Share your IPS v7.0 Experience

I was trying to get a replacement date tomorrow but the testing center said it cannot be done . According to them, new questions are introduced on a weekly basis, and since I took it this week, I have to wait for another week even if they send in the request for me to retake the exam.

@AG

Which two characteristics represent a Cisco device operating in tap mode? (Choose two.)
A. It analyzes copies of packets from the packet flow.
B. The packet flow traverses the device.
C. The device is deployment in a passive configuration.
D. If a rule Is triggered, the device drops the packet.
E. If a rule is triggered, the device generates an intrusion event.

the correct Answer: AE

can someone please explain this question for me
Why in this question we use forward not transparent as with WCCP we use transparent
i think it must be C
QUESTION 22.
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. proxy gateway
B. forward
C. transparent
D. redirection

Correct answer is B.

@AG,

AE

@Alihk79 you are right. Transparent mode it is.

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html

@AG

Thanks, my exam will be Next Wednesday or Friday i didnt book it yet, but how come last week a lot of questions come into this forum ??

Just failed my test 300-208 in Mumbai this morning. About 20 new questions.

1. Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two.)
• A. It can handle explicit HTTP requests.
• B. It requires a PAC file for the client web browser.
• C. It requires a proxy for the client web browser.
• D. Layer 4 switcdahes can automatically redirect traffic destinated to port 80.
• E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

Answers: DE

Which two products can get file disposition information from the Cisco Advance Malware protection
cloud? (Choose two.)
A.Cisco identify Service Engine
B.Cisco Email Security Appliance
C.Cisco Web Security Appliance
D.Cisco AnyConnect
E.Cisco Advanced Malware protection threat Grind

Which is the correct answer?

Here i see that are stated ESA, WSA and AMP thread grid

https:// www. cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html

@nick, please details of the configuration requirements in your test

@AG
i believe what diference is:
For Cisco Email Security Appliance (ESA) or Web Security Appliance (WSA), AMP capabilities can be turned on to provide retrospective capabilities and malware analysis.

Threat Grid is integrated with Cisco AMP for enhanced malware analysis

whereby the answer
ESA, WSA

Hello!

The new PassLeader 300-208 dumps (Updated Recently) now are available, here are part of 300-208 exam questions (FYI):

[Get the download link at the end of this post]

NEW QUESTION 500
What are two advantages of a single-SSID deployment over a multi-SSID implementation? (Choose two.)

A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
B. Single-SSID deployments are more appropriate for BYOD environments.
C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on another network.
E. Single-SSID deployments provide a better experience for users of iOS devices.

Answer: DE

NEW QUESTION 501
Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?

A. Ethernet
B. Wireless-IEEE 802.11
C. Call Check
D. Framed

Answer: C

NEW QUESTION 502
How does the use of single connect mode for device authentication improve performance?

A. It uses a single TCP connection for all TACACS+ communication.
B. It uses a single VIP on the network access device.
C. It uses a single TCP connection for all RADIUS communication.
D. It multiplexes RADIUS requests to the server over a single session.

Answer: A

NEW QUESTION 503
What represents the default Cisco IOS RADIUS attribute-value pair?

A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
C. User name= 1, password= 2, NAS-IP Address= 4, NAS-Port= 5
D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4

Answer: C

NEW QUESTION 504
In which scenario might it be helpful to adjust the network transition delay timer?

A. when the client needs more time to log in to the network
B. when the client needs more time to perform compliance checks
C. when the client needs more time to obtain a DHCP lease
D. when the client needs more time to perform remediation

Answer: C

NEW QUESTION 505
Which statement about single-SSID environment is true?

A. It allows for the wired and wireless adapters to be provisioned in any order.
B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
D. It can use the Fast SSID Change feature to improve performance.

Answer: C

NEW QUESTION 506
……

P.S.

PassLeader 300-208 dumps FYI:

od.lk/fl/NjFfMTUyNjc0NV8

(508q~~~NEW VERSION DUMPS!!!)

Good Luck!!!

[(copy that link and open it in your web browser!!!)]

