E) Network Compliance

A) Delete the existing object in use.
B) Refresh the Cisco FMC GUI for the access control policy.
C) Redeploy the updated configuration.
D) Create another rule using a different object name.

A) malware analysis
B) dynamic analysis
C) sandbox analysis
D) Spero analysis

A) system generate-troubleshoot
B) show configuration session
C) show managers
D) show running-config | include manager

A) Add the social network URLs to the block list.
B) Change the intrusion policy to connectivity over security.
C) Modify the selected application within the rule.
D) Modify the rule action from trust to allow.

A) BGPv6
B) ECMP with up to three equal cost paths across multiple interfaces
C) ECMP with up to three equal cost paths across a single interface
D) BGPv4 in transparent firewall mode
E) BGPv4 with nonstop forwarding

A) Spero analysis
B) capacity handling
C) local malware analysis
D) dynamic analysis

A) utilizing a dynamic ACP that updates from Cisco Talos
B) creating a unique ACP per device
C) utilizing policy inheritance
D) creating an ACP with an INSIDE_NET network object and object overrides

A) Exclude load balancers and NAT devices.
B) Leave default networks.
C) Increase the number of entries on the NAT device.
D) Change the method to TCP/SYN.

A) Traffic inspection is interrupted temporarily when configuration changes are deployed.
B) The system performs intrusion inspection followed by file inspection.
C) They block traffic based on Security Intelligence data.
D) File policies use an associated variable set to perform intrusion prevention.
E) The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.

A) It prompts the need for a corporate managed certificate.
B) It will fail if certificate pinning is not enforced.
C) It has minimal performance impact.
D) It is not subject to any Privacy regulations.

A) Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses.
B) Create a flexconfig policy to use WCCP for application aware bandwidth limiting.
C) Create a QoS policy rate-limiting high bandwidth applications.
D) Create a VPN policy so that direct tunnels are established to the business applications.

A) Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.
B) The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.
C) Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.
D) The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.

A) Prefilter
B) Intrusion
C) Access Control
D) Identity

A) dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.
B) reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists
C) network-based objects that represent IP addresses and networks, port/protocol pairs, VLAN tags, security zones, and origin/destination country
D) network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country
E) reputation-based objects, such as URL categories

A) FlexConfig
B) BDI
C) SGT
D) IRB

A) /etc/sf/DCMIB.ALERT
B) /sf/etc/DCEALERT.MIB
C) /etc/sf/DCEALERT.MIB
D) system/etc/DCEALERT.MIB

A) User login and history data are removed from the database if the User Activity check box is selected.
B) Data is recovered from the device.
C) The appropriate process is restarted.
D) The specified data is removed from Cisco FMC and kept for two weeks.

A) configure high-availability resume
B) configure high-availability disable
C) system support network-options
D) configure high-availability suspend

A) show running-config
B) show tech-support chassis
C) system support diagnostic-cli
D) sudo sf_troubleshoot.pl

A) by performing a packet capture on the firewall
B) by attempting to access it from a different workstation
C) by running Wireshark on the administrator's PC
D) by running a packet tracer on the firewall

A) The administrator manually updates the policies.
B) The administrator requests a Remediation Recommendation Report from Cisco Firepower.
C) Cisco Firepower gives recommendations to update the policies.
D) Cisco Firepower automatically updates the policies.

A) Use the Packet Export feature to save data onto external drives.
B) Use the Packet Capture feature to collect real-time network traffic.
C) Use the Packet Tracer feature for traffic policy analysis.
D) Use the Packet Analysis feature for capturing network data.

A) A "troubleshoot" file for the device in question.
B) A "show tech" file for the device in question.
C) A "troubleshoot" file for the Cisco FMC.
D) A "show tech" for the Cisco FMC.

A) when capture packets are less than 16 MB
B) when capture packets are restricted from the secondary memory
C) when capture packets exceed 10 GB
D) when capture packets exceed 32 MB

A) Current Sessions
B) Correlation Events
C) Current Status
D) Custom Analysis

A) Layer 7 network ID
B) source IP
C) application ID
D) dynamic firewall importing
E) protocol

A) 1024
B) 8192
C) 4096
D) 2048

A) system support view-files
B) sudo sf_troubleshoot.pl
C) system generate-troubleshoot all
D) show tech-support

A) outbound port TCP/443
B) inbound port TCP/80
C) outbound port TCP/8080
D) inbound port TCP/443
E) outbound port TCP/80

A) privileged
B) user
C) configuration
D) admin

A) Child domains are able to view but not edit dashboards that originate from an ancestor domain.
B) Child domains have access to only a limited set of widgets from ancestor domains.
C) Only the administrator of the top ancestor domain is able to view dashboards.
D) Child domains are not able to view dashboards that originate from an ancestor domain.

