- Email support@dumps4free.com
Topic 2: Exam Pool B
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session
when an endpoint is
deleted from an identity group?
A.
posture assessment
B.
CoA
C.
external identity source
D.
SNMP probe
CoA
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-
3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010101.html
Which product allows Cisco FMC to push security intelligence observable to its sensors
from other products?
A.
Encrypted Traffic Analytics
B.
Threat Intelligence Director
C.
Cognitive Threat Analytics
D.
Cisco Talos Intelligence
Threat Intelligence Director
How is DNS tunneling used to exfiltrate data out of a corporate network?
A.
It corrupts DNS servers by replacing the actual IP address with a rogue address to
collect information or start other attacks.
B.
It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
C.
It redirects DNS requests to a malicious server used to steal user credentials, which
allows further damage
and theft on the network.
D.
It leverages the DNS server by permitting recursive lookups to spread the attack to other
DNS servers
It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.
Domain name system (DNS) is the protocol that translates
human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13.
Because DNS messages are only used as the beginning of each communication and they
are not intended for data transfer, many organizations do not monitor their DNS traffic for
malicious activity. As a result, DNS-based attacks can be effective if launched against their
networks. DNS tunneling is one such attack.An example of DNS Tunneling is shown below:
The attacker incorporates one of many open-source DNS tunneling kits into an
authoritative DNSnameserver (NS) and malicious payload.2. An IP address (e.g.
1.2.3.4) is allocated from the attacker’s infrastructure and a domain name (e.g.
attackerdomain.com) is registered or reused. The registrar informs the top-level
domain (.com) nameservers to refer requests for attackerdomain.com to
ns.attackerdomain.com, which has a DNS record mapped to 1.2.3.43. The
attacker compromises a system with the malicious payload. Once the desired data
is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z)
broken into short strings (3KJ242AIE9, P028X977W,…).4. The payload initiates
thousands of unique DNS record requests to the attacker’s domain with each
string as
Reference: https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0
A network engineer has been tasked with adding a new medical device to the network.
Cisco ISE is being used as the NAC server, and the new device does not have a supplicant
available. What must be done in order to securely connect this device to the network?
A.
Use MAB with profiling
B.
Use MAB with posture assessment
C.
Use 802.1X with posture assessment
D.
Use 802.1X with profiling
Use MAB with profiling
Reference: https://community.cisco.com/t5/security-documents/ise-profiling-designguide/
ta-p/3739456
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses?
A.
SAT
B.
HAT
C.
BAT
D.
RAT
RAT
| Page 6 out of 126 Pages |
| Previous |