More:

1. PassLeader 300-206 dumps FYI:

od.lk/fl/NjFfMTUyNjc0M18

(483q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

2. PassLeader 300-209 dumps FYI:

od.lk/fl/NjFfMTUyNjc0N18

(454q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

3. PassLeader 300-210 dumps FYI:

od.lk/fl/NjFfMTUyNjc0OV8

(508q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

Good Luck!!!

[(copy those links and open them in your web browser!!!)]

Hello,

I took the exam this morning. 959/1000. No new questions.

@AG congrats!!

Cab you give us feedback?? questions, D&Ds, labs, simlets, etc..

@AG

Congrats, please can you put the questions that you had in your exam and specially the questions that we were debating on here, and the answers if you can, as my exam will be this week

thx

1. Which option is the effect of the show ip admission cache command in an environment in
which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

Ans: D

2. What is the main purpose of the default intrusion policy?
A. It can protect against passing malicious packets before an access-control rule can identify
the source application or URL.
B. It can prefleg known malware to eliminate the need for further inspection.
C. It can enforce additional rules after the system has identified the default access-control rule
D. It balances security and connectivity considerations by default when you choose the Network Discovery default action.

Ans: A

3. You are implementing a virus outbreak filter on a cisco ESA by using the Outbreak Filters
feature. You plan to perform an additional scan by using a content filter. Which action can you
configure the Outbreak filter to take?
A. Scan processed messages by using a secondary instance of the ESA.
B. Send a copy of the messages to quarantine.
C. Scan processed messages by using two engines simultaneously.
D. Send processed messages to an ESA.

Ans: D

4. What is the main function of the Cisco CWS Connector on mobile device?
A. It integrates with the Cisco Firepower Management console to manage application and web
traffic.
B. It integrates with the Cisco AnyConnect Secure Mobility Client to provide web security.
C. It integrates with the Cisco NAC Agent to collect web-browser history for reporting
purposes.
D. It provides a connection to the FireAMP cloud to block threats that other security layers fail
to detect.

Ans: B

5. Which application processor can you deploy in a SCADA environment to detect anomalous
traffic and support protocol field inspection?
A. DCE/RPC
B. GTP
C. SSL
D. DNTP3

Ans: D

6. Which two tasks must you perform when impalement CWS on a cisco ASA or ASAV? (Choose
two.)
A. Create a new RSA key.
B. Enable the ScanSafe feature.
C. Browse to whoami.scansade.net to verify that web redirection is operating normally.
D. Create an authenticating license key.
E. Define the primary and secondary CWS proxy.

Ans: D and E

7. Which description of the Layer 4 Traffic Monitor on a Cisco WSA is true?
a. monitors suspicious traffic across all the TCP/UDP ports
b. blocks traffic from URL categories that are known to contain malicious content
c. decrypts SSL traffic to monitor for malicious content
d. prevents data exfiltration by searching all the network traffic for specified sensitive
information

ANs: A

8. What is the primary benefit of deploying an ESA in hybrid mode?
a. You can fine-tune its settings to provide the optimum balance between security and
performance for your environment
b. It provides the lowest total cost of ownership by reducing the need for physical
appliances
c. It provides maximum protection and control of outbound messages
d. It provides email security while supporting the transition to the cloud
Answer: D

9. Which SSL decryption policy can be used to protect HTTPS servers from external traffic?
a. Decrypt Re-Sign
b. Enable SSL Decryption
c. Block
d. Decrypt Known Key
Answer: D

10. Which two deployment modes does the Cisco ASA FirePOWER module support? (Choose two.)
a. transparent mode
b. routed mode
c. inline mode monitor-only
d. active mode
e. passive monitor-only mode
Answer: C E

https://wetransfer.com/downloads/6b2555a0e858ee7e661854defc60129020191125114443/8bfa47200675ec2957e5fcbbd3d12d7a20191125114443/674b5d

I coudn’t paste all the questions here.

congrats!!! AG

@AG, did you out the same answers in your exam, as the one you have in the text file?

above i mean ” did you PUT the same…..”

