Share your IPS v7.0 Experience
Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a time-consuming work. In the mean time, we created the “Share your experience” for the IPS v7.0 exam. We really hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these sections as your experience is invaluable for CCNP Security learners to complete their goals.
Please share with us your experience after taking the IPS v7.0 642-627 exam, your materials, the way you learned, your recommendations…
Which type of Cisco connector support quotas?
A. WSA
B. ISR G2
C. ASA
D. Native
I will go for B as policy on WSA support quota, not the wsa connector, if you can check the cloud connector on WSA there is nothing related to quota inside it , but ISR G2 connector
can be based on categories, content, file types, schedules, and quotas.
https:// **www.cisco.com/c/en/us/products/collateral/security/router-security/data_sheet_c78-655324.html
@Alihk79 check this
https: //www.cisco.com/c/dam/assets/global/pdfs/november-security/solution_overview_c96-721282.pdf
@sma so the answer is D native connector
Thanks for clarifying this,
Are the other questions are true ?
C. ssl-client-hello-enabled.
https:// http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_command_line_reference.html
https:// http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AC-Getting-Started.html#56491
@ Dave you buying the PassLeader?
Which two actions can be used in an access control policy rule? (Choose two.)
A. Block ALL
B. Discover
C. Monitor
D. Trust Rule
E. Block with Reset
@CCNP Switch,
Decided not to. I was considering PassLeader, M4S or VcePlus, but nobody has response to me on the worth of the PassLeader and it’s a expensive option.
Which CLI command can you enter on a Cisco NGIPSv device to control special handling of Client Hello Messages?
A. ssl-client-hello-rest.
B. ssl-client-hello-tuning.
C. ssl-client-hello-enabled.
D. ssl-client-hello-display
answer is C
ssl-client-hello-enabled
Controls special processing of the ClientHello message during the SSL handshake.
Caution Do not use this command unless you are directed to do so by Support.
Access
Configuration
Syntax
system support ssl-client-hello-enabled setting {true | false}
Possible setting values are:
feature
Controls all special handling of ClientHello messages…
Which two actions can be used in an access control policy rule? (Choose two)
A. Block ALL.
B. Discover.
C. Trust Rule.
D. Block with Reset
E. Monitor
I chose A and E…..
@CCNP Switch,
Do you think it’s worth it to get the PassLeader ? Would definitely be nice to know what questions are in PassLeader but not here.
@Anonymous,
Thanks.
Refer to exhibit. Which two descriptions of the configurations of the Cisco FirePOWER Services module are true? (Choose two)
Anybody has the exhibit for the above ?
@sma
In this question they are asking about access control policy rule so i think we must choose from the rule actions, what are you answers ?
Which two actions can be used in an access control policy rule? (Choose two)
A. Block ALL.
B. Discover.
C. Trust Rule.
D. Block with Reset
E. Monitor
https:// we.tl/t-ofwwAYZjbi
here is a link about the rules action inside a policy, or do i miss something
Which function is the primary function of Cisco AMP threat Grid? (Chose Two)
a. The device is deployed in a passive configuration
b. If a rule is triggered the device generates an intrusion event.
c. The packet flow traverses the device
d. If a rule is triggered the device drops the packet
Answer: AC
Anybody got a different view of the answer ?
QUESTION 5.
A customer has recently purchased Cisco Application Visibility and Control and requires an AVC application
profile to control a recognized application.
Which two actions can be defined when creating an application profile? (Choose two.)
A. drop
B. tag
C. mark
D. alert
E. allow
anyone with the correct answer for this?
Which two products can get file disposition from the Cisco Advance Malware Protection cloud? (Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance
You are implementing a DLP policy on a Cisco ESA. Which template category must you use to protect personally identifiable information?
A. Company Confidential
B. Intellectual Property Protection.
C. Privacy Protection.
D. Regulatory Compliance.
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. proxy gateway
B. forward
C. transparent
D. redirection
QUESTION 26.
Which description of the layer 4 traffic Monitor on a Cisco WSA is true?
A. Monitors suspicious traffic across all the TCP/UDP ports.
B. decrypts SSL traffic to monitor for malicious content.
C. Blocks traffic from URL categories that are known to contain malicious content.
D. Prevent data exfiltration by searching all the network traffic for specified sensitive information.
Which two deployment modes does the Cisco ASA FirePOWER modules support? (Choose two)
A. routed mode.
B. passive monitor-only mode.
C. inline mode.
D. context mode
E. transparent mode
Customers mobile clients now require content scanning, yet there is not an ASA on the network. Which deployment method is required for the Cisco AnyConnect Web Security Module?
