Deck 41: Implementing Cisco Collaboration Core Technologies (CLCOR)

A) exchange
B) pull messaging
C) binding
D) correlation
E) mitigating

A) create an SNMP pull mechanism for managing AMP
B) gather network telemetry information from AMP for endpoints
C) get the process and PID information from the computers in the network
D) gather the network interface information about the computers AMP sees

A) An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
B) An attacker opens a reverse DNS shell to get into the client's system and install malware on it.
C) An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
D) An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

A) smurf
B) distributed denial of service
C) cross-site scripting
D) rootkit exploit

A) phishing
B) brute force
C) man-in-the-middle
D) DDOS
E) tear drop

A) It utilizes sensors that send messages securely.
B) It uses machine learning and real-time behavior analytics.
C) It validates the sender by using DKIM.
D) It determines which identities are perceived by the sender.

A) registry
B) buffer mode
C) user mode
D) bootloader
E) virtual

A) The attack is fragmented into groups of 16 octets before transmission.
B) The attack is fragmented into groups of 8 octets before transmission.
C) Short synchronized bursts of traffic are used to disrupt TCP connections.
D) Malformed packets are used to crash systems.
E) Publicly accessible DNS servers are typically used to execute the attack.

A) Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B) The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
C) The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D) Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
E) The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.

A) TCP flood
B) DDOS
C) DOS
D) virus

A) SDN controller and the cloud
B) management console and the SDN controller
C) management console and the cloud
D) SDN controller and the management solution

A) SYN flood
B) slowloris
C) phishing
D) pharming

A) ping of death
B) HTTP flood
C) NTP amplification
D) virus

A) put
B) options
C) get
D) push
E) connect

A) application adapters
B) domain integration
C) intent-based APIs
D) automation adapters

A) unencrypted links for traffic
B) weak passwords for authentication
C) improper file security
D) software bugs on applications

A) man-in-the-middle
B) LDAP injection
C) insecure API
D) cross-site scripting

A) SDN controller and the network elements
B) management console and the SDN controller
C) management console and the cloud
D) SDN controller and the cloud

A) trojan
B) MITM
C) phishing
D) malware

A) sniffing the packets between the two hosts
B) sending continuous pings
C) overflowing the buffer's memory
D) inserting malicious commands into the database

A) AES-GCM
B) SHA-96
C) AES-256
D) SHA-384

A) dot1x system-auth-control
B) dot1x pae authenticator
C) authentication port-control auto
D) aaa new-model

A) security intelligence
B) impact flags
C) health monitoring
D) URL filtering

A) DTLSv1
B) TLSv1
C) TLSv1.1
D) TLSv1.2

A) snmp-server host inside 10.255.254.1 snmpv3 andy
B) snmp-server host inside 10.255.254.1 version 3 myv3
C) snmp-server host inside 10.255.254.1 snmpv3 myv3
D) snmp-server host inside 10.255.254.1 version 3 andy

A) A new authentication rule was added to the policy on the Policy Service node.
B) An endpoint is deleted on the Identity Service Engine server.
C) A new Identity Source Sequence is created and referenced in the authentication policy.
D) An endpoint is profiled for the first time.
E) A new Identity Service Engine server is added to the deployment with the Administration persona.

A) STIX
B) XMPP
C) pxGrid
D) SMTP

A) DMVPN
B) FlexVPN
C) IPsec DVTI
D) GET VPN

A) Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
B) Traffic storm control cannot determine if the packet is unicast or broadcast.
C) Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
D) Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

A) It encrypts traffic.
B) It creates one-time use passwords.
C) It hashes files.
D) It generates private keys.

A) Define a NetFlow collector by using the flow-export command
B) Create a class map to match interesting traffic
C) Create an ACL to allow UDP traffic on port 9996
D) Enable NetFlow Version 9
E) Apply NetFlow Exporter to the outside interface in the inbound direction

A) authentication server: Cisco Identity Service Engine
B) supplicant: Cisco AnyConnect ISE Posture module
C) authenticator: Cisco Catalyst switch
D) authenticator: Cisco Identity Services Engine
E) authentication server: Cisco Prime Infrastructure

A) southbound API
B) westbound API
C) eastbound API
D) northbound API

A) Talos
B) PSIRT
C) SCIRT
D) DEVNET

A) An unassigned interface can communicate with assigned interfaces
B) Only one interface can be assigned to a zone.
C) An interface can be assigned to multiple zones.
D) An interface can be assigned only to one zone.

A) show dot1x all
B) show dot1x
C) show dot1x all summary
D) show dot1x interface gi1/0/12

A) DHCP
B) design
C) accounting
D) DNS
E) provision

A) show authentication registrations
B) show authentication method
C) show dot1x all
D) show authentication sessions

A) accounting
B) assurance
C) automation
D) authentication
E) encryption

A) username and password
B) encryption method
C) device serial number
D) registration key

A) routed mode
B) multiple zone mode
C) multiple context mode
D) transparent mode

A) Site-to-site VPN preshared keys are mismatched.
B) Site-to-site VPN peers are using different encryption algorithms.
C) No split-tunnel policy is defined on the Firepower Threat Defense appliance.
D) The access control policy is not allowing VPN traffic in.