@aouas, yes i did. but the score was 959 so around 3 questions are wrong

6. Which two tasks must you perform when impalement CWS on a cisco ASA or ASAV? (Choose
two.)
A. Create a new RSA key.
B. Enable the ScanSafe feature.
C. Browse to whoami.scansade.net to verify that web redirection is operating normally.
D. Create an auswthenticating license key.
E. Define the primary and secondary CWS proxy.

Ans: D and E

@AG, are you sure that you had these questions and you put these answers?
i am asking because there are double questions in the file

anyone writing this week?
@aouas, These might be the questions he can remember. am not sure he can remember all the questions.

@Demus,
I booked my test for Friday

Just went in today and got 826, everybody told me the spoto and PL dumps are stable but I end up with almost 15 new questions. Crazy, I just wasted $200+ that I can barely afford for sitting at a computer for 1 hour answering questions that I didn’t understand and that nobody cares about.

Finally got to retake the exam. Yahoo… passed.
Anybody got resources for 300-208 ?

Too excited. Anyway, the questions has been discussed but I’ll be happy to answer any question, especially the guy/gal that shared the PL, it’s all there with MANY wrong answers.
And of course, if you have the latest 300-208, that would be appreciated.

@ALIHK79
Have also booked for friday..

@Dave congrats

there is any new questions, D&D Labs Simlet stable?

thanks to feedback your experiences.

@Dave

can you plz uplaod the questions that you got in your exam.

@Dave congratulations. Kindly share your experience specially some of the questions if you can remember and the answers. Thanks

@ohShit sorry to hear that. most of the questions were discussed on this page. if you take your time and go back, am sure you will see all the 15 new questions and their Answers

@Dave you are welcome!
Yes indeed there are a lot of wrong answers!!

Please share with us the questions (and answers if possible) D&D, labs and simlets you had in your exam

@Dave please feelback about question and lab

@Dave,
Congrats, can you give us a summary about the questions you had??

@Ohshit, i dont know if it is true account or no, can yu put your experience here and the 15 questions

@Dave I have some pdf files, share your email.

@AG can you share your pdf or vce please??

If someone have a valid pdf or vce please share it.

REgards!!!

@El_vata,

Thanks !! That’s great. {email not allowed} , remove the 3 X from the address.
I also have the 502Q for 300-208 and Gio dump if you have not done the exam,let me know, I will share out on the gdrive. post your email here if you want access.

@CCNP Switch, drop me a email. or post your email. :-)

I will share out the Qs later on gdrive. But those who has been helpful gets priority obviously. :-)

@El_vato,
Remove the spaces from the address below.
medave 775 @ gmail.com

@Dave

Please give me your feedback on (alihk79 at hotmail dot com) or (alihk79 at gmail dot com)

Thx

@Dave
Elbsimo759 @ Gmail com plz share your feedback

@David
billydemzy at yahoo dot com

@Dave

Put it on drobox or wetransfer

ccnpswicth @gmail.com

@dave I wrote you brother, please send me the feelback, schedule the exam for tomorrow

@Dave Congrats
i too, schedule the exam for tomorrow
please share you comments and notes

What about this one?

What is a feature of Cisco Hybrid Email Security?
A. applicationwdvisibility and control
B. duser protection
C. Cisco Registerwded Envelope Service
D. Layer 4 traffic monitoring

What is a feature of Cisco Hybrid Email Security?
A. applicationwdvisibility and control
B. duser protection
C. Cisco Registerwded Envelope Service
D. Layer 4 traffic monitoring

answer: C

Correct C

any one got the summary from Dave ?? please share it

no yet

@CCNP Switch and SMA

please when you finish your exam put your feedback
My exam on Friday

@Alihk79

OK.

Correct answer:

QUESTION 489
Which two deployment modes does the Cisco ASA FirePOWER module support? (Choose two.)

A. transparent mode
B. routed mode
C. inline mode
D. active mode
E. passive monitor-only mode

Answer: CE

QUESTION 461
Which function is the primary function of Cisco AMP threat Grid?