A. roaming umbrella component.
B. APEX enforcement.
C. enterprise connection enforcement
D. standalone component
Which two variable types can be defined within Snort rules? (Choose two)
A. portvar
B. ipvar
C. srcvar
D. netvar
E. dstvar
What happens when the Cisco FireSIGHT system sends a URL to the Cisco cloud and the cloud cannot determine its reputation?
A. The system can query a manually created list to determine the reputation of the file.
B. The system is unable to apply access-control rules
C. The system can block the site automatically
D. The system can apply an administratively configured action
QUESTION 36.
Which option is the main function of Cisco Firepower impact flags?
A. They identify data that the ASA sends to the Firepower module
B. They highlight known and suspected malicious IP addresses in reports
C. They alert administrators when critical events occur.
D. They correlate data about intrusions and vulnerability.
Which deployment model on a Cisco ASA Firepower module in multiple-context mode allows you to evaluate the contents of the traffic without affecting the network?
A. passive monitor-only mode
B. inline mode
C. inline tap monitor-only mode
D. passive tap monitor-only mode
What is the limitation of the Cisco AMP Threat Grid Sandbox?
A. delayed software updates
B. the requirement of fully assembled malware
C. complex setup
D. single point of failure
Drag and Drop
Download IPS files from Cisco.com —-> Step 1
Load the CISCO IOS IPS signature package to the router —> Step2
Enable the CIsco IOS IPS crypto key —> Step 3
Enable CIsco IOS IPS —–> Step 4
@Demus
QUESTION 5.
A customer has recently purchased Cisco Application Visibility and Control and requires an AVC application
profile to control a recognized application.
Which two actions can be defined when creating an application profile? (Choose two.)
A. drop
B. tag
C. mark
D. alert
E. allow
A and C. drop and mark
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/AVC_dg7point5.html
Which description of the file trajectory feature in Cisco AMP is true?
A.Tracks information about policy updates that affect each file on a network
B.Excludes information about file transmissions across the network
C.Blocks the malware detected in a file sent across the network
D.Display information about the actions performed on each file on a network.
Answer:B or D ??
Do you know what is the correct answer for this? B or D?
@ALIHK79
I totally agree with you! I don’t understand why there is so much discussion for this one.
I just checked again on the FMC and the available options are :
Allow
Trust
Monitor
Block
Block with reset
Interactive Block
Interactive Block with reset
So the correct answers for this question are Monitor and Block with Reset
If someone believes something else, please mention the reasons
thanks
from PL
QUESTION 500
Which deployment model on a Cisco ASA Firepower module in multiple-context mode allows you
to evaluate the contents of the traffic without affecting the network?
A. inline mode
B. passive monitor-only mode
C. inline tap monitor-only mode
D. passive tap monitor-only mode
Answer: C
QUESTION 501
Which option is the effect of the show ip admission cache command in an environment in which
CWS is deployed?
A. It displays the status of each user on the system.
B. It identifies the CWS tower to which the router is connected
C. It displays the list of URLs that users have accessed
D. It displays the number of authentication attempts performed by each use.
Answer: A
QUESTION 502
You configure an antispam policy on a Cisco ESA. Which action can you take on the messages
that positively contain identify spam?
A. Send a customized alert with each message.
B. Deliver the messages with an altered subject.
C. Modify the recipient of each message.
D. Repair the messages.
Answer: B
QUESTION 503
Which command checks MX records and determines the last activity on a Cisco ESA?
A. nslookup
B. hoststatus
C. tophost
D. diagnostic
Answer: B
QUESTION 504
What happens when the Cisco FireSIGHT system sends a URL to the Cisco cloud and the cloud
cannot determine its reputation?
A. The system is unable to apply access-control rules.
B. The system can query a manually created list to determine the reputation of the file.
C. The system can block the site automatically.
D. The system can apply an administratively configured action.
Answer: D
QUESTION 505
Which type of Cisco connector supports quotas?
A. ISR G2
B. Native
C. WSA
D. ASA
Answer: B
QUESTION 506
Which CLI command can you enter on a Cisco NGIPSv device to control special handling of
ClientHello messages?
A. ssl-client-hello-display
B. ssl-client-hello-reset
C. ssl-client-hello-tuning
D. ssl-client-hello-enabled
Answer: D
QUESTION 507
Which two statements about virtual ESAs are true? (Choose two.)
