Share your IPS v7.0 Experience

Which two types of software can be installed on a FP-9300 appliance? (Choose two)
A. Cisco Firepower Threat Defence
B. Cisco Firepower Management Center
C. transparent
D. redirection

I think in this question the answer must be C

Which Cisco IOS command uses the default class map to limit SNMP inspection to traffic from 10.1.1.0 to 192.168.1.0?
A. hostname(config)# access-list inspect extended permit ip 10.1.1.0.0.0.0.255 192.168.1.0.0.0.0.255
hostname(config)# class-map inspection_default hostname(config-cmap)# match access-list inspect
B. hostname(config)# access-list inspect extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
hostname(config-cmap)# match access-list inspect
C. hostname(config)# access-list inspect extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0 hostname(config)# class-map inspection_default hostname(configcmap)#
match access-list inspect
D. hostname(config)# access-list inspect extended permit ip 10.1.1.0.0.0.255 192.168.1.0.0.0.255
hostname(config)# class-map inspection_default
Answer : A

NEW QUESTION 475
An engineer is deploying AMP for the first time and cannot afford any interrupted to network traffic. Which policy types does NOT disrupted the network?

A. Protect
B. Sserver
C. Audit
D. tnage

Answer: C

Hello guys looking for Valid 210 dump my email ahmedalobaidy1atgmail.com

Question about google browser bad performance,
other question about flags meaning in WSA or ESA.
can’t recall, many new questions.

Which application processor can you deploy in a SCADA environment to detect anomalous traffic and support protocol field inspection?
A. DCE/RPC
B. GTP
C. SSL
D. DNTP3

@Demus

Introduction to SCADA Preprocessors
Supervisory Control and Data Acquisition (SCADA) protocols monitor, control, and acquire data from industrial, infrastructure, and facility processes such as manufacturing, production, water treatment, electric power distribution, airport and shipping systems, and so on. The Firepower System provides preprocessors for the Modbus, Distributed Network Protocol (DNP3), and Common Industrial Protocol (CIP) SCADA protocols that you can configure as part of your network analysis policy.

If the Modbus, DNP3, or CIP preprocessor is disabled, and you enable and deploy an intrusion rule that requires one of these preprocessors, the system automatically uses the required preprocessor, with its current settings, although the preprocessor remains disabled in the web interface for the corresponding network analysis policy.

The Modbus Preprocessor
The Modbus protocol, which was first published in 1979 by Modicon, is a widely used SCADA protocol. The Modbus preprocessor detects anomalies in Modbus traffic and decodes the Modbus protocol for processing by the rules engine, which uses Modbus keywords to access certain protocol fields.

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/scada_preprocessors.html

Sorry, sad boy. Thanks for the feeback!

@CrazzyMonkey

How was your second approach? Did you pass? :)

QUESTION 488
Which two tasks must you perform when you implement CWS on a Cisco ASA or ASAv? (Choose two.)

A. Browse to whoami.scansafe.net to verify that web redirection is operating normally.
B. Enable the ScanSafe feature.
C. Create an authentication license key.
D. Create a new RSA key.
E. Define the primary and secondary CWS proxy.

Answer: AC

https://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-web-security/cws_asa_5500_asav.pdf

QUESTION 476
Which two features does Cisco trust Anchor support? (Choose two.)

A. Secure boot
B. Image signing
C. Flood attack detection
D. SYN flood detection
E. DDoS mitigation

Answer: AB

https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf

QUESTION 408
Which option is omitted from a query on a ESA virtual appliance?

A. raidrable
B. FailoverHealthy
C. keyExpiration
D. CPUUtilizationExceeded

Answer: A (raidtable)

https://www.cisco.com/c/dam/en/us/td/docs/security/content_security/virtual_appliances/Cisco_Content_Security_Virtual_Appliance_Install_Guide.pdf

QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)

A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443

Answer: AD

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security__internet_access__and_communication_ports.html

QUESTION 387
What is required on a FirePOWER routed port (interface?)? (Choose 2).

A. IP address
B. virtual router
C. virtual switch
D. must be associated with both a virtual switch and virtual router
E. virtual gateway

Answer: AC

https:// http://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html

@justme

Yes @justme, I took my test and I did pass. 980/825. I have completed all the exams. :-)

Check my previous message when I failed. The exam is there.

BTW:

1 – The question regarding the outbreak rule (once again, check the message from my failed test) was there again, and the answer is: Send Processed Message to ESA.
2 – The question regarding Default Intrusion Policy, the answer is: It can protect against passing malicious packets BEFORE an access-control rule can identify the source application or URL.

As far as I can remember, the exam was almost the same. SO, YOU BETTER KEEP AN EYE ON THE MESSAGE I POSTED FROM MY FAILED TEST.