A. flood attack detection.
B. secure boot
C. image signing
D. DDoS mitigation
E. SYN flood detection

Answer: BC

QUESTION 460
Which two routing options are valid with Cisco FirePOWER version 5.4? (Choose two)

A. Layer 3 routing with static routes
B. Layer 3 routing with RIPv1
C. Layer 3 routing with EIGRP
D. Layer 3 routing with OSPF stub area
E. Layer 3 routing with OSPF not-so-stubby area

Answer: BD

QUESTION 488
Which two tasks must you perform when you implement CWS on a Cisco ASA or ASAv? (Choose two.)

A. Browse to whoami.scansafe.net to verify that web redirection is operating normally.
B. Enable the ScanSafe feature.
C. Create an authentication license key.
D. Create a new RSA key.
E. Define the primary and secondary CWS proxy.

Answer: CE

QUESTION 449
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A. RBAC
B. ETHOS detection engine
C. SPERO detection engine
D. TETRA detection engine

Answer: B

QUESTION 448
Which SSL decryption policy can be used to protect HTTPS servers from external traffic?

A. Decrypt Re-sign
B. Block
C. Decrypt Known Key
D. Enable SSL Decryption

Answer: C

QUESTION 398
Which two actions can be used in an access control policy rule?

A. Block All
B. Monitor
C. Trust Rule
D. Discover
E. Block with Reset

Answer: BE

QUESTION 374
Which option describes device trajectory on Cisco Advanced Matware Protection for Endpoints?

A. It shows the file path on a host.
B. It shows a full packet capture of the file.
C. It shows which devices on the network received the file.
D. It shows what a file did on a host.

Answer: A

QUESTION 98
Connections are being denied because of SenderBase Reputation Scores. Which two features must be enabled in order to record those connections in the mail log on the Cisco ESA? (Choose two.)

A. Rejected Connection Handling
B. Domain Debug Logs
C. Injection Debug Logs
D. Message Tracking

Answer: AD

@CCNP Switch

I think the answer is D

QUESTION 374
Which option describes device trajectory on Cisco Advanced Matware Protection for Endpoints?

A. It shows the file path on a host.
B. It shows a full packet capture of the file.
C. It shows which devices on the network received the file.
D. It shows what a file did on a host.

why?

QUESTION 374
Which option describes device trajectory on Cisco Advanced Matware Protection for Endpoints?

A. It shows the file path on a host.
B. It shows a full packet capture of the file.
C. It shows which devices on the network received the file.
D. It shows what a file did on a host.

Answer: A

https: //www.ciscolive.com/c/dam/r/ciscolive/us/docs/2015/pdf/TECSEC-3333.pdf

Device Trajectory can be used to determine host details, Link between processes, File name, Location on disk

QUESTION 323
An engineer must architect an AMP private cloud deployment. What is the benefit of running in air-gaped mode?

A. Internet connection is not required for disposition.
B. Database sync time is reduced.
C. Disposition queries are done on AMP appliances.
D. A dedicated server is needed to run amp-sync.

Answer: A

QUESTION 340
Which information does whoami command display in a WSA?

A. Full name, group and location
B. Username, fullname and groups
C. Username only
D. Username and groups

Answer: B

QUESTION 358
An engineer wants to configure a method to verify the authenticity of emails on cisco ESA and noticed the sender policy framework. How can the SPF help in that task?

A. SPF allows the sender to sign the email using preshare key
B. SPF allows the sender to sign the email using public key
C. SPF allows the owner of internal domain to use DNS record which machines are
D. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record

Answer: C

hi guys
@CCNP SWITCH

QUESTION 489
Which two deployment modes does the Cisco ASA FirePOWER module support? (Choose two.)

A. transparent mode
B. routed mode
C. inline mode
D. active mode
E. passive monitor-only mode

Answer: CE
Me: CE

QUESTION 461
Which function is the primary function of Cisco AMP threat Grid?

A. flood attack detection.
B. secure boot
C. image signing
D. DDoS mitigation
E. SYN flood detection

Answer: BC
Me: Not sure but BC

QUESTION 460
Which two routing options are valid with Cisco FirePOWER version 5.4? (Choose two)

A. Layer 3 routing with static routes
B. Layer 3 routing with RIPv1
C. Layer 3 routing with EIGRP
D. Layer 3 routing with OSPF stub area
E. Layer 3 routing with OSPF not-so-stubby area

Answer: BD
Me: AD

QUESTION 488
Which two tasks must you perform when you implement CWS on a Cisco ASA or ASAv? (Choose two.)

