- Email support@dumps4free.com
Topic 2: Exam Pool B
A Cisco ESA network administrator has been tasked to use a newly installed service to
help create policy based on the reputation verdict. During testing, it is discovered that the
Cisco ESA is not dropping files that have an undetermined verdict. What is causing this
issue?
A.
The policy was created to send a message to quarantine instead of drop
B.
The file has a reputation score that is above the threshold
C.
The file has a reputation score that is below the threshold
D.
The policy was created to disable file analysis
The policy was created to disable file analysis
Maybe the “newly installed service” in this Qmentions about
Advanced Malware Protection (AMP) which can be used along with ESA. AMP allows
superior protection across the attack continuum.+ File Reputation – captures a fingerprint
of each file as it traverses the ESA and sends it to AMP’s cloudbased intelligence network
for a reputation verdict. Given these results, you can automatically block malicious files and
apply administrator-defined policy.+ File Analysis – provides the ability to analyze
unknown files that are traversing the ESA. A highly secure sandbox environment enables
AMP to glean precise details about the file’s behavior and to combine that data with
detailed human and machine analysis to determine the file’s threat level. This disposition is
then fed into AMP cloud-based intelligence network and used to dynamically update and
expand the AMP cloud data set for enhanced protection
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
A.
DNS tunneling
B.
DNSCrypt
C.
DNS security
D.
DNSSEC
DNS tunneling
DNS Tunneling is a method of cyber attack that encodes the
data of other programs or protocols in DNSqueries and responses. DNS tunneling often
includes data payloads that can be added to an attacked DNSserver and used to control a
remote server and applications.
A network administrator is configuring a rule in an access control policy to block certain
URLs and selects the “Chat and Instant Messaging” category. Which reputation score
should be selected to accomplish this goal?
A.
1
B.
3
C.
5
D.
10
10
We choose “Chat and Instant Messaging” category in “URL
Category”:
What provides the ability to program and monitor networks from somewhere other than the
DNAC GUI?
A.
NetFlow
B.
desktop client
C.
ASDM
D.
API
API
Which two capabilities does TAXII support? (Choose two)
A.
Exchange
B.
Pull messaging
C.
Binding
D.
Correlation
E.
Mitigating
Pull messaging
Binding
The Trusted Automated eXchangeof Indicator Information
(TAXII) specifies mechanisms for exchangingstructured cyber threat information between
parties over the network.TAXII exists to provide specific capabilities to those interested in
sharing structured cyber threat information.TAXII Capabilities are the highest level at which TAXII actions can be described. There are three capabilitiesthat this version of TAXII
supports: push messaging, pull messaging, and discovery.Although there is no “binding”
capability in the list but it is the best answer here.
| Page 4 out of 126 Pages |
| Previous |