Question #1
Which functions of an SDN architecture require southbound APIs to enable communication?
A. SDN controller and the network elements
B. management console and the SDN controller
C. management console and the cloud
D. SDN controller and the cloud
Correct Answer: A
Question 2
What is the difference between deceptive phishing and spear phishing?
A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
B. A spear phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.
Correct Answer: B
Question # 3
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)
A. Check integer, float, or Boolean string parameters to ensure accurate values.
B. Use prepared statements and parameterized queries.
C. Secure the connection between the web and the app tier.
D. Write SQL code instead of using object-relational mapping libraries.
E. Block SQL code execution in the web application database login.
Correct Answer: AB
Question # 4
What are two DDoS attack categories? (Choose two.)
A. protocol
B. source-based
C. database
D. sequential
E. volume-based
Correct Answer: AE
Question #5
How does DNS Tunneling exfiltrate data?
A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
B. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.
C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
D. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.
Correct Answer: A
Question # 6
Which two capabilities does TAXII support? (Choose two.)
A. exchange
B. pull messaging
C. binding
D. correlation
E. mitigating
Correct Answer: AB
Question # 7
Which two descriptions of AES encryption are true? (Choose two.)
A. AES is less secure than 3DES.
B. AES is more secure than 3DES.
C. AES can use a 168-bit key for encryption.
D. AES can use a 256-bit key for encryption.
E. AES encrypts and decrypts a key three times in sequence.
Correct Answer: BD
Question # 8
DRAG DROP – Drag and drop the descriptions from the left onto the correct protocol versions on the right. Select and Place:
Correct Answer:
Question # 9
What is a function of 3DES in reference to cryptography?
A. It encrypts traffic.
B. It creates one-time use passwords.
C. It hashes files.
D. It generates private keys.
Correct Answer: A
Question # 10
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?
A. sniffing the packets between the two hosts
B. sending continuous pings
C. overflowing the buffer’s memory
D. inserting malicious commands into the database
Correct Answer: D
Question #11
Which type of dashboard does Cisco DNA Center provide for complete control of the network?
A. distributed management
B. service management
C. application management
D. centralized management
Correct Answer: D
Question # 12
Refer to the exhibit. What will happen when the Python script is executed?
A. The hostname will be printed for the client in the client ID field.
B. The hostname will be translated to an IP address and printed.
C. The script will pull all computer hostnames and print them.
D. The script will translate the IP address to FQDN and print it.
Correct Answer: C
Question # 13
What is a difference between an XSS attack and an SQL injection attack?
A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attack can exist in many different types of applications.
B. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them.
C. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.
D. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.
Correct Answer: D
Question 14
Refer to the exhibit. An engineer is implementing a certificate based VPN. What is the result of the existing configuration?
A. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully.
B. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.
C. The OU of the IKEv2 peer certificate is set to MANGLER.
D. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.
Correct Answer: B
Question # 15
Which command enables 802.1X globally on a Cisco switch?
A. dot1x system-auth-control
B. dot1x pae authenticator
C. authentication port-control auto
D. aaa new-model
Correct Answer: A
Question #16
Refer to the exhibit. Which command was used to display this output?
A. show dot1x all
B. show dot1x
C. show dot1x all summary
D. show dot1x interface gi1/0/12
Correct Answer: A
Question # 17
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)
A. Define a NetFlow collector by using the flow-export command
B. Create a class map to match interesting traffic
C. Create an ACL to allow UDP traffic on port 9996
D. Enable NetFlow Version 9
E. Apply NetFlow Exporter to the outside interface in the inbound direction
Correct Answer: AB
Question # 18
What is a difference between FlexVPN and DMVPN?
A. DMVPN uses only IKEv1. FlexVPN uses only IKEv2
B. FlexVPN uses IKEv2. DMVPN uses IKEv1 or IKEv2
C. DMVPN uses IKEv1 or IKEv2. FlexVPN only uses IKEv1
D. FlexVPN uses IKEv1 or IKEv2. DMVPN uses only IKEv2
Correct Answer: B
Question 19
Refer to the exhibit. Which type of authentication is in use?
A. POP3 authentication
B. SMTP relay server authentication
C. external user and relay mail authentication
D. LDAP authentication for Microsoft Outlook
Correct Answer: D
Question # 20
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
A. group policy
B. access control policy
C. device management policy
D. platform settings policy
Correct Answer: D