A. Browse to whoami.scansafe.net to verify that web redirection is operating normally.
B. Enable the ScanSafe feature.
C. Create an authentication license key.
D. Create a new RSA key.
E. Define the primary and secondary CWS proxy.

Answer: CE
Me: CE

QUESTION 449
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?

A. RBAC
B. ETHOS detection engine
C. SPERO detection engine
D. TETRA detection engine

Answer: B
Me: B

QUESTION 448
Which SSL decryption policy can be used to protect HTTPS servers from external traffic?

A. Decrypt Re-sign
B. Block
C. Decrypt Known Key
D. Enable SSL Decryption

Answer: C
Me: C

QUESTION 398
Which two actions can be used in an access control policy rule?

A. Block All
B. Monitor
C. Trust Rule
D. Discover
E. Block with Reset

Answer: BE
Me: BE

QUESTION 374
Which option describes device trajectory on Cisco Advanced Matware Protection for Endpoints?

A. It shows the file path on a host.
B. It shows a full packet capture of the file.
C. It shows which devices on the network received the file.
D. It shows what a file did on a host.

Answer: A
Me Insist: D

QUESTION 98
Connections are being denied because of SenderBase Reputation Scores. Which two features must be enabled in order to record those connections in the mail log on the Cisco ESA? (Choose two.)

A. Rejected Connection Handling
B. Domain Debug Logs
C. Injection Debug Logs
D. Message Tracking

Answer: AD
Me: AD

@CCNP SWITCH
you have the other questions, please share it

@CCNP SWITCH

QUESTION 323
QUESTION 340
QUESTION 358

Yes, Correct Answers!!!

I don’t have new questions, I hope tomorrow we do well

yes, so it will be
good luck !

Hi, all!

The new PassLeader 300-208 dumps (Updated Recently — 27/Nov/2019) now are available, here are part of 300-208 exam questions (FYI):

[Get the download link at the end of this post]

NEW QUESTION 511
Which matching model does the Cisco ISE use to process commands in a command set?

A. Wildcare matching model.
B. Case-sensitive matching model.
C. Regular expression matching model.
D. Literal matching model.

Answer: C

NEW QUESTION 512
Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?

A. Framed
B. Wireless-IEEE802.11
C. Ethernet
D. Call Check

Answer: B

NEW QUESTION 513
Which two statements about TrustSec in Closed Mode are true? (Choose two.)

A. Only DNS and DHCP traffic are permitted until authentication is complete.
B. All user traffic is blocked until authentication is complete.
C. It requires EAP TLS.
D. The wired port is in the shutdown state.
E. Only EAFoL traffic is permitted until authentication is complete.

Answer: BE

NEW QUESTION 514
Which Cisco ISE feature can you configure to allow employees of your organization to add devices on which native supplicant provisioning is not supported to their user profiles?

A. Self-Registered Guest portal
B. Guest portal
C. BYOD portal
D. My devices portal

Answer: D

NEW QUESTION 515
Which RADIUS attribute can you use to filter MAB requests in an 802.1x deployment?

A. 1
B. 6
C. 31
D. 2

Answer: B

NEW QUESTION 516
In which scenario might it be helpful to adjust the network transition delay timer?

A. When the client needs more time to obtain a DHCP lease.
B. When the client more time to perform remediation.
C. When the client needs more time to perform compliance checks.
D. When the client needs more time to log in to the network.

Answer: B

NEW QUESTION 517
Which Catalyst Switch command is required to enable accounting for networking access?

A. aaa accounting dot1x default start-stop group radius
B. aaa accounting network default group radius
C. aaa accounting radius-server send accounting
D. aaa accounting command dot1x

Answer: A

NEW QUESTION 518
How does the use of single connect mode for device authentication improve performance?

A. It uses a single TCP connection for all RADIUS connection.
B. It uses a single TCP connection for all TACACS+ communication.
C. It uses a single VIP on the network access device.
D. It multiplexes RADIUS requests to the server over a single session.