A. They can be deployed with minimal impact to existing infrastructure.
B. They can perform advanced malware protection locally.
C. They can perform forged email detection locally.
D. They can simplify capacity planning.
E. They are more flexible but more expensive than physical ESAs.
Answer: AD
QUESTION 508
Which description of a Cisco ASA Firepower module in an ASA cluster deployment is true?
A. Each Firepower module works independently.
B. An ASA shares state information with the Firepower module every two seconds.
C. The FireSIGHT Management Center centralizes state information between members.
D. Firepower modules share state information every two seconds.
Answer: C
@anonymous
THANKS !! Looks like PL is getting their info from here… !!
Any chance of sharing the full file ?
QUESTION 503
Which command checks MX records and determines the last activity on a Cisco ESA?
A. nslookup
B. hoststatus
C. tophost
D. diagnostic
Anybody has a reference for the answer for this ? The only logical answer would seems to be B and possible D but I cannot find any references.
https: // we.tl/ t-C7U5D9bbjv
If someone could answer the below and why, i would appreciate it
QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443
@Dave did you take the exam? You said that you have it scheduled today.
Nevermind, found the hoststatus command. Was looking in the Cisco course ebook but cannot find it, it’s only in the practical. Anyway, here is the references.
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118467-technote-esa-00.html#anc8
@AG,
I haven’t. I’ll update soon.
Drag and Drop
Tracking vulnerability remediation – built-in workflow system
Customer interface – web portal
Past threat and vulnerability informationhistorical database
Based on the CVSS rating system- vulnerability alerts
Threat data collection - backend intelligence engine
Threat data regarding threats -threat outbreak alert
@Dave : Good luck! I have it also scheduled on Monday
What about this one?
What is a feature of Cisco Hybrid Email Security?
A. application visibility and control
B. roaming user protection
C. Cisco Registered Envelope Service
D. Layer 4 traffic monitoring
Drag and Drop
Define interfaces and subinterfaces on the physical appliance-Step 1
Define an admin context for adminitering the base security appliance Step 2
Define each virtual firewall on the base appliance Step 3
Deploy to generate the virtual firewalls as children of the base appliance Step 4
Define additional settings for each security context - Step 5
What about this one?
What is a feature of Cisco Hybrid Email Security?
A. application visibility and control
B. roaming user protection
C. Cisco Registered Envelope Service
D. Layer 4 traffic monitoring
Answer: C
@AG , thank you very much!!!
The below???
QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443
@Anonymous
Thanks for sharing, can you plz upload the vce file :)
QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443
This is a very debatable question on the previous pages. I would chose d and E, but i am not very sure about the answer.
@Simo,
Check for the link in the previous page
what is the answer of this question:
Which feature requires the network discovery policy for it to work on Cisco NIPS?
a. health monitoring
b.impact flags
c. security intelligence
d. URL filtering
Answer : B or C?
Which two variable types can be defined within Snort rules? (Choose two)
A. portvar
B. ipvar
C. srcvar
D. netvar
E. dstvar
QUESTION 28.
Which two deployment modes does the Cisco ASA FirePOWER modules support? (Choose two)
A. routed mode.
B. passive monitor-only mode.
C. inline mode.
D. context mode
E. transparent mode
QUESTION 26.
Which description of the layer 4 traffic Monitor on a Cisco WSA is true?
A. Monitors suspicious traffic across all the TCP/UDP ports.
B. decrypts SSL traffic to monitor for malicious content.
C. Blocks traffic from URL categories that are known to contain malicious content.
D. Prevent data exfiltration by searching all the network traffic for specified sensitive information.
@ Demus
Which two variable types can be defined within Snort rules? (Choose two)
A. portvar
B. ipvar
C. srcvar
D. netvar
E. dstvar
answer: A,B
QUESTION 28.
Which two deployment modes does the Cisco ASA FirePOWER modules support? (Choose two)
A. routed mode.
B. passive monitor-only mode.
C. inline mode.
D. context mode
E. transparent mode
answer: A, E
QUESTION 26.
Which description of the layer 4 traffic Monitor on a Cisco WSA is true?
A. Monitors suspicious traffic across all the TCP/UDP ports.
B. decrypts SSL traffic to monitor for malicious content.
C. Blocks traffic from URL categories that are known to contain malicious content.
D. Prevent data exfiltration by searching all the network traffic for specified sensitive information.
answer: A
Hi Guys,
do you have the reference for this ? Especially CIP and DNP3 , both seems to be for automation.