Also: sw-module module sfr reload
I may not be around for a few days, as I will rest.

Good luck to you folks!!!

CM

P.S. My failed exam is posted on this very same page. Just need to search for CrazzyMonkey.

May the force be with you all!!

CM

Thanks for the good vibe @CrazzyMonkey, congratulations! ;p

@CrazzyMonkey Congratulations :)

@CrazzyMonkey Congratulations

Who will take the exam soon?

@ CCNP Switch

QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)

A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443

Answer: CE?

I believe the answer is D E
You don’t need inbound TCP/443 when you already have bidirectional/443

@ Big D

Es correct.

This question was on the exam:

QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443
Answer: A & D

@CCNP SWITCH you were correct about this one.

Here you can review it:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Security__Internet_Access__and_Communication_Ports.html

it is clear that the only thing that needs bidirectional ports is the AMP for endpoints.

@sad boy

thanks

does anyone recall the question saying something about bad performance in google chrome browser?

I’m taking the exam on Tuesday the 19th.

@ sad boy,

As far as I can remember, the answer for this one is

USER AGENT.

Good luck.

..

Thanks @Crazzy_Monkey.

@sad boy

user cannot browse the inmternet by using google chrome user can browe successfully by using other tou plan to use the policy trace tool to replocate and diagnose ther issue.
which setting do you configure?

1- url category
2- proxy port
3- mime type
4- userg agent

Answer: 4

you rock @CCNP SWITCH, thanks!

:p

Also, I think we should demystify the question below:

When you view a FireAmp Analysis Overview to mitigate a malware issue, where do you look for infomation about servers .. attempted to download additional files?
A. Threat root cause section
B. Startup section
C. Involved IP Addresses section
D. Dropped Files section
answer A or C?

I am trying to find out the right info, but until now nothing accurate.

@ sad boy

the correct answer is C

Involved IP Addresses: File Type allows you to filter Device Trajectory events by the type of files involved.You can filter by the file types most commonly implicated in malware infections such as executables and PDFs. The other filter is for all file types not specifically listed, while the unknown filter is for files that the type was undetermined possibly due to malformed header information

Threat Root Cause – Helps identify legitimate and rogue applications that are at
high risk for introducing malware into your environment. It focuses on software
that is observed installing malware onto computers. The process name, software
title, and version number (as stamped in the binary) of the implicated software
are shown.

http://immunet-janus-helpdoc.s3.amazonaws.com/FireAMPPrivateCloudConsoleUserGuide.pdf

I’m going for the 300-210 next week. Does anybody has the latest PassLeader or Marks4Sure ?
I’ll do a update and also on the accuracy of the questions after the exam.

@sad boy

A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)

a. outbound port TCP/443
b. inbound port TCP/80
c. inbound port TCP/443
d. outbound port TCP/80
e. bidirectional port TCP/443

Answer: BE

((A FireSIGHT System uses ports 443/HTTPS and 80/HTTP in order to communicate with the cloud service. Port 443/HTTPS must be opened bidirectionally, and inbound access to port 80/HTTP must be allowed on the FireSIGHT Management Center.))

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117956-technote-sourcefire-00.html#anc4

how about this

Is Marks4Sure accurate ? I’m trying to decide if I would buy since nobody is sharing . Or Is PassLeader more accurate ?

I have the ebooks for the Cisco official training. Anybody know a easy way to download it so that I can share out here ?

What is a feature of Cisco Hybrid Email Security?

A. Cisco Registered Envelope Service.
B. Layer 4 traffic monitoring.
C. Application visibility and control.
D. Roaming user protection.

ans:C

Correct ans : A
https://www.cisco.com/c/en/us/products/collateral/security/cloud-email-security/datasheet_c78-734189.html

@CCNP SWITCH

What is the final answer of this question??
QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443

@Aasim omer
I am still thinking the right answer is outbound 80 and 443.
This is Firepower MC and the link you have provided is for the FireSIGHT MC.
What a tricky question. To be honest, I am starting to doubt about this one.
Review:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Security__Internet_Access__and_Communication_Ports.html

The Firepower MC is protected by the ASA, why we should use bidirectional port 443 for the FMC when that (inbound direction) is used only for the GUI on the FMC?

443/tcp—Outbound—Send and receive data from the internet.

443—-Outbound—–Communicate with the AMP cloud (public or private)

Hello!

The new PassLeader 300-208 dumps (Updated Recently) now are available, here are part of 300-208 exam questions (FYI):

[Get the download link at the end of this post]

NEW QUESTION 500
What are two advantages of a single-SSID deployment over a multi-SSID implementation? (Choose two.)

A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
B. Single-SSID deployments are more appropriate for BYOD environments.
C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on another network.
E. Single-SSID deployments provide a better experience for users of iOS devices.