A) Storm Control
B) embedded event monitoring
C) access control lists
D) Bridge Protocol Data Unit guard

A) DNS tunneling
B) DNSCrypt
C) DNS security
D) DNSSEC

A) Generate the RSA key using the crypto key generate rsa command. Generate the RSA key using the crypto key generate rsa command.
B) Configure the port using the ip ssh port 22 command. Configure the port using the ip ssh port 22
C) Enable the SSH server using the ip ssh server command. Enable the SSH server using the ip ssh server
D) Disable telnet using the no ip telnet command. Disable telnet using the no ip telnet

A) quality of service
B) time synchronization
C) network address translations
D) intrusion policy

A) sFlow
B) NetFlow
C) mirror port
D) VPC flow logs

A) Cisco Umbrella
B) External Threat Feeds
C) Cisco Threat Grid
D) Cisco Stealthwatch

A) Change the password on host A to the default password
B) Enter the command with a different password on host B
C) Enter the same command on host B
D) Change isakmp to ikev2 in the command on host A Change isakmp to ikev2 in the command on host A

A) interesting traffic was not applied
B) encryption algorithm mismatch
C) authentication key mismatch
D) hashing algorithm mismatch

A) Cisco Firepower provides identity based access control while Cisco ASA does not.
B) Cisco AS provides access control while Cisco Firepower does not.
C) Cisco ASA provides SSL inspection while Cisco Firepower does not.
D) Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

A) permit
B) allow
C) reset
D) trust
E) monitor

A) Certificate Trust List
B) Endpoint Trust List
C) Enterprise Proxy Service
D) Secured Collaboration Proxy

A) SIP
B) inline normalization
C) SSL
D) packet decoder
E) modbus

A) It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.
B) It discovers and controls cloud apps that are connected to a company's corporate environment.
C) It deletes any application that does not belong in the network.
D) It sends the application information to an administrator to act on.

A) Multiple NetFlow collectors are supported.
B) Advanced NetFlow v9 templates and legacy v5 formatting are supported.
C) Secure NetFlow connectors are optimized for Cisco Prime Infrastructure
D) Flow-create events are delayed.

A) Threat Intelligence Director
B) Encrypted Traffic Analytics.
C) Cognitive Threat Analytics.
D) Cisco Talos Intelligence

A) It has an IP address on its BVI interface and is used for management traffic.
B) It allows ARP traffic with a single access rule.
C) It includes multiple interfaces and access rules between interfaces are customizable.
D) It is a Layer 3 segment and includes one port and customizable access rules.

A) Cisco SDA
B) Cisco Firepower
C) Cisco HyperFlex
D) Cisco Cloudlock

A) multiple context mode
B) user deployment of Layer 3 networks
C) IPv6
D) clustering

A) Service Provider managed
B) User managed
C) Public managed
D) Hybrid managed
E) Enterprise managed

A) NX-OS API
B) IOS XR API
C) OpenVuln API
D) AsyncOS API

A) hypervisor
B) virtual machine
C) network
D) application

A) Configure the Cisco ESA to reset the TCP connection.
B) Configure policies to stop and reject communication.
C) Configure the Cisco ESA to drop the malicious emails.
D) Configure policies to quarantine malicious emails.

A) AMP
B) AnyConnect
C) DynDNS
D) Talos

A) data loss prevention
B) controls malicious cloud apps
C) detects anomalies
D) user and entity behavior analytics

A) by using the Application Programming Interface to fetch the logs
B) by sending logs via syslog to an on-premises or cloud-based syslog server
C) by the system administrator downloading the logs from the Cisco Umbrella web portal
D) by being configured to send logs to a self-managed AWS S3 bucket

A) Enable IP Layer enforcement.
B) Activate the Advanced Malware Protection license
C) Activate SSL decryption.
D) Enable Intelligent Proxy.

A) middleware
B) applications
C) virtualization
D) operating systems
E) data

A) IaaS
B) UCaaS
C) PaaS
D) SaaS

A) Application Control
B) Security Category Blocking
C) Content Category Blocking
D) File Analysis

A) File Analysis
B) SafeSearch
C) SSL Decryption
D) Destination Lists

A) DDoS
B) antispam
C) antivirus
D) encryption
E) DLP

A) IP Blacklist Center
B) File Reputation Center
C) AMP Reputation Center
D) IP and Domain Reputation Center

A) Ensure that the client computers are pointing to the on-premises DNS servers.
B) Enable the Intelligent Proxy to validate that traffic is being routed correctly.
C) Add the public IP address that the client computers are behind to a Core Identity.
D) Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

A) security scanning and theoretical vulnerabilities
B) development security
C) isolated security team
D) mandated security controls and check lists

A) Client computers do not have an SSL certificate deployed from an internal CA server.
B) Client computers do not have the Cisco Umbrella Root CA certificate installed.
C) IP-Layer Enforcement is not configured.
D) Intelligent proxy and SSL decryption is disabled in the policy.

A) PaaS
B) XaaS
C) IaaS
D) SaaS

A) application settings
B) content categories
C) security settings
D) destination lists