CIP————————————> supports industrial automation application
Transport & network layer—> detects attacks that exploit a checksum validation
DNP3———————————> used in transportation industries
Application layer ————––> occurs after the selection of the access control rules
@anonymous
thank you very much for PL
@Anonymous
I found only PDF file not VCE.
il you have vce file plz share it.
@CCNP SWITCH
Thanks but can you remember any of the questions on your exams? specially the once i have been sharing
QUESTION 33.
Customers mobile clients now require content scanning, yet there is not an ASA on the network. Which deployment method is required for the Cisco AnyConnect Web Security Module?
A. roaming umbrella component.
B. APEX enforcement.
C. enterprise connection enforcement
D. standalone component
QUESTION 28.
Which two deployment modes does the Cisco ASA FirePOWER modules support? (Choose two)
A. routed mode.
B. passive monitor-only mode.
C. inline mode.
D. context mode
E. transparent mode
Are you sure that the answer is not passive monitor-only mode and inline mode?
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
How the ASA FirePOWER Module Works with the ASA
You can configure your ASA FirePOWER module using one of the following deployment models:
You can configure your ASA FirePOWER module in either an inline or a monitor-only (inline tap or passive) deployment. This guide only describes inline mode. See the ASA firewall configuration guide for information about inline tap and passive monitor-only modes.
Also here it;s stated about the inline and passive:
http://www.ciscopress.com/articles/article.asp?p=2730336&seqNum=2
I see that routed and transparent modes are for FTD.
@ AG
bad mine, now yes.
Which two deployment modes does the Cisco ASA FirePOWER modules support? (Choose two)
A. routed mode.
B. passive monitor-only mode.
C. inline mode.
D. context mode
E. transparent mode
Answer: B y C
http: //www.securitytut.com/ips-v7-0-642-627/share-your-ips-v7-0-experience/comment-page-27#comments
@ Demus
QUESTION 33.
Customers mobile clients now require content scanning, yet there is not an ASA on the network. Which deployment method is required for the Cisco AnyConnect Web Security Module?
A. roaming umbrella component.
B. APEX enforcement.
C. enterprise connection enforcement
D. standalone component
Answer: D
@ AG
Which feature requires the network discovery policy for it to work on Cisco NIPS?
a. health monitoring
b.impact flags
c. security intelligence
d. URL filtering
Answer : B
https: //www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/external_alerting_with_alert_responses.html
is correct @AG
https: //www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/firewall/asa-94-firewall-config/access-sfr.pdf
Drag and drop
Attack severity rating amount of potential damage
Promiscuous delta Accuracy difference from insline sensing
Attack relevancy ratingvulnerability of attack target
Signature fidelity rating degree of attack certainly
Target value rating Criticaly of attack target
Watchlist ratingCisco security agent rating
Which sensor deployment mode does CIsco recommend when interface capacity is limited and you need to increase sensor functionality?
a.inline VLAN pair mode
B. inline VLAN group mode
c. Vlan group mode
d. inline interface pair mode
WHich CIsco IPS deployment mode is best suited for bridge interfaces?
a.inline VLAN pair mode
B. inline VLAN group mode
c. Vlan group mode
d. inline interface pair mode
NEW QUESTION 478
Which two statements about content filters on the Cisco ESA are true? (Choose two.)
A. After you create a content filter, you can create an encryption profile to encrypt messages that match the filter.
B. Each content filter requires one or more actions.
C. They can be applied before a after message filters.
D. They are applied to the message after artisan and antivirus scanning is performed.
E. Each content filter requires one or more conditions
For this question i would chose B and D. Even if it makes more sense to me D and E, i checked on the cisco site and it says : At least one action must be defined for each content filter.
https:// http://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01010.html
QUESTION 51.
Which command do you run to reset a Firepower module on a Cisco ASA 5585-X firewall?
A. hw-module module 1 recover boot
B. hw-module module 1 reload
C. sw-module module sfr recover boot
D. sw-module module sfr reload
QUESTION 45.
Which description of device trajectory on Cisco Advance Malware Protection for Endpoint is true?
A. It shows the file path on a host.
B. It shows which device on the network received the file.
C. It shows what a file did on a host.
D. It shows a full packet capture of the file.
QUESTION 38.
What is the limitation of the Cisco AMP Threat Grid Sandbox?
A. delayed software updates
B. the requirement of fully assembled malware
C. complex setup
D. single point of failure
QUESTION 36.
Which option is the main function of Cisco Firepower impact flags?