Answer: DE

NEW QUESTION 501
Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?

A. Ethernet
B. Wireless-IEEE 802.11
C. Call Check
D. Framed

Answer: C

NEW QUESTION 502
How does the use of single connect mode for device authentication improve performance?

A. It uses a single TCP connection for all TACACS+ communication.
B. It uses a single VIP on the network access device.
C. It uses a single TCP connection for all RADIUS communication.
D. It multiplexes RADIUS requests to the server over a single session.

Answer: A

NEW QUESTION 503
What represents the default Cisco IOS RADIUS attribute-value pair?

A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
C. User name= 1, password= 2, NAS-IP Address= 4, NAS-Port= 5
D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4

Answer: C

NEW QUESTION 504
In which scenario might it be helpful to adjust the network transition delay timer?

A. when the client needs more time to log in to the network
B. when the client needs more time to perform compliance checks
C. when the client needs more time to obtain a DHCP lease
D. when the client needs more time to perform remediation

Answer: C

NEW QUESTION 505
Which statement about single-SSID environment is true?

A. It allows for the wired and wireless adapters to be provisioned in any order.
B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
D. It can use the Fast SSID Change feature to improve performance.

Answer: C

NEW QUESTION 506
……

P.S.

PassLeader 300-208 dumps FYI:

od.lk/fl/NjFfMTUyNjc0NV8

(508q~~~NEW VERSION DUMPS!!!)

Good Luck!!!

[(copy that link and open it in your web browser!!!)]

More:

1. PassLeader 300-206 dumps FYI:

od.lk/fl/NjFfMTUyNjc0M18

(483q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

2. PassLeader 300-209 dumps FYI:

od.lk/fl/NjFfMTUyNjc0N18

(454q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

3. PassLeader 300-210 dumps FYI:

od.lk/fl/NjFfMTUyNjc0OV8

(508q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

Good Luck!!!

[(copy those links and open them in your web browser!!!)]

NEW QUESTION 500
What are two advantages of a single-SSID deployment over a multi-SSID implementation? (Choose two.)

A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
B. Single-SSID deployments are more appropriate for BYOD environments.
C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on another network.
E. Single-SSID deployments provide a better experience for users of iOS devices.

Answer: DE

NEW QUESTION 501
Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?

A. Ethernet
B. Wireless-IEEE 802.11
C. Call Check
D. Framed

Answer: C

NEW QUESTION 502
How does the use of single connect mode for device authentication improve performance?

A. It uses a single TCP connection for all TACACS+ communication.
B. It uses a single VIP on the network access device.
C. It uses a single TCP connection for all RADIUS communication.
D. It multiplexes RADIUS requests to the server over a single session.

Answer: A

NEW QUESTION 503
What represents the default Cisco IOS RADIUS attribute-value pair?

A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
C. User name= 1, password= 2, NAS-IP Address= 4, NAS-Port= 5
D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4

Answer: C

NEW QUESTION 504
In which scenario might it be helpful to adjust the network transition delay timer?

A. when the client needs more time to log in to the network
B. when the client needs more time to perform compliance checks
C. when the client needs more time to obtain a DHCP lease
D. when the client needs more time to perform remediation

Answer: C

NEW QUESTION 505
Which statement about single-SSID environment is true?

A. It allows for the wired ands wireless adapters to be provisioned in any order.
B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
D. It can use the Fast SSID Change feature to improve performance.

Answer: C

A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
B. Single-SSID deployments are more apprdsopriate for BYOD environments.
C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on anothder network.
E. Single-SSID deployments provide a better experience for users of iOS devices.

Answer: DE

These idiots spammers, actually were already late.
Go and disturb other places.

@sad Boy and @ Aasim omer
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Security__Internet_Access__and_Communication_Ports.html

if you check the table you can see that FMC uses 443(outbound and inbound) and 80 (outbound) so i think we can back to the original answer D & E

Hello,

Can you tell me the answer for this question? I found some documents stating a, another one b.

Which tool are used to analyze AMP for Endpoints file activity performed on endpoints?
A. File Trajectory
B. Prevalence
C. File Analysis
D. Device Trajectory

Thank you everyone i have downloaded few pdf’s and now preparing for my exam on dec.

@sad boy @ALIHK79
its tricky question

@AG
Which tool are used to analyze AMP for Endpoints file activity performed on endpoints?
A. File Trajectory
B. Prevalence
C. File Analysis
D. Device Trajectory

Correct ans for me: D
(Device trajectory: Continuously track activity and communication on devices and on the system level to
quickly understand root causes and the history of events leading up to and after a compromise.)
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.pdf

You are troubleshooting the proxy connections going through a Cisco WSA. Which CLI tool do you use to monitor a log file in real time?
A. grep
B. nslookup
C. dig
D. tail

Answer: D
I will go with answer: A grep
(to view the logs on the Cisco Web Security Appliance (WSA) from the CLI using the grep command.)
https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117830-qanda-wsa-00.html

On the WSA:

‘tail’ will tail all the access logs in real time.