Answer: B

NEW QUESTION 519
A client is quarantined during a Cisco ISE posture assessment. After which two events can the client undergo a posture reassessment? (Choose two.)

A. When the wired client disconnects and reconnects to the network.
B. When the supplicant is reconfigured.
C. When the client reinstall the posture agent.
D. When the reauthentication timer for the authorization profile is triggered.
E. When the network transition delay timer expires.

Answer: DE

NEW QUESTION 520
A security administrator must design posture remediation services for a company’s Macintosh user base running posture agent. Which Cisco ISE remediation option can the engineer utilize to accomplish this task?

A. Launch program remediation
B. AV remediation
C. File remediation
D. WSUS remediation

Answer: C

NEW QUESTION 521
Which statement about hot-spot guest access in a corporate environment that provides BYOD access for employees is true?

A. It uses TACACS+ to support user guest credential.
B. The BYOD portal must be configured on a separate SSID from the guest hotspot.
C. It uses WPA authentication, which allows it to provide connectivity to more device types.
D. Traffic to the employees BYOD portal must be directed to different WLC than guest traffic.

Answer: D

NEW QUESTION 522
Which command or command sequence can you enter to configure a DACL on the Cisco ISE?

A. ip access-list standard 99 permit ip any any
B. ip access-list extended 101 permit ip any any
C. access-list 101 permit ip any any
D. permit ip any any

Answer: B

NEW QUESTION 523
What was an early precursor to MAC Authentication Bypass?

A. Port security
B. VMPS
C. Spanning Tree
D. VLAN access lists

Answer: B

NEW QUESTION 524
A security engineer Is deploying Cisco ISE. Which feature must the engineer node settings to enable guest services?

A. Profiling services
B. Session services
C. Monitoring services
D. pxGrid services

Answer: D

NEW QUESTION 525
Which guest service requires session service to be enable on a Cisco ISE node?

A. Profile service
B. Posture service
C. Monitoring service
D. Administrator service

Answer: A

NEW QUESTION 526
……

P.S.

PassLeader 300-208 dumps FYI:

od.lk/fl/NjFfMTUyNjc0NV8

(531q~~~NEW VERSION DUMPS!!!)

Good Luck!!!

[(copy that link and open it in your web browser!!!)]

And, what’s more:

1. PassLeader 300-206 dumps FYI:

od.lk/fl/NjFfMTUyNjc0M18

(483q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

2. PassLeader 300-209 dumps FYI:

od.lk/fl/NjFfMTUyNjc0N18

(454q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

3. PassLeader 300-210 dumps FYI:

od.lk/fl/NjFfMTUyNjc0OV8

(508q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

Good Luck!!!

[(copy those links and open them in your web browser!!!)]

QUESTION 173
Which tool are used to analyze AMP for Endpoints file activity performed on endpoints?
A. File Trajectory
B. Prevalence
C. File Analysis
D. Device Trajectory

What is your final decision about this question A or D ??

@CCNP Switch and SMA

Good Luck

@ALIHK79 i will go with A. File Trajectory

@aouas

did you schedule for the exam ?

@ALIHK79, No i haven’t. I don’t know when i will go for the exam.
did you?

Yes it is supposed to be tomorrow, but i didn’t pay yet, just called the center and reserved a seat

i wish you good luck for tomorrow and keep us updated.

Did Dave provide feedback for the exam?

@aouas

Thank you, i will,

No Dave didnt provide a feedback, we are qaiting SMA and CCNPSwitch

Sorry,tied up with a bit of work and tried to reply a couple of the guys that email me but there is too many fakes . Anyway, I had just a couple of new questions, everything as per the CCNPSwitch and Demus dump when I took it early this week. Another friend told me he has close to 20 new questions today based on the dumps I gave him. It might not be the same across all test center, so you might still get the same questions. Go for it !!

I PASSED 9XX
LAB: CWS ( tab works dont need to memorise all cmd)
ESA SIMLET
1 D&D : CIP …
No new questions all questions discussed here
Good luck

hi,
could you please share with me files from Dave?
justmecas123 @ gmail.com

thank you in advance

Anyway, I’ve given the info to CCNP Switch, Good luck. If you do within the next couple of days, you should get the same questions.