A. They identify data that the ASA sends to the Firepower module
B. They highlight known and suspected malicious IP addresses in reports
C. They alert administrators when critical events occur.
D. They correlate data about intrusions and vulnerability.
QUESTION 22.
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. proxy gateway
B. forward
C. transparent
D. redirection
You are implementing a DLP policy on a Cisco ESA. Which template category must you use to protect personally identifiable information?
A. Company Confidential
B. Intellectual Property Protection.
C. Privacy Protection.
D. Regulatory Compliance.
QUESTION 19.
Which two products can get file disposition from the Cisco Advance Malware Protection cloud? (Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance
@AG the filter conditions are optionals the actions no
@sma, so you agree with me that the correct answer is B and D, right?
@AG
yes
@anonymou
51 ambiguous question
for me B
For a hardware module (ASA 5585-X): Command Purpose:Reloads the module software
hw-module module 1 reload
For a software module (ASA 5512-X through
ASA 5555-X):
sw-module module sfr reload
Example:
hostname# hw-module module 1 reload
For a hardware module:
hw-module module 1 reset
For a software module:
sw-module module sfr reset
Example:
hostname# hw-module module 1 reset Command Purpose:Performs a reset, and then reloads the module.
QUESTION 22.
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. proxy gateway
B. forward
C. transparent
D. redirection
Correct answer is B.
https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html
QUESTION 51.
Which command do you run to reset a Firepower module on a Cisco ASA 5585-X firewall?
A. hw-module module 1 recover boot
B. hw-module module 1 reload
C. sw-module module sfr recover boot
D. sw-module module sfr reload
will go for D
QUESTION 426
Under which circumstance does the Cisco AMP assign a file disposition without submitting the file to the cloud for dynamic analysis?
A.when an executable file matches a file rule with the Malware Cloud Lookup action and the lookupprovides a file disposition
B.when the file is a PDF or Microsoft Office document
C.when a previously undetected file matches a file rule with the Block Malware action
D.when the file has previously been submitted for dynamic analysis and the analysis failed
Answer: C
@Dave why not A
@Demus,
I’m not sure. The answer from PL was C. I seems to recall it’s A as well.
QUESTION 432
A network engineer is configuring URL Filtering on the Cisco ASA with Firewall services. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. inbound port TCP/443
D. outbound port TCP/80
E. bidirectional port TCP/443
Guys, regarding this question, if you look at: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security__internet_access__and_communication_ports.html
Under section Communication Port Requirements Table 2 you will find that for FMC to download URL and reputation data it needs OUTBOUND TCP 80/443 to the cloud service. So, correct answer would be A&D
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform on each where each messages was lost?
A. Configure the trackingconfig command to enable messages tracking.
B. Generate a system report
C. Review the log files
D. Perform a trace
QUESTION 426
Under which circumstance does the Cisco AMP assign a file disposition without submitting the file to the cloud for dynamic analysis?
A.when an executable file matches a file rule with the Malware Cloud Lookup action and the lookupprovides a file disposition
B.when the file is a PDF or Microsoft Office document
C.when a previously undetected file matches a file rule with the Block Malware action
D.when the file has previously been submitted for dynamic analysis and the analysis failed
FOr this i found the answer D
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations. Which task can you perform on each where each messages was lost?
A. Configure the trackingconfig command to enable messages tracking.
B. Generate a system report
C. Review the log files
D. Perform a trace
Answer: A
@Dave i will go for C
@AG,
I read through the cmd on trackingconfig but I still cannot decide if it’s the right answer. Do you have a explanation ?
This is from BigD , I think the answer is wrong.
Which two characteristics represent a Cisco device operating in tap mode? (Choose two.)
A. It analyzes copies of packets from the packet flow.
B. The packet flow traverses the device.
C. The device is deployment in a passive configuration.
D. If a rule Is triggered, the device drops the packet.
E. If a rule is triggered, the device generates an intrusion event.
Answer: AD
QUESTION 426
Under which circumstance does the Cisco AMP assign a file disposition without submitting the file to the cloud for dynamic analysis?
A.when an executable file matches a file rule with the Malware Cloud Lookup action and the lookupprovides a file disposition
B.when the file is a PDF or Microsoft Office document
C.when a previously undetected file matches a file rule with the Block Malware action
D.when the file has previously been submitted for dynamic analysis and the analysis failed
Answer: A
https: //www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v60_chapter_01011110.pdf
QUESTION 51.
Which command do you run to reset a Firepower module on a Cisco ASA 5585-X firewall?