‘grep’ can tail the access logs in real time while grepping for the RegEx you’d like. Be aware that when you issue the ‘grep’, there will be an option in which you must answer YES to (tail the output).

https://community.cisco.com/t5/web-security/wsa-s370-cli-use-regular-expression-with-quot-tail-quot/td-p/2305234

I will go with D

I fail today, a lot new question

more or less 17 new question

@CCNP Switch

sorry to hear that
hard luck for next time

do u remember any of the questions ?

1- Web Security Manager > Define Time Ranges and Quotas

2- Command regarding MX record and activity on ESA:
The options were:

– tophost
– nslookup
– hoststatus
– diagnostics

Answer: C

3- Which application processor can you deploy in a SCADA environment to detect anomalous traffic and support protocol field inspection?
A. DCE/RPC
B. GTP
C. SSL
D. DNTP3

Answer: D

4- sh ip admission cache command
To display the network admission cache entries and information about web authentication sessions, use the show ip admission command in user EXEC or privileged EXEC mode.

Question regarding outbreak rule for addtional scanning using content filter
Options were:
– Use a secondary ESA engine
– Use 2 engines simultaneously
– Send processed message to ESA
– Send a copy of the file (or message, don’t remeber) to quarantine

Answer C

6- which command resets the module of a firepower in an ASA cisco.

@CCNP Switch
sorry man
Do you mean around 17 question, beside Gio Dump or…?

@ passleader

I will upload a file with the questions that came to the drive, they are already corrected

https:// drive.google.com/file/d/1bJ2TjjF-ofadViRsllIDtkivKsj-rq9-/view?usp=sharing

@ big D

please feed us

sorry CCNP SWITCH, you will ended up passing the test, you’ll see.

The exam I did had a lot of similar questions with almost identically answers, but they vary a little, so I think you have always to double check and understand what the hell they are asking, we all know the deal is to understand the topics and to be ready for the tricky questions that might come.

CCNP SWITCH IS FAKE FAKE FAKE

CCNP SWITCH IS FAKE FAKE FAKE

Do you have have the latest 300-210 pass leader? Can you share?

Sorry CCNP SWITCH.

Do you remember what labs and drag and drop did you have?

NEW QUESTION 478
Which two statements about content filters on the Cisco ESA are true? (Choose two.)
A. After you create a content filter, you can create an encryption profile to encrypt messages that match the filter.
B. Each content filter requires one or more actions.
C. They can be applied before a after message filters.
D. They are applied to the message after artisan and antivirus scanning is performed.
E. Each content filter requires one or more conditions

Answer B and D or D and E?

NEW QUESTION 477
Which two tasks must you perform when impalement CWS on a cisco ASA or ASAV? (Choose
two.)
A. Create a new RSA key.
B. Enable the ScanSafe feature.
C. Browse to whoami.scansade.not to verify that web redirection is operating normally.
D. Create an authenticating license key.
E. Define the primary and secondary CWS proxy.

Answer B and C or C and D?

NEW QUESTION 490
Which two features of Cisco Email Security can protect your organization against email threats?
(Choose two.)
A. Time-based one-time passwords
B. Data loss prevention
C. NetFlow
D. Geolocation-based filtering
E. Heunstic-based filtering

Answer B and E or D and E?

@CCNP SWITCH sorry to hear that. below are some of the questions i think you are referring to as new

QUESTION 58.
Which option is the effect of the show ip admission cache command in an environment in which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

What is the main purpose of the default intrusion policy?
A. It can protect against passing malicious packets before an access-control rule can identify the source application or URL.
B. It can prefleg known malware to eliminate the need for further inspection.
C. It can enforce additional rules after the system has identified the default access-control rule
D. It balances security and connectivity considerations by default when you choose the Network Discovery default action.

You are implementing a virus outbreak filter on a cisco ESA by using the Outbreak Filters feature. You plan to perform an additional scan by using a content filter. Which action can you configure the Outbreak filter to take?
A. Scan processed messages by using a secondary instance of the ESA.
B. Send a copy of the messages to quarantine.
C. Scan processed messages by using two engines simultaneously.
D. Send processed messages to an ESA.

What is the main function of the Cisco CWS Connector on mobile device?
A. It integrates with the Cisco Firepower Management console to manage application and web traffic.
B. It integrates with the Cisco AnyConnect Secure Mobility Client to provide web security.
C. It integrates with the Cisco NAC Agent to collect web-browser history for reporting purposes.
D. It provides a connection to the FireAMP cloud to block threats that other security layers fail to detect.