A) An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the policies after registration is completed.
B) Before re-adding the device in Cisco FMC, the manager must be added back.
C) Once a device has been deleted, it must be reconfigured before it is re-added to the Cisco FMC.
D) The Cisco FMC web interface prompts users to re-apply access control policies.
E) There is no option to re-apply NAT and VPN policies during registration available, so users need to re-apply the policies after registration is completed.

A) reports
B) context explorer
C) dashboards
D) event viewer

A) Cisco Deep Analytics
B) OpenDNS Group
C) Cisco Network Response
D) Cisco Talos

A) Use SSL decryption to analyze the packets.
B) Use Cisco Tetration to track SSL connections to servers.
C) Use encrypted traffic analytics to detect attacks.
D) Use Cisco AMP for Endpoints to block all SSL connection.

A) Update the IP addresses from IPv4 to IPv6 without deleting from Cisco FMC.
B) Format and reregister the device to Cisco FMC.
C) Cisco FMC does not support devices that use IPv4 IP addresses.
D) Delete and reregister the device to Cisco FMC.

A) Malware Cloud Lookup
B) Reset Connection
C) Detect Files
D) Local Malware Analysis

A) same flash memory size
B) same NTP configuration
C) same DHCP/PPoE configuration
D) same host name
E) same number of interfaces

A) intrusion and file events
B) Cisco AMP for Networks
C) file policies
D) Cisco AMP for Endpoints

A) Deploy the firewall in transparent mode with access control policies
B) Deploy the firewall in routed mode with access control policies
C) Deploy the firewall in routed mode with NAT configured
D) Deploy the firewall in transparent mode with NAT configured

A) Windows domain controller
B) audit
C) triage
D) protection

A) Use passive IDS ports for both departments.
B) Use a dedicated IPS inline set for each department to maintain traffic separation.
C) Use 802.1Q inline set Trunk interfaces with VLANs to maintain logical traffic separation.
D) Use one pair of inline set in TAP mode for both departments.

A) inline set
B) passive
C) routed
D) inline tap

A) Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50.
B) Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50.
C) Create an access control policy rule to allow port 443 to only 172.1.1.50.
D) Create an access control policy rule to allow port 80 to only 172.1.1.50.

A) passive
B) routed
C) transparent
D) inline set

A) inline interfaces, security zones, MTU, and mode
B) passive interface, MTU, and mode
C) inline interfaces, MTU, and mode
D) passive interface, security zone, MTU, and mode

A) Add the malicious file to the block list.
B) Send a snapshot to Cisco for technical support.
C) Forward the result of the investigation to an external threat-analysis engine.
D) Wait for Cisco Threat Response to automatically block the malware.

A) Change the IP addresses of the servers, while remaining on the same subnet.
B) Deploy a firewall in routed mode between the clients and servers.
C) Change the IP addresses of the clients, while remaining on the same subnet.
D) Deploy a firewall in transparent mode between the clients and servers.

A) Create a service identifier to enable the NetFlow service.
B) Add the NetFlow_Send_Destination object to the configuration.
C) Create a Security Intelligence object to send the data to Cisco Stealthwatch.
D) Add the NetFlow_Add_Destination object to the configuration.

A) minor upgrade
B) local import of intrusion rules
C) Cisco Geolocation Database
D) local import of major upgrade

A) dynamic null route configured
B) DHCP pool disablement
C) quarantine
D) port shutdown
E) host shutdown

A) The code versions running on the Cisco FMC devices are different.
B) The licensing purchased does not include high availability.
C) The primary FMC currently has devices connected to it.
D) There is only 10 Mbps of bandwidth between the two devices.

A) pxGrid
B) FTD RTC
C) FMC RTC
D) ISEGrid

A) For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
B) Integrated Routing and Bridging is supported on the master unit.
C) Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
D) All Firepower appliances support Cisco FTD clustering.

A) apex
B) plus
C) base
D) mobility

A) In routed firewall mode, routing between bridge groups is supported.
B) Routing between bridge groups is achieved only with a router-on-a-stick configuration on a connected router.
C) In routed firewall mode, routing between bridge groups must pass through a routed interface.
D) In transparent firewall mode, routing between bridge groups is supported.