A. hw-module module 1 recover boot
B. hw-module module 1 reload
C. sw-module module sfr recover boot
D. sw-module module sfr reload—– this command no are permit in this device
Answer: B
QUESTION 38.
What is the limitation of the Cisco AMP Threat Grid Sandbox?
A. delayed software updates
B. the requirement of fully assembled malware
C. complex setup
D. single point of failure
will go for B
QUESTION 38.
What is the limitation of the Cisco AMP Threat Grid Sandbox?
A. delayed software updates
B. the requirement of fully assembled malware
C. complex setup
D. single point of failure
Answer: B
QUESTION 19.
Which two products can get file disposition from the Cisco Advance Malware Protection cloud? (Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance
B and E
QUESTION 19.
Which two products can get file disposition from the Cisco Advance Malware Protection cloud? (Choose two)
A. Cisco identity Service Engine
B. Cisco Advance Malware Protection Threat Grid.
C. Cisco AnyConnect.
D. Cisco Web Security Appliance.
E. Cisco Email Security Appliance
Answer: D and E
https: //www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html
@CCNP SWITCH,
whats your take on the below questions
You are implementing a DLP policy on a Cisco ESA. Which template category must you use to protect personally identifiable information?
A. Company Confidential
B. Intellectual Property Protection.
C. Privacy Protection.
D. Regulatory Compliance.
QUESTION 45.
Which description of device trajectory on Cisco Advance Malware Protection for Endpoint is true?
A. It shows the file path on a host.
B. It shows which device on the network received the file.
C. It shows what a file did on a host.
D. It shows a full packet capture of the file.
QUESTION 36.
Which option is the main function of Cisco Firepower impact flags?
A. They identify data that the ASA sends to the Firepower module
B. They highlight known and suspected malicious IP addresses in reports
C. They alert administrators when critical events occur.
D. They correlate data about intrusions and vulnerability.
You are implementing a DLP policy on a Cisco ESA. Which template category must you use to protect personally identifiable information?
A. Company Confidential
B. Intellectual Property Protection.
C. Privacy Protection.
D. Regulatory Compliance.
Answer: D
QUESTION 45.
Which description of device trajectory on Cisco Advance Malware Protection for Endpoint is true?
A. It shows the file path on a host.
B. It shows which device on the network received the file.
C. It shows what a file did on a host.
D. It shows a full packet capture of the file.
Answer: B
QUESTION 36.
Which option is the main function of Cisco Firepower impact flags?
A. They identify data that the ASA sends to the Firepower module
B. They highlight known and suspected malicious IP addresses in reports
C. They alert administrators when critical events occur.
D. They correlate data about intrusions and vulnerability.
Answer: D
@anonymous
Regulatory Compliance. These templates identify messages and attachments that contain personally identifiable information, credit information, or other protected or non-public information.
QUESTION 45.
for me C
QUESTION 36. Ans: D
Impact
The impact level in this field indicates the correlation between intrusion data, network discovery data, and
vulnerability information.
When searching this field, do not specify impact icon colors or partial strings. For example, do not use blue,
level 1, or 0. Valid case-insensitive values are:
• Impact 0, Impact Level 0
• Impact 1, Impact Level 1
• Impact 2, Impact Level 2
• Impact 3, Impact Level 3
• Impact 4, Impact Level 4
Because no operating system information is available for hosts added to the network map from NetFlow data,
the system cannot assign Vulnerable (impact level 1: red) impact levels for intrusion events involving those
hosts. In such cases, use the host input feature to manually set the operating system identity for the hosts.
https: //www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/working_with_intrusion_events.pdf
@AG
Drag and Drop
Step 1. Download IOS IPS Files
Step 2. Configure an IOS IPS Crypto Key
Step 3. Enable IOS IPS
Step 4. Load the IOS IPS Signature Package to the Router
@CCNP SWITCH you’r right about that question.
You are implementing a DLP policy on a Cisco ESA. Which template category must you use to protect personally identifiable information?
A. Company Confidential
B. Intellectual Property Protection.
C. Privacy Protection.
D. Regulatory Compliance.
Answer: D
Predefined DLP Policy Templates
To simplify creation of DLP policies, your appliance includes a large collection of predefined policy templates.
Template categories include:
Regulatory Compliance. These templates identify messages and attachments that contain personally identifiable information, credit information, or other protected or non-public information.
Acceptable Use. These templates identify messages sent to competitors or restricted recipients that contain sensitive information about an organization.