Which two types of software can be installed on a FP-9300 appliance? (Choose two)
A. Cisco Firepower Threat Defence
B. Cisco Firepower Management Center
C. transparent Appliance
C. Cisco Firepower Service
D. Cisco ASA

Which application processor can you deploy in a SCADA environment to detect anomalous traffic and support protocol field inspection?
A. DCE/RPC
B. GTP
C. SSL
D. DNTP3

@ AG
Question478

i will go for
E. Each content filter requires one or more conditions
A. After you create a content filter, you can create an encryption profile to encrypt messages that match the filter.

QUESTION 477
E. Define the primary and secondary CWS proxy.
D. Create an authenticating license key.

QUESTION 490
E. Heunstic-based filtering
D. Geolocation-based filtering

@CCNP Switch,

>> 1- Web Security Manager > Define Time Ranges and Quotas

Is this two question or one ? Concepts or actual configuration related as in, where do I config this ? Or Which of these are true ?

@Demus

Do you have answers for these questions ?
QUESTION 58.
Which option is the effect of the show ip admission cache command in an environment in which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

What is the main purpose of the default intrusion policy?
A. It can protect against passing malicious packets before an access-control rule can identify the source application or URL.
B. It can prefleg known malware to eliminate the need for further inspection.
C. It can enforce additional rules after the system has identified the default access-control rule
D. It balances security and connectivity considerations by default when you choose the Network Discovery default action.

You are implementing a virus outbreak filter on a cisco ESA by using the Outbreak Filters feature. You plan to perform an additional scan by using a content filter. Which action can you configure the Outbreak filter to take?
A. Scan processed messages by using a secondary instance of the ESA.
B. Send a copy of the messages to quarantine.
C. Scan processed messages by using two engines simultaneously.
D. Send processed messages to an ESA.

What is the main function of the Cisco CWS Connector on mobile device?
A. It integrates with the Cisco Firepower Management console to manage application and web traffic.
B. It integrates with the Cisco AnyConnect Secure Mobility Client to provide web security.
C. It integrates with the Cisco NAC Agent to collect web-browser history for reporting purposes.
D. It provides a connection to the FireAMP cloud to block threats that other security layers fail to detect.

@ag

NEW QUESTION 478
Which two statements about content filters on the Cisco ESA are true? (Choose two.)
A. After you create a content filter, you can create an encryption profile to encrypt messages that match the filter.
B. Each content filter requires one or more actions.
C. They can be applied before a after message filters.
D. They are applied to the message after artisan and antivirus scanning is performed.
E. Each content filter requires one or more conditions

Answer: B and D

https:// ** http://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_01101.html#con_1260230

NEW QUESTION 477
Which two tasks must you perform when impalement CWS on a cisco ASA or ASAV? (Choose
two.)
A. Create a new RSA key.
B. Enable the ScanSafe feature.
C. Browse to whoami.scansade.not to verify that web redirection is operating normally.
D. Create an authenticating license key.
E. Define the primary and secondary CWS proxy.

Answer :C and D

https://**www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html

NEW QUESTION 490
Which two features of Cisco Email Security can protect your organization against email threats?
(Choose two.)
A. Time-based one-time passwords
B. Data loss prevention
C. NetFlow
D. Geolocation-based filtering
E. Heunstic-based filtering

Answer: B and D

https:// **www.cisco.com/c/en/us/products/collateral/security/cloud-email-security/datasheet-c78-742868.html

Failed today with more than 15 new questions. Using Marks4Sure 454Q dump + Page 20 – Page 26 here. Anybody else has more resources to share ?

@Demus

where did you get the first 2 questions?

has more?

please share

QUESTION 58. New for me.
Which option is the effect of the show ip admission cache command in an environment in which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

Answer: C

https:// **www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1-xe-3se-3850-cr-book_chapter_010.html

What is the main purpose of the default intrusion policy? New for me.
A. It can protect against passing malicious packets before an access-control rule can identify the source application or URL.
B. It can prefleg known malware to eliminate the need for further inspection.
C. It can enforce additional rules after the system has identified the default access-control rule
D. It balances security and connectivity considerations by default when you choose the Network Discovery default action.

Answer: A

http:// **www.securitytut.com/ips-v7-0-642-627/share-your-ips-v7-0-experience/comment-page-26#comment-749928

You are implementing a virus outbreak filter on a cisco ESA by using the Outbreak Filters feature. You plan to perform an additional scan by using a content filter. Which action can you configure the Outbreak filter to take?
A. Scan processed messages by using a secondary instance of the ESA.
B. Send a copy of the messages to quarantine.
C. Scan processed messages by using two engines simultaneously.
D. Send processed messages to an ESA.