If anybody has the latest 531Q PL for 300-208, please share, or if you want to cost share, let me know.

Don’t send me links for the fake dumps from PL , etc or older dumps please.

@ALIHK79 @CCNP SWITCH Good luck to all of us. am also writing tomorrow.

Congrats @Simo

@Demus good luck you too :) i think CCNPSwitch did it today

QUESTION 323
An engineer must architect an AMP private cloud deployment. What is the benefit of running in air-gaped mode?

A. Internet connection is not required for disposition.
B. Database sync time is reduced.
C. Disposition queries are done on AMP appliances.
D. A dedicated server is needed to run amp-sync.

Answer: A
the question ask for two answers. will go for A D

I PASSED 9XX
LAB: CWS ( tab works dont need to memorise all cmd)
ESA SIMLET
1 D&D : CIP …
No new questions all questions discussed here
Good luck

the same

congarts @ccnp switch

Hi guys I pass 9xx
No new questions

@sma congrats

Did you get the question about file activity on endpoint?
Answer File trajectory or Device Trajectory??

Yes.
I select file

guys Which D&D you had in the exam ??

congrats guys,

did you use questions pasted on forum, file “300-210 Exam questions 20191119.pdf” and “300-210.txt” and Gio275q? Or did you use some other files? Do you think that what I described is enough? I have an exam in 11 hours, I will share my experience :)
Thank you in advance for your answer.

@Alihk79 – all questions discussed here. please check notes de Big D- CCNP SWITCH – AG
good luck guy

D&D – Cisco ASA Firepower module preprocessors: –
a. CIP———————————-> supports industrial automation application
b. Transport & network layer—>detects attacks that exploit a checksum validation
c. DNP3——————————> used in transportation industries
d. Application layer ————–> occurs after the selection of the access control rules

congratulation CCNP SWITCH and sma

can you guys elaborate on the ESA simlet and the lab?
is it the same as what is on gio?

@CCNP SWITCH and sma

did you guys see this question and what was your answer

QUESTION 374
Which option describes device trajectory on Cisco Advanced Matware Protection for Endpoints?
A. It shows the file path on a host.
B. It shows a full packet capture of the file.
C. It shows which devices on the network received the file.
D. It shows what a file did on a host.

what was your Answer for this

Which ports must be configured on the Firepower to support communication with the CWS (choose 2)
A. inbound tcp 80
B. inbound tcp 443
C. outbound tcp 443
D. outbound tcp 80
E. biderectional 443

When you want to decrypt traffic using Decrypt – Known Key from your server to some host in the internet, what should you do:
1. Something about PKI
2. Something about PKI
3. Upload public and private key in the FMC
4. Upload only private key in the FMC

@Demus

Q 374 for me i will go for D
port questions i will go for D and E
third question decrypt traffic i will go for C

@ ALITHK79

A network administrator noticed that all traffic that is redirected to the Cisco WSA from the Cisco ASA firewall cannot get to the internet in a transparent proxy environment using WCCP. Which
Troubleshooting actions can be taken on the CLI to make sure WCCP communication is not falling
A. Ping the WCCP device.
B. Disable WCCP to see if the WCCP service is causing the issue.
C. Check WCCP logs in debugs mode to check there are n pending HIA or ISY requests.
D. Explicitly point the browser to the proxy.
Answer: B or C?

hi guys
ESA simlet and simulation same as what is on gio
good luck

@sma,

So 1 D&D, 1 ESA simlet and 1 CWS lab ?
the questions were from the last part of PL pdf and similar with the files that Big D, AG and CCNP SWITCH have sent?

@Demus
I will go for c

passed today with 9xx
1 D&D CIP…, 1 ESA simlet, 1 CWS lab.
Every question you can find on files I mentioned before and on this forum.

Thank you for your help and good luck on your exams!

Finally after almost 1 year and half of my ccnp security journey. Got certified
I passed eith 975 . No new questions. I had all the latest questions mentioned here. Now i am driving i will answer all ur questions later
Thank you all