Privacy Protection. These templates identify messages and attachments that contain identification numbers for financial accounts, tax records, or national IDs.
Intellectual Property Protection. These templates identify popular publishing and design document file types that may contain intellectual property that an organization would want to protect.
Company Confidential. These templates identify documents and messages that contain information about corporate accounting information and upcoming mergers and acquisitions.
Custom Policy. This “template” lets you create your own policy from scratch using either pre-defined content matching classifiers or violation identification criteria specified by your organization. This option is considered advanced and should be used only in the rare cases when the predefined policy templates do not meet the unique requirements of your network environment.
https:// http://www.cisco.com /c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html#task_1224352
@demus
Why in this question we use forward not transparent as with WCCP we use transparent
QUESTION 22.
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. proxy gateway
B. forward
C. transparent
D. redirection
Correct answer is B.
i insist with B for QUESTION 45.
Device Trajectory shows the origin of the threat on a single endpoint, how and when that file infiltrated the endpoint, and what it did.
File Trajectory then lets you expand your view from the first endpoint that saw the threat, to all endpoints across your entire environment that also saw the threat.
https ://blogs.cisco.com/security/uncover-the-where-when-and-how-of-an-attack-with-trajectory-from-cisco-amp-for-endpoints
QUESTION 430
Which two statements about Cisco AMP for Web security are true?
A.It compares unknown files to a local threat repository.
B.It can perform file analysis by sandboxing suspected malware.
C.It can block critical files from existing through the web gateway.
D.it can detect and malware before it passes through the web gateway.
E.It continues monitoring files after they pass the web gateway.
QUESTION 51.
Which command do you run to reset a Firepower module on a Cisco ASA 5585-X firewall?
A. hw-module module 1 recover boot
B. hw-module module 1 reload
C. sw-module module sfr recover boot
D. sw-module module sfr reload
Correc Answer for me is B.
Reload or Reset the Module
To reload, or to reset and then reload, the module, enter one of the following commands at the ASA CLI. In multiple context mode, perform this procedure in the system execution space.
Hardware module (ASA 5585-X):
hw-module module 1 {reload | reset}
Software module (all other models):
sw-module module sfr {reload | reset}
https:// www. cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html#60064
QUESTION 45.
Which description of device trajectory on Cisco Advance Malware Protection for Endpoint is true?
A. It shows the file path on a host.
B. It shows which device on the network received the file.
C. It shows what a file did on a host.
D. It shows a full packet capture of the file.
For me the correct answer is C.
Device Trajectory shows the origin of the threat on a single endpoint, how and when that file infiltrated the endpoint, and what it did.
https:// blogs.cisco.com /security/uncover-the-where-when-and-how-of-an-attack-with-trajectory-from-cisco-amp-for-endpoints
NEW QUESTION 478
Which two statements about content filters on the Cisco ESA are true? (Choose two.)
A. After you create a content filter, you can create an encryption profile to encrypt messages that match the filter.
B. Each content filter requires one or more actions.
C. They can be applied before a after message filters.
D. They are applied to the message after anti spam and antivirus scanning is performed.
E. Each content filter requires one or more conditions
Answer: B&D
Actions are required but conditions are not required we can create a content filter without conditions.
@ Dave
did you take the exam?
who will take the exam?
@CCNP Switch,
I did about 34Qs and then the computer had a problem during the sim . I have to wait before they allow me to rebook but the test center said they will do it for me. Trying to get them to rebook asap.
Almost all questions up till that point are from the PL and what you and BigD post. There are slight wording changes on some of the questions but I don’t think it made a differences, some choices are slightly different. E.g. The RIPv1 question has BGP and EIGRP as part of the choices.
1x D&D was the same. CIP,DNP3… I think there was about 3 new questions, one of them is D&D but they are all related to what we was discussed here. I didn’t finish the exam but definitely if you have work with the products, the discussion here is more than enough.
I’ll try to post more after I get some rest.
Hello guys, I have some fresh information for you. 😊
I have pass yesterday 932/1000. Thank you, a lot.
cisco.300-210.Gio.v3.275q – 176 and 202 questions
Here are new questions and my answers.
1. Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two.)
• A. It can handle explicit HTTP requests.
• B. It requires a PAC file for the client web browser.
• C. It requires a proxy for the client web browser.
• D. Layer 4 switches can automatically redirect traffic destinated to port 80.
• E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
Answers: DE
2. Which description of a Cisco ASA Firepower module in an ASA cluster deployment is true?
• A. The FireSIGHT Management Center centralizes state information between members.