Answer: D —– OLD FOR ME

What is the main function of the Cisco CWS Connector on mobile device?
A. It integrates with the Cisco Firepower Management console to manage application and web traffic.
B. It integrates with the Cisco AnyConnect Secure Mobility Client to provide web security.
C. It integrates with the Cisco NAC Agent to collect web-browser history for reporting purposes.
D. It provides a connection to the FireAMP cloud to block threats that other security layers fail to detect.

Answer: B OLD

https:// **www.cisco.com/c/dam/en_us/about/ciscoitatwork/borderless_networks/docs/Cloud_Web_Security_IT_Methods.pdf

Which two types of software can be installed on a FP-9300 appliance? (Choose two)—-OLD FOR ME
A. Cisco Firepower Threat Defence
B. Cisco Firepower Management Center
C. transparent Appliance
C. Cisco Firepower Service
D. Cisco ASA

Answer: A and D

https:// **www.cisco.com/c/en/us/products/collateral/security/firepower-9000-series/datasheet-c78-742471.html

Which application processor can you deploy in a SCADA environment to detect anomalous traffic and support protocol field inspection?—- OLD FOR ME
A. DCE/RPC
B. GTP
C. SSL
D. DNTP3

Answer: D

@Dave
a question

What appliance support do you quotas?

more or less

Passed the exam this morning.
I went through the site and these are all the questions that I had on my exam.

@ CCNP Switch – A big thank you to you my man, The pdf you provided on the 18th was spot on. almost every question on that pdf was on the exam.

3 of 4 complete, will now study to get 300-209 complete before the 23rd of Feb.

@ Big D

you are welcome,

do you remenber the new question?

The exam. There were about 7 questions that I hadn’t seen before the exam (So new questions to me). Not being a dick, but don’t ask what the questions were, I have no idea. I’m not the type that can instantly memorize questions. But what I can do is provide the question that were on the exam. Download the PDF and you will have 59 of the 66 questions I had on my exam today.

I scored average on the exam, 901/1000 so the questions here should help some of you. Just have to remember that the answers are not verbatim on what is on the exam. You need to have a basic grasp of the subject.

https:// drive.google.com/open?id=1OOqZ8i5WweTr4EU90IynuIZN6plShrDu

I hope you all know you need to remove the spaces.

@CCNP Switch

NEW QUESTION 477
Which two tasks must you perform when impalement CWS on a cisco ASA or ASAV? (Choose
two.)
A. Create a new RSA key.
B. Enable the ScanSafe feature.
C. Browse to whoami.scansade.not to verify that web redirection is operating normally.
D. Create an authenticating license key.
E. Define the primary and secondary CWS proxy.

Answer :C and D

Isn’t the correct answer B and C . :-D

You are implementing a virus outbreak filter on a cisco ESA by using the Outbreak Filters feature. You plan to perform an additional scan by using a content filter. Which action can you configure the Outbreak filter to take?
A. Scan processed messages by using a secondary instance of the ESA.
B. Send a copy of wqethe messages to quarantine.
C. Scan processed messages by using two engines simultaneously.
D. Send processed messages to an ESA.

Answer: D —– OLD FOR ME

QUESTION 58. New for me.
Which option is the effect of the show ip admission cache command in an environment in which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

Answer: C

https:// **www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1-xe-3se-3850-cr-book_chapter_010.html

Usage Guidelines
Use the show ip admission command to display information about network admission entries and information about web authentication sessions.

Examples
The following is sample output from the show ip admission cache command:

Device# show ip admission cache

Authentication Proxy Cache
Total Sessions: 1 Init Sessions: 1
Client MAC 5cf3.fc25.7e3d Client IP 1.150.128.2 IPv6 :: Port 0, State INIT, Method Webauth
The following is sample output from the show ip admission statistics command:

QUESTION 58. New for me.
Which option is the effect of the show ip admission cache command in an environment in which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

For me the answer is D

https://**www.cisco.com/c/dam/en/us/products/collateral/security/router-security/cws-troubleshooting.pdf

To view the status of a user, the administrator can enter the show ip admission cache command in the router

NEW QUESTION 477
Which two tasks must you perform when impalement CWS on a cisco ASA or ASAV? (Choose
two.)
A. Create a new RSA key.
B. Enable the ScanSafe feature.
C. Browse to whoami.scansade.not to verify that web redirection is operating normally.
D. Create an authenticating license key.
E. Define the primary and secondary CWS proxy.

I think the correct answer is D and E.

https://www.cisco.com/c/en/us/products/collateral/security/cloud-web-security/solution_overview_c07-721174.html

From the configuration i see that you have to define the primary and secondary proxy and then to add license key.