• B. Each Firepower module works independently.
• C. Firepower modules share state information every two seconds.
• D. An ASA shares state information with the Firepower module every two seconds.
Answers: C
3. What happens when the Cisco FireSIGHT system sends a URL to the Cisco cloud and the cloud cannot determinate its reputation?
• A. The system can query a manually created list to determinate the reputation of the file.
• B. The system is unable to apply access-control rules.
• C. The system can block the site automatically.
• D. The system can apply an administratively configured action.
Answers: B
4. Which deployment model on a Cisco ASA Firepower module in multiple-context mode allows you to evaluate the contents of the traffic without affecting the network?
• A. Inline tap monito-only mode
• B. Passive monito-only mode
• C. Inline mode
• D. Passive tap monitor-only mode
Answers: C
5. Which option is the main function of Cisco Firepower impact flags?
• A. They alert administrators when critical events occur.
• B. They correlate data about intrusion and vulnerability
• C. They identify data that the ASA sends to the Firepower module.
• D. They highlight known and suspected malicious IP addresses in reports.
Answers: B
6. You are implementing a DLP policy on a Cisco ESA. Which template category must you use to protect personally identifiable information?
• A. Intellectual Property protection
• B. Privacy Protection
• C. Company Confidential
• D. Regulatory Compliance
Answers: D
7. Which two actions can be used in an access control policy rule?
• A. Block All
• B. Monitor
• C. Trust Rule
• D. Discover
• E. Block with Reset
Answer: BE (This is old question and it was on exam)
All other question were from “300-210 Exam questions 20191119.pdf”
Which five system management protocols are supported by the Intrusion Prevention System? (Choose five.)
A. SNMPv2c
B. SNMPv1
C. SNMPv3
D. SNMP
E. syslog
F. SDEE
G. SMTP
Which are the 5 correct answers? A,b,D , f, G or A,b,c,d,F?
@David, all new questions were discussed here. they were all in my exams.
2. Which description of a Cisco ASA Firepower module in an ASA cluster deployment is true?
• A. The FireSIGHT Management Center centralizes state information between members.
• B. Each Firepower module works independently.
• C. Firepower modules share state information every two seconds.
• D. An ASA shares state information with the Firepower module every two seconds.
Answers: C
will go for A
3. What happens when the Cisco FireSIGHT system sends a URL to the Cisco cloud and the cloud cannot determinate its reputation?
• A. The system can query a manually created list to determinate the reputation of the file.
• B. The system is unable to apply access-control rules.
• C. The system can block the site automatically.
• D. The system can apply an administratively configured action.
Answers: B
will go for D
4. Which deployment model on a Cisco ASA Firepower module in multiple-context mode allows you to evaluate the contents of the traffic without affecting the network?
• A. Inline tap monito-only mode
• B. Passive monito-only mode
• C. Inline mode
• D. Passive tap monitor-only mode
Answers: C
will go for A
Hi David,
Can you please share the pdf 300-210 Exam questions 20191119.pdf?
@Demus
Maybe I miss some parts, but anyway I just wanted to share my experience. Just to let you know what my answers was.
Wish you best
@AG
Here is link
https: // drive.google.com/open?id=1OOqZ8i5WweTr4EU90IynuIZN6plShrDu
remove blank space
plus my post, I guarantee that is enough for pass
1. Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two.)
• A. It can handle explicit HTTP requests.
• B. It requires a PAC file for the client web browser.
• C. It requires a proxy for the client web browser.
• D. Layer 4 switches can automatically redirect traffic destinated to port 80.
• E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
Answers: DE
https: //www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html
@Dave
Which two characteristics represent a Cisco device operating in tap mode? (Choose two.)
A. It analyzes copies of packets from the packet flow.
B. The packet flow traverses the device.
C. The device is deployment in a passive configuration.
D. If a rule Is triggered, the device drops the packet.
E. If a rule is triggered, the device generates an intrusion event.
Answer: AD
I also think that the AD is wrong. I thnk A and E is the correct answer.
With tap mode, the device is deployed inline, but instead of the packet flow passing through the device, a copy of each packet is sent to the device and the network traffic flow is undisturbed. Because you are working with copies of packets rather than the packets themselves, rules that you set to drop and rules that use the replace keyword do not affect the packet stream. However, rules of these types do generate intrusion events when they are triggered, and the table view of intrusion events indicates that the triggering packets would have dropped in an inline deployment.
https:// www .cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v60_chapter_01011010.html