@Demus ,

Could you let us know where you got the questions ? Don’t need to share the questions if you don’t want to, but would be good to at least let us know where you bought or got it from. Not too much to ask for in a sharing forum. I’m going for my exam real soon too.

@AG

is true..

After subscribing to Cisco ® Cloud Web Security (CWS), formerly known as Cisco ScanSafe, you will receive a provisioning email message that includes important information. In the provisioning email message you will find details about your primary and secondary web services proxy addresses. Keep these addresses because you will need them when configuring your Cisco Adaptive Security Appliance (ASA) Firewall.

NEW QUESTION 477
Which two tasks must you perform when impalement CWS on a cisco ASA or ASAV? (Choose
two.)
A. Create a new RSA key.
B. Enable the ScanSafe feature.
C. Browse to whoami.scansade.not to verify that web redirection is operating normally.
D. Create an authenticating license key.
E. Define the primary and secondary CWS proxy.

correct answer is D and E.

@Big congrats!!!

Do you think that cisco.300-210.Gio.v3.275q.pdf is valid ?

I’m doing the exam tomorrow and this will be my last burst. Does anybody has a copy of the 300-210 ? would like it to be as updated as possible but anything would be better than nothing. Can anybody share or like to sell me a copy at a reasonable price.

Which two actions can be used in an access control policy rule?
a. Block All
b. Monitor
c. Trust Rule
d. Discover
e. Block with Reset

I think b and C are the correct answers. Based on https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/access_control_rules.html#ID-2190-0000027b

the actions are:

Access Control Rule Monitor Action
Access Control Rule Trust Action
Access Control Rule Blocking Actions
Access Control Rule Interactive Blocking Actions
Access Control Rule Allow Action

Blocking contains Block and Block with reset. Block all does not exists.
Also on the documentation there is a schema with the packet flow and the first to actions is looking to monitor and to see if it;s trusted.

@ CCNP SWITCH and Dave

these questions were on my exams. i took my exams last two weeks and failed.

QUESTION 48.
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform on each where each messages was lost?
A. Configure the trackingconfig command to enable messages tracking.
B. Generate a system report
C. Review the log files
D. Perform a trace

QUESTION 49.
Under which circumstances does the Cisco AMP assign a file disposition without submitting the file to the cloud for dynamic analysis?
A. When a previously undetected file matches a file rule with the Block Malware action
B. When an executable file matches a file rule with the Malware Cloud Lookup action and the lookup provides a file disposition
C. When the file has previously been submitted for dynamic analysis and the analysis failed
D. When the file is a PDF or Microsoft Office document.

You configure an antispam policy on a Cisco ESA. Which action can you take on the messages that positively contain identify spam?
A. Modify the recipient of each message.
B. Deliver the messages with an altered subject.
C. Send a customized alert with each message.
D. Repair the messages

Which two deployment modes does the Cisco ASA FirePOWER modules support? (Choose two)
A. routed mode.
B. passive monitor-only mode.
C. inline mode.
D. context mode
E. transparent mode

QUESTION 29.
An engineer must evaluate the security gaps with their current WSA. What additional protection does AMP offer for WSA?
A. roaming-user protection.
B. restricted bandwidth.
C. data loss prevention.
D. point in time detection

the above questions were also on my exams

Which two actions can be used in an access control policy rule? (Choose two)
A. Block ALL.
B. Discover.
C. Trust Rule.
D. Block with Reset
E. Monitor

Which CLI command can you enter on a Cisco NGIPSv device to control special handling of Client Hello Messages?
A. ssl-client-hello-rest.
B. ssl-client-hello-tuning.
C. ssl-client-hello-enabled.
D. ssl-client-hello-display

Which type of Cisco connector support quotas?
A. WSA
B. ISR G2
C. ASA
D. Native

Which two statements about virtual ESAs are true? (Choose two.)
A. They can perform advanced malware protection locally.
B. They are more flexible but more expensive than physical ESAs.
C. They can perform forged email detection locally.
D. They can simplify capacity planning
E. They cluster can be deployed with minimal impact to existing infrastructure

(Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance

@Demus, CCNP Switch, Big D,

Thank you. I’m going for the exam tomorrow.
Could you give me more details about the simulation, Drag and Drop, etc ?
Many of the questions and discussion here refer to simulations, Drag and Drop, and Exhibit but I do not have access to these, so it’s quite difficult to visualize the questions. Would appreciate any info or help ? I’m considering buying the PassLeader if there is no other options but it’s a big chunk of $$$$.

@Demus

Thanks for sharing, what’s the question about this options:

(Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance

@Simo
Which two products can get file disposition from the Cisco Advance Malware Protection cloud? (Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance

@ Dave
these are all the drag and drop questions you can get

DRAG AND DROP

ESA—————–>dynamic threat control for email
WSA—————->dynamic threat control for web traffic
AMP—————->endpoint control
StealthWatch—->network forensic
Firepower——–>real-time threat management
ISE——————>user and device identity management
————————————————————–
CIP————————————> supports industrial automation application
Transport & network layer—> detects attacks that exploit a checksum validation
DNP3———————————> used in transportation industries
Application layer ————––> occurs after the selection of the access control rules

ESA—————–>dynamic threat control for email
WSA—————->dynamic threat control for web traffic
AMP—————->endpoint control
StealthWatch—->network forensic
Firepower——–>real-time threat management
ISE——————>user and device identity management
————————————————————–
CIP————————————> supports industrial automation application
Transport & network layer—> detects attacks that exploit a checksum validation
DNP3———————————> used in transportation industries
Application layer ————––> occurs after the selection of the access control rules.

@ aouas I used GIO and the questions in this forum. Feel free to download the pdf I’m sharing to see all of the questions on my exam.

After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform on each where each messages was lost?
A. Configure the trackingconfig command to enable messages tracking.
B. Generate a system report
C. Review the log files
D. Perform a trace

(I answered C)

QUESTION 49.
Under which circumstances does the Cisco AMP assign a file disposition without submitting the file to the cloud for dynamic analysis?
A. When a previously undetected file matches a file rule with the Block Malware action
B. When an executable file matches a file rule with the Malware Cloud Lookup action and the lookup provides a file disposition
C. When the file has previously been submitted for dynamic analysis and the analysis failed
D. When the file is a PDF or Microsoft Office document.

(Answer is B)

You configure an antispam policy on a Cisco ESA. Which action can you take on the messages that positively contain identify spam?
A. Modify the recipient of each message.
B. Deliver the messages with an altered subject.
C. Send a customized alert with each message.
D. Repair the messages

Answer B: You deliver the message Prepended with [SPAM]

Which two deployment modes does the Cisco ASA FirePOWER modules support? (Choose two)
A. routed mode.
B. passive monitor-only mode.
C. inline mode.
D. context mode
E. transparent mode

( Iwas unsure on this question but chose A and C)

QUESTION 29.
An engineer must evaluate the security gaps with their current WSA. What additional protection does AMP offer for WSA?
A. roaming-user protection.
B. restricted bandwidth.
C. data loss prevention.
D. point in time detection

Answer D

Which two actions can be used in an access control policy rule? (Choose two)
A. Block ALL.
B. Discover.
C. Trust Rule.
D. Block with Reset
E. Monitor

I chose A and E

Which CLI command can you enter on a Cisco NGIPSv device to control special handling of Client Hello Messages?
A. ssl-client-hello-rest.
B. ssl-client-hello-tuning.
C. ssl-client-hello-enabled.
D. ssl-client-hello-display

This was one of the questions I had never seen before. I have no idea on the answer. I guessed B

Which type of Cisco connector support quotas?
A. WSA
B. ISR G2
C. ASA
D. Native

Answer A. WSA allows for time based and volume based quotas

Which two statements about virtual ESAs are true? (Choose two.)
A. They can perform advanced malware protection locally.
B. They are more flexible but more expensive than physical ESAs.
C. They can perform forged email detection locally.
D. They can simplify capacity planning
E. They cluster can be deployed with minimal impact to existing infrastructure

I chose D and E

(Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance

I remember these answers, don’t remember the question, but I chose D and E.

@Demus, CCNP Switch, Big D,

Thanks for great sharing. Does anybody has any feedback for the simulation and hot spot questions ? Are they all on the gio or are there additional ?

@Dave they are all on gio

@ big D kindly share the pdf you got from CCNP with me

Is there something strange with this question, why all of you answer wrong on it ?? I have fmc and the two actions can be used are Block with reset, Monitor , i cant put a screen shot, so the answer should be B and E
by the way all options are (Allow-Trust-Monitor-Block-Block with reset-Interactive Block – Interactive Block with reset) so answers are B and E

Which two actions can be used in an access control policy rule?
a. Block All
b. Monitor
c. Trust Rule
d. Discover
e. Block with Reset

Which CLI command can you enter on a Cisco NGIPSv device to control special handling of Client Hello Messages?
A. ssl-client-hello-rest.
B. ssl-client-hello-tuning.
C. ssl-client-hello-enabled.
D. ssl-client-hello-display

answer is C

ssl-client-hello-enabled
Controls special processing of the ClientHello message during the SSL handshake.
Caution Do not use this command unless you are directed to do so by Support.
Access
Configuration
Syntax
system support ssl-client-hello-enabled setting {true | false}
Possible setting values are:
feature
Controls all special handling of ClientHello messages